ScamWatch

If you feel you're being scammed in United States: Contact the Federal Trade Commission (FTC) at 1-877-382-4357 or report online at reportfraud.ftc.gov

Privacy Audit Template: How to Check Your Social Profiles and Reduce Personal Data Used by Scammers

People in hoodies gathered in a cyber-themed bar using technology devices at night.

Why a privacy audit matters now

Scammers increasingly harvest details from social media and public accounts—names, locations, family relationships, travel plans, and even old photos—to craft convincing social‑engineering attacks or build fake personas that impersonate you or people you know. The U.S. Federal Trade Commission has documented the large scale of data collection and surveillance on major platforms, which increases the pool of personal details attackers can access.

Government cyber‑security authorities also warn that social media posts and disaster/transaction‑related messages are used as lures in timely scam campaigns, and attackers rely on public profile data when impersonating trusted institutions. Running a regular, focused audit of your profiles reduces the surface area scammers can exploit.

30–60 minute privacy audit: step‑by‑step checklist

Do this audit on a desktop if possible (easier to find linked apps, permissions and legacy content). Work account‑by‑account and keep a short log of changes you make.

  1. Search yourself publicly. Google your full name in quotes, your email address, phone number, and username variants. Note where personal contact info, old accounts, or photos appear. Consider setting Google Alerts for your name or email.
  2. Set profile visibility to the minimum needed. Change profiles to private or Friends/Connections only; restrict posts, photos, and friends lists. Remove or replace visible birthdates, full address details, and home/work locations.
  3. Remove or hide direct contact fields. Remove phone number and personal email from public bios; use a business or throwaway address for public contact if needed. Replace exact town names with a region (e.g., “Seattle area”).
  4. Audit old posts, tagged photos and comments. Delete or archive anything that reveals personal routines, IDs, boarding passes, or financial info. Un-tag yourself from posts you don’t control and request removals where appropriate.
  5. Review connected apps and cross‑platform permissions. Revoke access for third‑party apps and games you no longer use; these often leak profile or friend‑list data.
  6. Check friend/follower lists. Remove or block unknown accounts; restrict what new followers can see by default.
  7. Confirm what others can post about you. Turn on review/approval settings for tags and posts if the platform offers them.
  8. Secure high‑risk accounts immediately. For email, banking, crypto, cloud storage, and password manager accounts: enable multi‑factor authentication (MFA)—prefer authenticator apps, passkeys, or hardware security keys over SMS. SMS is convenient but vulnerable to SIM‑swap attacks; U.S. cybersecurity guidance recommends app‑ or key‑based second factors where available.
  9. Use unique, strong passwords and a password manager. Replace reused or weak passwords with randomly generated entries in a reputable password manager; enable the manager’s auto‑fill and emergency access features where appropriate.
  10. Consider what information could be used for account recovery. Recovery email, phone numbers, and security questions frequently help attackers reset passwords—remove or update answers that are guessable or public.

After you finish, log out, clear saved sessions, and try signing in from another device to confirm you still have access and that remembered devices were reset where required.

Advanced steps, monitoring and recovery

If you find misuse or impersonation: report fake accounts and impersonation to the platform first, then file reports with the FBI/IC3 and the FTC when financial loss or identity theft is involved. The FBI continues to warn about impersonation scams and spoofed reporting portals—so use official agency sites and type them directly into your browser.

Hardening and monitoring: enable passkeys or hardware security keys on accounts that support them; limit or remove SMS as a recovery method where you can; monitor credit and set fraud alerts or freezes if personal identifiers were exposed. Sign up for a reputable breach‑monitoring alert or use periodic scans from trusted services. For phone security, check for stalkerware or unusual device behavior and follow official guidance if you suspect monitoring.

Keep the audit regular: repeat this checklist quarterly if you’re a heavy social media user, or after major life events (move, marriage, job change, public posts). Platforms and attacker techniques change rapidly; periodic reviews are the most effective way to limit information drift that scammers rely on.

Final checklist (quick)

  • Make profiles private or remove personal details
  • Revoke third‑party app access
  • Enable 2FA (authenticator/passkey/hardware key)
  • Use a password manager and unique passwords
  • Search your name and set alerts
  • Report impersonation and monitor credit if needed

Small changes—reducing contact fields, deleting a decade‑old post, and switching to an authenticator app—can dramatically reduce what scammers can use to target or impersonate you. If you want, use this template to create a short audit log (date, account, change made) and save it in your password manager for future reviews.

Related Articles

Close-up of a young woman with facial recognition lasers projected, symbolizing future technology.

Voice‑Biometrics Bypass: How Fraudsters Outsmart Bank & Call‑Center Voice ID — Questions to Ask Your Provider

A man in a white shirt thinking, seated at a desk with papers and a plant.

Password Managers vs. Browser Passwords: Which Is Safer for Seniors and Busy People?

Detailed view of a secure electronic keypad with numbers and letters.

Two-Factor Authentication: SMS, Authenticator Apps & Hardware Keys