Safety and privacy

1. Theft of personal information

Description: Personal data theft involves the seizure of information, such as name, phone number, email address and sometimes even financial data, that users unknowingly share on social media. Fraudsters use the data to create false identities, commit financial fraud or sell the data on the black market.

Implications:

• Identity theft: Data thieves can impersonate the victim by opening bank accounts, taking out loans or making online purchases in the victim's name.

• Financial fraud: Using personal information to take control of a bank account or credit card.

• Privacy violations: Information shared can be used to track the victim, intimidate and even stalk.

Example:Anna regularly shares photos of her family and workplace on Facebook, and openly states her birthday and email address. One day she discovers that someone has used her information to open a fake bank account, take out a loan, and access her email.

2. Phishing (phishing for information)

Description: Phishing is a fraud technique that involves sending fake messages that pretend to be official communications from trusted institutions (e.g. banks, technology companies). The goal is to get the user to click on a suspicious link or provide sensitive data such as passwords, credit card numbers or login credentials.

Implications:

• Account takeover: Scammers can gain access to a user's social media account and then use it to send out further phishing attacks.

• Financial scams: Falsifying credit card or login information can lead to loss of funds.

• Reputation loss: If a user's account is taken over, scammers can use it to send fake messages to their friends, which can damage their reputation.

Example:Krzysztof receives a message on Messenger, looking like an official communication from Facebook, informing him that his account will be banned if he does not click on the link provided. After clicking, he is redirected to a page that looks like a Facebook login panel, where he enters his password. This is how the scammers gain access to his account.

3. Cyberstalking

Description: Cyberstalking is a form of stalking in which a stalker uses the Internet and social media to harass a victim. This can include constantly monitoring activity, sending offensive messages, making threats or publishing private information (known as doxing).

Consequences:

• Invasion of privacy: A victim may feel cornered when a stalker tracks their every move online.

• Intimidation: Cyberstalkers may send threatening messages, causing stress, anxiety and mental problems.

• Damage to reputation: Stalkers may publish false information about the victim, which can damage the victim's professional or personal reputation.

Example:Magda regularly posts photos of her daily activities on Instagram, giving the location of the places she visits. One day, she starts receiving disturbing messages from a stranger who follows her posts and knows her whereabouts. The person starts sending threatening messages and threatens to show up at places Magda has tagged on social media.

4. Spoofing (impersonating a user)

Description: Spoofing is a technique in which a fraudster impersonates another user or institution to gain access to information or resources, often for the purpose of fraud. This can include creating fake accounts that look like the original, or altering email or SMS messages.

Consequences:

• Loss of reputation: Impersonators may publish inappropriate content on their behalf, which can ruin the victim's reputation.

• Financial fraud: Fake accounts can be used to extort money from the victim's friends, who are convinced they are communicating with a real person.

• Misinformation: Fake messages can mislead the victim's friends and family, which can lead to serious consequences, including financial ones.

Example:Zofia receives a message on Instagram from a "friend" asking to borrow money because she supposedly has an urgent problem. However, it turns out that the account has been cloned, and the fake person is impersonating her friend in order to defraud her financially.

5. Social media addiction and mental problems

Description: Incessant use of social media can lead to addiction, negative effects on mental health and well-being, including depression, anxiety and lowered self-esteem. Regular comparison with others, pressure to be constantly online, and negative comments can exacerbate these problems.

Effects:

• Lowered self-esteem: Frequent comparisons with "ideal" images of other users can lead to low self-esteem.

• Mental disorders: Addiction to likes and comments can lead to depression, anxiety or feelings of isolation.

• Relationship problems: Excessive use of social media can negatively affect relationships with loved ones who feel neglected or ignored.

Example:Jan spends several hours a day on Instagram, browsing influencer profiles. He increasingly feels inferior to others because his life doesn't look as perfect as what he sees online. As a result, he begins to avoid social interaction and becomes depressed. 

In the age of social media, such as Facebook, Instagram and TikTok, users often share their personal information, photos and location information. While sharing this content may seem harmless, it can have serious consequences.

1 Implications of publishing personal information

Personal information is information such as name, surname, date of birth, phone number, email address, as well as details about where you work, school and even your interests. Publishing such information on social media can lead to serious consequences.

a. Identity theft

Publishing personal information on social media can make it easier for thieves to take over your identity. Fraudsters can use such data to impersonate the victim, set up bank accounts, obtain loans, or even make online purchases.

Example: Anna shares her full name, date of birth and place of work on her Facebook profile. An identity thief can use this information to set up a fake bank account, take out a loan in her name, leading to long-term legal and financial problems.

b. Phishing and financial fraud

Fraudsters use personal information to create personalized phishing attacks. If they know what companies or organizations a user has on a daily basis, they can create fake messages or pages that look authentic, soliciting passwords or financial information.

Example: Marek posts on Twitter that he is having problems with his bank and is looking for help. Scammers can take advantage of this by sending him a fake email pretending to be from the bank, asking for his account login information.

c. Invasion of privacy

Often personal information, such as phone number, email or location, is shared unknowingly by users. This information can be used for harassment, intimidation (cyberbullying) or unwanted contact.

Example: Kasia publishes her phone number on Instagram so that her friends can contact her. Soon she starts receiving harassing messages and phone calls from strangers.

