Staying safe on social media

posted by Ben Hayden on Wednesday, June 5, 2019 in SHAZAM Blog

Social media brings people — including fraudsters —together on public platforms. Follow best practices to keep your social channels safe from attack and compromise. If not handled with care, these public platforms can accidentally give fraudsters easy access to personal information which they can use to “engineer” your fake personal profile. Once created, the fraudster can use social engineering techniques — phishing, texting and pop-ups — to create messages from seemingly trusted sources. Once you’ve clicked, you may have inadvertently opened up access to your personal bank account or more.

Our SHAZAM Secure® team helps financial institutions across the country implement safe and secure practices. Implement these tips to protect your social media accounts from falling victim to social engineering attacks.

Keep social media accounts current

  • Close or delete any social media accounts that are no longer being used. This prevent fraudsters or other adversaries from taking over your accounts without your knowledge.
  • For business accounts, create a social media policy outlining staff permissions, rules for engagement, expectations and security practices. Educate employees on best practices for social media sharing on their work and personal sites.

Create secure access

  • Use a separate, complex password for each social media account. That way, if one account password is compromised the same password can’t be used to compromise another account. If you have trouble keeping track of passwords, simplify the process by using a password manager. Several are available as downloads from online stores.
  • Use multifactor authentication for all social media accounts. This is especially important for company accounts with multiple users. Multifactor authentication helps protect the account if the password is ever compromised. One suggestion is to use two-factor authentication using an app. Another option, although not as secure, is to use an SMS text message.
  • For even greater security, use a unique email for each account by adding a prefix to your normal email account. For example: socnet-(your normal email).domain. If an adversary gains access to the email account used for your social media they won’t also have access to the email account you may have attached to the rest of your life such as your financial accounts and others.

Limit the use of apps to log in to social media accounts

  • While apps can make login easier, they create another level of risk. By logging into social media accounts through Google or Facebook, access information is now stored on that app as well as the social media account. Each time login information is stored in another app, the level of risk increases.
  • Review your social media accounts and remove the connection to other accounts. Use a direct log in for the greatest security.


  1. community
  2. fraud
  3. social media

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus