Identity Theft on Social Media: The New Everyday Occurrence

Identity theft is now an everyday occurrence. Read here about the hackers’ methods and how you can protect your digital identity.

Mar 22, 2022 - 4 min.
Picture of: Branka Miljanovic
Branka Miljanovic

Whether you’re making contacts or messaging friends anytime and anywhere or looking for inspiration, Instagram, Facebook and the like are the ideal platforms on which to pass the time, find information and combat boredom. But these platforms also pose risks to their users. As our lives have grown increasingly digitalised, identity theft has become lucrative for cybercriminals and can now confidently be described as an everyday occurrence. But how does this abuse work, and how can users protect themselves? Read on to learn how the scams work and what consequences identity theft can have for your digital footprint – and why it makes sense to use two-factor authentication to protect yourself. 

When a person’s digital identity is spied on and used for fraudulent purposes, this is referred to as identity theft or misuse. To be precise, a digital identity includes all personal data and online activities that can identify a user – from user data on social media to their place of residence and payment-related information all the way to private photos. Social media in particular are a goldmine because users are often less careful when it comes to disclosing personal data there. 

The problem is that this can have a whole range of consequences for victims. That’s because even single nuggets of information from digital identities enable cybercriminals to fraudulently enrich themselves at their victims’ expense and without their knowledge or consent. This can occur through money transfers, online shopping purchases made under the victim’s name or even cyber-mobbing. 

Identity theft – the new everyday occurrence 

An analysis conducted by the US Federal Trade Commission highlights the potential dangers. While 2019 saw a slight drop in the number of data thefts, this type of ploy made a comeback among hackers during the pandemic. The number of identity thefts in 2020 jumped by around 45% year on year, with many of these resulting in financial losses.

People who are active on social media platforms were hit particularly hard. In fact, they were 30% more likely to fall victim to identity theft or misuse than less active users. However, the choice of the platform also plays a decisive role. If a user has a profile on Facebook, Instagram or Snapchat, for instance, the risk of the account falling under someone else’s control is 46% higher than for a person who has no social media presence. 

The scams employed by cybercriminals 

  • Phishing
    Hackers use many different methods and mostly rely on the naivety of their victims. The first method involves what are called phishing emails. These are emails that try to persuade users to disclose their personal data themselves via a link. Here, the danger is the fake websites to which the users are directed. They look very similar to the genuine website of, say, a legitimate bank. However, once users enter their access data, the fraudsters skim the first piece of sensitive information, which can include saved payment information, in the background and unbeknownst to the users.
  • Doxing

    Another method called doxing describes the process of conducting painstaking and systematic searches of a victim’s personal data. This can include a full name, an address, telephone numbers or workplace details. This information is then published on the Internet without the user’s consent with the aim of causing deliberate harm. Victims often include celebrities, politicians and even journalists. 

  • Spyware

    Spyware and other harmful programs such as trojans and malware are also used. These are embedded in seemingly useful programs and then activated as soon as they are downloaded.

  • Hacking

    Another method is to hack into a personal profile on social networks or into the servers used to store personal user information. 

What do cybercriminals hope to achieve with the stolen identity? 

The main focus for hackers is to use identity theft to make financial gains. If they can get hold of a user’s access details, they can use the shopping function on Instagram, for example, to make large numbers of purchases under that person’s name. Alternatively, they can access online banking apps in order to empty bank accounts. 

However, they are not always looking for payment information. Email accounts may also be of interest to hackers, who then use botnets in the background to send spam to all the victim’s email contacts. Since the sender will then be a known contact, the spam is less likely to end up in the spam folder. As a result, recipients believe they can open the email without fear and consider it trustworthy.

Identity theft can also be used for cyber-mobbing. This involves appropriating victims’ personal data to create a new social media profile, which is then used to publish compromising messages and images. An even more serious variant is where someone gains access to the login details and takes control of the entire profile. The genuine user then often loses both access to and control over their profile while the hackers wreak havoc on it. Either way, the victim suffers public embarrassment. Depending on the extent of the misuse, this can even lead to reputational damage.

How to protect yourself against identity theft on social media

  • A secure password
    For each profile, you should choose a secure and, above all, random password that contains at least 12 characters. That will guard against criminals using one stolen password to gain access to your other profiles in the event of data theft. 

  • Two-Factor Authentication (2FA)
    When logging into your user account, use two-factor authentication. That means that after you enter your password, you will be asked to enter another factor for authentication. This can be a hardware component such as a token but also one of your biometric factors such as a fingerprint. By raising this second security barrier, you make it harder for hackers to get into your profile because usually they only have your stolen password. 
  • Don't use public WiFi
    Beware of public WiFi: use publicly accessible networks with extreme caution, and never for sensitive actions such as bank transactions, logging into services or online shopping. Why? Your data is not private on public WiFi networks and is not safe from the eyes of third parties.
  • Check that add-ons and plugins are trustworthy
    Some social networks offer their users applications from third parties, which can be downloaded in the form of plugins or add-ons. While these additional functions allow users to personalise their profile, there is also a greater risk that online criminals can take control of these functions in order to gain access to your profile. So, before installing these features, check who the third parties are and whether they are legitimate.

It’s clear that 100% protection against identity theft cannot be guaranteed on social media – even if you already have a strong awareness of security issues and the vendors promise that they go to great lengths to safeguard your data. So what approach should you take without entering a state of panic? When you maintain a healthy degree of scepticism regarding plug-ins, links and the like and keep the security tips mentioned in mind, you are already avoiding many of the risks in the digital world and can thwart the kinds of hacker attacks that mostly rely on victims’ naivety. That will help keep you and your digital footprint safe on the Internet.


Nevis Security Barometer #2