How to avoid social media fraud

10 November 2020 by National Bank
Protect Yourself from Fraud on Social Medias

Social media is a perfect tool for keeping in touch with family and finding a job. But these platforms, full of personal details on millions upon millions of users across the world, are also a favourite for fraudsters. Here are the social media scams to avoid and some tips on keeping cybercriminals away.

Take precautions against identity theft

Get with
Securizone 360TM

Risks associated with cyberattacks

“All of the common techniques for online fraud are being adapted for social media. This is because everyone uses these platforms and they’ve made committing fraud easier,” explains Tony Fachaux, cybersecurity awareness expert at National Bank.

On social media, a fraudster can:

  • Take over your account after having illegally obtained your password on the dark web or by resetting it after answering your secret questions.
  • Steal an identity by creating a fake account using personal information collected about you or your loved ones, post on it, and make contact requests to make the account as credible as possible.
  • Pass off for a credible company, figure or senior executive at a company in order to catch your attention and deceive you with fake contests or fake news, for example. 

That’s when the fraud comes into play. “The classic thing is a phishing scam, like you see with emails, but it’s done on social media,” the expert adds. “The end result is the same: the user clicks on a malicious link, then the device is infected or confidential information is obtained using a fake website.”

Popular scams on social media

Regardless of the platform, fraudsters’ methods are the same. Here are some common social media scams.

Stolen accounts

Let’s say you created your account 10 years ago. In that time, you’ve shared photos of your dog Margot and articles about your elementary school. Your mother, who still goes by her maiden name, comments on your posts. With this information available on your profile, a fraudster could have all the answers to your security questions. They could then reset your password and access your account to commit fraud.

The safe thing to do is to set incorrect answers to your security questions. “That way, even someone who knows you won’t be able to log into your account,” Tony Fachaux adds. “But you have to remember your fake answers, obviously. That’s why we recommend using a password manager, which can also store confidential information like these fake answers.”

Imposters on a professional network

Your boss’s boss just sent you a friend request. You first recognized them from their photo, then you noticed that they’re connected to all the other members of your team. You’re delighted to receive a message from them with a link about good news regarding the company. Wait before you click.

Using fake accounts created on professional networks, fraudsters manage to fool users from a specific company or industry. Then, they send an attachment or link containing malware. Always make sure that a link is legitimate before clicking on it.

Malware links on your feed

You’re looking at the latest posts on your feed. Suddenly, a clickbait article on a recent study on the effects of COVID-19 catches your attention. The 280-character message entices you to know more, so you quickly click on the shortcut link without wondering if it will lead you to a malware site that could infect your phone.

Shortcut links are everywhere on social media and are also used by fraudsters. To avoid falling into their trap, preview the whole link before clicking on it; all URL shorteners also provide a way to view the original link (you can easily find this information online). If the link appears suspicious, don’t click on it.

Trick contests

You see a contest photo on social media. Underneath, you can read the steps to follow to participate: “Share the photo, post a comment and send us a direct message.” It’s simple and they’re offering a great prize, so you try your luck. You’re then asked to click a link and enter your personal information to sign up – that’s when your personal details fall into scammers’ hands.

Many fake contests are organized by fraudsters on social media; some even involve hidden fees (if you’re asked to phone a number, for example, you may be charged for the call). So be careful, especially if it seems too good to be true.

Just like chain mail, a fraudulent post can grow and go viral by urging people to share a message with their contacts that turns out to be false.

An online romantic relationship

Someone you don’t know sends you a direct message. Their photo is attractive, and their sweet talk makes you blush. You chat for months. Even though you still haven’t had the chance to meet, you enjoy the relationship. One morning, your online partner is all out of sorts: they have to fly out for a family emergency, but they don’t have the means to buy a ticket. You want to help, so you lend them the money they need… And you never hear from them again.

According to the Canadian Anti-Fraud Centre, victims of romance scams have reported millions of dollars lost. Don’t be blinded by love on social media.

Five tips to help you protect yourself on social media

Here are some ways you can outsmart fraudsters.

1. Protect your online accounts

Choose a strong and unique password for each platform. You may have many passwords to remember; a password manager could help you store them securely. Also, whenever it’s available, enable two-factor authentication.

2. Limit the amount of personal information you share

The less you share, the lower the risk. That goes for both identity information (first name, last name, city) as well as details about your work.

3. Check your privacy settings

It’s important to pay attention to the information you share, but you also have to control who you share it with. After you’ve changed your settings, check them again regularly as they can change.

4. Beware of fake accounts

Be vigilant when accepting friend requests. You can recognize a fake profile on social media if they have a lot of followers, if they don’t take part in conversations on their page, or if their interactions are rapid-fire. After having created a fake account, a fraudster will try to communicate with their targets via chat to send them apps or links. Be careful when interacting on social media, because one wrong click can lead to fraud.

5. Control your online identity

To curb the risk of a fraudster using your identity without your knowledge on a platform you don’t use, create an account for yourself there anyway. “These days, I think that not having an online presence is a mistake,” Tony Fachaux adds.

How do you report fraud?

If you think someone has hacked your account because it shows direct messages having been sent without you knowing, for example, immediately contact the social network on which the fraud occurred. And if you’ve noticed instances of fraud on your bank account or your credit report, even though you’ve followed security best practices, contact your bank as soon as possible. After they’ve verified the case, you’ll recover the money soon and they will help you report this instance of fraud.

To limit the risk of social media fraud, develop the same safety reflexes as you have for your email. Fraudsters adapt their tactics to people’s behaviour, so prevention is key.

There are simple things you can do to protect yourself.

Legal disclaimer


Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.



Take precautions against identity theft

Get with
Securizone 360TM