Social Engineering
Attacks on Social Media

As we spend an increasing number of hours on social media platforms like Facebook, Twitter, Instagram, and TikTok, we’re ripe for more compelling cybersecurity attacks that employ social engineering tactics. These tactics, of course, manipulate feelings like love, anger, sympathy, greed, and lust to trick us. Here are a few such attacks on social media that benefit from social engineering:

Grandparent Scam

The grandparent scam was easier to identify years ago before the Internet when landlines were the medium of attack. A scammer pretending to be a grandchild would call targets asking for money for an emergency or investment opportunity. Not every grandparent fell for such scams after realizing that the caller wasn’t their relative.

However, grandparent scams can be more compelling on social media. On platforms like Facebook, threat actors can use publicly available media and data to create fake profiles to trick people who aren’t as tech-savvy.

Romance Scam

Like the grandparent scam, the romance scam on social media relies on fake online profiles. Scammers may survey their targets for months before creating online profiles to trick them. After gaining a target’s confidence, a scammer may ask for money for rent or air travel assistance.

Charity Scam

Charity scams on social media take advantage of our empathy. They may fish for donations for a tragedy or to help someone with a medical procedure. These scams are challenging to identify because they may use authentic events like an earthquake or a forest fire to their advantage.

Fake Porn Scam

Fake porn scammers use real pictures and personal details of social media users who aren’t in the adult film industry for fraudulent websites to lure visitors. The victims of these scams are everyday people whose pictures are misused and the visitors who share their credit card information to access the media.

Another type of fake porn scam downloads malware on your computer. It starts when you see a friend share a pornographic videoclip on Facebook. When you click, it asks you to update your Flash software to watch the material. But instead of upgrading your software, the scam infects your computer with dangerous malware.


Scareware is another type of malware that uses social engineering to breach our device or computer security. So, what is scareware exactly, and how does it employ social engineering? Well, scareware is a rogue program that uses fear to deceive us. For example, a fraudulent security program that runs fake scans and warns about fake infections to manipulate us into paying a fee is a type of scareware. You may also see scareware on social media websites like Facebook, where the malware uses fear to run a hoax.

To protect yourself from social engineering attacks on social media, pay attention to your instincts and verify any request for money. If a friend on Facebook is in need, call them to confirm. And if a scammer is using your pictures or data, immediately reach out to the platform hosting the content.

Get your friends involved, so the scamming page is blocked faster. Please also use good anti-malware software to guard your computer against Trojans, viruses, spyware, and other malicious programs an attacker may use.