CNET también está disponible en español.

Ir a español

Don't show this again

Security

Five net nasties and how to avoid them

From fraudster frogs on Facebook to dodgy music downloads: we look at five ways your data can be compromised online and how to stay safe from the scamsters.

From fraudster frogs on Facebook to dodgy music downloads: we look at five ways your data can be compromised online and how to stay safe from the scamsters.

Keeping your personal data secure in the age of the net is pretty straightforward, right? Nab the annual antivirus software, keep it updated throughout the year, and ignore any poorly worded e-mails that tell you you've won the lottery despite never buying a ticket.

Unfortunately it's not that simple anymore. As the Web has become more sophisticated, so have the methods used by the phishers, spammers, hackers and fraudsters hell-bent on causing havoc. Infected links can arrive from friends via instant message or disguised as a piece of juicy gossip in an e-mail, and even trusted Web sites are open to attack due to the increasingly high proportion of third-party and user-generated content.

How to stay safe from these net nasties? Here are five examples of ways people have been caught out online, and our top tips for avoiding a similar fate.

Keep your personal info safe from dodgy plastic frogs.

1. Facebook: Freddi's fraudulent friendship
Facebook may cop flak for being a timewaster, but the 750,000 Australian users who visit the site each month (according to July statistics from Nielsen//NetRatings) are putting more at stake than their productivity levels.

The vast majority of Facebook users go by their real, full names on the site. Profiles feature e-mail addresses, instant messaging login names, workplace information and -- for the truly game -- residential addresses. Then there is the photo tagging feature; you or anyone else can tag a snap to match a name to a face.

All of this information is like chocolate-covered gold for identity thieves. And while you may think you are protected by Facebook's network-based profile-viewing restrictions, you'd be surprised at how easy it is for ID fraudsters to become part of your inner circle. Earlier this year, security firm Sophos conducted a study in which it created a fake profile and sent friend requests to random users across the globe. The fake Facebooker -- which was named Freddi Staur and had a photo of a plastic frog as a profile pic -- managed to get a response from 87 of the 200 people contacted. Users who accepted the friend request divulged details such as their employers, hobbies, and location, which could all be used for the purpose of identity theft.

Privacy concerns are especially relevant in light of Facebook's recent launch of a public listing search, which allows your profile to be found via external engines such as Google. For tips on locking down your information, take a look at Sophos's best practice guide for Facebook.

Top tip: Only add people you know. For those who are closer to acquaintances than friends, there is always the limited profile option, in which you can restrict the amount of information they can see. For more on safeguarding your privacy, see our newbie's guide or our tips on stealthy Facebooking.

 

2. Shock e-mails: Heart attacks and unpaid bills
By now we're all accustomed to those missives that arrive in our inboxes from someone claiming to be a scandalously wealthy oil baron at death's door. Playing the sympathy card, these people write to express their sole dying wish: to transfer an Olympic swimming pool worth of cash to your bank account. Never mind that you're a complete stranger in a foreign land -- most rich people are eccentric, right?

Now that we know not to send our BSBs to those dying overseas, dodgy e-mailers are getting more inventive in their attempts to solicit clicks and responses. One method relies on the human penchant for gossip or breaking news. In February this year, thousands of people were infected by a trojan after receiving an e-mail with a link to a news report about Australian Prime Minister John Howard suffering a heart attack. One problem: Howard's health was fine (he does do that daily walk after all), and the supposed news site harboured a trojan that, once downloaded, monitored infected users' online activity.

Other examples of imaginative phishing e-mails include accusations of non-payment from eBay impersonators, requests to log in to a little-used online account for "verification", and fake MySpace friend requests.

Top tip: If you receive an exciting or upsetting e-mail, take a moment to allow your brain to kick in before hitting reply or clicking any links. As we said in our guide to avoiding phishing scams, phishers will try to play on your emotions in order to get a response. Don't give them the satisfaction.

 
Those smiles could leadto something sinister.

3. Instant messaging: When smilies turn to frowns
When using instant messaging software, there are some spread a scam that involved a malicious URL being sent via messaging windows. When clicked on, the link opened a Yahoo-esque page that required a username and password to continue.

The catch? The link, surrounded by cheery-faced emoticons, was not sent by a stranger, but by a friend on the user's contact list. Once the next person entered their details on the Web page, phishers had access to their Yahoo account, and could send the message on to everyone on their contact list.

Top tip: Double-check that any links or file transfer requests sent via instant message are legit, even if they are coming from your mum.

 

4. Music download dodginess: Paying for the privilege of illegal downloads
Why shell out a few bucks per song on iTunes when you can subscribe to a music service that advertises lifetime membership and unlimited free downloads for a teeny one-off fee? Simply put, because such offerings are scams.

These sites seek to charge for a service that is otherwise free by charging for "access" to peer-to-peer (P2P) file-sharing programs such as Gnutella, LimeWire and BearShare. These applications can be downloaded for free from multiple places, including CNET.com.au's Downloads section. While they can be used for legitimate, legal purposes -- such as obtaining copyright-free files and open-source applications -- they also allow you to search for pirated audio files in other people's shared libraries. The vast majority of music accessible via P2P programs is obtained illegally. There is also the risk of downloading a virus or other nasty bit of code instead of a Top 40 tune.

Many of these so-called free music sites appear legitimate, offering customer support and advertising on Google. However, you should be wary of any service that claims to offer unlimited music downloads for a one-off fee. Australia does not currently have any subscription-based music services -- the Microsoft-Sanity offering announced in January this year was supposed to launch in April but has quietly vanished without a trace.

Top tip: Stick with the big names when purchasing digital music. Some local options are the iTunes store, NineMSN music, and sites partnered with Destra Music, such as JB Hi-Fi online. For the lowdown on digital music options, read our guide to online music.

 

5. Sponsored links: When searching leads to scams
One particularly nefarious way that scammers worm their way into your digital life is via sponsored search results. Popular search engines such as Google and Yahoo offer advertising schemes in which people can pay for their sites to be listed in the Sponsored Links section when a user enters particular search terms. In April this year, Google was forced to remove a series of links after it was discovered that they were re-directing people to malicious sites. The links listed were legitimate sites, but redirected Google users to the actual sites after sending them via another site which served up the malicious code.

Top tip: If you've clicked on a sponsored link and been met with a sudden deluge of pop-up windows or other suspicious activity, close your browser immediately and run a malware scanner. For more advice on avoiding suspicious Web sites, read our nine tips.