Social Phishing: Don’t Let Your Customers (or Yourself) Get Scammed

Would you know if someone was impersonating your business on social media?

When a fraudster uses your business to phish for your customers’ personal information, it could leave your reputation on the hook. While your business may have nothing to do with the social phishing attack, it can still leave customers with a negative impression when an attacker uses your name to pull off their scams.

That’s why you need to know how to protect yourself and your customers when things seem “fishy.”

What Exactly is “Social Phishing”?

When a fraudster uses your business to phish for your customers’ personal information, it could leave your reputation on the hook. #MichaelsWilder #scam Click To Tweet

Social phishing is a criminal activity in which an attacker manipulates their victim into revealing their personal information via social media.

As an example, let’s say your customer, Laura, replies to your latest Instagram post with a complaint about a recent purchase. Normally, you’d comment and direct Laura to your customer service form, but someone else gets to her first. Laura receives a direct message from an account with the username “customerservice_your company” and your logo as their profile picture. With just a few questions from this fake customer service rep, Laura willingly hands over the password she uses to login to your site and even her banking information.

This is how social phishers reel in their victims.

Instead of looking for a technical gap in an organization’s cyber security systems, social scammers exploit human error to get the information they want. So, even if you’ve installed that most secure systems to protect consumers’ private information, your customers may still fall victim to a social phishing attack from someone impersonating your business.

Closeup of person holding fishing rod

How to Protect Yourself and Your Customers from a Social Phishing Attack

Before we discuss how to protect your customers from a social phishing attack, you need to understand how to protect yourself. By learning how to safeguard your own information, you’ll be better equipped to defend and educate your customers. As they say, you have to put on your own oxygen mask before you can help someone else with theirs.

Protect Yourself

1. Never Trust Someone Based on Their Username

A Twitter handle is not a valid form of identification! Just because a profile is using the company logo or includes the company’s name, doesn’t mean it’s authentic.

If you want to get in touch with customer service, it’s best to go to the business’s actual website to find their contact information. You may also be able to contact their customer service via social media, but you should never trust a comment or direct message linking to an unknown account. Always verify and reach out to the company’s account yourself.

2. Never Disclose Personal Information

Scammers will ask you questions in an attempt to get you to disclose personal information. They may ask for your password to access your account information, or they might say that they need your payment information to issue a refund. DO NOT GIVE THEM THIS INFORMATION. 

A legitimate business will never ask you for sensitive information, so requests like these are huge red flags.

3. Never Click a Link from an Unfamiliar Account

Scammers sometimes post links to other websites where they can further manipulate you into disclosing private information. Often, these sites will be copied to look like a legitimate business or organization and ask you for your username and password, which the scammer can then use to access your real online account.

Even if you think you know the sender or the website, it’s best not to enter any sensitive information or download any attachments on an unknown site that was linked from social media. Accounts can be hacked, and legitimate websites can be copied in an attempt to gain your trust. Always look for the HTTPS designation at the beginning of a website’s URL to let you know if the site is secure.

Protect Your Customers

While you may not be legally obligated to notify customers of social phishing scams, it is still in your best interest to do so. If a customer has a negative interaction with your brand (even an imposter version of your brand), they’ll be less likely to interact with your business in the future, so it never hurts to take reasonable steps to protect your customers from scammers.

1. Monitor Your Brand

Google Alerts allow you see whenever someone mentions your company online, and they’re a great resource for discovering potential impersonators. Here, you can sign up to receive free alerts whenever your business is mentioned online and keep an eye out for any illegitimate uses of your business’s identity.

Google Alerts screen

Besides using Google Alert for fraud monitoring, it’s a good idea in general to have an Alert set up for your business just to stay in the loop about what people are saying.

2. Report Scams

If you become aware of a social phishing scam, you should immediately report it. You can make your complaint to the FBI via their Internet Crime Complaint Center and the Federal Trade Commission. (If you’re located outside the U.S. you can make a complaint to your country’s own national fraud reporting organization.)

You should also report any suspicious activity to the social platform(s) that the scammer is using to impersonate your brand. They will have the resources you need to get any fraudulent accounts taken down. 

3. Spread Awareness

If you know that your customers are being targeted, post an awareness message to your social channels and warn customers to be vigilant. You can also provide some of the tips listed above to help customers learn to recognize scams on their own.


Whatever you do, don’t just ignore it. Customers deserve to know when your business name is being used to deceive people, and the quicker you take action, the less likely they are to succeed.

Mike Speer Administrator
Chief Marketing Officer Michaels WIlder

Opinions are my own and not the views of my employer.

Chief Marketing Officer at Michaels Wilder and an entrepreneur since before the average person knew what that even meant, Mike has helped countless businesses build effective sales and marketing strategies. His philosophy is, “If you’re not thinking 10 years ahead, you’re already behind.” Mike’s content has appeared in Forbes Magazine, Inc. and Apple News. He has also been featured numerous times as a “Top 10 Writer” worldwide on the Q&A content site, Quora.

follow me
×
Mike Speer Administrator
Chief Marketing Officer Michaels WIlder

Opinions are my own and not the views of my employer.

Chief Marketing Officer at Michaels Wilder and an entrepreneur since before the average person knew what that even meant, Mike has helped countless businesses build effective sales and marketing strategies. His philosophy is, “If you’re not thinking 10 years ahead, you’re already behind.” Mike’s content has appeared in Forbes Magazine, Inc. and Apple News. He has also been featured numerous times as a “Top 10 Writer” worldwide on the Q&A content site, Quora.

follow me
Latest Posts
Leave a Reply