In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares the results of a recent study on social network safety and security. Bottom line? People are becoming less “social” on social networks. Read on!

We’ve been monitoring and writing about the issues surrounding social networking safety and security for many years. During that time, we’ve been very concerned that no-one was really getting the Facebook safety and security message. We’re glad we were wrong, because according to a recent survey by the Pew Research Center’s Internet Project & American Life, users of social networking sites (or SNS) are becoming more careful and acting more cautiously.

According to Pew “Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.” About two-thirds of internet users now use some kind of social networking site, Facebook and Twitter being the most popular.

Of these users:

• 63% of them have deleted people from their “friends” lists, up from 56% in 2009.

• 44% have deleted comments made by others on their profile.

• 37% have removed their names from photos that were tagged to identify them.

• 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active “unfrienders” when compared with older users.

• A majority of social network site users – 58% – restrict access to their profiles and women are significantly more likely to choose private settings.

• More than half of social networking site users (58%) say their main profile is set to private so that only friends can see it.

• 19% set their profile to partially private so that friends of friends can view it.

Unfortunately, some people just don’t get the security message. At least one in every five social networking user says their main profile is set to be completely public. Women who use SNS are more likely than men to set the highest restrictions (67% vs. 48%).

The personal security situation could be even better, and safer, if users didn’t have so many problems figuring out how to master their privacy settings. Half of SNS users say they have some difficulty in managing privacy controls. Those with the most education report the most trouble. In all, 48% of social media users report some level of difficulty in managing the privacy controls on their profile, while 49% say that it is “not difficult at all.”

Regrets? Seems like some social networking users have had a few. According to the study:

• About one in every ten social networking users have posted content they regret.

• Male profile owners are almost twice as likely as female profile owners to profess regret for posting content (15% vs. 8%).

• Young adults are also more prone to say they regret some of their social media postings; 15% of profile owners ages 18-29 say they have posted content they later regret, compared with just 5% of profile owners ages 50 and older.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

The Today Show recently featured a story about a man sentenced to 26 years for stalking a woman for 17 years. In this article, Intersections’ Consumer Security Adviser Neal O’Farrell writes about a new report that indicates that as many as 1 in 5 Americans may be victims of online stalking, Read on to learn how you can prevent yourself from becoming one of those victims!

1 in 5 Americans may be victim of online stalking

A new study recently released by the National Cyber Security Alliance (NCSA) and McAfee found that one in five Americans have come in contact with someone online who made them feel uncomfortable through stalking, persistent emails, and other aggressive outreach attempts.

The report was published to coincide with January’s National Stalking Awareness Month and revealed a number of troubling statistics.

For example:

• The National Center for Victims of Crime estimated that stalking affects 3.4 million victims every year

• One in four victims report that the stalker uses a variety of technologies, such as computers, global positioning system (GPS) devices, or hidden cameras, to track the victim’s daily activities.

• Just less than 40% of those victims reported the incident while 61% chose not to.

“The Internet is an amazing tool for sharing and connecting with people. Unfortunately, there are some people who will use it to track, harass or make unwanted contact. Stalking can be dangerous and should be taken seriously,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “We encourage anyone who believes they are being victimized online to report the crime and seek help, if needed, from law enforcement or a victim service provider.”

The authors of the report offered the following tips to help you avoid stalking and deal with stalkers:

1) Clean up your online profiles – Don’t include your address or phone number in an online profile. If you must use a professional networking site such as LinkedIn for work, include your company’s corporate address instead of your actual office to prevent someone from knowing where you work. Think about each piece of information you include on your profile and whether it would be dangerous if it fell into the wrong hands.

2) Lock down your privacy settings – If you are a social networking user, make sure to set all of your privacy settings to “private” or “friends only” to keep people outside of your network from accessing your information. It’s also important to regularly check the settings to make sure there haven’t been any changes that leave your data exposed.

3) Be careful whom you connect with – When using social networking sites, only connect with people who you know in real life. A stranger who tries to “friend” you could become trouble later on. Also, pay attention to the people your friends are connected with to prevent your information from being shared with someone suspicious.

4) Search yourself to see what’s out there about you – You might be surprised at what you find when you search for yourself. Old website profiles, online forum posts, and pictures of you posted by other people could all be unearthed in a quick search. If you find information about yourself that you want removed, contact the website or person hosting the content.

