Learn about safe online shopping practices and pass the quiz at the end of the article. You could win one of six $50 Amazon gift cards!

Social media is a wonderful way to stay connected with friends and family, especially during the holidays, and it helps us keep in touch with people we might not see in person very often. However, it's important to remain cautious—recently, the FTC reported that from 2021 to 2023, one in four people who lost money to fraud said it all started on social media. Scams on social platforms caused a whopping $2.7 billion in losses during that time—far more than any other type of scam. And since many fraud cases go unreported, that number likely represents just a small portion of the total harm.

“Within the context of information security, social engineering uses people’s natural sociability to conduct malicious attacks against them in the real world or cyberspace,” according to Robert Cialdini, Professor of Psychology and Marketing at the University of Arizona. He explains that people should look out for communications using the following tactics:

• Rapport/Physical Appearance: Pretending to be like you and have things in common. Don’t forget that your information may be readily available on your social networking sites.
• Reciprocity: Sending you a gift, knowing that most people will feel obligated to give something back. Beware of free gifts!
• Commitment and Consistency: Getting you to perform a small task in the hope that you will perform it again without as much scrutiny. Be very careful with “introductory offers.”
• Conformity: Making you think everyone else has already taken the action. Don’t be a lemming!
• Authority: Pretending to be your boss or someone with extensive expertise. If an email from anyone, especially your boss, asking you to do something you wouldn’t normally do, question it!
• Scarcity: Pretending you will miss out on a wonderful opportunity if you don’t act quickly. Never act quickly! Slow down and scrutinize all communications.

As a healthcare organization, protecting patient privacy is paramount, and there are rules that everyone must follow:

• Never share any patient information or patient photos on social networking sites
• Never post a personal opinion in a way where it might be confused with the official position of UCSF
• Never use the UCSF brand identity on any personal blog or social networking profile
• Never post any information that is proprietary to UCSF

Because of the recent geopolitical events, UCSF Communications has created UCSF’s Social Media Policies and Best Practices to further guide the UCSF community on conduct and best practices while using social media.

You can further protect yourself and UCSF by adhering to the following practices:

• Don’t give to charities who ask for money on social networking sites. If you plan to give to charities during the holiday season, note that most reputable charities do not ask for money online or over the phone.
• Don’t post anything confidential or potentially embarrassing about yourself. Remember: once posted, always posted. Even if you immediately delete a post, it can still appear or be retrieved.
• Be selective with friend requests, and make sure your friends respect your privacy. Criminals can piece together your personal information to guess your passwords, answer password-reset challenge questions, hijack your account, or try to steal your identity.
• Use high-security settings on all social networking sites. Look for headings such as "Edit My Profile," "Settings," or "Account Details,” and check drop-down menus for detailed privacy settings. If you’re unsure how to do this for a particular site, use a search engine to learn how.
• Use multi-factor authentication, if available. Even if your credentials are compromised, your data will still be safe. According to a recent FBI presentation for the University of California, 99.99% of compromised accounts did not have multi-factor authentication.
• Use and maintain anti-virus software and network security controls. Protect yourself against viruses and malware that may steal or modify your computer's data and leave you vulnerable to data breaches.
• Install apps and other software from trusted sites only. And keep the software updated once it’s installed.
• Use long and strong passwords or passphrases for your social media accounts. Use a short sentence that’s easy to remember but hard to guess. We recommend at least 12 characters from at least 3 of 4 categories (uppercase, lowercase, numbers, symbols).
• Use a separate password for each of your social media accounts. If the bad guys get your user ID and password for one of your accounts, they cannot compromise your other accounts.
• Understand there are risks in using networks you don't control, like public wi-fi. Ensure the site you are accessing uses an encrypted connection by looking for https vs http and heed any warnings you get from your browser. Change advanced sharing settings and turn off file and printer sharing.
• Disable GPS and do not post information about your whereabouts. If the bad guys know you’re on vacation in Europe, they’re more likely to rob you.
• Review credit card and bank account statements to check for unauthorized charges. It’s best to do this as soon as you receive your statements. If your statement is late by more than a few days, call your credit card company or bank to confirm your billing address and account balances.
• Log in to your social networking sites frequently to ensure they have not been hacked. This is especially important if you use a particular site infrequently.
• Check whether your email or phone number has been part of a data breach or if your password is commonly used. You can check this at the site Have I Been Pwned?.
• Get rid of accounts that are not in use. If an account is closed, it is much less likely to be hacked.

Check your social media safety knowledge: Take the Safe and Secure Social Networking Quiz. Everyone who passes the quiz wins one entry in a drawing for one of six $50 Amazon gift cards.

Additional Information

UCSF’s Social Media Policies and Best Practices

FTC: Social media: a golden goose for scammers

Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into downloading Malware

Manage Your UCSF Password

FBI: Internet Social Networking Risks

National Security Agency | Keeping Safe on Social Media