How to Safeguard Your Online Security

Social networks are fun to use, helpful for job hunting, and great for keeping in touch with friends, business contacts, and relatives. The downside: The bad guys know you're using these networks like crazy, and they're gunning for you.

Other online security threats may come from credit card exposure and the Google privacy factor.

Social Networking Traps

Why You Should Care: Sneaky sociopaths are using social network sites to infect, phish, and spam you.

Scenario: A message from one of your friends shows up in your inbox, sent via a social network site that you use regularly, such as Facebook (To understand social networking better, read "A Peek Inside Facebook").

The message promises a big laugh, and points to a Web site you've never heard of. You think you can trust it, so you click the link--and the next thing you know, your PC is misdirected into a phishing page that steals your log-in details or to a drive-by download site that infects your system with a password-stealing Trojan horse. Your friend says she never sent you the message.

Whether the culprit is a fake LinkedIn profile page that serves up dangerous URLs or a bogus Twitter message that purportedly comes from our friends, social networks are rapidly becoming the newest medium for malware attacks. As operating systems and applications became harder to hack directly, online criminals realized that it was much easier to fool people into clicking bad links, opening dangerous files, and running malicious software. And the best place to exploit the trust between friends and colleagues is in the mechanisms of the social network itself.

By now, most Internet users are savvy enough to recognize spam e-mail. But what about a spam tweet that seems to come from someone in your circle of friends and takes you to a page that looks almost exactly like the one you use to log in to Twitter? A week may go by, and suddenly the data thieves who now control your account begin sending messages with URLs--some of which perform drive-by downloads and infect the recipients' PCs with malware--to everyone in your social network.

Facebook and MySpace users have already had to deal with a number of worms and other nasties that spread independently of any action taken by the account holder. Expect more of these automated attacks in the future.

Fix: If you think that your social networking account details have been compromised or stolen, report your suspicions to the site's support team immediately. Change your password frequently, and avoid clicking links that purport to send you back to the social network site. Instead, type the site's address directly into your browser (or follow a bookmark you've previously saved) to get back to your account.

Credit Card Exposure Online

Why You Should Care: Resolving fraudulent credit card charges can be a messy, time-consuming process.

Scenario: Scanning your e-mail, you see a message from a large online retailer notifying you that an order you recently completed is ready to ship--but you didn't order anything. You follow a link in the message that supposedly leads back to the site's log-in page, which contains a Web-based form that lists the wrong credit card number and address for your account and requests that you fill in the correct information so that the company can initiate its dispute resolution process.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.