Oversharing Personal Information

December 15, 2023
In a world of 24/7 social media, and apps for everything from flights to coffee’s, oversharing personal information online affects more of us than we might think.

Whether you’ve shared a seemingly innocent photo of your dog, a video of you supporting your favourite team, or you’ve unwittingly given away details of your banking or passport details, you could be revealing information that is invaluable to a fraudster or identity thief.

There is increasing evidence that employee’s over-sharing personal information on social media platforms can enable or facilitate fraud against their employer; businesses like yours!
People sharing personal information on social media platforms

Fraudsters are using these social media platforms to research their ‘targets’. Using the data they gather, they may create an email account that appears to be an employee, they may spoof the employee’s business email address or in sophisticated cases they may even gain control of the employee’s business email account.  Fraud risks include:

  • Cyber enabled salary diversion fraud: Fraudsters posing as an employee and changing the bank account that the employee’s salary is paid into and diverting their pay to the fraudsters account.
  • Fraud against salary sacrifice schemes: Fraudsters accessing an existing salary sacrifice account, or creating a new account, with the compromised credentials, and then amending personal contact details before requesting to purchase an item.
  • CEO impersonation fraud: Criminals posing as a senior person in the business to persuade staff to make an urgent payment.


Whilst fraudsters are becoming ever more sophisticated in their crimes, there are several fraud prevention actions that can be taken by businesses and individuals, to reduce the risk of fraud, these include:

  • Assessing the risk by measuring the extent to which employee’s are sharing personal information that may enable criminals to commit fraud.
  • Raising awareness amongst staff, of the value of their personal information to fraudsters.
  • Providing resources to empower employee’s to take control of the personal information that they share online.
  • Technical solutions such as multi-factor authentication on business email accounts can protect your business and those you do business with.


As individuals, one of the best ways to avoid oversharing on social media is to set your account to private. Everything we share or post online tells people something about us.  All of the major social media platforms have step-by-step guides to managing your privacy, this article by the National Cyber Security Centre (NCSC) provides links to the privacy sections of most major sites.


Never share details publicly, that could be pieced together and exploited by a fraudster – e.g. your age, birthday, address, workplace, first school, mother’s maiden name, relatives’ or pets’ names, or other obvious passwords.


At SAFE, our team of experienced, professionally qualified counter fraud specialists can help your business to mitigate the financial risks associated with employee's oversharing personal information. 


Call Us

Share this news story...

Photo of Henry

SAFE Welcomes New Security Management and Counter Fraud Technician

By Charlotte Park May 29, 2026
SAFE Welcomes New Security Management and Counter Fraud Technician

ECCTA (Section 199): Failing to Prevent Fraud – Are You Defensible?

By Charlotte Park January 15, 2026
Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a new corporate offence that significantly raises the bar on fraud risk management. Large organisations can now be criminally liable if an employee, agent, or other associated person commits fraud for the organisation’s benefit—and the organisation did not have reasonable fraud prevention procedures in place. This is a strict liability offence. Prosecutors do not need to prove senior management knowledge or intent. If fraud occurs and the organisation cannot demonstrate an adequate prevention framework, liability follows. The only defence: reasonable procedures The sole statutory defence is that the organisation had reasonable procedures in place to prevent fraud, or that it was reasonable not to have such procedures. In practice, regulators have made clear that “reasonable” will be interpreted robustly. Organisations should be acting now to: Conduct a documented fraud risk assessment covering business models, revenue streams, incentive structures, third-party exposure, and jurisdictional risk. Design proportionate prevention controls aligned to identified risks, including financial controls, approval thresholds, segregation of duties, and oversight of agents and intermediaries. Set the tone from the top , with clear board ownership, senior accountability, and demonstrable commitment to fraud prevention. Implement targeted training and communications so employees and associated persons understand fraud risks, red flags, and reporting routes. Maintain monitoring, reporting, and review mechanisms , including whistleblowing channels, audits, and periodic reassessment as the business evolves. Evidence everything . Policies without implementation, or controls without records, will not support a defence.

2025 Webinar Recordings Available

By Charlotte Park December 19, 2025
Thank you to everyone who attended one of our fraud prevention webinars in 2025. For those who missed them, you can now watch all the recordings at your convenience on the SAFE YouTube channel. Whether you want to find out more about the drivers of fraud, or explore strategies for preventing emerging threats such as dual employment and imposter fraud, we've got a webinar for you. All the links you need are below, and we've included links to additional resources available elsewhere on the SAFE website.