What You Need to Know about Social Media Security

Take a second and ask yourself — when was the last time you changed your password? Do you still use the same password as when you were 12 because it’s the only one you’re likely to remember? No, I’m not talking about myself.

In all seriousness, social media is such an important part of how we communicate and engage with each other online, and we all need to approach it with more caution. In this article, we explore the various ways to keep your social media accounts safe and secure. And to ensure that we provide the most accurate advice for managing your social media security, we sought insights from Rafael Broshi, CEO of Notch, a social media insurance company.

When it comes to social media security, there are several types of threats that you should be aware of. Raphael says that the most common scams aren’t done by Matrix-like hackers in a dark room, but are usually executed through a concept called ‘social engineering.’ He breaks the potential threats down into three scams:

Security risk 1: Emails impersonating social media platforms

The first – and most common – scam is emails impersonating a social platform, whether it is Instagram, YouTube, or TikTok. Here’s how this scam plays out:

Scammers get a large list of emails of valuable accounts, usually they target accounts with at least a few thousand followers, because they understand that it might be a source of income for people or would just carry a lot of value because it took a long time to grow.

Then they send a generic email to those people saying something along the lines of, “In one of your recent posts, we’ve seen a violation of our terms of service. If you don’t fill out the following forms, you will get suspended within the next 24 hours.”

On your end, you might get an email from a domain that looks like it was sent from Instagram, and because platforms use different domains to send emails, you can’t always tell if an email was sent from the real Instagram just by looking at the sender. One email might be for security alerts, while another is for sending the latest offer from the platform.

A user might think they’ll never fall victim to that, but a scam that is being sent to a thousand different emails will hit the inboxes of people in different situations. Maybe one hundred of those people are having a stressful day and are therefore not as vigilant, or fifty people just posted to Instagram a few seconds ago and suddenly receive an email about terms of service violation. Depending on the nature of the scam, it might look legitimate enough that some people click through.

Raphael adds that when you click the link in a phishing email, it will send you to a website that looks exactly like the social platform with a domain that’s just slightly different (like “.net: or “tik-tok.com”). However, once you put in your username and password, that’s it.

Now, you might wonder where two-factor authentication, highly recommended for social media security, comes in. Well, scammers will copy the details you enter into the fake website to the legitimate one in real-time. So if you get an email asking for your two-factor authentication code, you won’t think anything of it and will hand over the code by putting it on the fake website.

That sounds pretty elaborate to set up but so simple in real-time because it can happen in a few minutes.

What can you do to prevent this from happening? Look for communication from social media platforms from within the apps when you are already logged in.

Using Instagram as an example, you can go into your app → go to Settings → click ‘Security’ → click ‘Emails from Instagram’. There you’ll see all official communication from the platform.

Security risk 2: Accounts impersonating platforms

The second type of scam comes from accounts that have already been taken over. Raphael describes it as scammers taking control of an account that already has a ton of followers and changing the name to “TikTok Support” or something similar.

If you see a DM from an account with an official-looking name and lots of followers, you might think it’s legitimate.

How can you avoid this scam? No platform will send you a DM, especially not one asking for personal information. So you can safely ignore any of those messages you receive.

Security risk 3: Accounts impersonating people you know

This is similar to the previous scam but involves people you already know. If one of your friends gets hacked, the scammer might use their following list to take advantage of their relationship with you. What they do, as explained by Raphael, is that while holding accounts for ransom, they send messages to people the hacked account has been in touch with, asking for money or account details.

The common element with these scams is human error, which strong passwords, two-factor authentication, and password managers can’t always account for. The potential consequences of falling victim to these threats can be severe, including damage to your devices, financial loss, and even identity theft.

What can you do? Be vigilant about messages that ask for money or account details from anyone in your network. Reach out to that person via another means of communication if you’re unsure that it’s them.

What you need to know about protecting your information

In addition to securing your accounts, it’s also important to be aware of the types of personal information that can be at risk on social media and take steps to limit the amount of personal information shared. Here are some tips for protecting your personal information:

  • Limit the amount of personal information shared: Be mindful of the information you share on your social media profiles, such as your address, phone number, and email address. Avoid sharing sensitive information, such as your social security number or financial information.
  • Be aware of who has access to your personal information: Review your privacy settings to ensure that only the people you trust can access your personal information.
  • Be cautious of third-party apps and services: Be careful when granting access to third-party apps and services on your social media accounts, as they may collect and share your personal information without your knowledge. Before granting access, research the app or service and read the privacy policy to ensure you understand how your information will be used and protected.

Raphael emphasizes the importance of awareness and education about what the potential risks are so that no matter the circumstances you’re in, you take the time to consider what you share with others when it comes to social media.

Now that you understand the types of risks present on social media, it’s important to take steps to protect yourself.

  1. Limit access to your social accounts, especially if you have a large account that requires multiple people to have access. If your assistant or social media manager hops into your business or influencer account to post regularly, make sure they’re updated on security measures for your account.
  2. Set up two-factor authentication. It’s an important layer of security for any Internet user and should be implemented even on non-social media accounts. This guide by The Verge details how to set up 2FA for different online accounts.
  3. Use a password manager to generate strong passwords and keep them safe. 1Password and Bitwarden are among the managers that come highly recommended.
  4. Review the apps or websites that have access to your email and social accounts periodically.
  5. Be cautious of what information you give away online, even to people you regularly communicate with. If you’re suspicious of anything or anyone, double-check to make sure they’re really the ones behind the screen.
  6. Be careful what you click on. As we stated earlier, visiting suspicious sites can open up your accounts to hackers.
  7. Review your privacy settings periodically to ensure that no person or app has access that shouldn’t.

Buffer is a great way to reduce the risk of human error when it comes to your social media. You can easily set up your account with different levels of administrative access. You can also set up your system so that only posting is allowed for certain people, and revoking access is simple and straightforward. And best of all, you can set up two-factor authentication so that only people with access to your team’s password manager can access your account.

🔒 Use Buffer to manage all your social media accounts safely and securely in one place.

https://buffer.com/resources/social-media-security/