Social Media Phishing Scams Are Getting Smarter — Here's What to Watch For
Phishing used to mean suspicious emails from unknown senders. Today, some of the most effective phishing attacks happen on social media — and they're sophisticated enough to fool even careful, tech-savvy people. Here's what the current landscape looks like and how to protect yourself.
The Fake Giveaway
One of the most common social media scams is the fake giveaway. A post — often appearing to come from a well-known brand or celebrity — announces a prize drawing and asks you to follow the account, share the post, and click a link to 'claim your entry.' The link leads to a fake website that harvests your personal information or installs malware. The giveaway never existed. Always verify giveaways through the brand's official verified account before engaging.
Account Impersonation
Scammers create fake accounts that closely mimic real people — sometimes your actual friends or family members. They might message you claiming to be in trouble and needing money urgently, or asking you to click a link. Before responding to any unusual request from a contact, verify through another channel — call them or text them separately. A quick phone call can prevent a lot of heartache and financial loss.
The 'Compromised Account' Warning
A message arrives — sometimes appearing to come from a friend — saying your account has been compromised and you need to click a link to secure it. The link leads to a fake login page that captures your credentials. Social media platforms will never contact you through a DM to tell you your account is compromised. Always go directly to the platform's official website or app to check your account status.
Romance Scams
Romance scams — where criminals build fake relationships online to eventually request money — are increasingly common on social media and dating apps. They're emotionally devastating and financially costly. Red flags include: profiles with very few photos or photos that look like stock images, reluctance to video chat, stories that don't quite add up, and eventually requests for money or gift cards due to an 'emergency.'
How to Protect Yourself
Be skeptical of unsolicited messages, especially those with links or requests for personal information. Verify the identity of anyone asking for money or sensitive information through a separate channel. Check account verification badges, but know that even verified accounts can be hacked. Enable two-factor authentication on all your social media accounts so that even if your password is stolen, attackers can't log in without the second factor.
Bottom Line
Social media phishing works because it exploits trust — the trust we have in friends, brands, and platforms we use every day. A healthy dose of skepticism, especially toward anything that creates urgency or asks for personal information, goes a long way toward keeping you safe.