Use Social Media Safely: A Beginner's Guide

What is this in plain English?

Think of social media (Facebook, Instagram, Twitter, TikTok) as a giant town square where millions of people gather to chat, share news, and show pictures. Just like in a real town square from the 1950s or 60s, most people are friendly and just going about their day. But also like a real town square, there are pickpockets, con artists, and people trying to sell you things or trick you.

Your social media account is like your home in this town square. You need to lock your doors (use good passwords), be careful who you invite inside (who you accept as friends), and not shout your personal information for everyone to hear (don't post private details publicly).

The good news? With some basic safety habits—like the ones you already use in real life—you can enjoy social media without the risks.

Before You Start: Why Social Media Safety Matters

Social media connects you with loved ones and lets you enjoy content you care about. But criminals use these same platforms to:

• Steal money through scams and fake investment schemes
• Steal your identity using personal information you share
• Hack into your accounts to impersonate you
• Manipulate you emotionally to get what they want

This guide will teach you how to protect yourself. These aren't complicated computer skills—they're common-sense safety habits, just like locking your front door or not giving your wallet to strangers.

Step 1: Create Strong Passwords (Your First Line of Defense)

Your password is like the key to your house. A weak password is like leaving your door unlocked.

What makes a strong password:

• At least 12 characters long
• Mix of uppercase letters, lowercase letters, numbers, and symbols
• NOT your name, birthday, address, pet's name, or any word in the dictionary
• Different for every account (your Facebook password should be different from your email password)

Examples of weak passwords (NEVER use these):

• password123
• YourName2024
• 12345678
• qwerty

Examples of strong passwords:

• Tr3eH0use!S@ndy92
• Blu3$kyG@rden47!
• C0ffee&D0nuts#88

How to create and remember strong passwords:

1. Think of a sentence only you would know: "I met my husband Tom at the beach in 1967"
2. Take the first letter of each word: ImmhTatbi1967
3. Add symbols and capitalize some letters: Imm#hTa!tbi1967
4. Write it down on paper (yes, paper!) and keep it in a safe place like a locked drawer

Or simply string together 4-5 random words with numbers and symbols: Blue!Garden47$Coffee

Pro Tip: Use a different password for each important account (email, banking, social media). If one gets hacked, the others stay safe. Write them all down in a notebook kept in a secure place—this is safer than trying to remember them all.

Step 2: Set Up Two-Factor Authentication (Double-Locking Your Door)

Two-factor authentication (also called 2FA or two-step verification) is like having both a key and a deadbolt on your door. Even if someone steals your password, they still can't get in.

How it works:

1. You enter your password like normal
2. The site sends a special code to your phone via text message
3. You type in that code
4. Now you're logged in

To turn on two-factor authentication for Facebook:

1. Open Facebook and tap the three horizontal lines (menu) in the bottom right (iPhone) or top right (Android)
2. Tap Settings & Privacy
3. Tap Settings
4. Tap See more in Accounts Center
5. Tap Password and security
6. Tap Two-factor authentication
7. Select the account you want to secure
8. Tap Turn on next to "Text message (SMS)"
9. Enter your phone number
10. Enter the code Facebook texts you
11. Tap Continue

To turn on two-factor authentication for Instagram:

1. Tap your profile picture in the bottom right
2. Tap the three horizontal lines in the top right
3. Tap Settings and privacy
4. Tap Accounts Center
5. Tap Password and security
6. Tap Two-factor authentication
7. Follow the same steps as Facebook above

To turn on two-factor authentication for Gmail (Google account):

1. Go to myaccount.google.com on your computer or phone
2. Tap Security on the left
3. Scroll down to "How you sign in to Google"
4. Tap 2-Step Verification
5. Tap Get Started
6. Follow the step-by-step instructions

   Important: Keep your phone charged and with you when logging into accounts with two-factor authentication. If you lose your phone, contact the company immediately to regain access to your account.

Step 3: Recognize and Avoid Common Scams

Scammers are getting more sophisticated. Here are the most common tricks and how to spot them.

