Social media

What You Need to Know about Social Media Security

Take a second and ask yourself — when was the last time you changed your password? Do you still use the same password as when you were 12 because it’s the only one you’re likely to remember? No, I’m not talking about myself.

In all seriousness, social media is such an important part of how we communicate and engage with each other online, and we all need to approach it with more caution. In this article, we explore the various ways to keep your social media accounts safe and secure. And to ensure that we provide the most accurate advice for managing your social media security, we sought insights from Rafael Broshi, CEO of Notch, a social media insurance company.

When it comes to social media security, there are several types of threats that you should be aware of. Raphael says that the most common scams aren’t done by Matrix-like hackers in a dark room, but are usually executed through a concept called ‘social engineering.’ He breaks the potential threats down into three scams:

Security risk 1: Emails impersonating social media platforms

The first – and most common – scam is emails impersonating a social platform, whether it is Instagram, YouTube, or TikTok. Here’s how this scam plays out:

Scammers get a large list of emails of valuable accounts, usually they target accounts with at least a few thousand followers, because they understand that it might be a source of income for people or would just carry a lot of value because it took a long time to grow.

Then they send a generic email to those people saying something along the lines of, “In one of your recent posts, we’ve seen a violation of our terms of service. If you don’t fill out the following forms, you will get suspended within the next 24 hours.”

On your end, you might get an email from a domain that looks like it was sent from Instagram, and because platforms use different domains to send emails, you can’t always tell if an email was sent from the real Instagram just by looking at the sender. One email might be for security alerts, while another is for sending the latest offer from the platform.

A user might think they’ll never fall victim to that, but a scam that is being sent to a thousand different emails will hit the inboxes of people in different situations. Maybe one hundred of those people are having a stressful day and are therefore not as vigilant, or fifty people just posted to Instagram a few seconds ago and suddenly receive an email about terms of service violation. Depending on the nature of the scam, it might look legitimate enough that some people click through.

Raphael adds that when you click the link in a phishing email, it will send you to a website that looks exactly like the social platform with a domain that’s just slightly different (like “.net: or “”). However, once you put in your username and password, that’s it.

Now, you might wonder where two-factor authentication, highly recommended for social media security, comes in. Well, scammers will copy the details you enter into the fake website to the legitimate one in real-time. So if you get an email asking for your two-factor authentication code, you won’t think anything of it and will hand over the code by putting it on the fake website.

That sounds pretty elaborate to set up but so simple in real-time because it can happen in a few minutes.

What can you do to prevent this from happening? Look for communication from social media platforms from within the apps when you are already logged in.

Using Instagram as an example, you can go into your app → go to Settings → click ‘Security’ → click ‘Emails from Instagram’. There you’ll see all official communication from the platform.


Business Asia
the authorBusiness Asia

Leave a Reply