5) Don’t use an email address that is easy to identify – Stay under the radar by selecting online handles that don’t include your name, date of birth, or other details about you that a stalker might easily recognize. Once you have an anonymous address, guard it as you would your credit card or Social Security number.

6) If you have a personal website, don’t post your email address – These days many of us have blogs and personal websites, but it’s a bad idea to post your email address. Instead, use a contact form so that people can reach you without having your personal address.

7) Be careful when posting photos online – You never know where photos can end up when you post them online. Someone could find them in an image search, post them to a website or downloaded them to their computer. And if the photo contains information about where you live or work, you could wind up giving a stalker all the information they need to locate and harass you.

8. Create strong passwords – Make it difficult for someone to guess your passwords by using a mix of letters, numbers and characters and make sure that they don’t spell anything. Passwords that include the name of your pet or some other personal detail could easily be guessed, allowing an attacker to gain access your account. The same goes for security question answers. Choose hard-to-guess answers to prevent someone from using the password retriever function to obtain your password.

9) Avoid using location-based services – “Checking-in” to restaurants and other locations can be fun, but it can also be dangerous if someone is stalking you. If you must use location-based services, choose a unique username or alias that is not associated with any of your other accounts to make it more difficult for people to identify you.

10) Delete old posts or entries – If you have a stalker, they will scour the Internet for any tidbit of news about you so it’s a good idea to delete any old forum posts, Tweets or status messages that include any personal details or information that could allow them to find you both online and off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Although it’s barely a month into 2012, there is a lot going on with security and privacy on the world’s most popular social networking site – Facebook. Intersections’ Consumer Security Adviser, Neal O’Farrell is here today to give us an update on several new Facebook security issues.

2012 has already been an interesting year for Facebook security, with the emergence of some dangerous new scams and the unmasking of one of Facebook’s most notorious cyber gangs.

In case you never heard of Koobface, it’s a piece of malware that first emerged in 2008 and quickly infected millions of users. Users were tricked into downloading the malware by clicking on infected links on Facebook pages with messages like “Lol, is this you in this video?” These users were then enlisted into a giant international bot network of hijacked computers, at one point numbering close to one million computers, which in turn were used to engage in a variety of criminal activities that including pedaling fake anti-virus software.

The Koobface gang, as they became known, were able to generate millions of dollars in criminal gains, and all the while working out in the open, in plain sight, in the Russian city of St Petersburg. Until January 16th, when the New York Times and other outlets identified the five members of the gang and posted their photos across the world.

Apparently that did the trick, because Facebook just reported that they had finally wiped all traces of Koobface from Facebook, and that the command and control servers used to manage this massive criminal network appear to have gone silent.

But if everyone knows who these criminal are, and have known for some time, why were they not arrested? In a statement from Russian authorities, the answer is simple – no-one ever bothered to ask them to investigate or arrest them. While that’s probably not the case, and Russian authorities have probably known about and tolerated the gang for years, it reminds us once again why so many of the world’s most notorious hacking gangs work unimpeded from behind the Russian border.

But that might have been the only good news on the security front for Facebook. Just last week we talked about a dangerous new worm called Ramnit, which had apparently been merged with the highly dangerous Zeus banking Trojan and stealing Facebook passwords in the expectation (probably correct) that many Facebook users use the same password on other sites. Like their online banking.

And that was followed by a Facebook ransomware attack, where Facebook users received messages claiming that as a result of some unusual activity their Faceook account had been suspended and they would have to pay a fee of around $30 in order to unlock it.

There are some important lessons to be learned here:

• Probably the only way to defeat all these Facebook threats that keep emerging is for everyone to stop using Facebook. Criminals are only targeting Facebook because it’s easy to pick the pockets of such large crowds.

• It’s like playing whack-a-mole with criminals. As soon as one gang or piece of malware has been neutralized, another takes its place. And often the replacement has learned from its predecessors, adapted itself, and become even more potent.

• It’s still down to users. Facebook is doing all it can (I assume) to counter all these threats. But if you really do love Facebook, you can help – by being more cautious, vigilant, and cynical when it comes to any unusual messages you receive. And of course, a strong and well-protected password would be greatly appreciated too.

You can read details of the compelling Koobface expose here.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares his thoughts on keeping yourself safe at work.

