A masked hacker being blocked from accessing a victim's device by a security lock, representing the threat of identity theft. A masked hacker being blocked from accessing a victim's device by a security lock, representing the threat of identity theft.

Social Media Identity Theft: Risk Factors and How to Avoid

Social media sites are nothing new, with their roots going back to the early days of the public internet. At this point, 62.6% of the world is on some form of social media platform. That’s a fairly large portion of the population, meaning that most people can be easily traced online between social media platforms or other publicly available databases. 

Methods of communication and staying in contact with others through the internet are commonplace. Chat rooms, forums, and email all preceded the eventual invention of social media. But with this reach comes a risk of identity theft. 

What Is Social Media?

The kick-off point for most people’s experience with social media was platforms like MySpace and Facebook. These were the center of pop culture and controversy when it came to their effects on society and the data that they possessed. 

Today, platforms like TikTok, Snapchat, and Instagram have become the primary players. Each platform has brought its own concerns when it comes to privacy, data, and scammers.

While social media provides an easy way for people to keep in contact, it also becomes a way to meet new people. But the introduction of a new person you met online came with a lot of unknowns. Anyone, anywhere in the world, could create a social media account. Traditionally, there have been very few barriers to creating an account on any platform.

The general ideas of social media are universal; they’re a platform to share whatever is on our minds. It allows users to share photos, videos, or text of their own or share someone else’s content. For those with malicious intentions, oversharing can be a source of valuable information.

How Does Social Media Pose a Risk?

They say the internet doesn’t forget. This adage came about due to information that is posted to the internet being available forever. 

Newsworthy or viral content is shared at exponential rates across numerous platforms. People on the internet can save anything they see. That means any content can be recorded by a user and shared or uploaded to other sites. There are even sites that actively work to archive parts of the internet or serve as a database for internet culture. This approach can include the collection of sensitive information. 

When it comes to users interacting with social media, they’re prompted to share parts of their own lives. This can be when they create a profile where they provide their name, date of birth, email, phone number, or other personal information. 

When it comes to interacting on the platform, they’re encouraged to post original content about what they’re up to or where they are or share content from other users. Those prone to oversharing may reveal information that can be used maliciously, even when the information feels minor.

All of the information we provide on social media creates a footprint. A tactic enlisted by scammers looking to commit identity theft is a form of social engineering

A scammer can look through their victim’s social media accounts to find out as much as they can about them to carry out attacks. This breadcrumb of information can be accumulated to create a fuller picture of their target.

Mentions of locations, friends, family, pets, school, and work are all pertinent details. All of that information can be used against you to steal your identity or signal further attacks. Fraudsters can employ methods of phishing to further exploit the information you’ve shared on social media.

What Is Phishing?

Phishing can be a highly customized attack focused on the information you’ve made available to the public. Most often, this information is found on social media platforms, which makes them a breeding ground for potential identity theft.

With publicly available information, a bad actor can mine the information you’ve posted to use against you. A common issue that large businesses face is scammers pretending to be actual workers at a company. 

They will attempt to contact people at that company and try to convince other workers to share sensitive information with them. They may ask for account credentials or access to financial accounts. 

A scammer with an employee’s personal details can spoof their phone number or email or have access to communication accounts. Since these requests can be common within a business setting, you may not suspect anything. Providing the information they ask for will appear fairly routine, and without verifying their identity, they can make a breach within minutes. 

Scammers can easily find information about a business through a business-focused social media platform like LinkedIn. They can view information about a company, search what employees work there, and then gain details about that employee’s personal life. 

A LinkedIn account may provide enough information on its own or lead to the scammer finding more information on other platforms. All of this accumulative information can allow someone to be very convincing in their attempt to phish.

How Does Identity Theft Happen on Social Media?

About one in five people are victims of identity theft in some form within their lives. Social media’s part in amplifying this issue is often because of user behavior. Even geolocation tagging on a post can let someone know exactly where you’ve been or hang around. 

Platforms like Facebook have implemented features that allow you to check in to a location and tag friends or family with you. This type of interaction can be key information for someone looking to locate that you’re the person with your name living in a certain city. It’s one step toward building out a profile of you.

Sharing significant dates like birthdays and anniversaries can be important information that some institutions require to verify your identity or recover passwords. Sometimes these key details are incorporated into passwords themselves making them easy to guess. 

Passwords commonly use personal information such as a user’s birthday, pet’s name, their own name, or their children’s name. This further illustrates how innocent details you share can be unique in your life and be related to your accounts.

