You are now in the main content area

Cybersafe Social Media Habits

With your help, TMU can minimize online threats.

Living our lives and sharing it with others online is entirely possible while keeping in mind the associated risks. Learn how bad actors exploit our posts and what information they try to get from us, so that you can make informed choices about your online routines.

Identifying information

Posting identifying information includes details such as your last name, birthday, where you live and work, extended family members’ information, upcoming travel plans, what kind of credit card you use or even which cell phone carrier you chose.

  • Hackers, identity thieves and stalkers love this type of information because it helps them create a profile of who you are, where you go and what you like.
  • It also lets them know which accounts they can attempt to access.
  • Such information has been used to help piece together routines, favourite hangouts, precise locations or even clues to successfully guessing passwords to your TMU, social media, bank or other accounts.
  • Just knowing how some people keep and use your social posts means you’re already safer because you’re aware!
  • Not everyone is out to get you but consider thinking differently about what you deem as private information and unsuitable for social posts.
  • Be confident knowing there’s lots of room for great ideas, creative work or funny comments even if you don’t include identifying information in your posts.
  • When tagging locations, try posting on your way out or after you’ve left the area.
  • If you do wish to geotag or post private information, consider:
    • Keeping your profiles private.
    • Curating your followers and friends to include only people you know and trust.

Check in with yourself

If it doesn’t feel okay to tell a stranger at the bus stop where you hold a bank account or hang out, it probably isn’t okay to publicly post that information for online strangers to find either.


  • Social media impersonation happens when someone creates a social account to impersonate anyone or anything, including celebrity figures, companies, advocacy groups or private citizens. 
  • Usually, the goal is to trick followers into sharing information about themselves or their account login details, sometimes through a simple ask or fake giveaway contests.
  • When we trust people, brands and groups we’re familiar with, we tend to let down our guard while interacting with them.
  • Hackers and other bad actors know this, and that’s why impersonation tends to work.
  • Information gained by impersonators have been used to access confidential information or contact friends, family and employers with damaging messages, photos or videos that attempt to harm your reputation and employment security.
  • If you have any doubts about whether an account is authentic, trust your instincts and be wary about the information you share with the account holder.
  • Try verifying the person, company or group’s account through trustworthy means like a blue ‘verified account’ badge on social media or by clicking to a social account linked from their official website.
  • Recognize that usernames and passwords are highly coveted and often bought and sold on the dark web.
    • So if a shady someone shares a login page, be alert and make sure it’s not a fake page designed to capture your username and password.

Account hijacking

Much like email account hijacking, hackers, cyberstalkers and other bad actors aim to hijack social media accounts as they often contain lots of data about you, plus your photos and videos.

  • When someone takes control of your account or the data, photos and videos kept within it, they can monetize the stolen data by selling it on the dark web, using it to gain access to other accounts you own or holding it for ransom until you pay to release it.
  • Some bad actors may also publicly share your private data, photos or videos with strangers, your employer or friends in an attempt to harm you or your reputation.
  • Protect your account by learning to create complex passwords that are easy for you to remember but hard for others to guess.
  • Whenever it’s available, enable two-factor authentication to add a second layer of protection for your accounts. Find out more on why we use two-factor.
  • Most social media, shopping and banking platforms as well as email providers offer email alerts that flag you whenever a change or new login has been logged for your account. Consider enabling these security alerts so you can intervene quickly on activity that was not initiated by you.