Almost every social media user has likely encountered a compromised account—either belonging to a friend, a colleague or even themselves. You may have received warnings from others not to respond to suspicious messages from someone pretending to be a contact. Maybe you’ve gotten a connection request that looks like it came from someone already in your network, or worse, discovered your own profile was hijacked.
What is the objective behind these schemes? What do scammers hope to achieve?
“Social platforms are built around trusted circles of contacts,” says Julie Kuzmic, senior compliance officer, consumer advocacy at Equifax Canada. “That circle of connections is precisely what criminals want to exploit.”
3 ways fraudsters use social media to steal identities
Fraud on social media generally follows three common patterns:
- An attacker gains control of an existing account—often by hacking or guessing the username and password—and then uses that account and its contact list to spread scams or solicit money before the real owner regains access.
- A fake account is created in someone else’s name, frequently using publicly available photos and profile details, to reach out to that person’s contacts or strangers and impersonate them.
- A scammer builds a fabricated persona and invests time in cultivating many online relationships, hoping to establish trust and eventually exploit targets through tactics such as romance scams or investment schemes.
“I’ve seen cases where the scammer begins a conversation as if the recipient already knows them,” Kuzmic explains. An exchange that starts with, “You must have me confused,” followed by a quick apology can be a tactic to lower guard and create a sense of familiarity. For people who are isolated or eager to connect, these small openings can quickly turn into trusted relationships the fraudster can manipulate.
Those initial friendly messages can evolve into a longer, multi-step strategy. A scammer might first share a useful tip or a genuine-looking deal, then gradually introduce requests for money or invitations to participate in an investment that benefits only the fraudster.
Precautions to take on social media
When attackers control or impersonate an account, one of their goals is to leverage the victim’s network to find more targets. Because messages come from a trusted face, or because contacts see mutual friends, recipients are more likely to engage—and that makes such outreach an effective form of phishing.
Common vulnerabilities include weak or reused passwords, overly open privacy settings, and personal details shared across platforms that criminals can piece together.
Practical steps to protect yourself include:
- Use strong, unique passwords for each platform and consider a reputable password manager to help manage them.
- Familiarize yourself with each social network’s privacy settings and limit who can see posts, photos and profile details that reveal personal data like birthdays or family names.
- Avoid oversharing—even with friends. Posting details such as honeymoon photos, a pet’s name, or frequent locations can be exploited.
- Decline connection requests from people you don’t know, even when you appear to have mutual acquaintances.
- Remain skeptical of unexpected messages, even from known contacts; verify any unusual request through another channel, such as a phone call or separate messaging app.
Kuzmic emphasizes that simply accepting a friend request is rarely dangerous on its own. The risk grows when the impersonator asks for money or urgent help.
“Urgency is a classic red flag,” she says. “If someone pressures you to act quickly, stop and verify the request through a different method before sending money or personal information.”
Equifax Complete Protection
Go to site
Equifax Complete Protection offers a combined set of credit and cybersecurity features aimed at helping Canadians detect identity fraud sooner.
- Daily credit monitoring and alerts
- Scanning for personal data on the dark web
- Social media monitoring provided by ZeroFox
Subscription price: $34.95 per month
Go to site
Further lines of defence: Fraud protection from Equifax
If you suspect your account has been compromised, immediately contact the social network and follow its account-recovery steps. Notify your contacts—ideally by phone or another independent channel—to warn them not to respond to messages that appear to come from you.
For additional protection, some Canadians choose identity and credit monitoring services such as Equifax Complete Protection. The service—priced at $34.95 per month—includes credit monitoring, dark web scans and social media monitoring that can flag suspicious activity such as account impersonation, scams or other malicious content. Its social monitoring uses automated tools to continually check for signs of fraudulent or inappropriate use of an identity online.
When you receive an unusual request online, take a pause: confirm the message through a different method, avoid sending money or personal information under pressure, and report suspicious accounts to the platform.
This article is sponsored.
This paid post is intended to inform readers and may highlight a client’s product or service. The content was written, edited and produced by MoneySense with contributions from assigned freelancers.
Read more about fraud and scams:
- Watch: 5 questions on identity theft
- How to protect yourself from identity fraud in Canada
- Mortgage fraud in Canada: How to protect yourself
- Why do Canadians keep falling for scams?
- Lost wallet? Here’s how to protect yourself from fraud
Newsletter