17 top social media threats of 2026

There’s a whole host of social media threats, ranging from phishing scams to cyberstalking. And threat actors have diverse goals too — some want to steal money, others want to collect personal data, and some are motivated simply by malice.

The unfortunate truth is that social networks can be a lucrative hunting ground. That was exemplified in 2025, when scammers reportedly stole $5.3 billion by impersonating musicians like Taylor Swift, Sabrina Carpenter, and Billie Eilish on social media with fake accounts selling tickets, merch, or “exclusive” access that didn’t exist.

Let’s explore how you can identify and protect yourself from threats on social media, whether it’s fake romances, online harassment, counterfeit goods, or misinformation.

1. Malicious ads

Scam ads, or malvertising, are paid advertisements on social media that lead to phishing pages, fake stores, malware downloads, or other fraudulent destinations. Because they appear as normal ads in your feed, they can look just as legitimate as promotions from real businesses.

Research from Gen (the company behind Norton) shows how widespread this has become. Over a 23-day period, researchers analyzed 14.5 million ads running on Meta platforms in the EU and UK and found that nearly one in three ads (30.99%) pointed to a scam, phishing, or malware link. In total, scam ads generated more than 300 million impressions in less than a month, exposing millions of users to potentially dangerous websites. An investigation of Meta ads by Reuters reached similar conclusions.

These malvertising campaigns are often run at scale by organized groups that reuse the same domains, messaging, and infrastructure across thousands of ads. Many impersonate trusted brands, promote fake investment opportunities, or advertise counterfeit products. Malvertising is the most prevalent social media scam type across platforms according to research by Norton.

• How it happens: Scammers buy ad space on social media platforms and design ads that mimic legitimate promotions. Once users click the ad, they may be redirected through several pages before landing on a phishing site, fake online store, or malware download page.
• How to protect yourself: Treat ads with the same caution you would unsolicited messages. Before clicking, verify the advertiser and look for the brand’s official website or social media account. Avoid entering personal or payment information through links in ads. Navigate directly to the company’s official site instead.

2. Phishing

Phishing is a cyberattack in which scammers try to trick people into revealing sensitive information or sending money. On social media, phishing often involves fake links that appear in direct messages, posts, shared clickbait articles, ads, or comments, and lead to malicious websites or trigger harmful downloads.

For example, scammers may watch for people asking about sold-out shows, then reply with links or payment requests that look legitimate. This specific approach has become such a big problem that in 2023, banks in Australia sent out warnings about scammers selling fake tickets to the Taylor Swift Eras tour through social posts and hijacked accounts. The National Australia Bank mentions they stopped about $220,000 in suspicious ticket payments each day through in-app warnings.

Beyond stealing money, social media phishers can collect personal information, take over your accounts, and use them to scam your friends or followers. And many other social media threats, like fake giveaways and impersonation scams, can also employ phishing tactics.

According to research on social media scams by Gen (the company behind Norton), phishing is the second most common social media threat after malvertising.

• How it happens: The phisher comes up with a ruse to trick social media users into clicking a link that infects their device with malware or directs them to a dangerous site. Their ultimate goal is usually to steal your money or personal data.
• How to protect yourself: Be wary of unsolicited messages and closely review links for signs of phishing before clicking. If you get an unusual request from a friend, contact them on a different platform or communication channel to confirm they really sent it.

3. Fake AI-generated content

You may come across videos on social media that look like a real person is speaking but are actually generated using AI — known as deepfake videos.

The accounts posting this content may appear legitimate, and the content itself convincing. But these videos are often part of AI scams designed to manipulate public opinion, promote fraudulent investments like fake crypto schemes, or spread misinformation.

For example, Elon Musk recently reposted an AI-generated video that falsely showed Venezuelans crying and thanking the U.S. for freeing them after their president’s capture. It was viewed 5.7 million times on X (formerly Twitter).

In a 2024 UNESCO study, 62% of influencers surveyed said they don’t verify the accuracy of content before sharing it with their followers. For everyday users, this increases the risk of being manipulated or scammed without realizing it.

• How it happens: Some unscrupulous influencers may share fake AI content intentionally to manipulate their audience or profit financially. Alternatively, cybercriminals may generate AI media and post it on fake or hijacked accounts to scam users.
• How to protect yourself: Assume all media could be fake. Don’t rely on how real a video appears. Instead, check for confirmation from multiple reliable sources. And if a post asks you to pay, donate, or click through, leave the platform and go to the official site yourself instead of using the link.

