Skip to content
  • This blog was written by two Cyber and Fraud Centre ethical hackers, Michael McDonnell and Callum Shanks.


Over the past decade, social media usage has become an ever-present piece of modern life. According to Ofcom, in 2023, of the 92% of the UK population who use the internet, 90% actively use social media platforms; that’s 55,989,360 people. This increase in popularity requires a focus on ensuring that social media users are aware of the risks that come with these platforms, with some common risks being; scams, misinformation and identity theft.

One of the most important aspects of owning any social media account is ensuring it is as secure as possible. You can help prevent malicious attackers from compromising your social media accounts in several ways, detailed below:

Two-Factor Authentication (2FA)

Almost every widely used social media app today has the option to use Two-Factor Authentication (2FA). This can come in several forms, receiving a text, an email, or via an application; this helps to add a layer of security to your account and should always be enabled where possible.

Here are some helpful guides on 2FA:

You can see the following guides on how to enable two-factor authentication for most major social media platforms:

Password Managers 

Password managers have become widely adopted as an effective and secure method for managing multiple passwords. They offer the convenience of storing all your passwords in a secure vault that can be accessed using a single master password. With a password manager, you only need to remember one password, allowing you to create highly complex and secure passwords for all your accounts without memorising them individually. The password manager takes care of storing and organising your passwords on your behalf, ensuring their safety and accessibility.

Here is the National Cyber Security Centre‘s advice on password managers:

Three Random Words

An easy-to-use system to create stronger passwords for your social media accounts is to use three random words when creating your passwords. This is because having a longer character length is an essential aspect of creating a secure password, and randomising the words in it will make sure your password can’t be guessed from information known about you. Numbers and special characters should also be added to increase complexity, for example, Sevengreenfields479$.

More advice on creating and managing strong passwords can be found here:

Privacy Settings 

An essential aspect of using social media safely is knowing who can see your content. Most modern social media apps will let you manage your posts’ visibility levels, giving you various options to make your posts visible to everyone, friends or even a select private list of specific friends. This allows you to ensure your posts are only seen by their intended audience. It can make it easier to protect personal details and information that could be potentially exposed in your posts from being seen by strangers and malicious viewers.  

  • Instagram privacy settings: On Instagram, you can choose between a public or private profile. Setting your profile to private is advised if you plan to share personal photos and videos.
  • Facebook privacy settings: Facebook has multiple levels of privacy, such as making your basic profile public but only sharing your posts with your friends.

Twitter allows various privacy and safety settings:

  • Public: This information will be part of your public profile, meaning it may be viewed by anyone worldwide instantly.
  • Your followers: Only people who follow you can view this information on your profile.
  • People you follow: Only those you follow can view this information on your profile.
  • You follow each other: Only people who follow you and whom you follow can view this information on your profile.
  • Only you: Only you can view this information on your profile.

See the below list for more social media platforms’ privacy settings:

Location Sharing 

Some social media apps include location-sharing features between app users. Notably, Snapchat has snap maps, while apps like Facebook and Instagram allow you to location tag your photos. Users are advised to take extra care with these functions as they can give away a potentially dangerous amount of information about a user, such as their address or when they are out of the country, enabling malicious actors to take advantage of this information (such as burglaries). For this reason, it is advised to take extreme care with who can view this information or deactivate it altogether. 

See below guidance on how to change the location tracking settings for each social media platform:

Digital footprint 

Any information we leave online is called a digital footprint, and social media is no exception. The information we leave on social media can vary from our place of birth, hometown or the school we went to, this information may seem innocent, but in the wrong hands, it can be used for malicious purposes to attempt security questions or guess weak passwords, for these reasons we should take care of what we put online and whom we share it with.

Social Media Scams

Where interaction between users is present, the emergence of a person or a group of people who attempt to scam others for their benefit is inevitable. This can be found in video games, public forums, and social media. Recently there has been an increase in social media-enabled fraud. A report from the Federal Trade Commission has detailed that 25% ($770,000) of reported losses to fraud in 2022 started with a social media message.

Romance Scams 

These scams aim to exploit people by tugging on their heartstrings and building relationships with them to gain their trust. This trust is eventually exploited to retrieve a large sum of cash; the tactics often involve faking emergencies such as car accidents, legal trouble or travel issues. Scammers know that an emotional attachment increases the chances that their victim will follow through; sadly, they are often correct.

