Have you been tagged by someone on Facebook, X, or another social media service? It might be a scam, especially if it includes a link.

These accounts could be associated with complete strangers or people you know. This is known as malicious tagging, a practice increasingly used by scammers.

Malicious Tags: How Does This Scam Work?

Hackers either set up fake accounts or hijack real profiles on social media and find other accounts to try to take over. They then tag those accounts in a message and include a link. The message can solely be a link, or, more often than not, they lure victims in by writing something to entice them into clicking.

Once the victim clicks on this link, they either unwittingly download malware or are redirected to a malicious site. This can lead to further infection or thetheft of personal data via phishing.

scam tags on ai photos

If the cybercriminal gets enough details, they can also hijack the victim’s social media and spread the scam even wider.

How to Spot Malicious Tagging on Social Media

You’ll see this scam on numerous social media sites, but it’s most prevalent on X (formerly Twitter) and Facebook. The latter made this more widespread by allowing accounts to tag everyone in a particular group. On Facebook, these messages are most frequently added as comments underneath another post.

What does malicious tagging look like? You’ve probably already encountered examples yourself. Typically, they include a link with a brief message. This could be a promise of a giveaway, a mention of a big news story, or something casual like “Think you’ll like this.”

scam tags on fb fake link

The URLs are generally long and nonsensical, i.e. don’t go to a recognized site. They can also be accompanied by fake images, generally created using AI.

They’re malicious and could download malware onto your device or steal your personal details.

So, what are your next steps?

The first is to simply ignore it. The majority of people do this. There’s nothing wrong with taking this option, but others might still fall for the scam.

If the commenter has tagged everyone in a Facebook group, you could warn your peers of the dangers. That’s the community-minded thing to do, and we’re sure others will appreciate it. You’ll be helping to make sure people won’t get scammed.

Similarly, you can flag fake or hijacked accounts to fight back against cybercriminals. Social media apps have different ways to do this: on X, for instance, you have to go to the Help Center; on Facebook, you need to file a report via theFind support or report profilebutton on the offending account.

It’s worthlimiting who can contact you on Facebook, as well as other social media sites, so you cut down the risk of being scammed or your private data falling into the wrong hands.

Firstly, don’t hand over any personal details. You should never give any private data to strangers—or indeed to any websites you don’t 100 percent trust. EvenPersonally Identifiable Information (PII)like your name and date of birth is valuable to cybercriminals.

If you’ve already handed over private data, assess what you’ve surrendered to hackers. If it includes account details, you need to quickly change your passwords in another tab or on a different device.

Financial details are rarely stolen via this type of scam, but should those have been taken, you need to contact your bank or financial institution asap.

No matter your device, you should scan your system with antivirus software. iPhones and iPads arguably don’t need security suites, so you should be fine simply closing any pages the malicious link has led to. Android or jailbroken devices are another matter and should be scanned.

If you clicked on a malicious link on your PC or laptop, you definitely need to scan it with antivirus software. Check recent downloads too; scammers could easily have installed malware by tagging you on social media. This includes on smartphones: fraudulent apps could also have been added to your system.

Yes, malicious tagging is a headache, but as long as you know what to look out for, you’re able to beat the scammers.