Whether it’s for work, swapping pictures, or keeping in touch with family, the majority of us have a few social media accounts. They’re undeniably useful, seeing as there’s no easier way to talk to folks around the world, but they do come with risks – oversharing is a big one.
That’s true, the whole point of a social media platform is to share tidbits of information about our daily lives. The problem is that dodgy hackers and cybercriminals can leverage this information for their own ends, too. Whether they’re trying to impersonate you to do a bit of identity theft, lock you out of your accounts, or dupe you into sending them money, your social media profile is a goldmine to savvy hackers.
Keep reading, and I’ll go through 4 ways oversharing can put you in danger, and how the best VPNs can firm up your digital privacy.
1. Personal details
This is the big one and, simply put, people are sharing way too much information about themselves and their personal lives online. Think of all the details you post about your family, birthdays, holiday dates, where you work, what you drive, and more. It’s the kind of thing you’d be comfortable discussing in person, during a private conversation, but online, you can’t be certain that there are no digital eavesdroppers.
Cybercriminals just love an oversharer. If your account is jam-packed with details about you and your closest friends (including your pets), the cybercriminal has everything they need to imitate you. Sometimes they do this to try and crack the security questions on your social media accounts (and then lock you out of them), sometimes they do it to commit identity fraud and get you into a ton of financial trouble.
Some cybercriminals take a more direct approach, however, and use the information on your profile to do some social engineering. They’ll create a fake identity for themselves and contact you, perhaps claiming to share interests or friends, with the ultimate goal of getting you to send them your hard-earned money.
A romance scam is a great, but particularly cruel, example of a socially engineered scam. The scammer can check out your page to create a totally bogus profile designed to fool you, specifically. This fake account may begin to overwhelm you with proclamations of love, sweet nothings, and promises that don’t go anywhere – oh, and then the inevitable request for some cash to tide them over until the next paycheck arrives.
2. Location data
Let’s say you’ve taken the most perfect picture of a sunset on your vacation and want to share it with your loyal following – it’s easy enough to upload it, and most social media platforms allow you to share your location in the process. Think of location tagging on Instagram or Snapchat’s automatic location sharing.
While it’s a nice idea to let your friends and family know where you are and what you’re getting up to, it’s less ideal for total strangers to have this information. Things get worse if a cybercriminal is monitoring your account, too. If they know where you are, they know where to find you in person, or know that you’re out of your home – making it a prime target for burglaries.
There’s also the fact that location data isn’t considered personally identifiable information. You might not think this is a major issue – what can be gleaned from following your digital footprint, after all? Unfortunately, the answer is a lot.
Marketing companies aren’t above using location data to spin up targeted ads based on your whereabouts and where you’ve been, which can be a huge problem if you’ve visited a doctor, court of law, or political rally, and don’t want pop-ups based on a specific personal issue plastered across your browser. The police have even relied on location data to track potential suspects without a warrant.
3. Unsecure settings
Okay, hands up – how many of us have actually done a deep dive into the security settings of our social media accounts? They are (unfortunately) easy enough to ignore, especially since most platforms claim to be ready to use as soon as you’ve downloaded the app and punched in your login details. This lax attitude is just what some cybercriminals are counting on, however.
If your account is public, there’s nothing to stop a scammer from settling down to examine your profile as though it’s a good book, there’s a storm outside, and they’ve got a hot chocolate. This can result in social engineering scams, like the ones I covered earlier.
Similarly, if you currently accept private messages from anyone, cybercriminals can come knocking. Their goal is usually to get you to click a malicious link that, once clicked, steals your login details or floods your device with malware, and they have a few tactics to get you to do so. Some criminals try to tempt you, claiming that you’ve won a prize but only have a few minutes to redeem it. Others are way more eerie, and can send you links with the caption “Is this you?”, hoping that your curiosity will get the better of you.
How to make your social media pages more secure
Okay, so after all that, you’re probably wondering what on earth you can do to deter crafty cybercriminals. The good news is that there are effective steps you can take right away that don’t involve giving up the internet and living as a hermit in the woods.
- Use 2FA: 2FA, or 2-factor authentication, is how social media apps make sure you’re who you say you are when you try to log in. Enable it, and you’ll be sent a code via text every time you access the platform, and you won’t be able to log in without it. So, unless the hacker has your phone, they won’t be able to get into your account – even if they know your password.
- Set a strong password: I know this is advice that every cybersecurity expert pedals out, but it bears repeating. A short password, or one that’s just your pet’s name, is a gift to cybercriminals looking to crack your account. Use numbers, symbols, and the weirdest phrases you can think up (and consider investing in a password manager if you need help generating passwords and remembering them).
- Adjust those settings: roll up your sleeves and hit that settings cogwheel. You’ll have the option to make your account private, which gives you more control over who can contact you, follow you, and see your information. I’d also recommend opting out of any location-sharing settings.
- “Should I post this?”: get into the habit of quizzing yourself before posting – whether it’s text-based or a picture. Are you giving away personal information? Is your location front and center? If so, you’ll want to consider tweaking the post or dropping it altogether, especially if your account is public.
- Invest in a VPN: finally, if you’re serious about your cybersecurity, and don’t want any third-party snoopers checking out what you do online, you’ll want to grab a VPN. These handy tools are nice and easy to use, and make it exceptionally tough for hackers to get their mitts on your data.
NordVPN is my personal go-to service because it’s the total package (and our #1 rated VPN of 2024). You can use it on whichever device you like thanks to its sleek apps. Plus, you don’t need to be a tech expert to get started – just download and install NordVPN the same way you would with a social media app.
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.