What Can Scammers Do With Your Social Media Profile and Posts?
According to a recent survey, 81% of Americans say they’re concerned about their privacy on social networking sites [*]. Yet, the privacy risks of using social media are a nightmare that most users choose to ignore — until it becomes a reality.
That’s what happened to families in Arizona, when a local man used location data on Snapchat to stalk and spy on young girls in the area [*].
The scary truth is that scammers can use the information you freely give out on social media — your posts, profile, and behavioral data — to spy on you, scam you out of money, or steal your identity.
Even worse, data protection issues and privacy loopholes mean that you (or your kids) are likely sharing personal data without your knowledge. But how much danger are you putting yourself in just by using social media? And is there a way to stay social and safe at the same time?
In this guide, we’ll share the most common online privacy risks, and explain how to keep your sensitive information safe from cybercriminals who are searching your social media accounts.
Why Does Social Media Privacy Matter?
Social media privacy refers to the personal and sensitive information that people can find out about you from your accounts. This information can be purposefully shared (such as in public profiles and posts) or unknowingly shared (such as the data sites share with other companies and social media marketing agencies).
But while most people are concerned about what companies know about them, the bigger danger is what scammers and fraudsters know — and how they can use that information.
According to the Federal Trade Commission (FTC), one out of every four fraud victims was targeted on social media last year, leading to losses of $770 million [*].
“One out of every four fraud victims was targeted on social media last year, leading to losses of $770 million – Federal Trade Commission”
Even with your account set to private, advertisers and scammers can gain access to your sensitive data in the form of:
- Profile information — such as your name, birthdate, and contact information.
- Status updates — including personal life events, work and relationship status, and religious beliefs.
- Location data — such as your hometown information and geo check-ins.
- Personal interests — including hobbies and buying history.
- Shared content — such as personal images and videos.
- Posts from friends and family — anything someone posts about you can be found and used by advertisers, hackers, and fraudsters.
What’s even more worrying is that some social media sites (like Facebook) collect user data about people who don’t even have an account [*]. These “shadow profiles” are typically used to target you with ads on other connected sites.
But what can happen if unscrupulous users gain access to your personal information?
What are the Most Common Social Media Privacy Issues?
- Hacking and account takeovers
- Social media phishing scams
- Shared location data
- Data mining leading to identity theft
- Privacy “loopholes” that expose your data
- Employers evaluating you based on your posts
- Doxxing leading to emotional distress
- Cyberbullying and online harassment
- Romance scams on social media
- Third-party apps with account access
- Malware and viruses in messages
- An excessive online footprint
The more information you share on social media, the more you put your identity, accounts, and finances at risk. Here are the most common social media privacy issues that you need to know about.
1. Hacking and account takeovers
Many people unknowingly post personal information that could give hackers clues to their passwords or security questions — for example, posting about your hometown, pets, elementary school, or extended family.
Scammers either use this information to try and brute-force their way into your account or employ social engineering attacks to trick you into providing your password.
In many cases, scammers don’t even need to trick you into giving up your passwords or account information. Leaked social media account information sells on the Dark Web for as little as $25 [*].
2. Social media phishing scams
If your social media accounts aren’t set to private, you can receive messages from anyone — even scammers trying to get you to click on malicious links. Last year, 12% of all clicks to fake phishing websites originated on social media.
Fraudsters also regularly use social media to run romance scams and investment fraud schemes. In the past few years, the brutally-named “pig butchering scam” has run rampant on social media, costing victims over $10 billion.
📚 Related: The Worst Social Media Scams of 2022 (and How To Avoid Them) →
3. Shared location data used by stalkers and predators
Many social media sites include location data by default — such as on photos or posts. This data can be used by stalkers, scammers, or even thieves to track your movement.
📚 Related: How To Keep Your Kids & Teens Safe on Social Media →
4. Data mining leading to identity theft
Scammers need surprisingly little information to steal your identity. And often, the starting point for identity theft can be publicly available information on social media.
