Cyber Safety researchers reveal riskiest social media platforms

Threat analysts at Gen Digital, Norton’s parent company, researched which social media platforms host the most digital threats, like scams, phishing attacks, and malvertisements. The key finding? Facebook was found to be the platform associated with the most potential risks, with YouTube a distant second.

These findings, published in the Q1/2025 Gen Threat Report and expanded upon here, are based on the number of users protected from social media threats by Gen’s consumer Cyber Safety software, which includes Norton, Avast, AVG, and other solutions.

Social media scams are a major cyberthreat, with 40% of people who fell victim to a scam during past holiday seasons encountering it on social media. In fact, according to Reuters, Meta itself estimates that its platforms show users 15 billion scam ads a day. And with 44% of people reporting they purchased a holiday gift based on a social media advertisement, being aware of social media scam risks is vital.

Top 5 social media platforms with the most scams

Based on research by the Gen Threat Research Team measuring the number of users protected from social media threats in the first quarter of 2025 by Gen Digital products, the riskiest social networks are Facebook, YouTube, X, Instagram, and Reddit. Read on for a detailed breakdown of the findings.

Facebook

Facebook emerged as the riskiest social media platform by far: 63% of all social-media-related threats identified by Gen products stemmed from the Meta platform. Gen products protected over 2,500,000 users in the first quarter of 2025 alone, with the most common digital threats on Facebook being malvertising, phishing attacks, e-shop scams, and financial scams. Tech scams and dating scams were also prevalent.

Facebook is by far the largest social network by average monthly users, so it’s little surprise that it’s such a popular target for fraudsters.

YouTube

YouTube was found to be the second-riskiest social media platform, accounting for 22% of all users protected from threats. The most common threats on YouTube were malvertisements, e-shop scams, and phishing attempts, with romance scams a distant fourth. Gen scam- and malware-protection software protected almost 900,000 users from threats on YouTube in the first quarter of 2025 alone.

X (Twitter)

While lower on the list, representing only 7% of social media threats, X users are still at risk of cyberthreat exposure, particularly generic scams, followed by phishing attacks, malvertising, and e-shop scams. Gen products helped protect almost 290,000 users from various threats on the X platform in the first quarter of 2025.

Instagram

Approximately 3% of all threats delivered via social networks occurred on Instagram, fuelled primarily by e-shop scams, phishing, malvertising, dating scams, and financial scams. Almost 130,000 Instagram users were protected from these and other Instagram scams by Gen software in Q1 2025.

Reddit

Closely following Instagram, Reddit accounted for around 3% of threats on social media. The most common threats on Reddit were malvertisements, phishing scams, and e-shop scams. Gen products helped protect almost 130,000 users from various scams on Reddit in Q1 2025.

All other social media platforms combined accounted for only 2% of total threats detected.

The most common social media scam tactics

Across all social media platforms, the most common tactics employed by scammers, hackers, and other threat actors were malvertising, phishing, e-shop scams, generic scams, financial scams, and tech scams. All other scam types represented less than 5% of total protected users.

• Malvertising (30%): Malvertising involves cybercriminals using online ads to spread malware or trick users into clicking harmful links. These ads often appear on legitimate sites and can infect a device or lead to phishing pages.
• Phishing (22%): Phishing scams, a form of social engineering, use fake messages or posts designed to fool people into revealing personal or financial information. Victims are often directed to bogus websites that capture login credentials or payment details.
• E-shop scams (18%): E-shop scams lure users into visiting fake online stores that may look highly realistic. But if you make a purchase, you’re just sending your money or credit card information to a fraudster. The item you buy will never arrive. If you’re lucky, you might get a counterfeit.
• Generic scams (9%): Generic internet scams cover a range of deceptive tactics, such as fake giveaways, impersonation attempts, or requests for money or personal data. They usually rely on creating urgency or establishing trust to convince users to act without thinking.
• Financial scams (9%): Financial scams promise easy money, fake investment opportunities, or quick loans in exchange for upfront payments or sensitive data. These schemes exploit users’ financial worries or desire for profit. Various crypto scams, including pig butchering scams, are particularly common types of financial scams.
• Tech scams (6%): Tech scams, such as fake virus alerts, may trick users into believing their device is infected or compromised, then push fake “support” services or software. Scammers may demand payment or remote access to install real malware.

How to protect against social media scams

Protecting yourself from social media scams means knowing what to look for and taking the following proactive steps to identify cybercrooks and safeguard your accounts and personal information.

• Don’t talk to strangers: Avoid chatting with people you don’t know and ignore friend requests from strangers. Remember that online “friends” asking for money or personal information is a huge red flag.
• Adjust your online privacy settings: Review and tighten your privacy settings on every platform. Limiting what you share publicly — and who can contact you — makes it harder for scammers to target you.
• Pause before you click: Think twice before clicking on links or attachments, even from familiar accounts. Hackers often disguise malicious links to spread malware or steal login credentials. Be sceptical of urgent requests or too-good-to-be-true deals.
• Vet fundraisers: Research fundraisers before donating. Scammers use fake charities or emotional stories to manipulate people. Only donate through verified platforms.
• Be a cautious investor: Beware of “can’t-miss” investments on social media — especially if cryptocurrency is involved. Scammers post fake success stories to lure victims.
• Double-check links: Hover over links to see the real URL before opening them. Fake websites often use small spelling changes, a technique known as typosquatting, to trick you into visiting fake websites. Even better, install software like Norton 360 that can help alert you to dangerous links.
• Turn on 2FA: Enable two-factor or multi-factor authentication for an extra layer of security. That way, even if someone steals your password, they won’t be able to access your account without the second verification step.
• Use malware protection software: Install trusted security software, like Norton 360, to help block viruses, detect scams, and be alerted to phishing attacks and other online threats.
• Use ad blockers: Ad blockers can stop malicious or misleading ads from appearing in your feed. They also reduce the chances of accidentally clicking a harmful link.

Stay safer on social media

In a perfect world, social media platforms would do more to protect users from cyberthreats. But reality tells a different story: some platforms may even profit from the very scams they should be fighting. A recent Reuters investigation suggests that, according to internal documents, up to 10% of Meta’s 2024 revenue could come from ads that promote scams or banned goods.

That’s why Cyber Safety software you can trust is a smarter investment than ever. Install Norton 360 Deluxe for instant alerts if you click a malicious link leading to a fake shop or fraudulent site. Its advanced malware protection, deepfake protection, and AI-powered scam detection tools help you stay one step ahead of cybercriminals — keeping your social media experience safer and more secure.