Skip to main content


Staying Cybersafe on Social Media

4 Minute Read

Many of us love to share our stories, photos, vacations, jobs, and other life updates on social media. It is an easy way to keep in touch with family and friends. However, social media can be a cybercriminal’s hunting ground to collect personal information and target you, your family and friends with customized phishing email attacks. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication, typically via email, text or instant messages (IMs). From posts about your favorite vacation spot, the city you live in, and your favorite food, a cybercriminal can create a realistic email offering you a discount at a new local Mexican restaurant that makes you feel like “you’re back in Cabo eating the real thing.” Once you click on the link to get your “20% dining discount,” malicious software (malware) could be downloaded to your device, giving cybercriminals access to your PC, tablet, phone, etc., and your sensitive information (passwords, account numbers, etc.). Additionally, senior executives who post their positions and company information may open the door for cybercriminals to launch a Business Email Compromise (BEC) attack. These are schemes in which cybercriminals impersonate an executive or compromise the email accounts of an executive (based on information they find on the Web and on social media) and ask employees to send fraudulent wire transfers in order to steal funds. So, what can you do to avoid becoming a victim of a cybercrime based on the information found on your social media accounts? Here are some examples and best practices to consider to reduce your risk…

  • Limit what you post on social media. Especially if you are a senior executive, this information can be used for cyber-attacks against you or the company you work for.
  • Slow down. Cybercriminals want you to act first and think later. Be careful if the message conveys a sense of urgency or pressure to respond quickly; never let this urgency influence your careful review of emails and text messages to ensure that they are legitimate and not a phishing attack.  Read this article for more phishing tips.

  • Be careful who you “friend” on social media sites; confirm that the friend is who they say they are (validate the friend request via a separate known email or phone number). These friend requests could be from a cybercriminal who can now see all of your social media posts.

  • Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading attachments.

  • Be suspicious of any unsolicited messages. For example, even if an email looks like it is from a company you use (which may be found on your social media sites – for instance, from pictures of you wearing Nike sneakers during your recent race), do your own research. Go to the real company’s site, or consult a phone directory to find the company’s phone number and call them to verify that the message/offer is legitimate.

  • Carefully review the privacy settings on your social media accounts and consider limiting who can see your posts.

  • Set the spam filters on your personal devices to high; every email program has spam filters.

  • Secure your personal computing devices (e.g., phone, tablet) with the latest anti-virus software and when prompted to update your device from the manufacturer, do so immediately.