Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

The internet can be an intimidating place, seemingly infested with rogue sites trying to lure you in and bleed your bank account dry. Even if you're savvy enough not to click on links in unsolicited emails - or even ones that don't read quite right - it's easy to be caught out.

Phishing attacks grow ever more sophisticated, spoof sites exactly replicate the real thing and criminals think up new scams every week.

There's also been a surge in dodgy free add-ons for web-based tools. Secret Crush, an app for Facebook, is one example we outline here; a quick search on the site as we went to press found 28 apps with the same name. Little wonder scammers are able to bamboozle us.

In fact, social engineering is now one of the biggest dangers for web users. Internet security suites can block many threats, but devils disguised as people you know can catch out the most stringent scambuster.

Trusted sites may be spoofed to get you to download malicious software, while drive-by installers attempt to load your PC with ransomware. We're sure MBS won't be the last to try that trick.

So, while you may think you know the ropes when it comes to protecting your PC, it's certainly not as simple as patching your browser, turning on your firewall and keeping your antivirus definitions up to date.

In the following pages we look at the very latest threats to your online and offline life and, most importantly, how to stay safe.

NEXT PAGE: stashing the cache

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

1. Internet privacy I: cache

There are some things you don't want the world to know - not so much because they leave you open to exploitation, but because they're just plain private. However, if you don't take steps to hide your online footsteps, you could be revealing all.

Take medical conditions. The most popular way to check on medical symptoms or to learn more about a particular illness is by using the web. But, having found the information, you don't want other people to know what you've been reading.

Similarly, if you're plotting a surprise getaway for your other half, and researching, planning and booking events online, it's important to keep the details secret.

Many websites attempt to plant cookies on your system when you visit them, enter a username or set a certain preference. These cookies are generally benign in nature - in fact they often significantly improve your browsing experience - but they can betray your every online action to anyone with access to your PC.

Designed to speed up surfing, a cookie cache keeps copies of the text, images and other snippets of code from the web pages you visit. You could learn a lot about someone's surfing habits and interests by trawling through it all - much more, indeed, than by looking at their History list.

Other saved content might include the text of email messages read via webmail. For some time, Mozilla Firefox and Apple Safari have made it easy for users to dump the cache, but Internet Explorer (IE) 8.0 will be the first version of Microsoft's browser to offer a secure-browsing feature.

This feature, called InPrivate Browsing, is designed to eliminate any traces of your online activities when you shut down the browser.

InPrivate deletes your browsing history, cookies and any Registry traces that would enable your online steps to be retraced.

It doesn't prevent the cache from collecting content, however.

The fix

The best way to truly clean the slate is to prevent your browser from leaving anything on the hard drive. You can achieve this in two ways: instruct the browser to save its cache to a portable drive that you keep plugged in when you use the browser; or use software to wipe the cache after you've finished surfing.

In IE, you can do the former in four easy steps: open the Internet Options control panel, click the Settings button in the ‘Temporary internet files' section, click the Move Folder button and navigate to a folder on your external drive. To wipe the cache, we recommend Eraser, an excellent free tool from heidi.ie/eraser. This securely deletes browser cache files (and other data) by overwriting the files numerous times.

NEXT PAGE: your history, no good for me

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

2. Internet privacy II: history

You may have nothing to hide, but that doesn't mean your browsing history won't get you in trouble. Out of context, entries in a list of sites you've visited recently could easily be misconstrued.

The fix

Once again, your browser's private-browsing feature is a useful option here - but don't depend on it. Private browsing lets you surf the web without leaving a trail of website addresses behind.

This feature has long been a part of Apple's Safari browser, and add-ons for Firefox offer Windows users the same benefits. Distrust gives Firefox 2.x and 3.x users a way to manage their browsing history, although some files that Firefox temporarily writes to disk don't get erased until the browsing session ends.

Firefox 3.5 (currently in beta) is likely to add comprehensive private-browsing features. Two add-ons - Private Browsing and Toggle Private Browsing - provide fine control over the settings.

In recent testing by a security firm to discover which browsers' tools do the best job of protecting against tracking by websites, Safari's private-browsing capabilities came in last place; Firefox, Google Chrome and IE 8.0 beta also fared poorly.

But no browser can completely prevent inquisitive sites from tracking your visit. For maximum anonymity, use a service such as Anonymizer or the free Tor.

