The scariest sites on the net? They're not the ones you might suspect. Here's what to watch for and how to stay safe, in our list of the 17 scariest places on the internet.
Threat 12: Fake antivirus software that extorts money - and your credit card information
The place: Your inbox, hacked legitimate sites
Fake antivirus programs look and act like the real thing, complete with alert messages. It isn't until you realise that these alerts are often riddled with typos that you know you're in trouble.
Most fake antivirus software is best described as extortionware: The trial version will nag you until you purchase the fake antivirus software-which usually does nothing to protect your PC. Once you send the criminals your credit card information, they can reuse it for other purposes, such as buying a high-priced item under your name.
You can get infected with a fake antivirus app in any number of ways. For example, in drive-by downloads (see the previous item), a malicious payload downloads and installs without the user realizing it or having any time to react.
If you have to go there: If you get an alert saying you're infected with malware, but it didn't come from the antivirus software you knowingly installed, stop what you're doing. Try booting into Safe Mode and running a scan using your legitimate antivirus software.
However, such a scan may not clean up all of the malware-either the scanner doesn't have a signature for one fragment, or that piece doesn't act like traditional malware. This may render behavioural detection (which spots malware based on how it acts on your system) useless. If all else fails, you may need to call in a professional.
Threat 13: Fraudulent ads on sites that lead you to scams or malware
The place: Just about any ad-supported website
Hey - ads aren't all bad! They help sites pay the bills. But cybercriminals have taken out ads on popular sites to lure in victims. Last year, the New York Times site ran an ad from scammers, and earlier this year some less-than-scrupulous companies were gaming Google's Sponsored Links ad program and placing ads that looked like links to major companies' websites.
"The bad guys have become very clever at exploiting online advertising networks, tricking them into distributing ads that effectively load malicious content--especially nasty, scaremongering pop-ups for rogue antispyware," says Eric Howes, director of research services for security firm GFI Software.
If you have to go there: Most large sites have ad sales departments that work frequently with a core group of large advertisers, so it's probably safe to click a Microsoft ad on the New York Times site. But as the Google Sponsored Links incident shows, nothing is entirely fail-safe.
Threat 14 : Questionable Facebook apps
The place: Facebook
Facebook apps have long been an issue for security experts. You don't always know who's developing the apps, what they're doing with the data they may be collecting, or the developers' data security practices. Even though you have to approve apps before they can appear on your profile and access your personal information, from there the security of your data is in the developer's hands.
If you have to go there: Be selective about the apps you add to your profile - don't take every quiz, for example. Check your privacy settings for Facebook apps, as well: Click the Account drop-down menu in the upper-right corner of Facebook's site, select Privacy Settings, and then click Edit your settings under 'Applications and websites'. There, you can control which apps have access to your data, and which of your friends can see what information from apps (such as quiz results); you can also turn off Facebook apps altogether.
NEXT PAGE: 'Free electronics' sites