The "Facebook Friend" Scam:

You get a friend request from someone you're already friends with. You accept, thinking it's an accident. Then "they" message you saying they're in trouble and need money, or they've discovered a great investment opportunity.

The truth: Your friend's account was hacked or cloned. The real person never sent that message.

What to do: Don't accept duplicate friend requests. If you get a strange message from a friend asking for money, call them on the phone to verify. Never send money based on a Facebook message alone.

The "You've Won!" Scam:

You get a message saying you've won a prize, sweepstakes, or grant money. To claim it, you need to pay fees, taxes, or provide personal information.

The truth: Real prizes never require you to pay anything upfront. This is always a scam.

What to do: Delete the message immediately. Block the sender. Never send money to claim a prize.

The "Tech Support" Scam:

You get a message or pop-up saying your computer has a virus and you need to call a number or click a link for help. Sometimes they claim to be from Microsoft, Apple, or Facebook.

The truth: Real tech companies never contact you out of the blue like this. This is always a scam.

What to do: Close the message or pop-up. Never call numbers from unsolicited messages. Never give strangers remote access to your computer.

The Romance Scam:

Someone you don't know sends a friend request and starts chatting with you. They're charming and attentive. Eventually, they say they're in trouble—stuck abroad, medical emergency, business deal gone wrong—and need money.

The truth: They're professional con artists. Everything they told you was a lie designed to gain your trust.

What to do: Never send money to someone you've only met online. If romance develops online, video chat before meeting in person. Be suspicious of anyone who can't or won't video chat.

The Investment Scam:

Someone messages you about a "guaranteed" investment opportunity in cryptocurrency, stocks, or precious metals. They might show you screenshots of huge profits.

The truth: Those screenshots are fake. There's no such thing as guaranteed returns. Real financial advisors don't recruit through Facebook messages.

What to do: Ignore and block. Never invest based on unsolicited social media messages. Work only with licensed financial advisors you've researched.

Safety Alert: If it sounds too good to be true, it is. Legitimate opportunities don't come through random Facebook messages. When in doubt, talk to a trusted family member or friend before taking any action.

Step 4: Protect Your Personal Information

Information that seems harmless to share can be used to steal your identity or hack your accounts.

NEVER post publicly:

• Your full birthdate (month and day are okay, but not the year)
• Your full address or phone number
• Photos of your credit cards, checks, or financial statements
• Your Social Security number or driver's license number
• Information about being away from home ("Off to Europe for two weeks!")
• Photos of your house keys, car keys, or house numbers
• Your mother's maiden name or answers to security questions

Be careful posting:

• Your exact location in real-time (wait until you get home to post vacation photos)
• Information about your daily routine ("Every Tuesday I go to bingo at 7pm")
• Photos of grandchildren without their parents' permission
• Complaints about your bank, doctor, or other services (scammers watch for these)

Safe to share:

• General updates ("Enjoying a nice day outdoors")
• Photos of hobbies, pets, nature, food
• Opinions on topics you care about
• Congratulations to friends and family

  Pro Tip: Before posting anything, ask yourself: "Could a criminal use this information to harm me, impersonate me, or rob my house?" If there's even a small chance, don't post it.

Step 5: Adjust Your Privacy Settings

Privacy settings control who can see your posts. Let's make sure yours are set safely.

For Facebook:

1. Tap the three horizontal lines (menu)
2. Tap Settings & Privacy
3. Tap Settings
4. Tap Privacy
5. Look at "Who can see your future posts?"—tap it
6. Select Friends (not Public)
7. Go back and tap "Limit who can see past posts"
8. Tap Limit Past Posts to change all old posts to Friends only

Also in Privacy settings:

• "Who can send you friend requests?"—set to Friends of Friends (not Everyone)
• "Who can see your friends list?"—set to Only me or Friends
• "Who can look you up using your email/phone?"—set to Friends or Friends of Friends

For Instagram:

1. Tap your profile picture (bottom right)
2. Tap the three horizontal lines (top right)
3. Tap Settings and privacy
4. Tap Account privacy
5. Toggle Private account to ON

With a private account, only people you approve can see your posts and stories.

