When we think of phishing scams, we usually think of email, but phishing scams can happen on social media as well. Social media accounts are particularly appealing to scammers because people tend to let their guard down on their Facebook, Instagram, Twitter, or Snapchat accounts.

While social media is a great place to share things with family and friends, it’s also a great place for cyber-criminals. They can eaily troll for personal information, send phony links, and set up bogus accounts that appear to be something they’re not.

Let’s take a look at some of the most common social media phishing scams:

“You’ve Won a Prize” – In this scam the victim will receive a message from the scammer letting them know they’ve won a prize. All they need to do is send their information, or even money, and the prize will be theirs. This often works because the scammer will pose as an entity familiar to the victim – maybe it’s their favorite restaurant or brand. Possibly that brand is already holding a legitimate sweepstakes that the victim did enter, making it easy for the scammer to pose as that brand.

How to spot the bogus from the real? Legitimate sweepstakes won’t have requirements for payment or purchase to enter, win, or collect the prize. Real companies won’t ask for payment or bank account information to receive a prize. Another red flag is if it just seems too complicated. If they’re telling you to wire money for shipping, contact multiple people, or that you have to keep the prize a secret until you get it, don’t go for it.

“I Lost My Wallet” – This is an old one that has made its way to social media. It’s a common phone scam where a young person calls an elderly person pretending to be their grandchild. They tell the victim they are in trouble and need money wired to them right away. Social Media has made this scam even easier to accomplish. Scammers now impersonate people on their victims’ own friends list and appear to be anyone from their sister, best friend, or old childhood acquaintance. They spoof the account of the known person and send a direct message saying they’re in a bind because they lost their wallet and need money right away.

How do you spot it? These can be harder to spot since they appear to come from someone the victim knows and trusts, but in those cases you can easily verify with your friend by calling them back. The scammer will likely say they’ve lost their phone (but then how are the contacting you?), but if you call and they answer, you’ll know it’s a scam. If their behavior seems strange, pay attention and verify who you’re talking to before you send any money.


“Pass This On” – Like the “I Lost My Wallet” scam, chain letters are an oldie that are now popular on social media. We’ve all seen them. They make their rounds in our newsfeeds with friends posting that “this post needs to be passed on.” Typically, they’re a way to gather information, but some are collecting money. They might say they’re collecting just $5 from everyone for a charity and that it needs to be passed on to collect as much as a possible – tag five friends! Others are just trying to gather personal information by asking a bunch of questions that people are supposed to post the answers to in the comments. Some even guilt people into passing them on by saying, “I’ll bet not even one of my friends will share this…”

How to spot the scams: If money is being collected it’s easy to check with the organization to see if they’re really having a fund drive, and you can donate to them directly instead of through a social media link. Be wary of posting personal info in comments – even if it seems innocuous, you could be inadvertently sharing info that someone could use to figure out your passwords or other identifiable information.


“Click This Link”—Tiny URLs – Shortened links are all over the place, because nearly everyone uses link-shorteners on social media. We always emphasize checking urls to make sure the domain is correct for the place you’re trying to go, but you can’t see that in a shortened link. In some cases these links could be going to bogus sites that are trying to collect password information, bank information, or personal information like birthdates and addresses.

How to avoid phony short links: Be sure you know the site providing the link. Don’t just click anything if you don’t know where it’s coming from.


Staying safe online takes a multi-layered approach. Awareness of what you’re looking at, clicking on, or replying to along with keeping your computer security, including anti-virus and spyware, up to date will go a long way to keeping your information safe.

Be sure to download our free report - The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind by filling out the form on this page.

Want to receive more security tips? Sign up for our Weekly Security Tips to receive a new tip in  your email each week!