We all love Facebook and everything it brings to our lives — but we can be dangerously naïve about the way we use it.
Facebook is fab. The chance it gives us to connect, promote, sell, exchange and share is priceless, and it’s why the platform has billions of active users worldwide. But where there is good, there is always evil.
And it isn’t limited to Facebook. Social media in general has become a hunting ground for fraudsters looking for any opportunity to scam you or steal your identity — and wherever flatmate.com members live, the numbers are sobering. In Australia, the Australian Institute of Criminology found that 1 in 5 people had their personal information misused in a single year. In the UK, identity fraud is now the single most common type of fraud, with Cifas recording around 242,000 identity-fraud cases in 2025 — more than half of all fraud logged to the National Fraud Database. In Ireland, Banking & Payments Federation research found 1 in 5 regular online shoppers lost money to scams in a year, as fraudulent payments climbed to €160 million. And in India, cybercrime complaints jumped 42% in 2024 to more than 2.2 million, with identity theft among the fastest-growing categories. The trouble is that most people don’t realise there’s a problem until a bill turns up in their name for something they never bought, or their credit rating takes a hit.
As identity crime expert Dr Clare Sullivan put it:
“People put everything out there on social media. All you need [to steal someone’s identity] is their full name, their date of birth, sometimes their place of birth and an account number. With that information all over the internet, it’s very easy to piece together.”
The trouble with hunting for a flatmate in public Facebook groups
There’s a trend of people using public Facebook community groups to find flatmates and post accommodation ads. Unlike the flatmate.com platform — where your personal information stays secure and protected — anything shared in these public groups is on display for everyone to see. And some of what gets posted is genuinely concerning.
The other problem is that anyone can post in these groups, so they’re constantly bombarded with spam and offensive content. Administrators can block a person, but blocking doesn’t actually stop the spamming — it just hides the content from other members. By then the damage is usually done, with plenty of people already exposed to malicious links or intrusive posts.
From your Facebook profile alone, a fraudster can learn your name, date of birth, location, employer, friends and contact details — and, on a deeper level, your interests and hobbies. With that much information, they can build a convincing email or impersonation scam tailored specifically to you. And you’re far more likely to respond to a message you believe is coming from a group you belong to or a person you know.
It’s surprising how liberal people are with their personal information when the threat of scams and identity fraud is so widespread.
What can a criminal actually do with your information?
Honestly, the world is their oyster. They can use your details to:
- Apply for a credit card, loan or bank account
- Run up debts on your credit card
- Claim benefits such as housing support, income support, jobseeker’s allowance and child benefit
- Apply for a driver’s licence, passport or mobile phone contract
- Register a vehicle
- Apply for a job
How to protect yourself
Greg Austin, Professor in Cyber Security, Strategy and Diplomacy at the University of NSW, warns:
“Inclusion of your own address details in Facebook posts is not in general a problem, since such details can easily be found on an electoral roll for those over 18. But equally important must be the principle of ‘privacy first’ when we post anything to the web, especially birth dates and details of relatives and children. Identity theft depends on access to such information. Cyber bullies and more serious criminals will exploit anything they can find.”
Some people go to extremes, setting up several Facebook accounts and switching between them every couple of months so fraudsters can’t piece together who they really are. The problem is that this breaks Facebook’s terms of service, which allow only one account per person.
Fortunately, there are plenty of ways to protect yourself without breaking any rules:
- Use a nickname instead of your real name. You’re far less exposed if your details ever leak.
- Never post your address or plans in public. If you’re looking for a flatmate, keep the details general and ask interested people to message you privately. Better still, use flatmate.com’s secure, protected platform — members verify their identity for free through Didit, a government-grade identity service, so you get a verified badge you can trust at a glance. All messaging happens inside the site (we never expose your email or phone), and you can even start a video call right inside the chat to suss someone out before anyone commits to a viewing or hands over a deposit.
- Tweak your birthdate. We all love birthday messages, but your date of birth is one of the key ingredients for identity theft. If the greetings matter to you, at least change the year — just remember Facebook only lets you change your birthdate once.
- Don’t geotag your photos. Anyone can right-click an image to see where it was taken. On an iPhone, turn off location services for your camera (and other apps, if you want to be extra careful), and avoid posting shots of recognisable landmarks that give your location away.
- Keep your credit card details to yourself. Facebook offers several services that ask for a card number — be cautious about storing card details online anywhere.
- Leave your phone number off your profile. Fraudsters can type a mobile number into the search bar and, depending on your privacy settings, pull up your name, photos and location.
- Tighten your privacy settings so your personal information and posts are visible to friends only.
- Stay guarded. The more you post about your life, plans and interests, the more vulnerable you become. Don’t broadcast where you live, where you holiday or what car you drive. Before you post, ask yourself whether the information could be used against you.
- Use a group photo as your profile picture so it can’t be used to identify you — and never use a passport photo (it happens).
- Use a strong password with a mix of numbers, symbols and upper- and lower-case letters.
- Don’t click suspicious links, even from friends — their account may have been hacked.
When it comes to social media, the only person responsible for the security of your personal information is you. It’s easy to get complacent because you assume you’re “among friends,” but the reality is you have no idea how your information might be used. So be careful what you share. Stay suspicious — paranoid, even. It might just save you from a very expensive mistake.
For more on protecting yourself from scams and identity fraud, see the national services where you live: cyber.gov.au and IDCARE in Australia and New Zealand, Cifas and Action Fraud in the UK, FraudSMART in Ireland, and the National Cyber Crime Reporting Portal in India.
Sources: AIC (Australia), Cifas Fraudscape 2026 (UK), BPFI FraudSMART (Ireland), PIB / India cybercrime 2024


