This post has been modified to reflect new information since its original publication.
Roughly 70% of all American adults use social media, but many are not using it wisely. Even after a score of giant data breaches and Fakebook’s Cambridge Analytica scandal, some people continue to share valuable, private information that others can use against them.
Here are five of the biggest social media privacy mistakes that people make—and their repercussions—as well as some tips for keeping your information secure.
1. Sharing personally identifiable information
Personally identifiable information (PII) is any data that someone could use to identify you—either by itself or when pieced together with other information available online. Examples of PII include your:
- Email address
- Driver’s license number
- Social Security number
- Bank/credit card account number
- Passport number
- Usernames and passwords
- Medical records
According to an Experian survey, Americans have, on average, posted 3.4 pieces of sensitive information on the Internet, often thinking that their poor credit or low income reduces their risk of identity theft. However, this is far from true—everyone is vulnerable to these crimes. In fact, the same survey showed that over half of the respondents had either experienced identity theft themselves or knew someone who had experienced it.
Criminals can piece together widely available information, like a name or birthdate, with PII to commit various types of identity fraud, including opening new lines of credit, filing taxes, stealing government benefits, and taking over your financial accounts. Moreover, scammers can leverage what they find on social media to launch social engineering attacks against you to obtain even more information. This is why oversharing on social media is so dangerous.
Because your PII is so valuable to criminals, they are actively searching the Internet for it. Consequently, you need to think twice before tweeting out that horrible driver’s license picture without first blurring out your identifying information.
“While you can’t expect what you share on social media to stay private, decisions about what to share and who to connect with are about boundaries and privacy.”—Devorah Heitner, PhD, founder of Raising Digital Natives and author of Screenwise: Helping Kids Thrive (and Survive) in Their Digital World
Tagging your selfies with a location is a good way to get them noticed by social media users interested in certain locations. However, it can also be a dangerous practice.
For example, sharing geotagged photos in real time lets a large group of strangers know where you are at that moment. This means that anyone can meet you, interrupt you, detain you, or worse. Similarly, by posting geotagged photos of your daily routine, you are enabling stalkers, data-gathering companies, and others to track your every movement.
“Because smart phones encode the exact location of where pictures are taken, right down to the street address, be sure to turn the geotagging feature OFF in your settings.”—J. J. Cannon, author of @Sophie Takes a #Selfie
Additionally, thieves who see geotagged pictures of you on vacation know that they have plenty of time to steal all the valuables from your house without fear of you returning any time soon. In fact, 80% of robbers look at social media when deciding which house to target.
3. Not locking down your privacy settings
Even though the number of data privacy scandals continues to grow, most Americans aren’t being proactive about securing their privacy. In fact, only 44% of Americans are consistently taking advantage of the privacy settings in their online accounts and mobile apps to keep their information safe.
At a minimum, you should hide your phone number, birth date, email address, and location in your social media profiles to reduce the chances of becoming a victim of identity theft. You should also change the privacy settings on each platform to limit who can see your posts.
The following pages will show you how to do this:
- Facebook’s Basic Privacy Settings & Tools page: This page shows you how to adjust your privacy settings for current and past posts. You can also find out how to create lists to restrict certain posts to a select audience.
- Twitter’s Safety and Security page: This page has all the information you’ll need to increase the privacy of your account. For example, you can learn how to prevent someone from looking you up via your phone number or email address. You can also discover how to limit your posts’ visibility to others.
- Instagram’s Privacy and Safety Center: This page teaches you how to set your account to private to restrict who can see your photos. There are different instructions depending on whether you are using Instagram via a browser or the Instagram app.
However, it’s important to remember that even if you have set your social media accounts to “private,” you have no guarantee that your information will remain within your friend group. Your family and friends might share your posts with strangers—either through social media or word of mouth. And this means that your private information might still fall into the wrong hands, no matter how careful you are.
“Expecting Privacy in Social Media is a tremendous mistake, not to mention an oxymoron. It’s imperative users of social media understand they can attempt to limit visibility into their content, but an expectation of privacy on a platform designed for sharing is not wise.”—Richard Guerry, executive director of IROC2.org and creator of Public and Permanent
4. Accepting friend requests from strangers
Accepting a friend request from someone you don’t know in real life gives that individual access to your posts—and all the personal information they might contain. If you are on Facebook, it also lets them message you. This means that scammers can use Messenger to send you phishing messages.