4. Intimate content created and shared without consent

The sharing of intimate pictures without the subject’s consent has long been an issue on social media. But new technology exacerbates this problem. With AI, someone can take an innocent image you posted and make it explicit without your consent. You might not see it until it’s already been shared across the web.

In 2025, a 21-year-old streamer told USA TODAY that users had taken her selfies on X and used the platform’s AI chatbot, Grok, to generate explicit images and graphic sexual stories about her.

Reporting the content didn’t result in its removal, and the abuse escalated after she spoke out publicly on feminist issues. Unfortunately, this wasn’t an isolated incident: Grok has saturated X with AI-generated, non-consensual intimate material.

• How it happens: Someone downloads or screenshots a public photo and feeds it into an AI tool to create sexual imagery, sharing it on social media.
• How to protect yourself: Limit who can view and reuse your photos. Review your privacy and reply settings periodically. If you’re targeted, gather evidence and report the incident immediately. Don’t engage with the people spreading the content, and look for legal or advocacy support if the platform drags its feet.

5. Explicit AI-generated media of minors

This social media threat refers to the use of an AI tool to turn an image of a minor into explicit content. It’s one of the most serious risks tied to AI on social platforms. Often, the starting point is a normal, publicly shared photo that dark AI alters by removing clothing or changing context so the image becomes explicit.

In early 2026, users on X used Grok to generate sexualized images of a 14-year-old actress from Stranger Things. While the chatbot later acknowledged failures in its safeguards and warned of possible legal repercussions for perpetrators, the images had already circulated.

• How it happens: Someone takes a public photo of a minor and prompts an AI tool to alter it into exploitative content. On social platforms like X, where AI is built-in, this can happen directly in replies or comments.
• How to protect yourself: Keep children’s accounts private and limit who can reply, tag, or reuse images. Avoid posting identifiable photos publicly. If you come across inappropriate material, report it immediately to the platform and to child protection authorities.

6. Adoption scams

Adoption scams on social media happen when someone pretends to be a pregnant woman or adoption facilitator looking to place a baby for adoption. They often contact hopeful adoptive parents through posts, hashtags, or direct messages and build trust over weeks or months.

The scam can look convincing. In one case reported by ELLE, a couple spent months communicating with a woman who claimed she was pregnant and planning to place her baby with them. She sent photos, videos, and daily messages while asking them to cover expenses like medical bills and travel. When the couple finally traveled to meet her for the birth, they discovered the entire arrangement had been fabricated and the money was gone.

These scams have grown alongside “social media adoptions,” where prospective parents and birth parents connect directly online without agencies or legal intermediaries — creating opportunities for fraudsters to exploit vulnerable families.

• How it happens: A scammer poses as an expectant parent or adoption facilitator and builds a relationship through messages, calls, or video chats. They may send stolen pregnancy photos, forged ultrasounds, or fabricated medical bills. Over time, they ask the victim to pay expenses such as medical costs, legal fees, or travel.
• How to protect yourself: Avoid arranging adoptions solely through social media. Work with licensed adoption agencies or attorneys who can verify identities and handle payments directly with medical providers. If someone asks for money upfront or resists verification through legal channels, stop the process and investigate before continuing.

7. Cyberbullying

Cyberbullying is when someone harasses, threatens, or intimidates an online target. Bullies might send nasty messages and threats on social media, spread rumors, or post embarrassing photos. In other cases, they may dox their target and encourage other social media users to do their dirty work for them.

The impact isn’t evenly distributed. Women, girls, and people with disabilities bear a disproportionate share of cyberbullying. In one recent example, a 20-year-old woman told the UN Council that she’d faced harassment online since childhood because of a visible facial condition called arteriovenous malformation.

As a child, social media was often used to ridicule her appearance, with some commenters calling her a “monster and a reason to use contraception.” As she got older, the abuse intensified.

But this risk isn’t limited to specific demographics — according to a U.S. News and World Report, nine in ten U.S. teens reported being cyberbullied in 2025.

