People Are Underestimating the Cybersecurity Risk of Social Media

Published on May 8, 2020

Most people simply are not as aware of the cybersecurity risks of social media as research suggests they should be. Researchers at Stratecast found that 22 percent of users social media users have fallen victim to a security-related incident.

The cybersecurity risks of social media are constantly lurking around the corner. It is imperative to be on your guard. The common mindset is “It won’t happen to me”. 

Cyber-safety 101

Securing your social media accounts begins with strong passwords. Never use the same password in multiple places. Coming up with a secure password for each account is tedious. You can instead use an encrypted password manager to create (and never forget) secure, random passwords. Some good password managers (that do not pay me to endorse them): Dashlane, LaunchKey, LastPass, AgileBits, StickyPassword. 

“Use multi-factor authentication and the other available security mechanisms,” advised Yo Sub Kwon, the software architect behind LaunchKey who currently serves as CEO of TraceHop. “If someone sends a suspicious link or makes an unusual request, it’s wise to verify that they are in control of their account. Also, review your privacy settings and consider making them more strict.”

Enabling multi-factor authentication for all of your social media accounts seems time-consuming, but it’s worth the hassle. Here are some guides that show you how to enable multi-factor authentication on Facebook, LinkedIn, Twitter, and Instagram.

Don’t trust just any third-party app and sign-in using social media accounts. Make sure that you are only authorizing legitimate apps to gain access using your social media logins.

Most people are using social media apps on their phones, make sure that your phone has a secure password. Your numeric code should be more than 4 digits, and avoid using a pattern or fingerprint.

Update your phone and apps regularly. Updates often patch vulnerabilities that attackers can leverage to gain access to your system.

All social media platforms have secondary security questions. Be sure to set strong answers for security recovery questions that aren’t tied to your personal information.

Jack Dorsey, the CEO of Twitter, was the victim of a SIM jacking in September 2019. The SIM- jacker launched a barrage of racist Tweets via SMS, prompting the Twitter corporate account to unfollow @Jack.

A SIM-jacker is a hacker who convinces your cell carrier to switch your phone number to a SIM card they own. This gives the scammer control of your number. They can then open new cellular accounts in your name and buy new phones using your information. The steps you take to stay safe on social media also protect against being SIM jacked.


“Staying safe in the digital age is partly a function of understanding your own threat model,” said Jackie Singh, CEO of Spyglass Securities. “This means knowing what valuable assets and data you have (or have access to), and taking reasonable steps to defend against the most common types who might be interested in them.” 

One of the most common mistakes people make is exposing their location on social media. Disable all location information on social media. Facebook has a feature that makes it easy to “find your friends” via GPS, a horrible idea. Twitter users are advised not add a location to your Tweets.

Be mindful of the cybersecurity risk of sharing personal information on social media. Avoid silly mistakes such as an Instagram Story that exposes your credit or debit card number. It doesn’t really matter if the CVV code is exposed or not, it is dangerous.

“Even if you’re a very modest user of the Internet, you have almost certainly have had information and credentials obtained by malicious actors,” said Kwon of TraceHop. “If you’re not worried about your own identity, remember that attackers can use your accounts to get to others that trust you if you are compromised.”

Stories on Facebook, Instagram, Snapchat, and TikTok have become notorious places where users expose their live location. Telling the world you are on a holiday invites burglars to target your residence. It is one of the biggest cybersecurity risks of social media.

The implications of data misuse are not yet well-understood, so limit access to your data whenever possible and reasonable.

Friends wishing you “Happy Birthday” on your Facebook “wall” (as it was once referred to as) is nice, but your date of birth helps cybercriminals eager to steal your identity.

Use a VPN and anti-virus software to safeguard yourself. When using free public WiFi or a hotspot, be mindful of what you are doing. Investing in a paid VPN service such as Nord VPN, ExpressVPN, or IP Vanish.


On Facebook it is far too common to receive friend requests from spam accounts, oftentimes sexy looking ladies. If you don’t know the person, don’t add them! Criminals can learn a lot about you and your friends from your profile and use this information against you. Never give people you do not know personal and sensitive information. If someone suspiciously asks for your personal information, immediately report them to Facebook and block them. If you receive a friend request from someone who is already a Facebook friend, RED ALERT! Contact your friend to double-check if, in fact, they actually added you. 

Scam bot accounts on Twitter are usually very new, and often have usernames with random letters and numbers. It is extremely common to come across “sexy girl twitter bots” such this: 

Fake advertisements are becoming ever more popular, especially on Facebook. Things that are too good to be true, most of the time just aren’t true. A mantra users should say to themselves on social media. Facebook estimates between 50 million to 100 million active monthly user accounts are fake duplicates, and 14 million are “undesirable” on the site. Facebook scammers often send friend requests with messages asking people to text a phone number. Here’s a perfect example: 

Military veterans are sadly a common target of social media scams. Attackers often claim to be a soldier and seek financial help or attempt to sell cheap items. Scammers use the stolen names and real photos of military personnel to open fake social media accounts. You can find a list of the top ten veteran-specific scams and information on how to avoid them here.

Be mindful of the cybersecurity risk of social media when you reveal personal information in your posts. Scams on social media are increasingly prevalent. It is naive to presume you are not a target. Be careful out there folks!

Hartej Sawhney was born and raised in New Jersey and is currently based in Barcelona. He serves as CMBDO at Qredo and is also the Principal at Hartej is a serial entrepreneur, brand-focused investor, and an advisor to startups, family offices, regulators, governments, and an array of financial institutions. Hartej has vast experience in Fintech, Cybersecurity, and a strong knowledge of Bitcoin, Ethereum, Blockchain, and related technologies. Hartej is the father of two boys and lives with his wife and adopted dog, Shanti.

Read more

More GD News