Security awareness

4 common social media scams (and how to avoid them)

Keatron Evans
October 17, 2023 by
Keatron Evans

There are 4.9 billion social media users globally, with the number steadily rising. It can be a great way to connect with friends, family and colleagues. Facebook, Instagram, LinkedIn: these platforms and more are great ways to expand human connection. But they also present new cybersecurity challenges.

With that in mind, learning what threats are out there and how to protect yourself from them is essential. 

Common social media threats 


When you’re on social media, attackers might pretend to be someone you know: a friend, a relative or a colleague. They use these fake identities to trick you into accepting their friend request. Then, they have access to your profile, photos and posts.  

But how could an attacker impersonate you? If your profile and friends list are public, hackers can duplicate it. They will then send new friend requests to everyone on the friends list. These connections will accept the request thinking it belongs to you, and then their profiles can be duplicated, and the process begins again.  


With phishing, hackers send phony messages to trick you into action, usually by clicking a link or attached file. Sometimes, they send messages, pretending to have photos of you or sharing a video. Other attackers buy ad space on popular websites and advertise their phony sites. These look like trendy online stores, but hackers will steal your data if you visit these sites and try to buy something. Others still use social engineering scams, creating an elaborate story to convince you to send money.  

Role-appropriate training to your entire workforce

Role-appropriate training to your entire workforce

Get a free year of cybersecurity skills training with your security awareness training purchase.  

Romance scams 

Romance scams are the most common social media attack, scamming 70,000 people out of $1.3 billion in a year. Hackers create a fake identity and begin an online relationship with you. Then they claim they're in trouble and ask you to send money. They might instead blackmail you using explicit photos or texts you sent them. And you are less likely to report them due to embarrassment, and they start with a new target.  


It might seem fun to discover your superhero name, but it might actually be dangerous. Hackers design these quizzes to get you to reveal personal information they can use to hack you. Think you’re safe revealing that your favorite band is U2 or your favorite sports team is the Boston Red Sox? For over 33 million people, these answers would have revealed a password. For others, they shared an answer to one of their security questions.  

Avoiding scams 

  • Avoid social media altogether 

  • Use the highest privacy setting available 

  • Be careful about accepting friend requests  

  • Never take social media quizzes  

  • Change your passwords and report immediately if you think you’ve been the victim of a social media scam  

If you stay safe and be careful, you can protect yourself and others from potential scams. Send this article to your connections, and stay safe out there!  

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Keatron Evans
Keatron Evans

Keatron Evans is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is VP of Portfolio and Product Strategy at Infosec, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker — and lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at major industry events like RSA and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.

Keatron holds a Bachelor of Science in Business Information Systems and dozens of cybersecurity certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and Licensed Penetration Tester (LTP). When not teaching, speaking or managing his incident response business, KM Cyber Security LLC, Keatron enjoys practicing various martial arts styles, playing piano and bass guitar, and spending time with his family.