General privacy principle:

When in doubt, more private is better. You can always make things more public later, but you can't unsee something that's already been shared widely.

Step 6: Be Careful What You Click

Many scams and hacks happen because someone clicked a bad link.

Dangerous links look like this:

• Shortened URLs (like bit.ly/xyz123) where you can't see the real destination
• Misspelled websites (Faceb00k.com instead of Facebook.com)
• Links promising free stuff, shocking news, or amazing deals
• Links in messages from people you don't know
• Links sent by friends whose accounts might be hacked

Before clicking ANY link, ask yourself:

• Do I know and trust the sender?
• Was I expecting this link?
• Does it seem too good to be true?
• Does it create urgency ("Click now or lose this deal!")?

What to do instead of clicking:

• If it's from a friend and seems strange, call them to verify they sent it
• If it's about your bank or a company, close the message and go to their official website yourself
• If it promises something free or amazing, assume it's a scam
• When in doubt, don't click

  Critical Rule: Never enter your password after clicking a link in an email or message. If a message says "Your account has been compromised, click here to secure it," it's a scam. Go directly to the website yourself by typing the address.

Step 7: Understand What's Real and What's Fake

Not everything you see on social media is true. Here's how to think critically about what you see.

Fake news warning signs:

• Sensational headlines designed to make you angry or scared
• No author name or publication date
• Lots of typos and grammatical errors
• Claims that seem unbelievable
• Only shared by one source—nowhere else is reporting it

Manipulated photos and videos:

• Technology can now make very realistic fake images and videos
• If a photo or video seems shocking, be skeptical
• Check multiple trusted news sources before believing or sharing

Before sharing something, ask:

• Is this from a reputable news source I recognize?
• Have I verified this with at least one other source?
• Could this be designed to manipulate my emotions?
• Would I be comfortable if my grandchildren saw me sharing this?

Reliable sources to check:

• Major newspapers (New York Times, Wall Street Journal, Washington Post)
• Established TV news networks (CBS, NBC, ABC, PBS)
• Fact-checking websites (Snopes.com, FactCheck.org, PolitiFact.com)

  Important: Sharing false information—even accidentally—can harm people. Take the extra 30 seconds to verify before you share. If you're not sure, don't share it.

Step 8: Manage Friend Requests Carefully

Not everyone who wants to be your friend should be.

Red flags for fake or scam accounts:

• Very few friends (especially under 20)
• Account was just created (you can usually see "Joined [Month Year]")
• Profile photo is of an attractive person you don't know
• No other photos posted
• Generic, impersonal messages
• Mutual friends who don't actually know this person

Safe friend request practices:

1. Only accept requests from people you actually know in real life
2. If you're unsure, send them a message asking how you know each other
3. Look at their profile—do they have normal photos and activity?
4. Check mutual friends—do you trust those people?
5. When in doubt, decline or ignore the request

To review your current friends:

1. Go to your profile and tap Friends
2. Scroll through your list
3. If you see anyone suspicious, tap their name
4. Tap the Friends button (with a checkmark)
5. Tap Unfriend

You can unfriend people anytime. They won't receive a notification.

Pro Tip: It's better to have 50 real friends than 500 strangers. Social media isn't a popularity contest—it's about genuine connections.

Step 9: Know the Warning Signs of Account Hacking

Sometimes despite our best efforts, accounts get hacked. Recognize the signs so you can act quickly.

Your account might be hacked if:

• Friends tell you you're sending strange messages
• You see posts you didn't make
• You can't log in with your usual password
• You get emails about password changes you didn't request
• You see login alerts from locations you've never been
• Your email address or phone number on the account has been changed

If your account is hacked, act immediately:

1. Try to change your password right away
2. If you can't log in, use the "Forgot Password" link
3. Check your email for password reset messages
4. Enable two-factor authentication (Step 2) as soon as you regain access
5. Review recent posts and delete anything you didn't write
6. Post a message warning friends your account was hacked
7. Contact the platform's help center

For Facebook: Go to facebook.com/hacked For Instagram: Go to help.instagram.com/149494825257596 For Gmail: Go to google.com/accounts/recovery

Safety Alert: If your email account is hacked, the criminal can access everything—banking, social media, shopping accounts. Securing your email should be your absolute top priority.