Scammers can use your name, address, or phone number to target you with phishing scams — or look up more sensitive information about you that’s for sale on the Dark Web. With just your main email address or phone number, scammers can find any leaked passwords, credit card numbers, or even your Social Security number (SSN).
📚 Related: Can Hackers Hack You With Just Your Phone Number? →
5. Privacy “loopholes” exposing your sensitive information
Social media companies regularly change their policies and features — and some of those changes can cause serious data privacy issues.
For example, in some cases, posts you share privately with friends or in private groups can be shared publicly without your permission. And if your friends don’t follow the same stringent social media privacy settings that you do, this information could be accessed by anyone — even scammers and employers.
6. Employers or recruiters evaluating you based on your posts
Your social media profiles may seem personal, but 70% of employers say they use social media to research candidates during the hiring process [*]. Even worse, 57% say they found content that caused them not to hire a candidate.
7. Doxxing leading to emotional distress or physical harm
“Doxxing” occurs when hackers or bad actors purposefully share personal information about you on the internet in order to cause harm — for example, someone sharing your phone number or home address so that others will harass you. The more information about you that is publicly available, the more likely you could be “doxxed” if targeted by hackers.
8. Cyberbullying and online harassment
For kids, teens, and even adults, social media can be a source of bullying and emotional and psychological attacks. A public account gives cyberbullies easy access to target you with messages and malicious posts — as well as access to your personal information.
📚 Related: 10 Warning Signs of Cyberbullying (and What to Do) →
9. Romance scams on social media
Fraudsters create fake social media profiles to try and lure you into fake online relationships — and then ask you for cash, gift cards, or personal information. Romance scammers on social media can use your personal information to craft the perfect scam designed to ensnare you.
10. Third-party apps that can access your other accounts
Many people use social media logins (such as “Log in with Facebook”). But while these services are convenient, they can expose your personal information to companies or apps that might not have the best digital security in place.
11. Malware and viruses in messages or posts
If your account is set to public, scammers may send you malicious links via direct messages. These messages often seek to create a sense of urgency by using one of these methods:
- “Is this you in this photo/video?” These messages show a video or photo preview to grab your curiosity and persuade you to click on the link.
- Fake copyright infringement notices. Scammers send messages like this over Instagram to scare you into clicking on their links.
- Rewards or giveaways from major companies. Fraudsters pose as Walmart, Apple, Microsoft, Amazon, or other big companies and offer free prizes — if you click on their links.
If you click on any links in these types of messages, you’ll either infect your device with malware or be taken to what looks like a login page for the social media site. But in reality, it’s a fake website designed to steal your username and password.
📚 Related: How To Identify a Fake Website →
12. An excessive online footprint that data brokers can access
Finally, all of your activity on social media contributes to your online footprint — the trove of data that advertisers use to target you with ads. Unfortunately, in many cases, anyone can purchase this information from data brokers, putting you at risk of scams, or an onslaught of spam calls, texts, and emails.
How To Know if Your Personal Information Was Leaked in a Social Media Data Breach
Unfortunately, there’s only so much that you can do as an individual to protect your private information on social media.
Some of the biggest risks are outside of your control, like if a social media site is hacked. In the last four years, Twitch, Linkedin, Facebook, Twitter, and Quora have all been hacked — with millions of passwords and other account information ending up on the Dark Web.
The easiest way to see if your data is available to hackers is to use Aura’s free Dark Web scanner. Aura scans known Dark Web forums and sites for your email address to alert you of compromised accounts. Find out if your social media accounts are at risk →
How To Update Your Privacy Settings on Every Social Media Platform
It’s important to keep your data private on social media. Here’s how to update your privacy settings to protect yourself, your family, and your personal information.
Facebook privacy settings: What you need to know
Facebook has been in the hot seat for quite some time regarding privacy laws and leaks, including the Cambridge Analytica scandal and the 2018 data breach that impacted 530 million users [*].