Friending strangers also makes you vulnerable to romance scammers who try to trick you into sending them money or sensitive personal information.
Another consequence of accepting these kinds of requests is that it makes your account vulnerable to cloning. Have you ever received a friend request from someone you’re already friends with? These requests are from scammers looking to grow their networks by using fake accounts copied from real users.
If you ever get a friend request from someone you’ve already friended, you should report it right away.
- Facebook: Facebook’s reporting tool lets you report a fake profile or page.
- Twitter: Use this page to report an account pretending to be you or someone you know.
- Instagram: If you suspect your account has been hacked or someone is impersonating you, fill out this form.
5. Doing quizzes and games that require access to profile information
To ensure you aren’t accidentally giving away too much personal information, you should think twice before taking any online quizzes or playing social media games. Fun quizzes like “10 facts people might not know about you,” “What kind of pizza are you?” or “What does your pet you say about your personality?” are often just methods of siphoning your personal information—and that of your friends—to data-mining companies or scammers.
This popular holiday quiz, “What’s Your Elf Name,” for example, coaxes you to give up your name and birthdate, which identity thieves can combine with other data to steal your identity.
One example of a company surreptitiously stealing your data through online quizzes is that of Ukranian hackers working for Cambridge Analytica. The two hackers gathered personal information on more than 60,000 American Facebook users through quizzes like “Do you have royal blood?” and “What animal are you?” By taking the quizzes, users unknowingly surrendered personal information like their name, profile picture, and age range. They also gave the hackers access to their private list of friends.
While not all online tests are gathering and selling your data, it’s a good idea to read each quiz’s terms of service before playing. This way, you can find out what type of information the company collects and how it uses it.
You also need to consider what kinds of questions a quiz is asking. Even the most mundane information can be harmful if it is the answer to a common security question.
“The posts that ask what was your first grade teacher, who was your childhood best friend, your first car, the place you [were] born, your favorite place, your first pet, where did you go on your first flight … Those are the same questions asked when setting up accounts as security questions. You are giving out the answers to your security questions without realizing it.”—Sutton Police Department, Massachusetts
Tips for keeping your information private
Aside from avoiding the five mistakes listed earlier, there are several ways you can keep your personal information more secure on social media.
- Use two-factor authentication: Two-factor authentication—such as a one-time password sent to your phone or a biometric verification—adds another layer of security to the login process, thus minimizing the chances of someone hacking into your account. In fact, a Symantec study shows that two-factor authentication could’ve prevented 80% of all data breaches.
- Always log out when you’ve been using a public computer: If you are using a public computer, you should never leave without first signing out of all your accounts, including your social media accounts. Failing to do so leaves your account vulnerable to takeover by the next person who sits down at that computer.
- Create strong, unique passwords for each account: It’s hard to believe, but “123456” is the most commonly used password. This means that smart thieves will try this password first. To make it harder for them to access your accounts, you need to create passwords that meet the following criteria: are at least 12 characters long, include a mix of numbers and symbols, contain upper and lowercase letters, don’t make grammatical sense, and don’t use obvious substitutions—like the number “0” for the letter “o.” For example, “TfhIeliw613FS.Rw$4pm” is a strong password.
- Don’t use social credentials to sign into third-party sites: Although it is a convenient option, signing into another account with your Facebook username and password can mean giving the other site all the information Facebook has gathered about you. Worse, if someone hijacks your social login information, they can also gain access to these third-party accounts.
- Use an automated privacy service: If you are finding the process of managing your online privacy overwhelming, it might be time to invest in an online privacy service. ReputationDefender offers several privacy products that protect you from identity theft and cyberstalking, with the added benefit of helping prevent reputation damage.
If you need more information
If you’ve made one or more of the five online privacy mistakes described earlier and would like to learn how to protect your data from future attacks, please give us a call. We are happy to provide free advice regarding your unique situation.
You can also read more about online privacy in the following articles: