Getty Images/iStockphoto

10 social media scams and how to avoid them

Discover how fraudsters are using social media platforms to steal personal and financial information from unsuspecting users.

Social media is a great way to keep people connected. But it can also be a pit of disinformation where scams run rampant.

Scammers use social media platforms to trick users into handing over private information. According to a report done by Bolster, there has been a 94% increase in scam activity from 2020 to 2023.

Knowing the different types of social media scams can help individuals and organizations stay safe from harmful malware, data breaches, privacy violations and loss of revenue.

How to identify a social media scam

There are many different types of social media scams. Knowing what signs to look for can make them more easily identifiable.

Even if something on social media appears to be true, it never hurts to double-check the information. A simple Google search can help verify if the source is legit or fraudulent. Moreover, websites such as ScamDoc, ScamAdviser and Webparanoid are good sources to consult when unsure, according to Semrush.

Some signs that social media posts might be a scam include the following:

  • It seems too good to be true. If you see an offer -- be it for a product or opportunity -- that seems unrealistically good, it probably is. Companies will never contact you via social media platforms to offer a job, especially when you never applied. If the price of a product is too low, check the source by looking up other people's experiences with the business and if the website appears legitimate.
  • They ask you to send money online. Scammers commonly pose as a loved one in trouble, a romantic interest in need, your bank or an authority figure to get you to send them money. Most times, they rely on the user's fear to get them to act quickly. It is best never to send personal information or any form of currency via social media. Remember, official organizations will never ask for payments through social media direct messaging
  • The message is unsolicited. Many recipients might find an unsolicited link in an email, text message or direct message through social media. This link will either have a call for action, spark curiosity or use intimidation tactics. While simply clicking the link might seem harmless, do not click it. Clicking random links runs the risk of exposing your IP address, directing you to a fake website, downloading malware and exposing private data. If you do not know the person or organization that sent the message, do not engage with it.
  • The account has low engagement. Do not judge an account by the number of followers they have. It is common practice for scammers to buy followers and friends to make their accounts look legitimate. Double-check the like-to-follower ratio, when they first posted, what the comments are like and if any reputable organization or person engages with the content.
  • Account posts contain spelling and grammar mistakes. Trustworthy enterprises are aware that spelling and grammar issues look unprofessional. Professional editors are often hired to be able to check for these errors and make corrections when necessary. If a social media post or advertisement contains errors, it very well could be a scam.
  • They use intimidation/threats. These types of scams can be done through email, phone calls or direct messages through social media platforms. The attacker will pose themselves as a tax collector, government official, debt collector, someone you know or any other entity that has the best chance of gaining your money or personal information. If you receive a communication that demands that you send money or double-check private information, do not engage.
  • The company/person cannot be verified. Be sure to check their online presence. If the person cannot be found on other social media platforms or provide any additional evidence of their identity chances are they are using a fake account. In the instance a company offers a product or service, make sure to check for reviews, contact information, privacy policies and social media standing to be sure it is a legitimate post.
  • They demand personal information. Any organization that requests personal information, such as financials, bank accounts, Social Security numbers or driver's licenses, over social media can never be trusted. Some scammers are skilled in posing as important entities and using intimidation tactics to get what they want.
  • They do not have contact details listed. Even if the account or organization looks legitimate, check again. If you cannot find any information, such as an email, phone number, location or client reviews, chances are it is a fraudulent organization or account.

Common types of social media scams

Social media marketing is used to build brands, increase sales, drive traffic and build a community. According to statistics from Smart Insights, 62.3% of the world uses social media. And this number is growing every day.

Fraudsters have used the opportunity social media presents to scam people for personal information, financial information and money. Scams that were previously limited to email and phone calls have developed into many forms on platforms, such as Facebook, Instagram, X (formerly known as Twitter) and Snapchat.

1. Phishing

A phishing scam is when an attacker pretends to be a reputable entity or person with the intention of stealing login credentials, account numbers and personal information. Phishing is primarily done through email but can also take place in other communication forms, such as SMS text messages or direct messages on a social media platform. The development of generative AI has made phishing attacks more dangerous.

Deceptive phishing is the most common cybercrime among attackers. This is done by tricking a user into clicking a malicious link containing malware to break down a computer's defenses. The attacker uses social media to collect details and create a realistic impersonation of someone trusted. They then use this impersonation to get the victim to hand over private information. This can include financial information, account identification or passwords.

According to a 2024 study by Egress on phishing trends, 94% of businesses were victims of phishing attacks, with 96% being negatively affected by it. Moreover, in 74% of those organizations, the employee that was involved was either dismissed, disciplined or quit.

Never click on unsolicited suspicious links, pay attention to your company's cybersecurity training and protocols, and always verify the website or recipient before sharing personal, financial or corporate information over the internet.

