Are You Oversharing on Social Media?
While posting about your life on social media can be a fun way to share with friends you don’t see often, we can unknowingly put ourselves at risk. By not understanding the audiences that is truly seeing our posts, it is easy to overshare and open ourselves up to attacks on our security.
What you post and share on social media can lead to revealing sensitive information, that can be used by scam artists to guess passwords, security answers, and even your debit card pin!
Example 1: (Identities were edited to ensure privacy)
What information did Ginnifer share?
Ginnifer shared all 3 names of her grandchildren in this post.
Who can see Ginnifer’s post?
Of course anyone who is friends with Ginnifer can see the post, BUT, because “Grandkids Are Wonderful” was the author of the post she shared, it can also be seen by their 721K followers!
How is this potentially harmful?
Because most passwords are derived from familiar names, places, and numbers, sharing this type of information publicly provides an easy starting point for scam artists to guess passwords you’ve set for your email, and other important accounts.
How could Ginnifer have protected herself?
- Not listed the actual names of her grandchildren.
- Changed the audience for her post to “Friends Only.”
- Not share the post at all and instead, direct message to her grandchildren that she’s “proud, grateful and happy to be a part of their lives.”
Example 2: (Identities were edited to ensure privacy)
What information did Ginnifer share?
Ginnifer shared both her high school and the year she graduated in this post.
Who can see Ginnifer’s post?
Of course anyone who is friends with Ginnifer can see the post, BUT, because “Life Secrets” was the author of the post, it can also be seen by their 279K followers!
How could Ginnifer have protected herself?
- Not listed the actual name of her high school and her graduation year.
- Changed the audience for her post to “Friends Only.”
- Not share the post at all and instead, type out a message about how grateful she is to have her longtime friends as her own post.
Example 3: (Identities were edited to ensure privacy)
What information did Ginnifer share?
Ginnifer shared her mother’s full name in this post AND, unknowingly also shared her own maiden name.
Who can see Ginnifer’s post?
Of course anyone who is friends with Ginnifer can see the post, BUT, because “Section 8 Apartments” was the author of the post she shared, it can also be seen by their 264K followers!
How is this potentially harmful?
“Maiden name” is a very commonly used security question for password resets or account authentication. Because she frequently tags and lists her children’s names in her posts, by sharing this VERY PERSONAL information publicly, she has put them at risk too! It provides an easy starting point for scam artists to commit fraud, and potentially identity theft. That is their mother’s maiden name!
How could Ginnifer have protected herself?
- Not listed her mother’s actual name. The post says, “just her first name.” That would have still been a risk, but less of a risk.
- Changed the audience for her post to “Friends Only.”
- Not share the post at all and instead have a moment of quiet reflection for her mother.
Example 4: (Identities were edited to ensure privacy)
What information did Stephanie share?
Stephanie shared that she will be traveling out of the country in 15 days time.
Who can see Stephanie’s post?
Of course anyone who is friends with Stephanie can see the post, BUT, because she also tagged her friend Susan in the post, she is also sharing this information with all of Susan’s friends.
How is this potentially harmful?
It is never a good idea to share travel plans online. If someone knows where you live and has malicious intent, knowing that you’ll be thousands of miles away for a week is an open invitation to rob your home. By tagging her friend, she also put her friend’s home at risk.
How could Stephanie have protected herself?
- Not listed the actual date of her departure.
- Not listed the actual destination of her vacation.
- Not share the post at all and instead, direct message to her friend Susan that “the countdown has begun.”
- While it is less exciting, it is better to wait to post about vacations until after you return. It protects you because you’re not advertising to the world that you’re away from home.
Example 5: (Identities were edited to ensure privacy)
What information did Stephanie share?
While seemingly harmless, scammers can do a lot of damage with just a few answers that give away your personal information. Additionally, without knowing, by agreeing to the “terms of the quiz,” Stephanie likely gave her permission for the quiz creators to access both her social media profile AND her friends list.
Who can see Stephanie’s post?
Of course anyone who is friends with Stephanie can see the post, BUT, we don’t know who the quiz creators are sharing her information with. They could be sharing her personal Facebook details with lots of other third parties.
How is this potentially harmful?
Launching a quiz app may give its creators permission to pull information from your profile. Innocent-sounding queries about your hobbies, dream car, or favorite type of food, can offer hackers an opening to steal your identity. Scam artists know these are common security questions sites use to authenticate their users.
How could Stephanie have protected herself?
- Not take the quiz! To be on the safe side, you should be wary of posts that encourage sharing and ask for personal details.
- Review the terms and conditions, and “cookies” disclaimer carefully before accepting anything.
- Google the company’s name listed as the quiz creator and include the words “scam” or “complaint” to determine if other people had bad experiences resulting from taking their quizzes.
- If you do decide to take the risk, don’t answer the questions truthfully.
Tips for safe use of Social Media:
- Review your social media privacy settings and limit what you share publicly.
- Don’t share personal information such as your address or phone number in social media posts or include it in your public profile.
- Avoid taking online quizzes that ask for personal information, or at least don’t answer them truthfully.
- Do check and regularly update the privacy settings on your social media accounts.
- Use unique passwords for your social media accounts, and make sure they don’t contain any personal names/places/information.
- If possible, set up two-factor authentication. At the very least, this will give you advanced knowledge that someone may be attempting to access your account.
If you suspect a site or post is a scam, you can report it to the FTC at ftc.gov/complaint.