2 Consequences of Publishing Photos

Publishing photos on social media may seem safe, however, it can also lead to unexpected consequences, especially when the photos contain personal or sensitive information.

a. Doxing (revealing private data)

Photos may contain hidden information, such as documents visible in the background, car license plate numbers, or location-identifying information (e.g., photos at home that reveal address details). Third parties can use them to reveal private user data to the public (known as doxing).

Example: Peter publishes a photo of his new ID card, unaware that the numbers visible on the document could be used for financial fraud or identity theft.

b. Cyberstalking and monitoring

Stalkers can use published photos to track a victim's movements, learn about his or her habits, places he or she frequents, or even his or her daily schedule. Publishing photos in real time, especially in public places, can help stalkers locate a person.

Example: Alice regularly publishes photos from her favorite coffee shop, marking the location. One day she encounters a person there who has been tracking her online activity, which leads to a real threat.

c. Reputation problems

Photos can be misinterpreted and then spread without the user's permission, which can have negative consequences for the user's professional or personal reputation. Once published, photos can be difficult to remove, even if the user changes his privacy settings.

Example: Kamil publishes photos from a party that his supervisor saw on Facebook. His behavior from the private party has been misinterpreted and has affected the assessment of his professionalism at work.

3 Implications of Publishing Location Information

Publishing location information, whether through geotagging photos or through social media statuses, can lead to undesirable consequences related to personal security.

a. Threat to personal safety

Sharing real-time locations can put users in imminent danger. Malicious individuals or thieves can use this information to track where a person is or know when they are not at home.

Example: Kasia posts on Instagram that she is on vacation in Spain, tagging the exact hotel. Meanwhile, her family home is burglarized because the thieves knew the house was empty.

b. Revealing routine habits

Regular location sharing can allow potential attackers to understand a user's routine habits, such as the hours they are at work, at home, or the places they frequently visit.

Example: Marek tags the gym he goes to after work every day. A person with bad intentions can easily predict where Marek will be and when, putting him in physical danger.

c. Violation of privacy of loved ones

Sharing your location, especially when you are in the company of others, can violate the privacy of those who do not want to reveal their whereabouts.

Example: Joan marks the location while meeting friends at a restaurant, not realizing that one of her friends didn't want anyone to know where she was.

Summary:

Publishing personal data, photos and location information on social media can lead to serious risks, such as identity theft, cyberstalking, financial fraud and privacy violations. To minimize risks, users should consciously manage their online data, avoid sharing sensitive information, regularly check their privacy settings and be cautious about publishing content that may reveal their location or personal details. 

Case Study: Sharing content securely on social media

Context: Maria, a refugee from Ukraine, participates in an art workshop organized by a local support center, where she learns to make bracelets. Maria photographs her handicrafts and shares the photos on her social media profiles to share her passion and promote her work.

The challenge: As a refugee, Maria needs to take extra care to protect her privacy and security. In particular, she should pay attention to what information and photos she publishes online to avoid risks such as being identified by unwanted people, having her location tracked, or being exposed to cyber threats.

Secure information to share:

• Photos of bracelets: Maria can safely publish photos of her bracelets, highlighting her artistic work without the risk of revealing personal information.

• Descriptions of making techniques: By sharing details of her bracelet making process, Maria does not risk revealing private information.

• Neutral information about workshops: She can mention the workshops she attends as long as it doesn't reveal sensitive information, such as the location or specifics of the organization supporting refugees.

Information to avoid:

• Workshop location: Publishing information about the exact location of the workshop or geotagged photos could put Maria at risk, especially if she is in a new country for protection.

• Photos with an image: Maria should avoid publishing photos that show her face or the faces of other workshop participants to prevent the possibility of identification.

• Personal information: Providing information such as her full name, refugee status, age, or nationality could be risky. Releasing such details could expose her to physical or legal risks.

• Refugee status: Avoiding information about her status or migration history in open profile posts provides an additional level of protection.

Additional precautions:Maria should also ensure the privacy of her account by choosing settings that restrict access to her posts to only a select few. In addition, it would be wise for her to consider using photo anonymization in case she decides to post photographs that contain images.

Case study

Scenario: Maria, a refugee from Ukraine, participates in a handicraft workshop where she creates bracelets. She is proud of her work and wants to share photos of the bracelets on her social media profiles to promote her handicrafts. However, she wonders what information she can safely share so as not to put herself at risk.

Task for the group: Divide into teams and discuss the following questions:

1. What information can Maria safely publish on social media?

   • What types of content are neutral and do not put her at risk?

2. What kind of information could put Maria's privacy at risk and should not be published?

   • What personal information or details could put her at risk?

3. What additional steps should Maria take to secure her social media account?

   • What privacy settings can increase her security?

   • Are there other tools she could use, such as anonymizing photos, changing geolocation settings?

Discussion:

• What are the potential consequences of revealing private information in a refugee context?

• Can it be safe to promote one's work on social media if proper precautions are taken?

• What differences in attitudes toward online safety might arise from participants' cultural and personal contexts?

Conclusions of the exercise: At the end, the groups present their findings, and the facilitator summarizes the most important rules for safe use of social media, noting the differences between what is safe to share and what must be protected.