Social Engineering Threats on Social Media

Social Engineering Threats on Social Media

Social Media

This publication is authored by and reflected the views and opinion of PT Integrity Indonesia. More information about PT Integrity Indonesia is available on


In today’s day and age, it would seem that nobody would raise their hand to the question “who doesn’t have a social media account?” With social media becoming a vital element in today’s lifestyle, at the same time, it opens a big gap for irresponsible people to commit cybercrimes—social engineering being one of them.

According to, in October 2021, the number of active social media users worldwide reached 4.55 billion people. This means that more than half of the world's population uses social media as a way of interaction.

Major frames in social media timelines are profile traffic, user activity, hobbies, interests, phone numbers, birthdays, and other data that might be more personal. Whether we realize it or not, all of this personal information constitutes a constellation of data that can be accessed and used by various parties.


Social engineering, taking advantage of human friendliness

With the advancement of technology—and more specifically, social media—comes the development of new modes of cybercrime, such as social engineering. From this source, it is understood that social engineering is a manipulation technique that utilizes human error to gain access to personal information or valuable data.

In contrast to digital data theft by means of exploiting the weaknesses of digital security systems, such as the use of malware or viruses, social engineering takes advantage of the weaknesses of digital system users. Most social engineering attacks rely on actual communication between the attackers and the victims.

Perpetrators usually motivate their victims to do what perpetrators want and eventually get deceived. Contrary to how it may seem, social engineering is very structured and systematic.

One case that is currently rife on social media is fraud in the name of banks. The scam starts with a bank advertisement on social media offering customer-level upgrades.

Tempted by the privileges of the offered upgrades, many people clicked on the ad and were directed to pages where they had to perform a few actions. All elements and aspects in the modus operandi were prepared to look as real and original as possible, including the address of the intended bank. Many were deceived and scammed out of hundreds of millions of their money.

Extracted from this source, social engineering techniques that are often applied in social media include the following:

  1. Gather victim information.

Perpetrators patiently and consistently collect pieces of information on their victims, from their hobbies, contacts, and community, to their ideology.

  1. Enter into the victim’s circle(s).

After they feel they have enough information about the victim, the perpetrator begins to establish a relationship and interact with the victim to build their trust.

  1. Retrieve data and exploit victims.

After the trust is formed, the perpetrator will lead the victim to take various actions that benefit the perpetrator.

  1. Disconnect.

After getting what they want, the perpetrator will immediately cut off contact and remove any information that can be traced back to them.

Keep in mind that the above process can take months, usually unfolding through a series of chats on social media. The friendliness and openness of the victim can also determine whether or not this process goes smoothly.


How to recognize and avoid social engineering on social media

Social engineering can occur through various methods and activities. It also commonly occurs when people make transactions at ATMs.

On social media, in particular, awareness is required to limit the publication of personal information. Our social media profiles are allowed to be viewed and accessed by many people with various interests. Restricting access to personal data means minimizing the risk of others using our data.

More specifically, knowledge is needed to recognize the signs of social engineering. Extracted from Norton Security, a digital security service provider, there are several ways to identify social engineering.

  1. Be on the lookout for unusual messages, even if they are in the name of a relative or colleague.
  2. Avoid clicking on links with gifts or messages that promise too much.
  3. Beware of messages from institutions that threaten to impose sanctions. Out of fear, victims usually subconsciously follow perpetrators' instructions.

In addition to recognizing the modus operandi of social engineering, an equally important step is to increase the security of social media accounts. Changing passwords regularly and using a two-way verification security system are simple steps that can be taken toward data safety.


This publication is authored by and reflected the views and opinion of PT Integrity Indonesia. More information about PT Integrity Indonesia is available on