While most of the advice we offer on the Daily Shield focuses on protecting your personal space and finances, it’s easy to forget that some of the greatest security vulnerabilities can be found in a place you may spend much of your life – the workplace.

And with an endless stream of data and security breaches being traced back to bad decisions in the workplace, it could help you and your job if you pay a little more attention to workplace security and privacy.

With that in mind, here are a few simple ideas that can protect you and your co-workers in the year to come:

• Know the rules and follow the policies. Security policies sound like a pain, and in some workplaces they’re so long and complex they read like a text book for a law degree. But policies are there for a reason, and even if they’re poorly written or overly complex, you still need to pay attention to them. If properly implemented, they protect data, protect your workplace, and even protect your job.

• Be careful what you bring to work. One of the biggest threats in 2012 is BYOD – Bring Your Own Device. In spite of policies against them, many employees still bring their own smartphones, laptops, and tablets to work. Thumb drives are a particular source of security problems. If you use those devices to store work information or access corporate networks or systems, you risk exposing your workplace to all kinds of threats. If your employer doesn’t know what kinds of devices you’re using, and what kind of security precautions you’re taking, they’re almost defenseless against the risks your devices might pose.

• Keep your personal information hidden or out of the office. A study as far back as 2005 by the University of Michigan found that close to 70% of all identity thefts in the United States might originate in the workplace. Even if the report is only half right, that’s reason enough for you to guard any personal information you bring to the workplace. So hide any personal financial documentation, wallet, purse, personal devices and anything else a co-worker might grab an opportunity to snoop on.

• Be careful with social media. Many workplaces still don’t have clear rules about the use of social media in the workplace, but that doesn’t mean you should ignore the risks. And apart from getting into trouble for checking your Facebook page too often at work, some of the biggest risks when using social networks at work include saying things that could get you or your employer into trouble, giving away corporate secrets or insider knowledge, or clicking on a malicious link that introduces malware into your workplace.

To avoid these dangers (1) stay off Facebook at work as much as possible, (2) if you do use Facebook or Twitter, mind what you say – about yourself, your workplace, your colleagues, and your job, (3) be very careful what you click on.

• Protect your passwords. If your workplace has guidelines or policies on the proper use of passwords, follow them. The rules are there because they work. If your workplace doesn’t have any clear rules, then use common sense. Use long and complex passwords, change passwords often, don’t share them with others, and be wary of calls or emails claiming to be from a colleague and requesting your password.

• Challenge strangers. One of the most common attacks on the workplace is the walk-in, where a complete stranger will simply walk into the business, perhaps posing as a customer, repair technician, or even a janitor, and steal information. If you come across a stranger in your office, don’t simply ignore them. Offer to help them, ask them who are and what they’re looking for, and if they seem suspicious, notify security or your colleagues.

• Think privacy. The root of good security is a respect for privacy. As a consumer you value your privacy and expect it to be respected and protected. So why not expect that for others. If you come across the personal information of others, give it the respect it deserves. Good security flows from a respect and passion for privacy, and if it’s second nature, security breaches are less likely to happen.

• Be an advocate. If you truly believe in security and privacy, and believe that it makes a difference, then speak up. Become a privacy advocate in your workplace. Encourage co-workers to take security and privacy seriously, and if there are no security guidelines or policies in place already, offer to work with your employer to create share, and apply them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell provides his comments and analysis of the recent privacy settlement between Facebook and the Federal Trade Commission (FTC). A must read!

As a result of numerous complaints from a number of privacy advocates and organizations, the FTC finally launched its own investigation into Facebook’s privacy claims and failings. According to the FTC’s own statement, which announced the settlement on November 29th 2011, Facebook allegedly made many promises that it did not keep:

• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

• Facebook promised users that it would not share their personal information with advertisers. It did.

• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Speaking about the issue on his Facebook page the very same day, Facebook founder Mark Zuckerberg insisted that “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”

At the same time he announced the appointment of two privacy officers – reminds me of Sony’s announcement that after more than half a century in business it finally decided it would be a good idea to hire a head of security, only after hackers stole nearly 100 million user accounts. Better late than never, I suppose.

The settlement requires that Facebook can no longer conduct business as usual when it comes to privacy, cannot make any further deceptive privacy claims, and must get users’ approval before it changes the way it shares their data.