2. Quizzes/personality tests

Personality tests, surveys, questionnaires and online quizzes are popular online activities. By answering a few questions about yourself, you can learn what personality type you are, what your IQ is or what character you are from a favorite TV show. Recommendation engines will also show you more of these the more you do.

According to Leaders, 80 million people worldwide complete a personality test or quiz each year, but many of these tests and quizzes are scams. Due to their popularity, quizzes provide attackers with an easy way to gain access to passwords and social media accounts.

Even though questions might appear harmless, the information you provide might expose passwords and other personal information. Typical scam questions ask what city you were born in, where you went to high school, any nicknames you have or what your favorite food is.

Don't input personal information when you don't know if the creator or website is legitimate.

3. Investment schemes

Investing sounds appealing to people by its literal meaning -- putting money into a certain product, company or person in the hopes that it will one day generate wealth. With the rise of cryptocurrency, this process has been made easier than ever.

Unfortunately, with its increase in popularity, scammers have created what is known as investment schemes. According to a crime report by the Internet Crime Complaint Center, investment scams were the most popular form of scams as of 2023 -- resulting in $4.57 billion in losses. This was a 38% increase from 2022.

The most common types of investment scams include the following:

  • Cryptocurrency scams. Scammers trick investors into buying NFTs, bitcoin or another cryptocurrency that ultimately becomes useless once the money is received. They might claim to have become rich through the process or provide fake endorsements from a well-known celebrity to gain trust.
  • Pyramid and Ponzi schemes. Pyramid scammers claim that even with the smallest investment in a product or service, you can earn a lot of money. Investors are required to find others to make investments, too. The scam runs by paying a minimum amount of money to the people within the scheme using the money that is invested by others. This continues until most members are unable to profit. In a Ponzi scheme, the same applies except the product or service usually does not exist.
  • High-yield investments. Scammers make false promises of money-back guarantees to lure investors into giving them money. Often, they will sell the investor a worthless product or stock, or something that is not real.

Read the fine print and understand what the investment is. You should also be aware of the name of the investor or company. Using websites such as BrokerCheck or the SEC's Investment Adviser Public Disclosure can help verify that an investment is real and trustworthy. If you cannot find any information or certifications for the person or company, do not give them your money.

4. Romance scam

Social media enables you to connect with people at the click of a friend request. However, not all of these requests are genuine. Romance scams -- also referred to as pig butchering -- are when scammers adopt a fake online personality that mimics a real friendship or relationship with the user.

According to the Federal Trade Commission (FTC), more than 64,000 romance scams were reported in 2023, with a total of $1.14 billion lost. Romance scammers might reach out on dating apps, over text, email or social media platforms.

In many cases, scammers spend time developing a trustworthy relationship. They might make false promises to meet up or get married, luring victims into a false sense of security. Once trust is gained, the scammer will request money for a made-up reason. For example, they might say that they need it for legal trouble or because they are having trouble paying their bills.

Don't be duped. Be careful about what information you post on social media, and never send money or private information to someone you have never met in person.

5. Job offers

Job offers that are seemingly too good to be true probably are. The scam works by advertising a nonexistent job on websites, such as LinkedIn, or directly through a victim's personal email. An example of a scam offer might look like, "Fully remote, only a three-hour commitment and $2,000 a week." The scammer might even require an upfront fee or personal information before you even start the job.

According to the FTC, job offer scams were in the top fraud category in 2023 with about $2.7 billion in losses. This jump is attributed to the use of artificial intelligence that helps scammers come up with fake job listings.

Don't fall for fake job offers. Be sure to verify job offers with the company itself by looking up the position online. And don't trust personal email addresses on platforms such as Gmail and Hotmail -- chances are they're not legitimate.

6. Imposter scams

Imagine you get a phone call with the caller ID stating the IRS is calling. You pick it up and are told that you owe them money for unpaid taxes and if you do not send over the money, you will go to jail. Imposter scams -- also called scraping -- work by posing as an important entity, such as a government official, charity, tech support, relative or celebrity with the ultimate intention of getting you to send them money as fast as possible.

The scammer might request personal information, cryptocurrency, bank transfer or money sent through PayPal or in the form of a gift card. While most imposter scams take place over phone calls, they might also communicate through emails, text messages or direct messaging.

Don't ever give out personal or financial information to a stranger. Be sure to verify their identity independently by going directly to the website to double-check. If the person claims to be a family member or friend, contact them directly to confirm. And be sure to report the imposter to the real source.

7. Online shopping

Since the mid-1990s, online shopping and e-commerce have become one of the most popular methods of purchasing and selling goods and services. Now that businesses have the ability to promote their businesses on social media, online shopping scams have become more frequent.

