|Updated: 12/22/2011 11:07 am
||Published: 12/22/2011 10:31 am
Not too long ago, Amy McGraw got a message from a friend on twitter.
"The message was, 'You've got to check out this pic I've found of the two of us,' with a link," Amy said.
So she clicked on the link, and it brought her to a log in page.
She entered her password without thinking twice.
"Within minutes, that same direct message was sent to my entire address book," Amy said.
Amy had been fooled by a phishing scam.
It is one of several targeting sites like Facebook, MySpace, and Twitter.
Internet security group Symantec says millions of people are becoming victims, so they want you to be warned about the potential of hackers.
"They're trying to lure you into clicking on that link and opening up something so that your machine could be compromised, or tricked into paying money, or tricked into buying some software," John Harrison of Symantec said.
Even the savviest people who use social media are suffering, because these scams look like they're coming from friends and family.
"Have you ever seen one of those posts from your friend, and you go ‘why did Joe post that?’ Joe could have been looking at football scores, or clicked on a link to watch a video, but behind the scenes what's happening is there's an invisible "like" button," Harrison said.
Clicking that invisible button will update your status with spam, or even change your privacy settings.
Another popular scam that can spread like wildfire is the questionnaire scam, or survey.
"They'll ask your name, your address, your phone number,” Harrison said. “They're then brokering that information and selling it to people."
Symantec also warns to be wary of shortened URLs. That's because the full web site address is hidden.
"You may actually be taken to a site that silently infects your computer with malware," Harrison said.
And while social media apps are all the rage, some scammers are creating their own, inappropriate versions. They may look legit, but they are not.
"Look at the reviews, find out whether these are real applications before you install things, and watch the types of things that it's asking for," Harrison said.
Other ways to prevent an attack include making sure you have up-to-date security software, and using a different, complex password for each account.
Most importantly, think before you click.
"Be careful about links in e-mails or via message, especially if it may be out of someone's normal nature to share something like that," Harrison said.
After a bad experience, Amy changed her twitter password and took back control of her account.
She hopes others learn from her mistake.
"I was distracted, and that's all it took was just one moment of distraction for me to get hacked."
Hacked, but now informed.