• How it happens: Cyberbullies harass their victims by posting hurtful content, leaving malicious comments, or sending hurtful direct messages. Even if the victim blocks them, the bully could continue to post harmful content about the victim.
• How to protect yourself: Keep your social media accounts private, be careful about what you post, block and report bullies, and mute any words or phrases that cause you stress.

8. Cyberstalking

Cyberstalking on social media is a pattern of repeated, unwanted online behavior used to harass, intimidate, or monitor a victim through social platforms. A cyberstalker may repeatedly message their target, track their online activity, or share private information without their consent. This invasive behavior can have psychological repercussions, causing fear, anxiety, and social isolation.

In September 2025, the FBI sent out an arrest warrant for a Texas lawyer accused of cyberstalking a law firm partner. According to court filings, the accused had filed dozens of false reports with the FBI, made public social media accusations, and sent direct messages demanding the victim leave the country.

• How it happens: Cyberstalkers often start by monitoring a victim’s social media profiles; they then contact the target with messages or comments that are intended to do harm. Cyberstalkers often attempt to manipulate or blackmail their victims.
• How to protect yourself: Make your social media accounts private, be cautious about what personal information and photos you share online, and report any cyberstalkers to the platform and local authorities.

9. Fake giveaways

In fake giveaways, scammers post fake competitions or prizes on social media to lure people into clicking a malicious link, often leading to a spoofed website. If you take the bait, the scammer may try to infect your device with malware or collect your banking information or personal data in order to exploit you.

In early 2024, The New York Times reported on fake giveaway ads circulating on Meta platforms that showed Taylor Swift promoting a Le Creuset cookware giveaway. The ads used a deepfake video of Taylor Swift to tell fans they could get free cookware if they clicked the button and answered a few questions.

• How it happens: Scammers might impersonate a business or create a random page, then create misleading contests or fake prize giveaways, posting them alongside phishing links to trick users into sharing personal information or downloading malicious software.
• How to protect yourself: Avoid clicking suspicious links in giveaways that sound too good to be true, you can’t verify are real, and aren’t posted on the business’s official social media account.

10. Fake goods and services

Social media platforms can be hotbeds for counterfeit goods and fake services. From “luxury” handbags and “brand name” electronics to fake services like catering and photography, these scams may appear as ads or be posted on social media marketplaces.

While scammers usually seek financial profit, the impact on victims can go beyond money. In a case reported by The Guardian in 2025, fraudsters sold fake weight-loss injections through social media posts and messages, offering prices far below those of legitimate providers. And while some buyers received nothing, others received counterfeit products with unknown ingredients.

• How it happens: Fraudsters peddle popular goods and services on social media at low prices. If the scam is successful, users are lured by good deals on supposedly high-value listings. But in the end, most will overpay for nonexistent, dangerous, non-functioning, or fake products.
• How to protect yourself: Check buyer reviews on marketplaces, don’t fall for too-good-to-be-true deals, only communicate on the marketplace, and only make payments through secure platforms with buyer protection.

11. Data breaches

Social media sites are not immune to data breaches, despite popular platforms’ efforts to try to enhance their approach to protecting user data. In April 2025, Mashable reported on an alleged data breach at X that had exposed email addresses and metadata linked to roughly 200 million accounts. While no passwords were leaked, the data was still enough to cause harm, as hackers could tie email addresses to specific accounts, stripping anonymity.

If a social media platform suffers a data breach, you could be exposed to account takeover attacks, identity theft attempts, and a loss of online privacy.

• How it happens: Data can be stolen from social media platforms through hacking, phishing attacks, employee error, or system vulnerabilities. Once the data is breached or leaked, cybercriminals can use it in further attacks or sell it on the dark web.
• How to protect yourself: Share as little personal information as possible with social media platforms to mitigate damage in the event of a breach. Monitor for data breaches regularly so you can secure any compromised accounts.

If you want extra visibility into where your data might pop up after a breach, tools like Norton 360 Standard can help. It combines a robust anti-malware engine with tools like dark web monitoring, which alerts you if your information is found on dark web hacker forums. While it can’t undo the breach incident, it can help you limit the fallout from your leaked data.

12. Catfishing

Catfishing is when someone creates a fictitious online persona to trick others into starting a fake relationship, often romantic. A catfisher or romance scammer usually does this to steal money or personal information, but their motives could also include revenge.