How to update your privacy settings on Facebook
- First, use Facebook’s Privacy Checkup tool to understand what’s shared on your profile and who can view it.
- Then, adjust privacy settings under “Settings” and “Privacy” to only allow friends to view personal profile information, including your email address, phone number, and location.
- In your privacy settings, use the “Activity Log” to review all of your posts and photos including any in which you’ve been tagged; and then remove anything you don’t want people to see.
- Under your privacy settings you can also limit who can send you friend requests, find your profile, and search for you using your email or phone number.
- Finally, comb through your friends list and delete any unrecognized Facebook users who could view your profile.
📚 Related: How To Recover a Hacked Facebook Account →
Instagram privacy settings: What you need to know
A public Instagram profile gives people access to your name, location, and contact information (if business settings are enabled). Ireland’s data privacy regulator recently filed a $402 million fine against Instagram [*] over a loophole that allowed children to open public business accounts.
How to update your privacy settings on Instagram
- Under “Settings” and “Account Privacy,” move your Instagram profile visibility from public to private so that only friends can see your profile.
- Adjust your Instagram story settings under “Privacy” and “Story” to permit only close friends to view your temporary posts, as these often feature risky location identifiers.
- As with Facebook, comb through your existing friends list and remove any unknown or unrecognized users that could pose a privacy risk.
📚 Related: The 10 Biggest Scams Happening on Instagram Right Now →
Twitter privacy settings: What you need to know
Few Twitter users understand the privacy implications of their feed. According to a Pew survey, 65% of users believed their Twitter accounts were set to private [*]. But in reality, 92% of those people actually had their accounts set to public.
How to update your privacy settings on Twitter
- Modify your “Protected Tweets” settings so that Twitter feed details may only be viewed by followers and not by those who either searched on Google or are not Twitter followers.
- Adjust visibility settings to a private profile to only allow your followers or people you follow to view your information.
- Turn location settings off when posting a tweet.
📚 Related: Check out Twitter’s privacy settings page to update your account →
TikTok privacy settings: What you need to know
TikTok has quickly become one of the most used social media platforms. While TikTok doesn’t offer as many opportunities to accidentally share private information, it’s still important to update your privacy settings to help prevent phishing attacks and other scams.
How to update your privacy settings on TikTok
- Access privacy settings under the “Settings” tab, and toggle the “Private Account” option to “On” (the option will turn green). This only allows followers to view your profile and content.
- Under the “Privacy” settings, turn off “Suggest your account to others” to limit unwanted users from discovering you.
- In the same settings menu: set comments, mentions and tags, and direct messages to only “Followers you follow back and people you sent messages to.”
📚 Related: TikTok Parental Controls: How To (Safely) Set It Up for Kids →
LinkedIn privacy settings: What you need to know
LinkedIn is a powerful tool for building your professional network. But it can also expose some of your most sensitive information — including your name, occupation, and contact details.
The Federal Bureau of Investigations (FBI) recently issued a warning against a LinkedIn threat wherein criminals have been making fake, yet convincing, profiles in order to promote fraudulent cryptocurrency investments [*].
How to update your privacy settings on LinkedIn
- Under “Visibility” change your “Profile viewing options” to “Private Mode.” Then, restrict who can find your profile when searching your email address, phone number, or through services outside of LinkedIn (such as search engines).
- In the same section, edit “Email visibility” to make your personal email information viewable to either just you or only 1st-degree connections.
- Under “Account Preferences,” unsync your account with your phone, Gmail, or Outlook contacts.
- Turn off “InMail messages” under “Data Privacy” > “Other Applications” > “Permitted Applications.” This prevents messages from LinkedIn members who are not part of your connections.
📚 Learn more: Check out LinkedIn’s guide to privacy settings →
Snapchat privacy settings: What you need to know
Snapchat is known for its temporary messages. But scammers can still target you — even if your messages disappear. The biggest privacy threats on Snapchat are your viewing settings and location tracking. If left in default settings, these can be used by scammers, predators, and other people looking to harass you online.
