Malicious actors – often called hackers – can gain unauthorised access to a user’s account, often by knowing or guessing a user’s password. While online platforms tries to keep hackers at bay, users also need to take the necessary precautions to protect their passwords and accounts.

When a user contacts another user and attempts to obtain money – or other valuables – by threatening to publicly reveal private or damaging information about the victim, this is called extortion. When the user threatens to reveal images of sexual nature, it’s referred to as sextortion.

Social engineering is the act of manipulating a person into performing a certain action, or revealing personal often sensitive information. Attackers often develop a friendship or employ psychological tricks to convince a person to share photos, share passwords, etc. Instead of finding a security vulnerability in the software, an attacker could pose as an IT support person and pretend to have a noble aim of supporting users with protecting their accounts, and request for the user’s password to accomplish this aim.

Phishing is when a user disguises themselves as a trustworthy entity and attempts to obtain (or “phish” for) sensitive information from another user such as their password or credit card information. For example, someone pretending to be a local grocery business, sends you a message claiming they have a discount at their grocery store. They ask you to place your order via WhatsApp, and to also send your credit card number, expiry date, and security code in order to “process your payment”. Another example, you receive an email that appears to be from Facebook. The email says there’s a threat to your account and that you should login right away to resolve it. You click the login link from the email and enter your email and password. There, you’ve handed your login credentials to the hacker.

Users can receive links via messages or comments that appear to promote something genuine but they are in fact infected or phishing links. Upon clicking the link, a virus, or malware is downloaded on the user’s device. The virus is often used to steal personal data. To check whether the link is infected, copy the URL, go to virustotal.com, and paste it on the search bar. The website will scan the URL and let you know whether the link is trustworthy.

Users often spot accounts that pretend to be someone they know, or themselves, or are simply fake. These fake accounts pose a threat as they are often used to gain other users’ trust and gain followers and friends, and then use the fake account to threaten the user they’re impersonating or extort them.