The basics
Te noho haumaru i te pāpāho pāpori

Stay safe on social media

Social media has become a big part of many of our lives, so it's important to understand how to use it safely.

Why it matters

Any public platform where you share personal content with other people, whether you know them or not, falls under the umbrella of social media. There's Tiktok, Facebook, Instagram and YouTube – and new platforms are springing up all the time. Almost everybody is using some kind of social media these days. It might be a way a way of life for many people, but like anything else online, it's not without its risks.

The risks

While social media can be great for lots of things, it can also increase the risk of:

  • privacy issues – if you're not careful about who can see your posts, you could be the target of:
    • of your accounts
    • data theft
    • identity theft
  • scams and
  • cyberbullying or harassment
  • online abuse of children and adolescents.

Common risks and threats

How to protect yourself

  • Look after your logins

    • To get to your social media accounts, use a saved link in your bookmarks or favourites, or type the name of the site into your . Don’t use links that someone else has sent you, or links on other websites. These could lead you to fake sites set up by attackers.
    • If you use a shared or public computer or , make sure your browser or website doesn’t save your login details. If it does, and someone else uses that device, they’ll get access to your social media accounts too.
    • Be cautious of logging in to your social media accounts using a or free – if you’re logging on at a cafe, for example. These networks are 'untrusted'. That means others could see what you're doing when you use them.
    • If you access your social media accounts through an on your phone or your tablet, make sure you lock it when you’re not using it, and always log out of your account, like you do for bank websites.

    Keeping your mobile phone secure

  • Use strong passwords on your accounts

    • Use a different password for each of your social media accounts. For example, don’t use the same password for your Facebook account as you do for Instagram. That way, if someone gets access to one of your account passwords, they won’t get easy access to your other accounts as well.
    • Make your account passwords long and strong – try short sentences that are easy to remember.
      Don’t use information you share on social media to create your passwords – if you share pictures of your dog online, don’t use your dog’s name as your password.
    • Don’t share your passwords with anyone – not even your partner, your parents, or your children.
      If you’re worried about remembering all of your passwords, try using a password manager which will store and manage them for you. Then you only need to remember the login details for the password manager.

    How to create good passwords

    Keep your data safe with a password manager

  • Add two-factor authentication

    Two-factor authentication ( ) adds an extra layer of protection to your social media accounts. 2FA means you need more than just a password to log in.

    Use two-factor authentication to protect your accounts

  • Check your privacy settings

    • Check the privacy settings on your social media accounts. Set them so that only your friends and family can see your full details.
    • Be wary of online questionnaires and competitions – the information in your answers can be used to build a profile of you and your friends, which is then sold to companies for their targeted marketing campaigns.
    • Clean up your social media profile by ‘unliking’ or unfollowing pages, and leaving groups you no longer have an interest in.

    How to protect your privacy online

    How to use social media safely – NCSC

  • Be smart about making friends on social media

    Only accept a friend invite from someone who:

    • you know in real life, or
    • you're sure is a real person, like a celebrity or public figure.

    Check the profiles of celebrities, public figures and businesses are verified accounts. Verified accounts usually have a blue tick next to the account name.

    If you don't want to be friends with someone, or don't want them to see what you're posting, you can block them.

  • Watch out for scams

    Scammers might use social media to try to trick you into giving away your personal details, financial details, or money. When you’re using social media:

    • watch out for social engineering and scams. Social engineering is when an attacker:
      • gains your trust and tricks you into giving them access or information they shouldn’t have
      • researches you and gets enough information to be able to either guess or reset your passwords
    • be wary of opening links and attachments. Links asking you to visit another website to claim a free offer or a prize are often scams used by attackers to get hold of your personal details, or even install , like a virus, on your device
    • be cautious if a friend on social media asks you strange questions – like if they ask for personal details or for money. It could be a scammer who’s created an account to impersonate your friend, or got access to their account. If this happens, contact your friend through another channel, like over the phone or in person, and ask them about it. If it is a scam, you should be able to report the account.
  • What goes online, stays online

    If you're posting online:

    • don’t reveal too many personal details. 'About me' fields are optional – you don’t have to fill them in
    • don’t share anything that could embarrass you or someone else. Only share things you’d be happy for anyone to see, or that you’d say in real life. Keep an eye on what others post about you too
    • remember that anything you post online stays online, so think before you post.
  • Close your old accounts down

    If you have old social media accounts that you don’t use anymore – remember Myspace? – close them down. Don’t leave your personal information out there unused and unloved.

Get help

If you think someone's got access to your social media accounts, or you think someone's targeting you on social media, your first step is to report it to the social media provider.