3. Crackable passwords

As Alaska governor and US vice-presidential candidate Sarah Palin discovered when someone broke into her Yahoo mail account last summer, having a strong password isn't enough. If the answers you provide in the ‘secret questions' section of your online profile are easy to find, a hacker may be able to convince the webmail service's password-recovery mechanism to hand over the password on a platter.

These days, many of us have a LinkedIn account, a Facebook profile and a Twitter feed, each of which is studded with answers to commonly used security questions such as your secondary school or your dog's name.

Conveniently, the general chit-chat you engage in at some of these sites, along with your contacts lists, can supply fraudsters with the gems of information they need to crack your passwords and security questions.

The fix

Use a password manager and be sure to back up your password files. Password Safe and PortableApps.com's version of KeePass Password Safe are good places to start.

Once you've created a random and unguessable password, generate a second password with the password-management utility to use as the answer to the inevitable ‘mother's maiden name' question. Mum may not appreciate being identified in some password bank as Miss 7#BrE_r, but no one will guess that that's how you listed her in your ‘secret questions'.

NEXT PAGE: malware-ridden public PCs

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

4. Malware-ridden public PCs

PCs in schools, internet cafés, tradeshows and libraries tend to be infected with password-stealing Trojan horses more frequently than other systems.

Many of these PCs aren't closely monitored by their owners, which increases their vulnerability. And because scores of casual visitors use them to log into email or other services, data thieves view the PCs as an efficient source of harvestable data, which they can sell on to spammers.

The fix

If you're allowed to reboot the computer, your safest bet is to carry a copy of the Knoppix bootable operating system (OS) on a CD, DVD or flash drive. You can customise your build with up to 2GB of internet tools, productivity apps and utilities.

If you have to use the machine's Windows OS, run your apps from a portable drive using the excellent PortableApps Suite suite of tools. This hosts dozens of apps that have been ‘portabilised' so they store all temporary files, cache files and history on the portable drive itself.

To protect yourself from malicious software that may be lurking on a public PC, scan the machine with the portable ClamWin Free Antivirus, and carry your own customised browser, office apps, instant-messaging clients and secure file-transfer tools. There's even a useful password-manager tool so that you can change passwords as quickly as possible.

5. Online credit-card scams

You get an email from a large online retailer, announcing that an order you recently completed is ready to ship. Great news - but you didn't order anything.

So you follow a link in the message that supposedly leads back to the site's login page. On it, a web-based form lists the wrong credit-card number and address for your account and requests that you confirm or correct the information to initiate the company's dispute-resolution process.

You're instructed to enter your card number, its expiration date, your billing address, the card verification value (CVV) printed on the back and your date of birth.

If you do, you'll be delivering your details into the hands of phishers.

You may not end up out of pocket for the whole amount the phisher manages to extract from your bank account, but banks are becoming less sympathetic to customers who don't do what they can to protect themselves. Higher bank charges and poorer deals for consumers are the inevitable upshot as banks seek to cover their backs from such claims.

If you get phished, you'll need to waste a great deal of time getting new cards issued, checking your credit reports and changing the numbers in various accounts if you use them for automatic payments.

The fix

Some banks offer single-use or ‘disposable' credit-card numbers for use on websites.

You can also set up an account with a very low credit limit - if you're exploited, it will be for a minimal amount.

It's also worth seeing what extra security measures your bank or credit-card company has introduced. Many banks offer free security software, while MasterCard, Royal Bank of Scotland and others have upped their online verification requirements. And you should always look for secure transaction symbols such as Thawte or PayPal when buying online, too.

NEXT PAGE: social-networking dangers

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

6. Social-networking dangers

A message from one of your friends appears in your inbox, sent via a social-networking site you use regularly. The message promises a big laugh and points to a website you've never heard of. You click the link, and the next thing you know, you're misdirected to a phishing page that steals your login details, or to a drive-by download site that infects your system with a Trojan horse.

Your friend didn't send you the message. But because you thought it was from someone you knew, you trusted the message would be safe. We've outline some Facebook examples later on in this feature, but you're just as likely to be plagued via LinkedIn or a rogue Tweet.

The fix

If you believe your social-networking account may have been compromised, report your suspicions to the site's support team immediately. Change your password frequently, and avoid clicking message links that claim they'll transfer you back to the social-networking site. Instead, to get back to your account, type the site's address directly into your browser's address bar.

7. Voice phishing

You receive an email or get a pre-recorded voice message from a financial institution informing you that a large transaction - one you never performed - has been held up. The message includes a free phone number you can call to deal with the situation.

