Online con artists

Social networks provide a perfect environment for con artists. "People think they're surrounded by their friends, and it's easy to fool them," says Kevin Haley, director of product management for Symantec, the security software company.

David Hiller, a freelance video journalist from Wayne, N.J., wasn't so easily fooled by a Facebook chat message that appeared to come from Elana Rivel, a longtime friend from college. It claimed that she and her husband had just been robbed at gunpoint in London and needed help.

Hiller responded by asking the sender for personal information to verify the sender's authenticity—Rivel's brother's name. The sender was able to provide it, but Hiller quickly realized that the name was visible on Rivel's Facebook profile. "I'm serious!" the next message to him said. But Hiller persisted, asking for the name of their college cafeteria. When the sender couldn't provide that, Hiller knew it was a scam.

Next, Hiller did exactly what security experts recommend in such circumstances: He attempted to reach Rivel via a separate e-mail address. But he soon realized that the same person had taken over that account, too. Finally, he called her workplace, only to learn that she was in Pennsylvania, not London.

Rivel, a synagogue consultant from the Philadelphia area, doesn't know exactly how the scammers got into her Facebook account. But she's taking measures to avoid a recurrence. "The biggest thing I'm changing is being more mindful of my passwords," she says, noting that she now uses different passwords on all her sites. "I'm not going to stop using Facebook."

Being cautious in disclosing passwords can protect you from a variety of crimes. For example, scammers can send people an e-mail message, apparently from Facebook, telling them to click on an attachment to access a new password. Doing so installs software on their computer that grabs their user name and password.

Another scheme uses a hijacked social network account to send an online friend a Web link with an accompanying message, complete with the hijacked account's profile picture, which says something like, "Hey, watch yourself in this video!" Clicking on the link infects the recipient's computer with malware that the criminal uses to steal passwords.

To avoid becoming a victim, take the same precautions you would anywhere online: Don't respond to any message, no matter how official looking, that asks for a password or PIN. And don't click on links to videos you weren't expecting or share account information through online messages.