Social media has become a daily part of life for billions worldwide. It connects us, informs us, and entertains us. Yet as artificial intelligence (AI) grows more advanced, the risks we face online have multiplied.
Deepfakes, AI-generated scams, and new attack methods exploit our trust and carelessness. The importance of knowing about these threats and how they work and modifying our online habits accordingly cannot be overstated.
We talked to cybersecurity experts and asked them how social media users can protect themselves in such an unpredictable and dynamic landscape. They shared practical advice on detecting AI trickery, securing accounts with new tools, and guarding against oversharing.
Their guidance points to a simple truth: vigilance and education are the best defence.
Erring on the Side of Caution
AI-generated deepfakes (videos, images, and audio clips designed to look and sound real) have advanced rapidly. They can fool even experienced eyes, creating new challenges for users trying to separate truth from manipulation.
Jake Ouellette, Incident Response Engineer Team Lead at Blumira, offers a clear-eyed look at how to stay safe on social media as AI-generated content becomes nearly indistinguishable from reality. He warns that deepfakes are becoming more realistic, and the classic tells are becoming less and less identifiable. Still, Ouellette shares practical tips for spotting fakes while we can.
He says AI often struggles to render written text accurately, so unusual or distorted words and symbols in the background of images can be a strong indicator of AI presence. Another common sign is a lack of logical continuity, elements like cables, wires, or ropes that don’t appear to connect properly, or architectural details such as stairs and railings that don’t align realistically. All these subtle inconsistencies can raise a red flag.
Lighting errors are another clue: “AI might have a hard time tracking movement and keeping the light consistent between all the sources. Shadows might flicker or shift unnaturally.” Sometimes, these inconsistencies trigger a gut feeling: “You might not be able to find the exact reason why something seems off, but your brain is likely picking up on a handful of subtle inconsistencies,” Ouelette explains.
He urges users to “focus on things in the background or anything other than the main subject of an image, since AI often gets the focal point right but slips up elsewhere. He stresses the importance of skepticism: “Would this person be saying or doing this? If you can’t find another source, you should assume it’s AI-generated until you can prove otherwise.” Wise words.
“Anything and Everything Can Be Created With AI”
Ross Moore, Information Security Researcher, reminds us to approach everything on social media with skepticism. “Anything and everything can be created with AI. Yes, everything.” With so much information circulating, he urges users to double-check facts before accepting them as truth. Satire and parody accounts add confusion, making it harder to know when content is meant to mislead or amuse.
Moore suggests analysing content carefully. Look for repetitive language or overly polished phrasing. Examine images for metadata clues using tools like EXIF viewers. Most importantly, avoid blind trust. Ask: Where is this information coming from? If it matters enough to share or act upon, verify it through multiple sources.
Chloé Messdaghi, Founder & Principal Advisor at Thornbridge Advisory, echoes this need for source verification. She points out that as deepfakes improve, “most people won’t be able to easily spot a deepfake, particularly as the tech continues to improve and the content becomes hyper-personalized.” Instead of trying to “spot the fake,” users should focus on who shared the content and whether it has been corroborated by reputable sources.
“If a video or image sparks a strong emotional reaction (outrage, fear, even excitement), pause before you share”
Chloé Messdaghi, Founder & Principal Advisor at Thornbridge Advisory
Scammers weaponize emotion to bypass logic. This pause gives us a chance to check facts or use reverse image searches to confirm authenticity.
Gary Hibberd, Co-Founder of Consultants Like Us, adds the caveat that traditional advice to spot visual glitches quickly becomes obsolete as technology evolves. Instead, critical thinking and fact-checking skills will keep users safer. He advises a simple but powerful step: Pause, then verify. Scammers rely on triggering impulse reactions.
There’s Going to be a Point Where We Can’t Tell
Looking ahead, Ouellette cautions, “There’s going to be a point where we’re not going to be able to tell and we can’t use some of these tips that I just went over.” When that happens, he says, “scrutinise the videos, take some time and really consider what you’re reading, what you’re seeing and what the image or the video is trying to tell you.” He emphasizes double-checking sources because even with real videos, things are taken out of context, so we should always be trying to get secondary sources.
Social media’s fast pace makes us vulnerable: “You might not even give your brain enough time to analyse or scrutinise what you’re seeing.” Ouellette warns of confirmation bias: “AI content that reinforces your belief or any of your beliefs is easily accepted, even if it’s something that you wholeheartedly agree with, you’re actually still scrutinising it.” He also notes the risk of source amnesia, where people forget where they saw something, but remember the claim of the video – a perfect storm for misinformation.
Ouellette flags the danger of synthetic consensus, where “AI bots have come in to infiltrate those discussions and pitch their own ideas,” manipulating public opinion at scale. He calls for systemic solutions: “AI-generated content should carry some kind of watermark. We’ve got to get to the point where we can at least use something to tell if something’s AI-generated or not.”
The Ominous Rise of Zishing
John Trest, Chief Learning Officer at VIPRE Security Group, shines a light on a related threat: zishing attacks during video calls. “Cybercriminals use deepfake technology to impersonate trusted colleagues or IT staff in virtual meetings, tricking victims into revealing passwords or confidential information.” He advises users to watch for inconsistencies in facial expressions, unnatural movements, and irregular lighting in video calls. “When in doubt, ask the participant to turn their head, because deepfakes generally do not create convincing profile views.”
The Critical Role of Two-Factor Authentication in 2025
Passwords alone no longer suffice. Two-factor authentication (2FA) is a critical layer of defence for social media accounts, and experts agree it must be enabled.
