How to safeguard your online security

The bad guys know you're social networks like crazy, and they're gunning for you.

Social networks are fun to use, helpful for job hunting, and great for keeping in touch with friends, business contacts, and relatives. The downside: The bad guys know you're using these networks like crazy, and they're gunning for you.

Other online security threats may come from credit card exposure and the Google privacy factor.

Social Networking Traps

Why You Should Care: Sneaky sociopaths are using social network sites to infect, phish, and spam you.

Scenario: A message from one of your friends shows up in your inbox, sent via a social network site that you use regularly, such as Facebook.

The message promises a big laugh, and points to a Web site you've never heard of. You think you can trust it, so you click the link--and the next thing you know, your PC is misdirected into a phishing page that steals your log-in details or to a drive-by download site that infects your system with a password-stealing Trojan horse. Your friend says she never sent you the message.

Whether the culprit is a fake LinkedIn profile page that serves up dangerous URLs or a bogus Twitter message that purportedly comes from our friends, social networks are rapidly becoming the newest medium for malware attacks. As operating systems and applications became harder to hack directly, online criminals realized that it was much easier to fool people into clicking bad links, opening dangerous files, and running malicious software. And the best place to exploit the trust between friends and colleagues is in the mechanisms of the social network itself.

By now, most Internet users are savvy enough to recognize spam e-mail. But what about a spam tweet that seems to come from someone in your circle of friends and takes you to a page that looks almost exactly like the one you use to log in to Twitter? A week may go by, and suddenly the data thieves who now control your account begin sending messages with URLs--some of which perform drive-by downloads and infect the recipients' PCs with malware--to everyone in your social network.

Facebook and MySpace users have already had to deal with a number of worms and other nasties that spread independently of any action taken by the account holder. Expect more of these automated attacks in the future.

Fix: If you think that your social networking account details have been compromised or stolen, report your suspicions to the site's support team immediately. Change your password frequently, and avoid clicking links that purport to send you back to the social network site. Instead, type the site's address directly into your browser (or follow a bookmark you've previously saved) to get back to your account.

Credit Card Exposure Online

Why You Should Care: Resolving fraudulent credit card charges can be a messy, time-consuming process.

Scenario: Scanning your e-mail, you see a message from a large online retailer notifying you that an order you recently completed is ready to ship--but you didn't order anything. You follow a link in the message that supposedly leads back to the site's log-in page, which contains a Web-based form that lists the wrong credit card number and address for your account and requests that you fill in the correct information so that the company can initiate its dispute resolution process.

So you enter the card number, the card's expiration date, your billing address, the card verification value (CVV) number printed on the back, your birth date, and your dog's favorite flavor of Milk Bone. In your rush to correct the "mistake," you've just delivered your card details right into the hands of savvy phishers.

Since consumers are never liable for more than US$50 of fraudulent credit card charges, you may wonder whether having your credit card information stolen is such a big deal. The answer is yes. You may not pay for the fraud directly and immediately, but all credit card users bear the burden in the form of fees and interest rates that factor in the cost of fraud to the credit card issuer.

In addition, you'll spend considerable time canceling credit card accounts, getting new cards issued, checking your credit reports, and changing the numbers in various accounts if you use them for automatic payments.

Fix: Some larger banks still offer single-use, "disposable" credit card numbers--you log in to your bank's Web site and identify the total amount of your purchase from the relevant online shop, and the banking site responds by spitting out a "credit card" number that can be used only for that amount and at that online store. Bank of America's ShopSafe, Citibank's Virtual Card Numbers, and Discover's Secure Online Account Numbers are still going strong, though American Express killed off a similar service years ago.

Google and Your Privacy

Why You Should Care: Any business that maintains so much information about you puts you at risk of having that data abused.

Scenario: Google seems to be everywhere these days. Aside from running an exemplary search engine, the company offers services for sending e-mail, receiving news feeds, and shopping. Furthermore, many of your favorite Web sites probably use Google to serve ads, syndicate content, or even track their own performance. Your Google account is like a diary of everything you do online: It can track your surfing behavior and even show you trends that you may not be aware of.

The sheer breadth of information that Google handles for people is startling: e-mail, instant messaging, VoIP phone calls, photos, maps, finance and investment portfolios, home and work addresses, reading preferences, video interests and assessments, online purchases, most frequent searches, and clicked-on search results. Can you trust a commercial enterprise that has so much valuable information about you at its disposal to live up to its "Don't be evil" corporate mantra? That remains to be seen.

Fix: You can partly extricate yourself from Google, but don't assume that the big G isn't still all around you. Change the default (Google) search settings in Firefox if you must; stop using Gmail, iGoogle, and your Google Account if you're really concerned. But so many sites now incorporate the company's AdSense, Analytics, and syndication components that going off the Google grid may be virtually impossible for anyone who uses an Internet connection.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?