According to a report by Statista, more than $40 billion was lost as a result of online shopping scams as of 2022. This number is predicted to reach more than $100 billion by 2027. Online shopping scammers are skilled in setting up fake retail websites or replicating one that already exists. They might entice users with extremely low prices compared to the popular or luxury products and services being sold. These products will likely never show up or arrive in much worse quality than promised.

Be sure to cross reference websites online. Look for any reviews, contact information and other social media accounts. If the website is a scam, other people will have shared their bad experiences with them online. Another method is checking the brand on websites such as IsLegitSite or ScamAdviser.

8. Giveaways

Giveaways are used by social media influencers to gain more popularity on their account. They most frequently take place on Facebook, X and Instagram and offer users the chance to enter by either following, commenting, liking or sharing the post. To a scammer, this is a great way to gain access to personal information.

Giveaway scams work similarly to regular giveaways. They entice users into entering by promising luxury items, cryptocurrency and gift cards. The account will typically appear legitimate, posing as a reputable entity or purchasing followers and likes for fake engagement. When entered, scammers might contact the users directly requesting bank information, personal information or a transaction fee. Once the information is received, the fake account might become deactivated.

Be cautious when entering giveaways. Make sure to check whether the person or company is real by taking a closer look at their social media presence and whether the giveaway can be found on a legitimate website. If someone claims to need personal or financial information in exchange for a free product or service, block the account and report it to the social media platform.

9. Card/account verification

Changing your account credentials from time to time can ensure your passwords and personal information are kept safe and protected. The card or account verification scam is a type of phishing technique that uses texts or emails posing as a reputable social media platform or company that requests you verify your account information.

A link is typically sent with an urgency to either check your account credentials, or to see if a picture or post has something to do with you. Once you click on the page and input your information, the fraudster will have full access to your account. A common misconception is that clicking on the link itself without acting is fine. This is not always the case, as the link could contain spyware and steal the information whether you provide it or not.

Don't respond to any text claiming you need to verify information. Most businesses and companies will never request this information via email or text. Block the account immediately and report the attempt to the actual company.

10. Fake advertisements

Advertisements are a great way to establish an organization's brand and boost traffic. However, fake advertisements might do the opposite. Fake advertisements copy pictures, brand logos or designs from a reputable business and use them to lure victims into downloading malware or handing over sensitive information. This kind of attack is known as malvertising.

According to a report by Juniper Research, 22% of ad spend was lost to fraud in 2023. Fake advertisements risk a person's security and can damage the real company's reputation -- even if they are not at fault. Fake ads are usually found on platforms such as Google Chrome, Instagram and Facebook.

Don't trust advertisements marked with "ad" or "sponsored." While these might seem legitimate, you will find more trustworthy sources when scrolling to actual credible results. Also consider using search engines such as DuckDuckGo, Qwant and Startpage, which do not store personal data. Moreover, investing in ad-free and anti-malware software can ensure fraudulent advertisements are hidden out of sight. According to a Consumer Voice report, some ad-blocking software includes Surfshark, TotalAdblock and IPVanish.

How to prevent your business posts from looking like a scam

So now you know what types of social media scams to look out for. But it's just as important to ensure your business is not mistakenly classified as a scam. Business posts, when done the right way, can attract attention to your business and convert new customers.

Some things to consider when creating a business post include the following:

  • Make sure the style is consistent. Keeping a consistent style can help establish a recognizable brand and attract more publicity. If you change styles too often, viewers might become confused and question the legitimacy of the business.
  • Use proofreading tools and human proofreaders. Writing that is sloppy, contains grammatical errors and is generally confusing can lose credibility with customers. Proofreading and using writing-checking tools, such as Grammarly, Hemingway Editor and ProWritingAID, can help prevent these errors.
  • Be sure the copy is clear and concise. When a client reads clear and concise writing, it is easier for them to support the purpose of the post and refer it to their friends and family. Identifying your business message, goals and target audience helps build a strong reputation across digital platforms.
  • Use appropriate fonts. Unusual and hard-to-read font choices are usually the first indicator of a scam. While it is easy to get caught up in the creative process, be wary of the fonts you use. Fonts that should not be used in a business post include Comic Sans, Papyrus, Script and any others that take away from viewer readability.
  • Do not overdo designs. Visual elements in a business post are a great way to attract potential clients and engage them with the content. However, too much can do the complete opposite. Make sure designs are relevant, minimal and well placed.
  • Do not copy another company. Drawing inspiration is one thing, but blatantly copying another business's ideas, styles and designs is another. Attempting to profit from someone else's idea or brand is against the law and can lead to legal repercussions.

Samantha Poutre is an editorial assistant at TechTarget and a student at Roger Williams University. She studies creative writing at Roger Williams with a minor in global communications. She has served as an editor for two of her university's newspapers and enjoys participating in clubs involving writing and the arts.

Next Steps

Effects of social media on mental health

Dig Deeper on Security management