When you dial the number, a voice menu prompts you to key in your card number before it transfers you to a company representative. The phishers ask you to enter other data as well, such as the expiration date and/or the CVV. If you act without thinking clearly, you might provide all the information they ask for. At this point, they may hang up or put you on hold indefinitely.

The fix

If you get a fishy call or email, be cautious. Don't call the number provided in an unsolicited email or voicemail message to follow up on a mystery purchase; instead, dial the telephone number printed on the back of your card.

NEXT PAGE: your privacy in Google's hands

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

8. Your privacy in Google's hands

Google seems to be everywhere these days. Aside from its search engine, the firm offers services for email, news feeds and shopping.

The sheer breadth of information that Google handles for people is startling: email, instant messaging, VoIP, photos, maps, finance and investment portfolios, home and work addresses, reading preferences, video interests and assessments, online purchases, ‘most frequent searches', advert serving, traffic analysis and more.

Your Google account is like a diary of everything you do online, tracking your surfing behaviour and noting trends you may not be aware of. Time will tell whether we're right to entrust a single entity with all this valuable information.

The fix

You can partly extricate yourself from Google. Change the default (Google) search settings in Firefox if you must; and stop using Gmail, iGoogle and your Google Account if you're really concerned.

But so many sites now incorporate the company's AdSense, Analytics and syndication components that completely going off the Google grid may be impossible for anyone who uses an internet connection.

9. Nosy Google Android phones

Most of what you do on the Google Android mobile platform is mirrored to your Google Account. Every email you send, every calendar entry you create and every website you visit gets catalogued. The first Android handset - the T-Mobile G1 - can locate itself by radio tower or GPS, which may make it (and therefore you) highly trackable, too.

The downloadable applets that you can use with the G1 include tools to track the phone's position on a web page or via text co-ordinates you can plug into a map, and tools to show you other Android users within a 10-mile radius. Many of the downloadable applications have access to your phone logs and phonebook, and have permission to connect to the internet by default.

The fix

For many people, these snoop-friendly features are useful and welcome. But if you're concerned about privacy, think twice before committing to the G1. We recommend waiting until Google tweaks the software to rein in the intrusiveness.

NEXT PAGE: mobile phone data loss

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

10. Mobile-phone data loss

We've all had a laugh at the government and its accident-prone minions managing to lose sensitive data, whether by leaving laptops in the back of taxis, losing disks or other astoundingly dumb mistakes. But you'd be surprised - alarmed, even - by the number of businesses and individuals that run similar risks by getting rid of gadgets without bothering to wipe the data.

That old mobile phone may not contain complex financial spreadsheets, but the email addresses, phone numbers and call records stored on it can all be misused.

Resetting a smartphone to its factory-default state takes five minutes, but many people fail to take this simple precaution when a handset reaches the end of its life.

used phone could end up anywhere, yet many sellers just box it up and hand it over.

The fix

Before ditching an old mobile phone, use its reset codes or menu options to clear its message archives and contacts list. Click here to learn how to reset your phone and follow the instructions.

11. Document secrecy I: hidden text

Some people cover sensitive information in documents with black bars. That's effective for a paper report, but not for digital documents. For example, anyone armed with the full version of Adobe Acrobat can remove a black bar painted over text in a PDF file.

The fix

For Word documents, simply save a new copy of the file that you plan to censor. Turn off Revisions Mode, then type text over the text you need to hide.

For PDF files, use a plug-in such as Redax (around £177). Alternatively, cover the text in the PDF file with black bars, convert the PDF to a Tiff image, then reconvert the Tiff to a PDF. The down side of PDFs converted in this way is that readers lose the ability to search text.

NEXT PAGE: hidden data

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

12. Document secrecy II: hidden data

The draft of a collaborative report written in Microsoft Word is likely to be riddled with notes and questions - and perhaps a few gripes inserted by various participants. You clean up the document before submitting it to the boss, but the comment "Do they really expect people to buy this junk?" hasn't vanished - it's simply hiding.

Besides its embarrassment value, embedded information makes life easier for corporate spies. Ignore it at your peril.

The fix

For Office XP and Office 2003 files, download Microsoft's Remove Hidden Data tool. For Microsoft Office 2007 documents, you can use the Document Inspector command to view and (optionally) delete unwanted metadata remnants from your Word, Excel and PowerPoint files.

13. Zero-day attacks

In late 2008, Microsoft released two patches for IE (MS08-067 and MS08-078) without waiting until ‘patch Tuesday'. The release date was rushed forward when experts detected zero-day attacks - early attacks that attempt to exploited vulnerabilities that are not yet patched.