They may ask you to transfer money, share usernames and passwords, or make other suspicious requests. If you plan to meet in person or set up a video call, they usually flake at the last minute, offering some kind of excuse. Research commissioned by Gen, the company behind Norton, indicates that romance scams are common: around 34% of people surveyed reported having encountered one.

In one U.K. case, a teenager was catfished by a 21-year-old man posing as someone her age. He later blackmailed her into sending intimate images. Unfortunately, she wasn’t his only victim: police found that he’d done this to 13 other young girls and women, too.

• How it happens: A scammer creates a fake online profile and contacts a target, building trust quickly. After they’ve established a relationship, the scammer asks for money to pay for something like airfare or a family emergency. Once they have the money, they either disappear or continue the ruse and ask for more money.
• How to protect yourself: Be wary of unsolicited friend requests and direct messages, especially if they look suspicious or are too forward. Never give money to a stranger, especially if you haven’t met them in person, and never share personal information.

13. Misinformation

Misinformation, including election disinformation, can spread like wildfire on social media because algorithms often feed you information based on your interests rather than facts. This can ultimately lead you to lose trust in institutions, form beliefs you wouldn’t otherwise hold, or make decisions that aren’t in your best interest.

What makes misinformation hard to spot is that fake news often doesn’t “feel” malicious. A recent study by Georgia State University researchers found that people are more likely to believe and share false stories when they feel it’s useful. This can be to warn others, explain confusing events, or offer reassurance in uncertain moments (such as during the COVID-19 pandemic or elections).

And, more worryingly, the study also found that people were more forgiving of misinformation if it was emotionally satisfying.

• How it happens: Misinformation spreads through false or misleading content, manipulated images and videos, and propaganda accounts.
• How to protect yourself: Verify information from multiple reputable sources and don’t buy into sensationalized headlines or claims.

14. Social media school threats

Social media school threats occur when someone uses a social media platform to issue threats against a school or other students, often resulting in closures and lockdowns. Although they are frequently hoaxes, they can lead to considerable disruption and distress.

In January 2026, the FBI investigated social media threats against 14 schools in Texas. In February 2026, a 13-year-old Florida student at the Innovation Preparatory Academy of Naples was arrested for making a threat against the school on social media.

Some threatening posts can be anonymous (even originating outside the US), while others are made publicly by students or other community members.

• How it happens: Someone posts a threat against a school, students, or staff on social media, sometimes using a fake account to remain anonymous. The digital nature of the threat means it could be rapidly disseminated among students and communities. If authorities take the threat seriously, a SWAT team could be sent, or the school could be closed.
• How to protect yourself: If you come across a school threat on social media, report it to the school’s administration and law enforcement immediately.

15. Doxxing

Doxxing is the public sharing of another person’s private information, such as their home address, phone number, or workplace, without their consent. It’s often used to intimidate, harass people, or escalate an online dispute into a real-world one.

In 2025, the Department of Homeland Security in the United States investigated over 5,000 students on U.S. college campuses after they were doxxed as alleged critics of Israel.

Doxxing occupies a legal gray area in the U.S. There’s no single federal law that specifically bans doxxing, and whether it’s illegal often depends on the intent behind sharing the information and the harm it causes. However, some states have passed targeted laws addressing certain forms of the practice. For example, Texas passed a 2023 law making it illegal to share someone’s home address or phone number, a rule that applies only within the state.

• How it happens: A troll collects personal details from social media posts, public records, or data breaches and posts them online so others can harass the target.
• How to protect yourself: Share less personal information online, tighten your privacy settings, and report doxxing incidents immediately to both the social media platform and law enforcement.

16. Social media account takeovers

An account takeover occurs when someone gains unauthorized access to your social media account and locks you out. Once inside, attackers may steal personal information, scam your contacts, or try to extort you — for example, by demanding payment to restore access.

In 2024, a writer for The Press Democrat wrote about how their Facebook account was hijacked and turned into a crypto scam. Talking to others in the same situation, they realised how hard it can be to get an account back.

One victim even drove to Meta’s headquarters looking for help, while another hired a cybersecurity firm to track the hacker. The Meta team gave the first victim a flyer, and the firm put the odds of recovering the second victim’s account at about 65%, warning that there were likely “300,000 people ahead in the queue.”

