Social media is a key tool for REALTORS®, allowing you to connect with clients, build your brand, and market your listings. It’s also a key tool for cybercriminals looking to scam you, steal your identity, and harm your reputation and your business.

One of the most common ways they do this is through a technique called account spoofing.

On platforms like Instagram, Facebook, and Tik Tok, we typically trust those in our social and professional circles that we connect with.

Cybercriminals take advantage of this by copying information from social media accounts of friends, colleagues, or clients to create a “spoofed” account. These fake accounts appear to be extremely convincing because the cybercriminal usually grabs images, videos, and other information from the target’s social media accounts to make the spoofed account look legitimate.

They’ll then send connection requests to the target’s connections. If you connect with them, they’ll use your trust in the target to leverage cyber-attacks ranging from financial scams to identity theft.

With the amount of effort cybercriminals put into spoofing accounts, it can be difficult to tell if an account is real or not. There are, however, a few ways you can spot these accounts:

• If you receive a request from someone you know, check to make sure you’re not already connected to them. Cybercriminals will sometimes offer up excuses like “I was locked out of my original account” or “I got hacked, so I created a new account”. Be suspicious of these requests and always verify their identity through an alternative means like a phone call, text, or email before proceeding.
• Cybercriminals will likely make the first move. If a connection is asking for anything out of the ordinary, like money or personal information, be skeptical. If you have an alternative way of contacting the individual, do so to verify the request.
• Trust your gut – if a communication like a post or direct message from a connection feels off, it may be a spoofed account. Don’t click on unsolicited links, especially if they’re off topic, unusual, or dramatic. These may be linked to malware.

If you suspect an account may be spoofed, report it. Most platforms have a mechanism for doing so.

Having your account spoofed could negatively impact your reputation among your colleagues and clients. You can protect yourself by following these simple steps:

• Keep your personal accounts separate from your business accounts and keep them private. Private accounts are much more difficult to spoof.
• Understand the privacy settings for your social media accounts and set them up properly. You’ll also want to understand best practices for security on your preferred platform. Here are guides for Facebook, Instagram, Tick Tok, Twitter, and LinkedIn.
• On your personal accounts, only accept connection requests from people you know and are certain aren’t spoofed accounts.

If you suspect your account has been spoofed, immediately report it to the social media platform.