Phishing Scams 

Social media platforms have gained immense popularity, with billions of users worldwide willingly sharing personal information like their home town, pet names, and interests. Unfortunately, this wealth of information has also become valuable to scammers who exploit it for phishing campaigns. By leveraging this data, scammers can craft targeted attacks against specific groups or individuals, increasing the effectiveness of their fraudulent activities. Users must be cautious about the information they disclose online to minimise the risk of falling victim to such phishing scams.

Fake Quizzes 

Across social media platforms, a proliferation of seemingly innocent quizzes can be observed. These quizzes, ranging from determining your celebrity doppelgänger to identifying your spirit food, share a common objective: to collect personal information that can be exploited in future phishing scams. Unfortunately, these deceptive quizzes tend to significantly impact vulnerable demographics, such as older people and young children, who may not recognise the hidden agenda behind the seemingly harmless personal questions being asked. It is crucial to exercise caution and educate individuals about the potential risks of engaging in these quizzes and divulging personal information online.

Impersonation Scams

Impersonation scams, much like romance scams, rely on a level of trust between the victim and the scammer; this could be as simple as impersonating a brand or influencer or as complex as impersonating a friend or relative. Capitalising on the trust people place in online personalities and brands to exploit their naivety, unfortunately, often succeeding in their effort.

Impersonation scams, similar to romance scams, exploit the trust established between victims and scammers. These scams can take various forms, from impersonating well-known brands or influencers to posing as friends or relatives. By capitalising on the trust that individuals place in online personalities and reputable brands, scammers manipulate the naivety of their targets, often achieving their malicious objectives. Unfortunately, these scams frequently succeed due to people’s inherent trust in online interactions. It is crucial for individuals to remain vigilant and exercise caution when engaging with online personalities and to verify the authenticity of any requests or messages to mitigate the risk of falling victim to impersonation scams.

Advice for Parents and Carers 

Age restrictions – It is essential to be aware of age restrictions associated with your child’s apps and social media platforms. Many platforms enforce a minimum age requirement of 13 years to create an account. Sticking to these guidelines is highly recommended, as social media environments are generally unsuitable for young children.

Cyberbullying – When dealing with cyberbullying, it is essential to take immediate action to protect your child’s wellbeing. Regularly check in with your children to stay informed about their online experiences and provide them with the necessary support. Keep records of any messages, comments, or other forms of cyberbullying. This evidence can be helpful if you decide to report the incident. Use the blocking or reporting features available on social media platforms or other online platforms to prevent further contact with the cyberbully. If the cyberbully is known to your child in real life, involve the school, and in severe cases, consider contacting Police Scotland.

Here are a few links to resources about keeping your child safe online and cyberbullying:

Reporting Accounts 

To ensure the safety of yourself and others on social media and online platforms, you must report any content, comments, or profiles that you find offensive or threatening. This includes suspicious links in private messages, compromised accounts, fake user profiles, or harmful comments. When you report such content, it alerts the platform administrators, who will investigate the issue further. For more information on reporting harmful or suspicious content, please refer to our comprehensive range of social media resources: 


It is crucial to remain vigilant and aware of misinformation when engaging with social media platforms. Misinformation refers to false or misleading information that can spread rapidly, potentially causing harm or confusion. To protect yourself and others, it is crucial to critically evaluate the content you come across, especially regarding news, health-related information, or controversial topics. Look for reliable sources, fact-check information using reputable or fact-checking organisations, and avoid misleading headlines or manipulated images. Additionally, consider the credibility and expertise of the accounts or sources sharing the information. By being informed and discerning, you can help combat the spread of misinformation and contribute to a more informed online community. Multiple websites can be used to fact-check posts, or you can always analyse the author yourself to decide if their posts are worth listening to:


In conclusion, while social media offers numerous benefits and opportunities for connection, it also comes with risks that must not be overlooked. By implementing the strategies outlined in this blog and staying informed about emerging threats, we can navigate social media safely and enjoy a more secure online experience. Let’s make responsible and mindful choices to protect ourselves and others in the digital world.