Social Network Impostors
If you've connected with someone on Facebook, LinkedIn, Twitter, or another social network, it's probably because you know and trust the person. Attackers, however, can take control of your friend's online persona and then exploit that trust.
Beware of scams sent from 'friends': Attackers can hijack one of your online buddies' social networking accounts through malware, phishing scams, and other techniques, and then use the stolen accounts to spam you, steal your personal data, or even con you out of cash. Once the thieves have locked your friend out of the account, they may send you a note saying, "Help! I'm in London and my wallet was stolen. Can you wire me some money for a plane ticket?" Or they may recommend that you click on doctored links that will allow them to infect your computer or compromise your own account.
Now that so much entertainment, shopping, and socializing has shifted online, every Internet user leaves a rich digital trail of preferences. The books you read, the movies you rent, the people you interact with, the items you buy, and other details constitute a gold mine of demographic data for search engines, advertisers, and anyone who might want to snoop around your computer.
Do business with companies you trust: Stay aware of the privacy policies of the Websites and services you interact with, and restrict your dealings to those that you believe you can trust to guard your sensitive information.
Use private browsing: The current versions of Internet Explorer, Firefox, Safari, and Chrome include private-browsing modes. These features, such as IE 8's InPrivate Browsing and Firefox 3.5's Private Browsing, ensure that the site history, form data, searches, passwords, and other details of the current Internet session don't remain in your browser's cache or password manager once you shut the browser down. By protecting such information on the computer you do your surfing on, these features help you foil nosy coworkers or relatives.
You're probably familiar with the garden-variety phishing attack. Like a weekend angler, a phisher uses bait, such as an e-mail message designed to look as if it came from a bank or financial institution, to hook a victim. Scareware is a twist on the standard phishing attack that tricks you into installing rogue antivirus software by "alerting" you that your PC may be infected.
Don't take the bait: Stop and think. If, for instance, you don't have any security software installed on your PC, how did the "alert" magically appear? If you do have a security utility that identifies and blocks malicious software, why would it tell you to buy or download more software to clean the alleged infection? Become familiar with what your security software's alerts look like so that you can recognize fake pop-ups.
Don't panic: You should already have antimalware protection. If you don't, and you're concerned that your PC may in fact be infected (not an unreasonable concern, given the existence of a rogue "alert" on your screen), scan your system with Trend Micro's free online malware scanner, HouseCall, or try running Microsoft's Malicious Software Removal Tool; for more help, see "Additional Security Resources." Once you complete that scan, whether it discovers anything or not, find yourself a reputable antimalware app and install it to protect your PC in the future.
Update your browser: Such fake messages will prompt you to visit the scammer's Website, which may infect your system further. Current versions of most Web browsers and many Internet security suites have built-in phishing protection to alert you to sketchy sites. It's important to note that while the databases these filters use are updated frequently to identify rogue sites, they aren't fail-safe, so you should still pay attention to any URL that you consider visiting. To make this easier, both Internet Explorer 8 and Chrome highlight the real, or root, domain of the URL in bold so that you can easily tell whether you're visiting, say, the genuine www.pcworld.com or a spoofed site like www.pcworld.com.phishing-site.ru.