“CISA strongly recommends turning on 2FA wherever it’s available,” says Trest. “Typically, you’ll enter your password plus a one-time code from a trusted app or text message to log in. Because AI-powered phishing scams often target login credentials, 2FA helps prevent hackers from taking over your accounts or impersonating you.”
Moore stresses that even basic 2FA (such as codes sent by SMS) is better than nothing. But he encourages users to consider stronger options like biometrics or security tokens, including hardware devices like Yubikeys. “Anything to make criminal hacking harder is worth it,” he says. He compares adopting 2FA to developing daily habits, like checking locks or appliances before leaving home. It’s an inconvenience, but one we quickly accept for our safety.
Messdaghi is more direct: “If you’re not using 2FA, you’re not secure.” She warns that SMS codes are increasingly vulnerable to SIM swap attacks. Her recommendation is to use authenticator apps at minimum. Physical security keys provide even stronger protection. For those at higher risk, activists, journalists, public figures, 2FA is non-negotiable.
Ouellette stresses that regular passwords are just not enough anymore. He advocates for multi-factor authentication (MFA): “Mixing up those pieces of authentication so that you’re not relying on just one to get into your account.” He recommends hardware tokens and passkeys for phishing resistance and advanced protection.
Hibberd highlights a common pitfall: “2FA is not the panacea we all imagine.” He references the 2020 hack of high-profile Twitter accounts that used 2FA but fell victim to ‘prompt bombing’ or ‘2FA fatigue’, where attackers repeatedly prompt users to approve login attempts until they give in. He says educating users about such tactics is as important as encouraging 2FA adoption. He notes that newer technologies like Passkeys and hardware tokens offer improved security, but users want simplicity. Education remains the best defence.
Oversharing Risks and Improving Digital Hygiene in the AI Era
Oversharing personal details on social media has always posed risks. AI magnifies these dangers by collecting and correlating small pieces of information to build detailed profiles, enabling more targeted attacks.
Moore categorizes oversharing into three main areas: personal and relationship issues, financial details, and private photos. “Anyone who has any degree of animosity toward us can use those details against us.” AI can manipulate images or videos into convincing fakes from a single source photo, and he warns about sharing location, family information, or financial data publicly, even if accounts have limited visibility.
“Screenshots are quick and easy. It only takes one bad actor to turn a private detail into a worldwide issue.” Moore advises users to consider how employers or customers might view their posts. Improving digital hygiene also means focusing on meaningful relationships with real people instead of amassing online or AI-generated ‘friends.’
Messdaghi adds that oversharing is often subtle, revealing pet names, neighborhoods, or school names. Attackers use these clues to answer security questions or predict passwords. She recommends users pause before posting and ask if the information is truly necessary to share. Sharing less can protect privacy without sacrificing social connection.
‘TMI’, too much information, is a growing problem, adds Hibberd. Vacation check-ins with exact locations, children’s photos outside schools, or financial boasts may seem harmless but expose individuals and families to risks. He suggests delaying posts until after trips, obscuring identifiable details, and reconsidering sharing loved ones’ images online. Hibberd also urges users to review privacy settings frequently.
Trest adds that AI-driven scams harvest publicly available data to tailor phishing attacks and impersonations, which is why users should keep personal details private and report suspicious content immediately. Platforms rely on reports to detect and remove harmful AI-manipulated posts faster.
Additional Threats and Best Practices for Social Media Safety
Beyond deepfakes and oversharing, other AI-powered threats loom. Social engineering tactics such as zishing use fake voices and videos to trick victims during meetings. Attackers impersonate colleagues or IT staff to steal credentials or install malware.
Trest offers some zishing security tips. “Create waiting rooms for attendees (if available). Expel participants and suspend participant activities, when necessary. Lock meetings to prevent unknown attendees from entering.”
Consumers also must adopt a verification mindset. The National Institute of Standards and Technology (NIST) and CISA emphasize the value of fact-checking and source verification. Don’t respond emotionally or post content on impulse.
Digital hygiene is not just about settings and passwords. It understands that social media trails empower AI training models and demands thoughtful sharing and ongoing learning. Creating digital literacy, scam detection skills, emotional manipulation awareness, and fact-checking helps users stay a step ahead of evolving threats.
Practical Steps for Safer Social Media Use
Social media in the age of AI is complex. New technology presents new possibilities for contact and also new forms of deception and intrusion. The good news is that clear-headed, common-sense habits can be very effective at reducing risk.
To be safe, Trest advises to:
Verify Before Sharing: Using AI, scammers can quickly generate convincing fake content. The National Institute of Standards and Technology (NIST) advises verifying sources and cross-checking facts before reposting, commenting, or taking any actions regarding any social media post.
Protect Your Personal Information: The Cybersecurity and Infrastructure Security Agency (CISA) recommends limiting what you share. This is because AI-driven scams can mine your posts to craft believable phishing or social engineering attacks.
Check Your Privacy Settings Regularly: Government cybersecurity experts recommend checking your privacy settings regularly to control who can see your information and posts. Sharing too much can open the door to cyberattacks that can trick even the most security-savvy users.
Turn On Two-Factor Authentication (2FA): Using long, unique passwords for each social media account and updating them regularly is a critical step in protecting yourself. Adding two-factor authentication (2FA) makes it even harder for attackers to break in, even if they manage to steal your password.
Lastly, Trest says if you believe you have spotted a fake account, deepfake, or suspicious post, use the platform’s built-in “Report” tools or contact the platform directly. Reporting suspicious activity helps social media companies detect and remove harmful content faster, protecting you and other users from scams and misinformation.”
“If you ever feel unsure about whether something is legitimate, it’s always safer to double-check, report it, and avoid sharing it until you’re certain. Staying proactive helps keep your online community safer for everyone,” Trest ends.
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
