FRAUD RESOURCE CENTER
En español | Be careful where you click when using social media. Scams are prevalent on popular social networks such as Facebook, Twitter and Instagram.
Many simply put a social media spin on older online frauds. Your social feeds are as likely as your email spam folder to be full of fake corporate giveaways, bogus investment tips, nonexistent government grants, supposed sweepstakes winnings and ads for questionable health aids, intended to get you to send money or click on malware-loaded links..
Some of these cons are being customized for the coronavirus pandemic. For example, hackers hijack Facebook accounts and, disguised as your actual friends or relatives, send out private messages with purported links to urgent health information or COVID-19 "relief grants."
There's more: Romance scammers create legitimate-looking profiles on social media and use them to contact and woo potential victims (a practice known as catfishing). Online shopping cons have expanded from bogus websites to deceptive or phony Facebook and Instagram ads.
Other scams are tailored to exploit how we interact on social media. For example:
• Fake celebrities. We’ve become so used to seeing what our favorite stars are up to on social media that it might seem natural for them to get in touch to solicit charitable donations, offer backstage passes or profess their gratitude personally. It’s not. Social networks swarm with impersonator accounts set up to hoax or fleece fans.
• Facebook quizzes. They may seem like harmless fun, but the Better Business Bureau and digital-security companies warn that swindlers sometimes use quizzes to pry loose personal data. Launching a quiz app may give its creators permission to pull information from your profile, offering hackers an opening to steal your online identity.
And look out for innocent-sounding queries about your high school mascot or first car. Con artists know these are common security questions that banks and financial firms use to protect accounts.
• “Is that you in this photo/video?” If you get a message like this with a link to purported online evidence of embarrassing behavior, repress your curiosity and hit “delete.” Clicking the link takes you to a site that mimics one of the popular social networks and prompts you to log in, a ploy for hackers to get your credentials and access your account.
Similarly, scammers have been known to use Facebook’s tagging feature to quickly spread malware, via links to supposedly salacious videos.
A growing share of older Americans are Facebook users (32 percent of those over 65), and they are increasingly concerned about privacy and the use of their personal data, a 2018 Gallup Poll found. Amid rising concern about how social networks handle personal information, there are steps you can take to help protect your online identity.
- Posts and ads that offer super low prices on popular name-brand goods or free trials of miraculous health and beauty aids. If a discount or product claim seems too good to be true, it probably is.
- A post that directs you to another website to claim a prize, win a gift card, take a quiz, fill out a survey or see a scandalous video.
- Posts and direct messages that ask for money, even if they appear to be from someone you know; that person’s profile may have been hacked or duplicated
- Do check and regularly update the privacy settings on your social media accounts. Use options to limit access to your posts to people you know and to restrict permissions for apps to access your profile information.
- Do use different passwords for different accounts, and set up two-factor authentication, which ensures that only you can access an account even if someone else gets your password.
- Do think carefully about what you post about yourself and your whereabouts. Hackers can use personal information for identity theft, and a seemingly innocuous vacation photo can signal to criminals that your home is empty.
- Do be wary of strangers who attempt to forge close bonds or romantic relationships on social media, and cut off contact if they start asking for money.
- Don’t include personal information, such as your home address or phone number, in your public profile.
- Don’t accept friend requests from strangers.
- Don’t download apps via links on social media unless you need them and can confirm they come from a trusted source.
- Don’t take social media quizzes or surveys that ask personal questions, even ones that sound innocuous.
- Don’t click on suspicious links, even in posts from people you know — their accounts may have been hijacked. Website safety checkers such as Google Safe Browsing or VirusTotal can tell you if a link carries a phishing or malware risk.
- Don’t log in to Facebook or other social media sites while using a public Wi-Fi network. Many are poorly secured, leaving openings for scammers to intercept personal data associated with your accounts.
About the Fraud Watch Network
Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.
- If you are victimized by a social media scam, report it to the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.
- Facebook’s Help Center has a section on account security that includes tips on protecting your information and avoiding scams. You can report suspicious posts, messages and profiles to Facebook.
Updated September 17, 2020
More From the Fraud Resource Center