Why do you need to protect your social media profile?
While it has never been so easy to connect with friends, family and colleagues from around the world, unfortunately, people with malicious intentions are also drawn to social media because it’s easy to access personal information. The more you share, the more visible you are to everyone.
If your social media privacy settings are public, or if you connect with people you don’t know, you could become a target. Social media platforms encourage people to connect. Your connections offer cyber criminals an opportunity to target you, and potentially infect your entire social network.
The ease of being able to set up a social media account under any name, in any location to connect with people, offer customised apps and share links, means that social media can be a treasure trove of information for criminals.
Visit the Australian Government Office of the eSafety Commissioner to find out more about social engineering, opens in new window.
Personal information you must protect from social media
To maximise the security of your social media, you should never share the following things.
Don’t publish personal identity details including your birthdate, passport, drivers licence, financial information or even the names of your children, spouse or pets.
Never share information that reveals your home address. Protect postal box locations too.
If your social media network only includes people that you know, they should know how to contact you. If not, they can message you.
Never share information that identifies where you are. That includes dates that you’ll be away on holiday or travelling for work.
If you’re attending or hosting a private event, don’t share the details.
What you share on the internet could be available forever, to anyone. Police suggest not sharing images of children.
A funny or embarrassing personal story could be taken out of context and used against you.
Use your social media as you would if you were socialising at a public event. You wouldn’t overshare personal information when surrounded by people you don’t know.
The consequences of oversharing
If you’re accepting social media connection requests without knowing the people you’re bringing into your personal or business life, and you’re sharing personal information openly, you could become a target for:
- social engineering scams, opens in new window
- malware attacks
- identity theft
- business data being stolen or corrupted
- your images being shared inappropriately
- burglary, robbery or physical assault
- putting your social media connections at risk.
Steps to take to secure your social media
You can take steps to minimise social media risks.
Only connect with people you know
Criminals set up fake social media profiles and send connection requests with a goal to steal personal information. To stay safe, only connect with people or organisations you actually know. This, along with tightening up your privacy and security settings, is the safest way to use social media.
Customise privacy and security settings
Each social media platform offers a range of privacy and security settings. Visit the support pages of the social media site to find out how to customise your settings to the highest level of privacy available.
Use strong passwords and activate two factor authentication
Use strong passwords. Most social media platforms also offer a two step authentication option – for example adding your mobile phone number so you have to verify every log in attempt by using a One Time Password (OTP). This adds another layer of protection for you and is a very simple, but highly effective, mechanism to protect your social media account from account takeovers.
What to do if your social media account has been attacked
Here are the steps you need to take to protect yourself, and your social media connections.
- If you believe your identity is at risk, visit How to keep your identity safe online to find out what to do.
- Contact the social media site and report the incident.
- Change your password immediately and set up two factor authentication via the security settings on your social media account.
- Let your social media connections know you’ve been attacked, so they can be wary of any messages they receive that appear to be from you.
Where to go for assistance
- Office of the eSafety Commissioner > Social media safety centres, opens in new window
- Attorney-General’s Department > Protecting and recovering your identity
- IDCARE, opens in new window has a handy learning centre with videos explaining what multi-factor authentication is and how to set it up on Facebook.
How we can help
If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.
IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.
IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.
Australian Government | Australian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
Australian Government | ReportCyber
ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.