Social media is a great way to stay connected and share information with friends, family, and professional contacts. While applications such as Facebook, Twitter, Tumblr, and Snapchat are incredibly popular, they are also primary targets for scammers and hackers.

Most social media interactions assume a level of trust. Users share information about family, friends, interests, jobs and locations with the belief that this information will not be abused.

However, information is often shared which increases the risk of identity theft.  

In order to protect your personal and organization’s privacy, reputation, and confidential information, it is important to understand the risks associated with social media attacks and adopt best practices to mitigate them.

Here are a few best practices to keep in your back pocket:

  1. Watch out for “enticing” messages from other users. These types of messages are classic attempts to get you visit other websites, download software, or “update” your existing software- when in reality, they are likely spreading malware.
  2. Pay Attention to URL shortening services (like and They are common and popular avenues to share links- but, as a side affect, hide the actual destination of the link.
  3. Avoid sharing details about yourself that may be used to answer security questions or verify your identity. Keep in mind common security verification question topics, such as: schools, pets, anniversary and birth dates, and “favorites”.
  4. Check your privacy settings- broadcasting all your information to the general public, showing up in third party searches, and allowing unsecured connections (over HTTP instead of HTTPS) can unnecessarily expose your data and your account.
  5. Limit location data access. Sharing location data is very common and popular to let contacts know where you are and what you are doing- but it can also let others know when you aren’t home or won’t be for an extended period (which can lead to home invasions or thefts)
  6. Do not use the same password for more than one site. Use a unique password for each social media site to prevent one compromise leading to another.