The Importance of Safe Social Networking

Know the Risks

No matter how real online interactions seem, they’re not quite like hanging out with friends because you never know for sure who you’re connecting with. You may be revealing personal details to a much wider audience than you realize–a mix of family, buddies, acquaintances, co-workers–and complete strangers.

When ordinarily you might share only a part of your life with any one person–intimate details with close friends, complaints about your work load with colleagues–online you may be sharing everything with everybody. Unlike a private conversation, after information has been published on the Internet, it’s effectively there forever. It’s available to future employers, friends, job recruiters, and others with consequences you may be unable to imagine.Most people you’ll meet online are genuine and decent, but just as in the rest of the world, some are up to no good. They could misuse the information you disclose to tarnish your reputation, harass you, steal your identity, even jeopardize your physical safety. They could also try to break into your computer to plant spyware, or exploit your PC to send spam or commit crimes.

Advices for safer online socializing

1. Set your boundaries

Think carefully about how public you want your profile or blog to be. The more identifiable the information you share, the more selective you should be with whom you share it. Evaluate the social site before you use it. Does it offer the level of control, protection, and overall experience that’s right for you? Who’s using it and how? Will you feel comfortable in this community? Some sites automatically make profiles public; others set them to private by default. Look for Settings or Options to control who can see your profile or photos tagged with your name, how people can search for you, who can make comments, and how to block a bully.

Carefully read the terms of use. Does the site claim ownership of your information? Resell it? Use it to target ads to you? Find out if and how vigorously the site monitors abusive interactions or inappropriate content and how to report these.

Be selective about friends. Think twice about who you accept as a friend. Consider adding only those you or close friends have met in person or with whom you have friends in common.

Periodically reassess who has access. Friends change over time.

Review what your friends write about you. Make sure they don’t post anything sensitive like private photos or your whereabouts. It’s okay to ask someone to remove information that you don’t want disclosed.

2. Think before you post

Before you post anything online–blogs, comments, tweets, snapshots, links–consider two things: it may ultimately be seen by anyone on the Internet and it can be permanent. The

site may archive what you’ve posted, friends (or ex-friends) may give it out, or hackers and security lapses may expose it.

Choose a user name that doesn’t attract unwanted attention or help someone find you.

Don’t over share. Don’t post anything you’d ordinarily say only to a close friend. Some sites let you create separate friend lists–for family, for your sports team, and so on–so you can manage what you share with each.

Keep details to yourself that could be used to identify you or locate you in person–your home address, phone and account numbers, birth date, photos, etc.

Avoid posting provocative pictures or videos.

Use caution when sharing feelings. Whether you’re happy, sad, angry, or have money worries, confiding broadly could put you at increased risk.

Talk with family and friends about what you might share about them. Remove from your pages any info that doesn’t conform to their wishes.

Treat others as you would like to be treated. Be judicious about what you say on your own and others’ pages.

TIP:

If you spend time in a virtual world, don’t reveal your real name. For example, if you must send e-mail to a virtual friend, set up a unique address with your character’s name instead of using an account in your own name.

3. Protect accounts with strong passwords

Use at least eight characters (longer is better) and include upper and lower case letters, numbers, and symbols. (Learn more about creating strong, memorable passwords at

microsoft.com/protect/yourself/password/create.mspx.)

Don’t share your passwords with friends or be tricked into giving them away to someone or to another site. People most often gain illicit access to accounts because the owner

gave them the password.

4. Defend your computer against Internet threats

Be wary about clicking links to video clips and games, or opening photos, songs, or other files from any source–even someone you trust. A virus could have sent the file and the download could install destructive software. Check with the sender or poster or use a search engine to find the link or file yourself.

Build up your computer’s defenses and keep them up to date. Use firewall, antivirus, antispyware, and antispam software.

Keep all software (including your Web browser) current with automatic updates.

Be careful about installing add-on apps. Many let you enhance your personal pages, but some may damage your computer or steal sensitive data. Stick to extras that the social

site recommends or ones that are reputable.

Email and web scams: How to help protect yourself

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as “phishing scams” because they “fish” for your information. Phishing email messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data.

What does a phishing email message look like?

Phishing email messages take a number of forms:

  • They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.

  • They might appear to be from someone in your email address book.

  • They might ask you to make a phone call. Phone phishing scams direct you to call a phone number where a person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data.

  • They might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal history that scammers found on your social networking pages.

  • They might include links to spoofed websites where you are asked to enter personal information.