Microsoft delivered the patches with commendable speed. But these two high-profile cases within two months show the seriousness of the zero-day threat.

The fix

Windows' Automatic Updates will eventually install the patches you need. But its Automatic Updates tend to roll out slowly, leaving your PC vulnerable during the critical time between the public release of the patch and the moment you install it.

There's no technical fix for this danger. You need to keep up with the latest security news and visit update.microsoft.com as soon as you hear about an out-of-band patch.

NEXT PAGE: Mac malware

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

14. Mac malware

No matter what you've heard, Macs are not immune to security problems, including malware that employs deceptive techniques to fool users into installing it.

The fix

If you use a Mac, don't sit back and assume it's impregnable. It's not. You need to keep up to date with security updates just the same as Windows users. Things to watch out for include the automatic updates that Apple releases, as well as the various patches for software that third-party vendors may not automatically alert you to.

15. Fake antimalware

Fraudulently advertised, ineffective antimalware ranks among the fastest-growing types of online scams. Online ads that simulate Windows alert messages tout products such as DriveCleaner, WinFixer, Antivirus XP and Antivirus 2009, warning you that your PC is infected with malware and advising you to buy the named product to fix it.

Some purveyors of these sham utilities embed warning messages directly into the Windows desktop or pop-up messages from a System Tray applet to convince you the problem is serious.

But these scareware tools only pretend to scan your computer for dangerous malware. Instead, they detect either innocuous, commonly used Registry keys or non-existent (or planted) alien files.

Even worse, many of the programs disable key components of Windows, such as the Registry editor or Task Manager.

Or they may deactivate options within the OS's Display Properties settings to prevent you from killing the programs or removing the alert messages.

People are particularly susceptible to these packages because the sneaky sellers charge an apparently reasonable fee.

The fix

A legitimate malware remover - one that independent testing has determined is effective - should be able to take care of the immediate problem of having an adware program that refused to be uninstalled. Check your security software to see if it will do the trick.

But the real fix for this plague may be concerted government action. Late last year the US Federal Trade Commission asked a federal court to step in and thwart some perpetrators of this type of scam. It may be that prison terms or massive fines are the only useful deterrents, and will have to be introduce here too.

NEXT PAGE: phishing without email

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

16. Phishing without email

In a traditional phishing attack, a scammer sends out millions of phoney email messages that are disguised to look as if they come from legitimate companies.

But researchers at security vendor Trusteer say that ‘in-session phishing', a new type of attack, could help criminals steal online banking details by replacing the email message with a pop-up browser window.

Scammers might hack into a legitimate website to plant HTML code that looks like a pop-up security alert. This asks the victim to enter login information and to answer other security questions that banks use to verify a customer's identity.

For attackers, the hard part would be to convince victims that the pop-up notice is legitimate. But according to Amit Klein, Trusteer's chief technology officer, a bug found in the JavaScript engines of the most widely used browsers can be used to make this type of attack more believable.

By studying the way browsers use JavaScript, Klein has found a way to determine whether someone is logged into a website, provided that they use a certain JavaScript function. Klein has notified browser makers and expects that the bug will eventually get patched.

Until then, criminals who find the flaw may be able to write code that checks whether web surfers are logged into, say, a predetermined list of 100 banking sites.

"Instead of just popping up this random phishing message, an attacker can get more sophisticated by probing and finding out whether the user is currently logged into one of 100 financial institution websites," Klein says.

17. Fake review sites

This is a scam that PC Advisor and many other respected reviews sites have been targeted by. You may come across a cogent-sounding review of a product that appears to be (but is not) from PC Advisor. The product gets a great write-up and you know the advice you've been offered is independent and honest, so you click the button to buy the item in question. But it's a fake site that uses a web address that closely resembles the URL of the real website.

In reality, the likelihood of you coming across a rogue review is slim. According to Lawrence Abrams, owner of BleepingComputer.com, fake reviews will only be seen by those who install dodgy fake security apps.

When some variations are installed, they add a series of entries into the Windows hosts file which direct users to fake websites. "By adding these entries into your Hosts file, if you go to any of the websites listed, instead of going to the legitimate site, you will instead be redirected to a site under the control of the developers of Anti-virus-1 and not realise you are doing so," said Abrams on his site.