Step 10: Talk to Family About Social Media Safety

Many scams target relationships between family members. Have honest conversations with your loved ones.

Talk to your children and grandchildren about:

• Never sending money or gift cards based on social media messages, even if it looks like you're asking
• Calling you directly if they receive strange messages "from" you
• Not sharing your personal information online
• Understanding that you might be less familiar with technology and scams

Establish family safety rules:

• "If I ever ask for money online, call me first to verify"
• "If something seems suspicious, we talk about it together"
• "We don't shame each other for mistakes—scammers are professionals"

Create a family code word:

Choose a word only family members know. If you're ever in trouble and need to ask for help via message, include this word so they know it's really you. If it's missing, they should call you to verify.

How to Stay Safe While Using Social Media

Trust your instincts: If something feels wrong, it probably is. You don't need to understand exactly how a scam works to protect yourself—just listen to that uncomfortable feeling.

Slow down: Scammers create urgency ("Act now!" "Limited time!" "Emergency!"). Legitimate opportunities don't disappear in five minutes. Take time to think, research, and consult trusted people.

You can always say no: You don't owe strangers your time, attention, money, or personal information. "No" is a complete sentence. Block people who make you uncomfortable.

Keep learning: Scammers constantly develop new tricks. Stay informed by talking to family, watching your bank's fraud alerts, and listening when news outlets report new scams.

Don't be embarrassed: If you fall for a scam, you're not alone. Millions of intelligent people are tricked every year. The important thing is to report it, warn others, and keep learning.

Remember: Social media companies will NEVER contact you asking for your password, payment information, or personal details through messages. If someone claiming to represent Facebook, Instagram, or any platform messages you asking for this information, it's a scam. Always go to the official website directly.

What to Do If Something Goes Wrong

If you've been scammed:

1. Stop all contact with the scammer immediately
2. Don't send any more money
3. Contact your bank or credit card company to report fraud
4. File a report at ReportFraud.ftc.gov (Federal Trade Commission)
5. Report the scam to the social media platform
6. Change passwords on all your accounts
7. Warn your friends so they don't fall for the same scam

If you've shared too much information:

1. Delete the post if it's still up
2. Change passwords immediately
3. Monitor your bank accounts for suspicious activity
4. Consider placing a fraud alert on your credit report (call one of the three credit bureaus)
5. Be extra vigilant for follow-up scams

If you feel overwhelmed:

1. Take a break from social media—it will still be there when you're ready
2. Talk to a trusted family member or friend
3. Remember that using social media safely is a learning process
4. Focus on one safety step at a time rather than trying to do everything at once

Resources for Help

Report scams:

• Federal Trade Commission: ReportFraud.ftc.gov or 1-877-FTC-HELP
• FBI Internet Crime Complaint Center: ic3.gov

Check if something is a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker
• AARP Fraud Watch Network: aarp.org/fraudwatchnetwork

Identity theft help:

• IdentityTheft.gov (Federal Trade Commission resource)
• 1-877-ID-THEFT (1-877-438-4338)

For seniors specifically:

• National Elder Fraud Hotline: 1-833-FRAUD-11 (1-833-372-8311)

Final Thoughts: Enjoy Social Media Safely

Social media can be a wonderful tool for staying connected with loved ones, pursuing hobbies, and staying informed. With these safety practices, you can enjoy all the benefits while minimizing the risks.

Remember these key principles:

• Strong, unique passwords for each account
• Two-factor authentication whenever possible
• Privacy settings locked down to friends only
• Never click suspicious links
• Verify before you trust
• Think before you share personal information
• When in doubt, say no

You don't need to be a technology expert to be safe. You just need to apply the same common sense you use in everyday life: lock your doors, don't talk to strangers about money, verify before you trust, and listen to your instincts.

Start with one or two safety steps today. Maybe change your passwords or turn on two-factor authentication. Each small step makes you significantly safer. You've got this!