To make these phishing email messages look even more legitimate, the scam artists use graphics that appear to go to the legitimate websites (Windows Live Hotmail and Woodgrove Bank, respectively), but actually take you to a phony scam site or possibly a pop-up window that looks exactly like the official site.

What does a phishing link look like?

Sometimes phishing email messages direct you to spoofed websites.

HTML-formatted messages can contain links or forms that you can fill out just as you would fill out a form on a legitimate website.

Phishing links that you are urged to click in email messages, on websites, or even in instant messages, may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate website.

Phishing scams that target activities, interests, or news events

New phishing scams are generated whenever there is a newsworthy event, such as a natural disaster, a national election, or a significant change in the world financial system.

  • Fake e-cards

  • Fake job opportunities

  • Donation scams

1. Fake e-cards

E-cards are created the same way websites are: They’re built on the Internet, just like website pages. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.

This means an e-card you receive could actually be a phishing scam, spam or a spyware installer, or a computer virus.

How to avoid fake e-cards

  • Recognize the sender of the e-card. If you don’t know the sender, do not trust the card. Legitimate companies have standard, obvious ways for you to recognize that the email is not a fraud.

  • For example, with MSN Greetings, the “from” always shows “Ecard from MSN Greetings” as the display name and “ecards@msn.americangreetings.com” as the email address.

  • Make sure you check both the display name and email address of the sender.

  • When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of the email.

  • For example, if you use MSN Greetings, you can view your greeting on the MSN Greetings website. Type “msn.americangreetings.com” into your web browser and click the “ecard pickup” link in the upper right-hand corner.

  • Never download or click anything from an unknown source.

  • Be wary of an email message or file attachment from someone you don’t know or that seems suspicious.

  • Preview a link’s web address before you click it. If the link doesn’t show an address, move your mouse pointer over a link without clicking it to see where the link goes. (The address should appear on the bottom bar of your web browser.)

  • Don’t accept an end-user agreement without reading the fine print first; you might inadvertently agree to install spyware or something else you don’t want.

2. Online job-hunting scams

Phishing scams might also appear as phony job ads, used to convince job hunters to send them personal information. Cyber criminals post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.

These sites might also charge fees for services they will never render. Typically, after a few days the thieves close down the scam and disappear.

Best practices for online job hunters

  • Never provide non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through email, over the phone, in a fax, or on your resume.

  • List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.

  • Verify a prospective employer, recruiter, or recruiting agency through another source or a phone book, and then contact them directly—or better yet, visit them in person at the company location during regular work hours.

  • If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours.

  • Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for “exclusive” job leads or for a job itself.

  • If you are paying for job placement services, don’t provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.

  • Carefully evaluate contact information in job ads or related email messages, watching out for spelling errors, an email address that does not feature the company’s name, and inconsistencies with area or zip codes.

  • Create an exclusive web-based email address and account for all non-personal communication.

3. Donation scams

Natural disasters, political campaigns, and global health issues are often the focus of donation phishing scams. For example, in recent years, cyber criminals have taken advantage of earthquakes and tsunamis to create illegitimate “charity” businesses to help the survivors of these events.

Most of these scams begin with an email message or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a link, you are taken to a phony website designed to trick you into providing your personal financial information.

How to avoid donation scams

  • Be on guard if you receive an unsolicited email message from a charitable organization asking for money. Don’t open any attachments or click any links. Manually type the charity’s web address into your browser’s address bar and make sure the request is legitimate before you donate.

  • Double-check the spelling of the organization’s website in the address bar before looking through the site. Spoofed websites often use deliberate, easily overlooked misspellings to deceive users.

  • On the web page where you enter your credit card or other personal information, look for an “s” after http in the web address of that page. It should read: https://. (Encryption is a security measure that scrambles data as it traverses the Internet.)

  • Make sure that there is a tiny closed padlock in the address bar, or on the lower-right corner of the window.

  • If you are using Internet Explorer, one sign of trustworthiness is that the address bar turns green and displays both https and the closed padlock.

  • Improve your computer’s defenses by always using firewall, antivirus, and antispyware software, and making sure to download and install updates for all of your software. Use automatic updates so you don’t have to manually install the updates.

  • Use a browser filter that warns you of suspicious websites, such as the SmartScreen Filter in Internet Explorer 8 and the Phishing Filter in Internet Explorer 7.

Tags: , , , , , , , , , , , , , , ,

Leave a Reply

You must be logged in to post a comment.