The fix

Firstly, make sure you type in the exact web address of a trusted site. Usually, we'd suggest Googling the name of any suspect item and reading up on a number of sites to see whether the software you think is legitimate really is. But the scareware writers seem to have thought of this, seeding the web with assurances from security companies (on fake websites) about the program. Google is addressing this, but consider whether what you're being told sounds too good to be true.

If in doubt, ask around using web forums. Alternatively, grab one of the tried-and-tested security programs that we include on the PC Advisor cover DVD and run a scan to see whether your PC is infected.

NEXT PAGE: five common Facebook scams

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

18-22. Five common Facebook scams

Email is still the most spam-infested medium, but social-network cybercrime is growing at a faster rate. Indeed, more than 20,000 pieces of malware attacked social-networking sites in 2008, according to Kaspersky's estimates.

1: THE NIGERIAN 419

This February, Jack Straw's Hotmail account was hacked, and emails were sent out to people in his contacts list. These claimed he'd lost his wallet while on government business in Africa, and needed to borrow £200 to help him out.

This principle has been used for years to dupe victims into handing over cash to complete strangers in foreign lands on the promise of large fortunes in return. It's known as the Nigerian 419 scam. Now a version of the con has shown up on Facebook.

"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," explains Vicente Silveira of VeriSign.

The fix

Before you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network, using phone or external email. If that's not possible, ask an extremely personal question that a hacker couldn't possibly work out from information within the profile.

2: ROGUE WIDGETS

Facebook is famous for its third-party applications. Sometimes, however, these ‘widgets' turn rogue and pursue a single mission: stealing your data.

The first rogue widget was called Secret Crush - and it had anything but sweet intentions. Supposed to help you find your virtual admirers, it instead installed spyware on your PC. It encouraged you to spread the love by getting other friends onboard. "The widget manipulated humans to pass it along on their own," says Guillaume Lovet, senior manager of the threat response team at Fortinet.

The original Secret Crush has since been crippled, but the potential for similar threats remains. Security experts recently uncovered an application called Error Check System that was misusing profile details and may have been stealing data.

The fix

You need to be cautious when installing third-party applications. "When you agree to install one, whether it's malicious or not, you're granting its author access to all the information in your profile," Lovet says. So you should make sure you know what the app's creator will do with this data.

3: THE KOOBFACE VIRUS

Koobface (an anagram of Facebook) is a virus that sends messages to your friends, directing them to a ‘hilarious video' or some ‘scandalous photos' of a mutual friend. Victims quickly find that there's little to laugh about.

The link goes to a web page with a fake Adobe Flash update that needs to be downloaded. Needless to say, that download is malware.

The fix

Antivirus software can help keep you safe, but common sense can also go a long way. Be wary of direct links in messages or postings and, if in doubt, type in the web address for the software maker's site to see what they have to say on the matter.

NEXT PAGE: Facebook phishing

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING

Security news and reviews

Forewarned is forearmed. PC Advisor investigates the latest and most deadly tech dangers, and explains how to fight back.

4: PHACEBOOK PHISHING

Phishing has blossomed on social networks. Scammers trick users into following links that open official-looking Facebook login prompts. If you enter your username and password, the information is logged and your account is theirs.

The fix

As with other scams, avoid incautious clicking and you should be okay. And if you're ever asked for your password in the middle of a session, don't enter it. Manually navigate back to the home page instead, and then log in there if necessary.

5: USER-GROUP MARKETING

Facebook user groups are fun, but they can sometimes be cleverly disguised vehicles for marketing. When you click the Join link, you're effectively opting into a succession of pitches, adverts and marketing spiel.

Brad J Ward became suspicious when a Facebook group for his year at school seemed to be run by people unrelated to the institution. He then discovered that 400 other school groups for some reason had the same circle of administrators.

"Someone was setting themselves up to be the administrator for hundreds of groups, giving them the opportunity to send out mass messages or collect data," Ward says.

While they simply wanted to build up a large mailing list so they could pitch a college guidebook to them, it wasn't transparent that this was the case. "They could be misconstrued as an official university presence," Ward says.

The fix

Be selective in deciding which groups you join. If you aren't sure who runs a community, don't accept the request.

Quick links:

  1. Defeat the latest and most deadly web threats
  2. Internet privacy I: cache
  3. Internet privacy II: history
  4. Malware-ridden public PCs
  5. Social-networking dangers
  6. Your privacy in Google's hands
  7. Mobile-phone data loss
  8. Hidden data
  9. Mac malware
  10. Phishing without email
  11. Five common Facebook scams
  12. PHACEBOOK PHISHING