10 Tips For Protecting Your Social Media Profiles From A Phishing Scam


Phishing scams are unfortunately very real and can wreak havoc on your business.  You basically have someone impersonating your brand in order to get individuals to provide them with sensitive data that can lead to identity theft.  These types of scams are a real threat to businesses and you need to know what you should be doing to protect your customers and your brand.


Below are 10 ways to protect your business from social phishing scams.


1: Monitor your brand online

In an effort to combat the chances of your business being a victim of a phishing scam, it is essential that you are monitoring any mentions of your brand online.  An easy way to do this is by setting up Google Alerts.  This is free to and easy to set up.  You basically enter in the word or phrase you want to monitor and any time it is mentioned online, you get an alert.  It is that simple.  This will allow you to see if the mention is something that came from your company or from a scammer.

If your customers tend to use social media as their go to for customer support from your business, then you would want to give thought to using a tool like Mention.  This is a fee-based tool that will monitor your brand and reputation across all social media platforms. This way, if someone is pretending to be customer support from your company, you will find out about it.  This will also help you save some people from giving out sensitive information to a phisher.

2: Make sure your website is outfitted with HTTPS

The HTTPS lock you see in your browser when you type in a website address is what people should see when visiting your site.  This confirms that traffic to and from your website is encrypted.  By enabling HTTPS, you are giving your site an extra layer of security that will help keep any identity, communication and web browsing private.

Image result for secure website lock

In addition, when you are sharing content from other websites, you want to make sure they are outfitted with the HTTPS as well.  Also mention to your customers that they should be looking out for that lock in the browser of any website they submit any sensitive information to.

3: Report any phishing scams

If you do fall victim to a phisher, report them immediately.  You first step is to contact law enforcement by getting in touch with the FBI Internet Crime Complaint Center.  You then want to move onto contacting the social platforms that you have accounts with.  They have support in place for businesses that this happens to and will act swiftly in shutting down any accounts impersonating your brand.

Here are the links to refer to for each platform.

4: Educate and train your social media team

In order to keep your business safe, everyone that is involved with the social media tasks for your brand needs to know how to keep your profiles safe.  Make sure each person knows what social phishing is and how to recognize it.  Also make sure they know what your social media handles are and that they should never click on any links they receive that appear suspicious, even those from friends. This will help from any malware being installed on computers.

To further protect your accounts from hackers, there should be a policy in place that all social media credentials be stored securely in a password keeper and that they are also updated regularly.

5. Always update your OS and patches

Always make sure to install any updates that come out for your operating system as well as any patches.  Check your settings to confirm auto-updates are turned on and if you get an alert that an update is ready, don’t ignore it.

6. Provide extra protection to key computers

Any computers that are used for confidential data entry should be safeguarded or restricted in an effort to avoid any attacks.

Here are some ways to help protect your computers:

  • Have certain technical controls in place with regards to passwords, two-factor authentication,updating and patching all systems.
  • Come up with a security policy. No opening attachments or clicking on links from unknown sources, no USB drives to be used on the computer and security training is a must.
  • Have a policy for wire transfers.  Put a system in place so that any large sums of money cannot be wire transferred without passing through multiple people to verify its legitimacy.
  • Require security training.  Any high-risk users like c-level, hr, and accounting should all take courses to become more educated about security, phishing attacks and fraud.

7. Have a plan in place

Things can happen quickly with social media accounts.  If you experience a hack or any other sort of issue, the best thing to do is to respond as quickly as possible and offer an apology.  In order to avoid scrambling when something like this happens, you should have a plan in place for how you will address affected customers and the press.

8. Have a different login for each platform

Using the same email and password for each social media account is a common mistake made by businesses. This is a bad idea since a hacker will use them for all your accounts if they have success with one account.  When you have different login credentials for each account, you are minimizing the risk that all your accounts will be hit at once. You should also give thought to coming up with email addresses that only you and a few other people know (avoid the typical info@xyz.com) to further protect your login credentials.

9. Use multi-factor authentication

When you use multi-factor authentication, the user is required to identify themselves in a number of ways before they are logged in.  From a business security perspective, if an account is trying to be accessed from an unknown IP address or device, the admin is automatically notified. By using this extra layer of security, business social media accounts are available to only a select group of pre-approved people.  

10. Delete unused accounts

If your business used Pinterest and realized it was not the best marketing platform, delete the account.  Abandoned accounts that are no longer being used and their password remains unchanged, are at risk for a possible hack.  Be on the safe side any delete any accounts you do not actively use.


Social phishing scams are real and can do great damage to any business that becomes a victim of one.  For this reason, it is essential that your business take social media security measures seriously.  By using the tips mentioned above, your business will hopefully avoid the typical risks that lead to these social media account scams and attacks.