Because so much of this information is easily tracked through your social media accounts, a large percentage of people are vulnerable. A scammer looking to commit identity theft can potentially have enough information on you to log into your account or successfully pass challenge questions. 

Your identity can be stolen once a thief can access your account and get into the details stored deeper inside it. Some platforms may store other sensitive data that isn’t publicly available and that can lead to a domino effect of other accounts being compromised.

How Can I Avoid Social Media Identity Theft?

Prevention is always the best approach when it comes to social media identity theft. Many social media platforms let you take control over the information you decide to make available. 

It’s best to start with the settings of your accounts and make sure you’re not sharing information like email addresses, phone numbers, or birthdays. These are commonly sought for information as they can be highly personal and lead to a scammer finding out more about you.

Ensure the passwords you’re using are unique and hard to guess. Passwords should be made up of complex numbers, characters, or symbols. While complex passwords are not easy to remember, you can store them in safe locations. 

Otherwise, choose passwords that do not have obvious ties to your identity and your interests. Secure password managers or even physical notepads stored in a safe location are an option.

Keep good habits about what you decide to share in a public-facing account. The information you provide to social media should not easily identify you, others, locations, habits, names, or important dates. You can search through your post history to remove or hide the ones that share personal details about your life. For some, these restrictions may feel counterintuitive to the experience of a social media platform, which leads to our next option.

Make your accounts private and only available to friends. This step is a great way to maintain the sharing aspect of your life while ensuring a level of safety. Opting for both a private account and not oversharing are the best ways to keep a social media account but not give too much of yourself away. 

If you plan on keeping an account private but want to share potentially sensitive information, it’s best to screen who you let follow you. This means looking through your followers and removing any you don’t know. In the future, it would mean properly vetting anyone attempting to befriend you.

What Can I Do if I’ve Had My Identity Stolen Through Social Media?

If you or someone you know has been a victim of identity theft through social media, you’ll want to take action immediately. The true extent of the damage may not be clear, and if someone gains access to one account, it could compromise other accounts. 

Some of the first actions you can take are to secure all of your social media and other sensitive accounts, like banking and financial institutions. Change your passwords to more secure ones, update accounts to be private, and set up two-factor authentication when possible. These initial steps can mitigate further damage.

If sensitive information or accounts have been breached, you can take things a step further by contacting the three major credit bureaus. Alert them to your situation and explain that your information may have been compromised. 

They can ensure no further damage is done by a thief opening lines of credit under your name. They can set up a fraud alert system and freeze any activity under your name.

Contact the fraud department for your financial institutions or banking. You can talk to your bank and credit card companies about the issue and they will provide options relevant to your situation. 

They may issue you new credit or debit cards, set restrictions on your account, or create new accounts for you. If charges have been made on your behalf, you can contest them to reverse charges.

The FTC (Federal Trade Commission) is a government-run program designed to assist victims of identity theft. They can help you gather a plan to secure the situation and help you with each step of the process. They’ll even provide pre-filled forms to make the process easier for you.

Unveiling Social Media Identity Thieves

Digital Forensics is experienced in helping victims of identity theft. We can unveil users of fake accounts and expose their true identities. With our proprietary tools and team of experts, we can do more than what other companies claim. While some claim to be able to identify a scammer, they typically only have access to public databases. 

Maybe you need help identifying an old friend or a new acquaintance or exposing someone who has been misleading. We’re your ally in providing the truth, offering identity checks, and helping protect you from potential extortion. Bad actors employ numerous types of tactics to get what they’re after, like catfishing, blackmailing, and pretending to be someone else to steal your identity.

Identity thieves hide their own behind layers of fake and free accounts, which make them difficult to locate. We use tactics that find their digital footprints to track and uncover individuals who are using methods of deception against you. We’re able to provide the information you need to take to the authorities or present it as evidence in court in order to get justice for you.

Social media identity theft can quickly turn malicious. A perpetrator’s intentions could be to phish, use online blackmail, cyberbully, or perform any number of scams. We can help you take back control of situations involving identity theft, help you secure your accounts, and prevent exposure of your personal data.

Sources:

Global social media statistics research summary May 2024 | smartinsights.com

Protected Voices: Social Engineering | FBI

Victims of Identity Theft, 2021 | Bureau of Justice Statistics

50+ Password Statistics: The State of Password Security in 2024 | Exploding Topics

Report identity theft and get a recovery plan | FTC