• How it happens: An attacker tricks you into giving up your login details through phishing links, fake password reset messages, or other social engineering tactics, then changes your login credentials to lock you out.
• How to protect yourself: Use strong, unique passwords, enable two-factor authentication, and be cautious of unexpected login or reset requests.

17. Companion chatbot vulnerabilities

Companion chatbots are AI-powered characters designed to simulate friendship.  While many are marketed as harmless helpers, they can create real risks, especially for teens and vulnerable users who begin to rely on them for connection.

In one case, a woman filed a lawsuit against Character.ai after alleging her teenage son developed an intense attachment to a chatbot and exchanged thousands of messages that created dependency and encouraged harmful thinking.

The company has denied responsibility, but the case sparked global debate about the safety and addictive potential of AI companionship. With more children using AI chatbots each year, experts warn that these systems can mirror distress, reinforce harmful thoughts, or create emotional dependency.

• How it happens: A user starts chatting out of curiosity or loneliness. The chatbot mirrors their emotions and builds intimacy quickly. This may unintentionally validate harmful thinking instead of redirecting the user to real-world help.
• How to protect yourself: Treat AI chatbots as tools, not trusted companions. Don’t share sensitive information or rely on them for mental health support.  If a chatbot interaction starts affecting your mood or behavior offline, step away and seek help from a real person or licensed professional. If you’re a parent, monitor your child’s AI app use and have open conversations about online relationships.

7 ways to protect yourself from social media threats

You can help defend against social media threats by protecting your personal information, enhancing account security, using secure connections, and installing antivirus software.

Here are more details on how to protect yourself from the dangers of social media:

• Never share personally identifiable information (PII): This includes your Social Security number, credit card numbers, or address on social media posts. Ignore and report requests for such information.
• Use strong passwords: Choose strong passwords that are unique to each account to help protect against brute-force and credential-stuffing attacks. You can use a password manager to make it easier to remember your passwords without compromising security.
• Set accounts to private: Control who can see your content to reduce the risk of people you don’t know finding your profile. You can also consider further privacy settings, like blocking others from posting on your page.
• Use a VPN: A virtual private network like Norton VPN helps to encrypt your internet traffic and mask your IP address, making it harder for hackers to find your location and spy on your online activity.
• Don’t accept friend requests from strangers: Friend requests that appear out of the blue from people you don’t know may be from malicious accounts designed to phish for personal information or spread malware.
• Avoid public Wi-Fi: Avoiding public Wi-Fi networks helps reduce the risk of your internet traffic being intercepted through packet sniffing. If you have to check your social media on public Wi-Fi, make sure you’re using a VPN.
• Use Cyber Safety software: Malware can compromise your social media account and credentials. A robust cybersecurity solution can keep you safer from malware, phishing attacks, scams, and other cyberthreats.

Help protect yourself from social media threats

On social media, you never know when you’re one click away from danger. An innocent-seeming ad for an item you want, a link in a DM from a stranger, or a suspicious post could be all it takes to expose you to a cyberthreat.

Help protect against malware, phishing links, scams and other social media threats with Norton 360 Standard. It combines real-time malware protection, a VPN, and AI-powered threat detection to help you spot scams and unsafe links as you surf. Enjoy greater peace of mind and a safer social media experience.

FAQs

Is social media safe for kids to use?

Social media isn’t inherently unsafe for kids, but it does pose real risks. Children can be exposed to scams, bullying, inappropriate content, and strangers pretending to be someone they’re not.

Parental involvement is key here. We recommend strong privacy settings, age-appropriate limits, and the use of online security tools like Norton that offer parental controls across devices.

What’s the most common social media attack?

According to research by Norton on social media threats, the most common types of scams across social media platforms are malvertising, phishing, and e-shop scams.

What is the riskiest social media platform?

Research on social media scams by the threat analysts that develop Cyber Safety products for Gen (the company behind Norton) suggests that Facebook may be the riskiest social media platform: Gen products, including Norton, protected users from more threats stemming from Facebook than any other social media platform, followed by YouTube and X.

Is it safe for me to post pictures of my child on social media?

Posting photos of your child, especially on public accounts, can be quite risky. Once a photo is online, you lose control over where it goes and how it’s used. It can be copied, reshared, edited with AI, or misused without your knowledge. So if you choose to post, keep accounts private and avoid information like names, locations, and school details.