How to update your privacy settings on Snapchat
- Under “Privacy Controls” set “See My Location” to “Only Me.” Also, ensure that you remain in “Ghost Mode” while on the map feature so as to never share location details.
- Assess your current “Contact Me” settings and ensure that only added friends and contacts can get in touch with you through Snapchat.
- Adjust your “My Story” settings to only allow your Snapchat story to be viewed by friends or a customized selection of users.
📚 Related: Don’t Fall For These 7 Dirty Snapchat Scams →
Google privacy settings: What you need to know
You might not think of your Google account as a social media service. But platforms like Google Maps, Hangouts, YouTube, and Gmail offer similar functionality (and privacy concerns) to other social media apps.
Even more dangerous are all of the third-party apps that you log in to using your Google account. If any of these accounts are compromised, your personal information could be at risk.
How to update your privacy settings on Google
- Use the Google Privacy Check-Up Tool to understand where any privacy risks exist in your Google account, and follow the provided recommendations. Pay special attention to the Google Photos options as well as your Google profile settings.
- Under “History Settings,” pause location history to prevent ongoing tracking of your movements.
- Review details provided under “Data from apps and services you use” in your account settings, and remove access from third-party apps that you do not use or recognize.
Microsoft privacy settings: What you need to know
Similar to Google, Microsoft accounts are often used to log in to third-party applications, like Skype. Cybercriminals can gain access to your Microsoft login details through these apps if you're not careful.
How to update your privacy settings on Microsoft:
- Enable two-step verification to increase login security and reduce the chance of unapproved account access.
- Assess apps and services under your “Account Settings” and remove any unauthorized or unused third-party data access.
Apple privacy settings: What you need to know
Apple iCloud accounts are often used by iPhone and Mac users to back up and share private files. This can include images, videos, geographical locations, and contact details. These details can leave Apple users open to hacking, malware and virus risks, and may even present personal security and safety concerns.
How to update your privacy settings on Apple:
- Use the “App Privacy Report” to understand individual permissions of apps in terms of data access and usage.
- Access “Location Settings” and remove location tracking permissions for unwanted or questionable applications.
- Enable six-digit passcodes, Touch ID, or Face ID to prevent any unauthorized account access.
📚 Go further: Learn more from Apple about how to update your privacy settings →
Social Media Privacy Checklist: How To Stay Safe on Social Media
Ultimately, staying private on social media isn’t just about changing your settings. You also need to change how you use social media.
Here are 10 tips to help you keep your social media profiles secure and private:
- Set strong passwords, and enable two-factor authentication (2FA) on your accounts whenever available.
- Avoid using publicly known or available information as the answers to your password security questions.
- Only provide social media platforms with the minimum amount of information requested to create an account.
- Whenever possible, do not provide social media sites or third-party apps access to your email accounts or contacts.
- Create a separate email account to use just for your social media profiles and third-party apps. With Aura, you can easily create and manage “throwaway” email accounts that give you access to services while protecting your main inbox.
- Disable location sharing across all social media, and avoid using geotagged photos.
- Review your current privacy settings and make sure your account has not been made public by default.
- Learn to recognize the signs of online scams.
- Consider signing up for an all-in-one digital security solution. Aura combines top-rated identity theft protection with 24/7 credit monitoring, Dark Web monitoring, digital security tools — such as antivirus software and a virtual private network (VPN) — and a $1 million insurance policy that covers you against eligible losses due to identity theft. Try Aura free for 14 days and see if it’s right for you!
The Bottom Line: Stay Social, Private, and Secure
Social media will always be a balancing act between privacy and promotion. The more public you make your personal information, the higher risk there is that you’ll be targeted by scammers and hackers.
Keep your accounts safe by using strong privacy settings, and protect yourself from scammers with Aura’s comprehensive identity theft protection service.