Safe Social Media Practices: Sharing Without Oversharing

Security Education: This article describes cyber threats for defensive awareness and education purposes only. Understanding how attacks work helps organizations and individuals protect themselves. Never use this information for unauthorized access or malicious purposes.

Social media platforms are both a communication tool and a goldmine for cybercriminals. Every piece of information you share, from your workplace to your vacation photos, can be weaponized for social engineering, identity theft, or targeted attacks. The 2020 Twitter hack began when attackers used employee information gathered from LinkedIn to craft convincing vishing calls. Understanding what to share, what to withhold, and how to configure your accounts protects you without requiring you to quit social media entirely.

What Attackers Extract From Your Profiles

Personal details for security question answers. Your mother’s maiden name (tagged in family photos), your first pet (birthday throwback posts), your high school (alumni group membership), and your birth city (profile field) are all common security question answers freely available on most people’s profiles.

Workplace and role information enables spear phishing and business email compromise. An attacker knowing your company, job title, manager’s name, and department can craft a convincing email appearing to come from your CEO or a vendor you work with.

Travel and location data reveals when you are away from home (enabling burglary), your daily routines (enabling stalking), and locations you frequent (enabling targeted physical attacks). Real-time location sharing and check-in features are particularly dangerous.

Financial indicators including luxury purchases, new car photos, home photos, and vacations signal wealth and make you a more attractive target for scams and robbery.

Relationship and family information enables grandparent scams, romance-adjacent social engineering, and impersonation of family members in emergency scenarios.

Platform-Specific Privacy Settings

Facebook: Set your profile to Friends Only. Disable public search indexing. Review who can see your friends list, past posts, and tagged photos. Limit future post visibility. Disable face recognition. Remove your phone number from your profile.

Instagram: Switch to a Private account. Disable activity status. Review and remove location tags from existing posts. Be selective about accepting follow requests.

LinkedIn: Limit profile visibility to connections for sensitive details. Disable showing when you are active. Be cautious about accepting connections from unfamiliar people, especially those with new or sparse profiles.

Twitter/X: Consider protecting your tweets. Do not include your location in tweets. Review what information is in your bio.

Practical Sharing Guidelines

Delay posting. Share vacation photos after you return, not during the trip. This eliminates real-time location exposure while still letting you share experiences.

Audit your friends and followers. Remove connections you do not actually know. Attackers create fake profiles to connect with targets and gain access to friends-only information.

Think before sharing workplace details. Do not post photos of your badge, desk setup (which may show screens with sensitive information), or internal communications. Do not discuss specific projects, client names, or security tools your company uses.

Do not participate in viral questionnaires. Those “fun” posts asking your first car, street you grew up on, and favorite teacher are literally security question harvesting campaigns.

For more on how social media is specifically exploited in phishing attacks, see our guide on angler phishing on social media. To audit your overall digital presence, explore our digital footprint reduction guide.

Teaching Digital Literacy to Family Members

Social media safety extends beyond your own practices. Elderly family members may be unfamiliar with social media scams and privacy risks. Children and teenagers face cyberbullying, predatory contacts, and pressure to overshare. Sharing your knowledge about social media safety with family members protects both them and you, since their compromised accounts can be used to target you through trusted relationships.

Have regular conversations about online safety with family members. Show them specific examples of scams and phishing attempts. Help them configure privacy settings on their accounts. Establish a rule that family members verify unexpected requests for money or personal information through a phone call before acting.

For business professionals, be aware that your LinkedIn profile, public conference presentations, and industry articles provide detailed information that attackers use for spear phishing and social engineering. Consider what a determined attacker could learn about you from publicly available professional information and adjust your sharing accordingly.