Secure your social media

Use multi-factor authentication (MFA) where possible. MFA is one of the best ways to add extra security to your social media accounts. MFA is when you need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code. This makes it difficult for cybercriminals to gain access to your account if they know your login details.

Find out how to turn on MFA for common social media platforms:

• Facebook
• Instagram
• X (twitter.com)
• Snapchat
• LinkedIn
• WhatsApp

It is also crucial to turn on MFA for any email address linked to your social media accounts. If a cybercriminal gets access to your email account(s), they can lock you out of your social media accounts.

Learn more about MFA.

Where MFA is not possible, use a strong and unique password, such as a passphrase. A passphrase has 4 or more random words like ‘crystal onion clay pretzel’. Passphrases are easy to remember but hard for someone to guess.

Avoid using obvious or public details about yourself in your passphrases. For example, if you post a photo of your pet and mention its name, don't use your pet’s name in your passphrases. Cybercriminals can guess them from the information you post.

Use a different passphrase for each social media account and don't share them with anyone. This includes the answers to your security questions if you need to recover your account. You can use a reputable password manager to create and store unique passphrases.

Learn more about passphrases.

Lock your device whenever you leave it unattended, even if it is only for a short period. Also set your devices to automatically lock after a short time (less than 5 minutes). That way if someone has taken your device, they won't be able to access your social media and messaging apps.

Be careful when allowing third-party apps to access your social media accounts. This can create another way for cybercriminals to gain access. You should review and remove any third-party apps you don't need or recognise.

Never save your login details on a shared public device and always sign out when you finish. Otherwise, anyone could log in and use your account, such as from a travel lounge, library or school computer.

Don't connect to unsecure public Wi-Fi to access your social media or messaging apps. It may seem enticing to use free public Wi-Fi, but anyone can set up a hotspot and steal your information. Always try to use a trusted network such as your home Wi-Fi or mobile data. Where this is not an option, think twice about what you share or access on unsecure public Wi-Fi. Learn more about connecting to public Wi-Fi and hotspots.

Avoid opening social media links someone has sent you. Cybercriminals may pretend to be someone you know to steal your login details or install malware on your device. Even your friends and family could be sharing malicious links without realising. If in doubt, log in through the official website or app and make sure the URL starts with 'https' (‘s’ stands for secure).

Make sure to review your default privacy settings to control who can see your information. This will help stop cybercriminals from learning more about you. Check your privacy settings often and review any updates to terms of service that may affect it.

The eSafety Commissioner has detailed information on social media and messaging platforms. Visit the eSafety Guide.

Once you post something online, it is out there for anyone to see and can be very difficult to remove. Be careful of sharing information such as your:

• phone number
• email address
• home address
• date of birth
• bank and credit card details
• employment details
• school or university (including where your children go for school or childcare).

Be aware of what your photos can reveal about you. Avoid including location details such as check-ins, street signs and metadata. You can go one step further by changing your settings so your friends and family can’t tag you in their photos.

Get rid of any social media and messaging accounts you no longer use. Leaving them active can expose your information if you're not checking them.

Remember that uninstalling an app doesn't delete or deactivate your account. You will need to do this through the official app or website.

Cybercriminals can set up fake accounts or hack real ones to learn more about you, often posing as a brand or influential person. Their goal is to get you to reveal information to steal your identity or money. Be wary of contact and friend requests from people you don't know.

Warning signs of a fake account include:

• a low number of friends or followers
• very little activity or a recent activation date
• few photos, low-quality photos or stock photos.

Inspect what they post and share online. If it appears generic, or like spam, it could mean the profile is fake. You can also do a reverse image search to check if their photos appear on other profiles.

Cybercriminals can also impersonate your friends and family. If in doubt, check with the person you know in another way, such as on a call or in person.

You should block and report fake accounts through your social media platform. Refer to these common platforms for advice:

• Instagram
• Facebook
• X (twitter.com)
• Snapchat
• LinkedIn
• WhatsApp

For more advice on other social media and messaging apps, visit the eSafety Guide.

Cybercriminals can create a fake business page on social media, even copying their posts or reviews to appear more credible. Always check for slight variations in the business name or social media handle.

When buying products through social media, such as an online shop or marketplace, check the seller's profile first. Be wary of sellers that have a new profile, a private page or little to no customer engagement. Also look out for cheap products or deals that seem too good to be true. If it seems like a scam, it probably is.

Learn more about secure online shopping.