Cybercriminals use social media to identify victims and steal their personal information. By posing as an online friend, a fraudster could trick you into sending money or sharing PII. By following your feed, a phisher could gather details for a highly targeted attack. To minimize your risk, decline friend requests from people you don’t know. Be thoughtful about what you share online, and take care with links: Before you click, hover your mouse over the URL to see its true destination.

When you share on social media, do you have an audience in mind? Maybe that photo of your kids helps you connect to faraway relatives, while a shot of your old stomping grounds sparks a chat with college buddies. 

Unfortunately, when you think about who’s watching on social, you should also consider cybercriminals.

Fraudsters use social networking platforms to identify victims and steal their personal information. Before you share any meaningful information or even accept a request to connect with someone you don’t know in real life, consider these common ways criminals can manipulate social media.

Social shares lay the groundwork for targeted attacks

There’s a wealth of personal information available on social media. Unfortunately, criminals can use those details to power sophisticated phishing attacks. 

The more criminals learn about you, the more they can tailor their approach. And that’s bad news, because highly personalized attacks are more likely to succeed.  

For example, if you’ve shared your workplace online — like the 177 million people in the U.S. who are on LinkedIn — a bad actor could use that information to launch a type of phishing attack known as whaling, in which a thief’s attempt to steal credentials or even cash is disguised as a directive from your CEO. 

If you’ve shared a particular passion or hobby online, a fraudster could use those details to lure you to a landing page that looks legitimate, but actually installs malware on your computer or steals your credentials. 

And if you communicate regularly with friends on social media, a phisher could mine those public conversations, use the details to convincingly pose as your friend, then ask for your log-in information or other sensitive details. 

What’s more, bad actors may be monitoring your feed for clues to your password — so make sure yours doesn’t include something easy to guess, like your dog’s name. 

Your online activity can lead to crimes in the physical world

Unfortunately, criminals don’t stop at phishing attacks. Some use social media for reconnaissance before planning a crime in the physical world. 

That’s why it’s wise to delay vacation posts until after you’ve returned home. When you’re posting in real-time about your two-week honeymoon abroad, you’re also sharing publicly that you’re not home, and won't be for some time. Burglars can log on to social networks too — and may see your extended trip as an invitation to stage a break-in. 

The same idea also applies to daily life. Posting in real time could reveal your regular schedule or your location at any given time. Why not delay Instagram posts or location check-ins by a few hours or even a few days? 

As an added bonus, you’ll have more time to make sure your posts aren’t revealing more than you intended — like that family photo taken on the front porch that happens to include your house number. 

Be wary of fake accounts — and real ones that have been hijacked 

When you’re communicating online, it’s not always easy to confirm that a person is who they say they are. 

According to a Pew Research study, 49 percent of social media users say they use the networks to make new friends. But those online friends may actually be fraudsters looking to mine your personal information. One way to reduce this risk is to decline friend requests from people you don’t know in real life. 

Still, even close friends and verified public accounts can be hacked. Additionally, any online request that involves sending payments or sharing personal information should be regarded with suspicion, even if it seems to come from a trusted brand, celebrity, or real friend or acquaintance.

Social media best practices

Life in the digital age isn’t without danger — but that’s no reason not to enjoy the internet. When using social media, consider these guidelines:

  • Decline friend requests from people you don’t know in real life 

  • Don’t post in real-time — wait a few hours, or even a few days, before sharing content that reveals your location 

  • Be thoughtful about sharing personal details online

  • Be wary of requests for sensitive details or payment information, even if they seem to come from a close friend, celebrity, or major corporation

  • Be cautious when clicking links from your social media feed; hover your mouse over shortened URLs to confirm the real destination 

If you're an Allstate Identity Protection member, you can log in to the portal to activate key features that provide additional protection. Through social media monitoring, we keep tabs on social accounts for everyone in the family, watching for vulgarity, threats, explicit content, violence, and cyberbullying. We also monitor for account takeovers that could lead to costly reputation damage. 

If you’re a member and you opt into dark web monitoring, the bots and human operatives we use will regularly scan closed-hacker forums for your compromised credentials. If you’ve fallen prey to a phishing attack and your information lands in the wrong hands, we’ve got your back. We’ll alert you right away if we find your information for sale. 

Not sure if you’ve been compromised? We provide credit monitoring from all three bureaus, which may make spotting and resolving fraud easier. 

At Allstate Identity Protection, we hope your time online can be fun, not fraught. That’s why we’re committed to protecting your information every second of every day — that’s our promise to you.