Identity theft has been on the rise in the last two years, accelerated by the COVID-19 pandemic.

At first, scammers targeted government benefits, often using data stolen in past data breaches to apply for — and collect — unemployment benefits in unsuspecting victims’ names. In some cases, victims were not even aware an unemployment claim had been made until they filed their taxes, creating headaches months after the fact.

Scammers also took advantage of the lockdown, targeting online shoppers with phony sales ads, fake lotteries and other “giveaways,” largely using social media platforms to ensnare victims. Between 2020 and 2022, the Federal Trade Commission received more than 290,000 COVID-19-related fraud claims — representing $674 million in fraud losses.

The FTC has been aggressively pursuing pandemic-related cases and thankfully, the number of new claims for things like unemployment fraud has been dropping. Unfortunately, social media scams are thriving. 

The Identity Theft Resource Center found that one type of identity theft — social media account takeover — rose by more than 1,000% between 2021 and 2022.

But what does a takeover really imply? Here is what you need to know to protect your accounts.

The hostile takeover

While social media is often fraught with all kinds of scams, account takeovers pose a unique identity theft risk. Often, scammers will infiltrate one account to gain access to others.

For example, if your old high school friend’s password was stolen in a data breach and sold on the dark web, a scammer could buy that password and use it to gain access to the account. Once they’ve assumed a false identity, they could reach out to you to gain access to your account by sending you a direct message with a fraudulent link. According to the ITRC report, 48 percent of account takeover victims first clicked a link they believed was from a friend.

The scammer can then use access to your account to connect to your network and spread comprising links. Scammers can also use your account to gain access to your personal identity, access your financial information, or make purchases with linked bank and credit card accounts.

Interacting with fake accounts

Unfortunately, even if your account isn’t directly hacked, you could still be an unknowing victim simply by interacting with your feed.

Hackers who gain access to social media accounts can continue posting from those accounts. More than 60 percent of victims told the ITRC that hackers continued posting on their accounts, posing as the victim, after the takeover.

Often, scammers will use accounts to encourage the user’s network to sign up for something or pay for something to gain access to the user’s financial information. For example, scammers often create fake charity websites after a natural disaster. The link to the website is posted on the stolen social media account, if you contribute using your credit or debit card through the link, the hacker then gains access to your account numbers.

Alternatively, a scammer may create a fake cryptocurrency opportunity. Posting messages or sending direct messages to their network to encourage people to sign up. If you do, the hacker could use the fraudulent website to steal your personal identity.

Protecting your identity on social media

You don’t have to give up posting cute pet videos and your family’s travel photos entirely to stay safe online. The first step is to keep your social media accounts secure:

• Update your passwords regularly: Opt for difficult passwords with a combination of numbers, letters and symbols.
• Set up two-factor identification: When possible, opt for two-factor identification on your social media accounts. This adds a second layer of protection.
• Don’t link financial accounts: Rather than linking your bank account to your social media account, use a virtual card number or third-party service to pay for any purchases you make through social media.
• Check your outgoing messages: Your direct messages may be the first clue you’ve been hacked. Be sure to check your ingoing and outgoing messages regularly.

You can also keep your identity and financial information safe when going on social media. Start by:

• Be careful what you open: If you do receive a DM with a link from a friend, consider reaching out to them over text or email before you open it.
• Verify charities separately: Before donating online, research the charity separately. You can also donate directly by calling the charity’s toll-free number.
• Be wary of messages from businesses and financial institutions: While many businesses have customer service members who respond to direct messages on social media, businesses and financial institutions like Chevron Federal Credit Union will not reach out to you directly through social media direct messages. If you receive a message from a company or financial institution, do not respond and call the company directly.

Want to learn more about identity theft? Balance’s Back on Track Summer Sweepstakes ends October 31, 2022. This month, Balance is focusing on preventing identity theft. By logging on to learn more, you’ll also be eligible to win $500 or one of three $100 gift cards.