To stay safe on social media:
Don’t download anything from a social media site. This is a zero-trust environment, where it’s too easy to make something appear to be coming from a “known” friend. Sponsored posts (ads) appearing in your news feed can also contain malicious links.
Limit the visibility of your account. Check your privacy settings to be sure you’re only sharing with friends. Facebook periodically changes its default settings. Don’t assume that your original selections are still in place.
Don’t accept “friend” requests from strangers. These can be spammy profiles that will expose you to problems, such as the junk account viewing your personal information, posting shady links on your profile, or messaging you with questionable content.
Delay posting vacation photos. While traveling, it’s fun to share your daily activities with your friends, but this also signals to would-be thieves that your house is empty. Play it safe and wait until you return home to upload those travel photos.
Be careful about sharing personal information. Hackers may be able to use pets’ names, your former high school, or other personal information to correctly answer password recovery questions. In particular, don’t include your birthday and phone number in your profile.
Report any duplicate profiles. If a clone of your profile appears, report it immediately. Don’t let a scammer use your identity to dupe your friends! Likewise, if you receive a new friend request from an existing friend, don’t accept it before verifying that their profile hasn’t been cloned.
Don’t use a social media password on any other websites. Each of your passwords should be unique, but it’s especially important to maintain unique passwords for your online banking profile and other secure sites.
Avoid “signing in” to outside websites with your Facebook ID. This is a convenient way to reduce the number of profiles you need to create, but it also increases your vulnerability if any of these sites are compromised. Further, many rogue applications use a Facebook login to trick people into thinking the app is trustworthy.