7 Tips to avoid social phishing

A photograph of someone using their smartphone over a laptop.

Phishing is the number one method of attack delivery for everything from ransomware to credential theft. Phishing is a popular email attack, but other types of phishing have been growing rapidly.

In recent years, phishing over social media has skyrocketed by 500%. There has also been a 100% increase in fraudulent social media accounts.

In the face of such risk, securing your social media use is vital to avoid these types of covert attacks.

For over 25 years, WEBIT Services has helped clients discover and apply effective security practices. It is passionate about knowledge, education, and online safety.

By reading this article, you will learn seven ways cybercriminals may try to reach you on social media and how to prevent these attacks.

7 Tips to avoid phishing attacks on social media

1. Make your profile private on social platforms

Phishing scammers love public profiles on social media because they can gather intel on you to strike up a conversation. Unfortunately, they can also clone your profile and create a fake page for phishing your connections.

Criminals do this to try to connect with those on your friends or connections list to send social phishing links that those targets will be more likely to click because they believe it’s from someone they know.

You can limit your risk by only making your social media profiles private. With a private profile, only someone that you’ve connected with can see your posts and images. The general public cannot view your posts and information.

For sites like LinkedIn, where many people network for business, you might still want to keep your profile public, but you can follow the other tips below to reduce your risk.

2. Hide your contacts

By hiding your friends or connections list, you can keep phishing scammers from using your social media profile to get to your connections. Platforms like LinkedIn and Facebook both give you this privacy option.

Be aware that this does not keep scammers from seeing you as a friend or connection on someone else’s profile unless they have hidden their friends list.

3. Be wary of links sent in direct messages or posts

Links are preferred to deliver phishing attacks, especially over social media.

Links in social posts are often shortened, making it difficult for someone to know where they are being directed until they get there. This makes it even more dangerous to click links you see on a social media platform.

Unless you know the source is legitimate, do not click links sent directly or in social media posts. They could lead to a phishing site that does a drive-by malware download onto your device.

Even if one of your connections shares a link, research where it originated. People often share posts in their feeds because they like a meme or picture on the post, but they never take the time to check whether the source can be trusted.

4. Don’t participate in social media surveys or quizzes

While it may be fun to know what Marvel superhero or Disney princess you are, stay away from quizzes on social media. They’re often designed as a ploy to gather data on you. This data could be used for targeted phishing attacks or identity theft.

It’s best to avoid surveys or quizzes on any social media platform because once your personal data is out there, there is no getting it back.

5. Avoid purchasing directly from ads on social media

Many companies advertise legitimately on social media, but unfortunately, many scammers also use the platforms for credit card fraud and identity theft.

If you see something that catches your eye in a Facebook or Instagram ad, go to the advertiser’s website directly to check it out, do not click through the social ad.

6. Research before you accept a friend request

Getting a connection request on a social media platform can be exciting. It could mean a new business connection or connecting with someone from long ago.

But this is another way that phishing scammers will look to take advantage of you. Scammers will try to connect with you through friend requests and direct messages, sometimes posing as friends.

Do not connect with friend requests without checking out the person on the site and online using a search engine. If you see that their timeline only has pictures of themself and no posts, that’s a big red flag that you should decline the request.

7. Safeguard your devices against phishing links and files

It’s vital to safeguard your devices with DNS filtering, managed antivirus, email filtering, and more. These tools will help protect you if you click on a phishing link.

Talk to your IT provider to see if additional security programs and tools are recommended for your devices.

Next steps to avoid phishing on social media

As our internet use evolves, cybercriminals develop new methods of attack. Phishing has now reached outside our email inboxes and into our social media applications.

To avoid falling for phishing scams on social media, follow these tips:

  1. Make your profile private on social platforms
  2. Hide your contacts
  3. Be wary of links sent in direct messages or posts
  4. Don’t participate in social media surveys or quizzes
  5. Avoid purchasing directly from ads on social media
  6. Research before you accept a friend request
  7. Safeguard your devices against phishing links and files

If you have additional questions about phishing and security practices, talk to your IT provider or internal IT team. They can educate employees or help create procedures to help keep your company devices and data safe.

WEBIT Services has educated clients in cybersecurity and has helped clients establish effective security procedures.

If you are looking for a new IT provider, schedule a free 30-minute consultation to see how WEBIT Services can help.

If you aren't ready to make a commitment but would like to learn more about the dangers of cybercrime, we recommend the following articles: