There’s an excellent chance that you’re present on social media in some form. Most of us have a Facebook account that we use at least to keep in touch with friends and family, or a Twitter account to make business connections, or a Reddit account for everything else, or all of the above.

Spending so much time on the internet means that we leave large footprints behind containing our private data. Your social media accounts are ripe with data that phishers and other scammers can use to their advantage.

In 2018, the FBI IC3 Annual Report revealed that the number of reported Internet crimes and the total loss has increased exponentially in just a few years. Losses of more than $2.7 billion were reported in 2018, compared to the $800 million reported in 2014. Personal data breaches were among the top three most commonly reported types of crime.

The first step to staying safe online is staying well informed. What kind of info do they want? What kind of scams are most common on social media? How can you protect your data? Let’s walk through these answers so you can better protect yourself and your private data.

What kind of data do scammers want?

Ultimately, scammers are after money. In order to get that, they’ll look for your private data like email addresses, passwords, usernames, phone number, and even photos. Any of that data can either be sold or used to gain access to your bank accounts.

Is this a scam?

The first thing to be aware of is that there is more than one type of malicious attack to watch out for. There’s phishing, hacking, and social media scams. There’s a lot of overlap between these three, and any of them can be used through social media, so don’t let your guard down just yet.

Have you ever received an email from Twitter Support asking you to confirm your login info by clicking on an embedded link? Phishing attacks often involve sending someone an email or direct message that appears to come from a legitimate source, but the links will either infect your device and leave it wide open to hacks like keylogging, or lead to a site that is designed to trick you into typing in your information.

When it comes to phishing, the bait is usually based on your emotions like fear or anxiety. You could see a message saying “Your password has been compromised, please click here to reset your password,” and you panic, thinking that someone has your password now; but when you click that link you’ll be asked to enter your current password and a new password. Then the next time you try to log in to your account, you’ll be locked out.

Hacks usually happen when you access a malicious website or click a link that downloads malware onto your device. Once your device is hacked, the attacker can find any information they need: passwords, usernames, account information, even the email addresses of your friends and family that they can use while pretending to be you.

We want to focus here on the most common social media scams, but you might be interested in reading more about phishing and hacks in our Data Privacy Series.

Social media scams

Giveaways: Watch out for accounts that post or comment about giveaways. They will either include a link to a malicious site or ask you to send cryptocurrency to their address, but they’ll never sending anything in return. Other fake accounts will appear and comment about how great the giveaway is, or how they got so much money from the giveaway. It’s easy to confirm that these accounts are fake, based on their username, account activity, or follower count.

Ads: You have to scroll through a lot of advertisements on social media; it’s safe to assume that a large portion of them are scams of some sort. Clicking ads could lead you to a malicious site that can, again, infect your computer or phone.

Customer Support: Anyone on social media can create a fake account that, at first glance, appears to be legitimate, in order to imitate the support team of a real company. If you need help accessing bitcoins stored on your Trezor One wallet, for example, a fake account could contact you and pretend to be the Trezor Support team. They’ll try to trick you into giving them your PIN, passphrase, and even recovery seed. Everything they need to steal your coins.

Phishing: We mentioned phishing before, but it’s important to note that phishing attempts can appear in your social media messages too. Anyone can DM you pretending to be your friend, family member, or even a company, and offer you something or ask you for something. Even worse, if your email address is anywhere on your account, a scammer can use that to send you phishing emails.

Scammer pretending to be SatoshiLabs CEO Slush.

How do I protect myself?

Step one is staying aware and well-informed.

Step two is fairly straightforward, but often the most overlooked step: use common sense. If something seems suspicious, then don’t click it. If someone is asking for your private data, don’t trust them — verify that they’re legitimate. If you see a giveaway that seems too good to be true, it probably is. If someone DMs you to ask for money, just don’t. Don’t do it.

Step three is to get some technology involved. Set up email alerts about unauthorized logins to your online accounts. Use second factor authentication, or even better, universal second factor authentication. If you want to go a step further, you can even use a Trezor hardware wallet as the second factor token.

You are the first line of defense between your private data and every internet scheme trying to steal from you. Be aware, use common sense, and boost your security with a Trezor.