Don’t click on it! It may be a malicious tag

A woman notices a suspicious notification from Facebook.

If someone tags you in a post with a provocative headline or a weird link, think twice before clicking on it. It might be a scam.

“I can’t believe he’s gone. I’ll miss him so much” read the Facebook notification a woman received. Next to these words was a link. Alas, no one died, but someone got hacked.

The woman started receiving strange messages––some from her friends––alerting her that she got hacked. Then, she received a message from an unknown person telling her that they would help her for $100. Fortunately, the woman didn’t go through with the suspicious proposal.

However, her Facebook account was already compromised and, as she explained in her own words, “Don’t click on a link you don’t know, because it can cause a lot of havoc.”

What is malicious tagging?

Malicious tagging is like a virus, spreading from one user to another. It involves tagging users in harmful posts, links, or videos that could lead to scams or malware distribution

The posts the scammers may tag you on may look like legitimate articles, videos, or giveaways. They use social engineering tactics, such as creating a sense of urgency to manipulate you into clicking the link.

It’s easier to pinpoint when a malicious tag comes from a scammer if it was sent from an unknown account, but that’s not always the case. If you receive such a notification from one of your friends, then know your friend’s account has been compromised. This is how the scam spreads––from friend to friend.

How malicious is the tagging

The goals behind malicious tagging are varied. It may be to steal personal information, hack into social media accounts, or spread malware that can be used to control devices or steal further information.

This cyber threat is sneakier than many others. It may become a big issue if the scammers get access to your personal information, banking information or passwords. This is why it’s important to be mindful before clicking on a post someone tagged you on without checking if it’s safe and legitimate first. 

How to protect yourself from malicious tagging

Though anyone and everyone can be tagged, there are things we can do to avoid the threat.

  • Be suspicious of unexpected tags. Even if the tag comes from someone you’re familiar with, make sure to check the post carefully before engaging. You might even send a screenshot to the person and ask them if they recognize the post.
  • Alert your friends. Put a stop to the spreading of the malicious tag and alert your friends if you see a strange post from them. It’s better to be safe than sorry.
  • Adjust privacy settings. Limit who can tag you in posts and who can see posts you’re tagged in. Most social platforms offer settings that allow you to review tags before they appear on your profile.
  • Keep yourself informed on scam trends. It’s easier to notice when something is off when you have the knowledge you need.
  • Use unique passwords and 2-factor authentication. The stronger your authentication process, the harder it’s for the scammer to get into your accounts. Consider a password manager to store all of your unique passwords.
  • Protect your information and devices. Use a scam detector and invest in a robust cybersecurity solution.

What to do if you’ve been tagged

These steps will keep you and your people safe.

  • Do not click on any links within the post or engage with the content.
  • Untag yourself from the post.
  • Report the post.
  • If the post comes from a friend, alert them.

The most important thing to do is to avoid any type of engagement with the tag and post. The scammer needs you to click for the malicious tag to work.

Be mindful of what you’re clicking

Always exercise caution and think twice before clicking on any link you’re tagged in. By staying alert and knowing how to disengage and report malicious content, you can help protect not only yourself but your network from these cyber threats.

Remember, if something seems off, it's better to be safe and verify before engaging.

  • Nyrmah J. Reina
  • Managing Editor
Nyrmah J. Reina is a writer and managing editor for the company’s lifestyle blogs. She covers online safety and cybersecurity topics.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.