Specifically, under the proposed settlement, Facebook is:

• barred from making misrepresentations about the privacy or security of consumers’ personal information;

• required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

• required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

• required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

• required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t look like Facebook has to pay any fines or suffered any other punishments. It’s simply on privacy probation for at least the next 20 years.

Read the full statement from the FTC.

To keep up to date on Facebook privacy issues, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Neal O’Farrell talks about the importance of keeping on top of your own personal security. And there is no better time to do that than in October, which is National Cyber Security Awareness Month.

It’s October again and you know what that means. No, not just Halloween, although some of the stuff out there is beginning to get scary. It’s also National Cyber Security Awareness Month and a great time for you to review your security, take a close look at your personal habits, and make some of those changes you might have been putting off.

October should be “take another look” month because it’s a great reminder for you to take another look at some of the stuff you might be taking for granted.

Take another look at Facebook

• Have you changed your password recently? If not, do it now.

• Have you removed any personal information that might help a thief learn more about your background, like where you grew up, went to school, date of birth etc.?

• Have you hidden your mobile phone number on your Facebook page? Your bank may use that number to send you alerts and you don’t want thieves intercepting those alerts.

• Have you revisited your privacy settings lately? Because Facebook changes so much, you should check your settings regularly to make sure they’re still doing what you expect them to. Network World has a great slideshow entitled “Facebook Privacy: 11 settings to revisit now.”

Take another look at your computer and device security

• When was the last time you updated your anti-virus software, and is it set to automatically update?

• Have you checked that your anti-virus program is actually in place and turned on? Make sure that it wasn’t disabled accidently by another user or family member, or even by malware.

• Are you protecting valuable information on your computer or laptop with encryption? It’s a great defense against theft and hackers.

• Have you removed any apps from your phone and tablet that you don’t really need?

• Have you installed security software in your smartphone or tablet? Don’t forget that these devices can be just as vulnerable as your computers.

Take another look at your credit reports

• When was the last time you checked your credit reports? If it’s been more than three months, it might be time to check them again. Check your reports free at www.annualcreditreport.com.

• Are you using IDENTITY GUARD®? IDENTITY GUARD® provides one of the most comprehensive collections of security tools to protect your identity from all kinds of attacks and it works best if you take advantage of all its great features.

Take another look at your browser

• Have you updated it lately or set it to automatically update?

• Have you looked at the security of add-ons and extensions to your browser, and uninstalled extensions you don’t need?

• Have you thought about switching or upgrading to Internet Explorer 9 or IE 9? It has a host of new security features that can provide almost as much protection as desktop security software.

Take another look at your kids

• Are they on Facebook? If they are, have you talked to them about dangers and precautions?

• Have you created your own Facebook page so you can friend your kids and keep an eye on them?

• Have you set rules for what they can’t say and send on their phones and computers?

• Have you moved family computers to a family area – meaning no computers where you can’t see them?

Take another look at your passwords

• Have you changed the most important ones lately, like bank accounts, email, and Facebook?

• Have you moved from passwords to passphrases, to make it easier to create and remember complex passwords?

• Have you started using a password manager to keep all those passwords in a safe place?

• Have you talked to your kids or employees about changing and protecting their passwords?

Take another look at your bank accounts:

• Do you have a password management system, like ID Vault® or an anti-keylogger such as PRIVACYPROTECT®, on your computer to protect your bank logins and passwords from thieves?

• Have you opted for e-statements instead of paper statements, to protect your statements from being intercepted in the mail?

• Have you set up account alerts so that your bank or credit union can immediately notify you of any payments, transfers, or withdrawals?

• Have you changed your bank account password recently?

• Have you checked your statements for any unusual transactions?

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

There are news reports almost daily about how hackers are able to gain access to the bank accounts of innocent victims and rip off thousands and thousands of dollars. In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell explains what you need to do to keep your hard-earned money out of the hands of hackers and criminals. A must read!.

The title of this article could just as easily have been “How to make half a million bucks a month from the comfort of your computer.” I was reading recently about how a twenty-something hacker from Russia managed to steal more than $3.2 million in just six months simply by pushing out malware designed to sneak on to unprotected computers, steal banking passwords, and empty bank accounts. His efforts paid off to the tune of around $17,000 a day, give or take.

The hacker goes by the nickname Soldier, and according to research by security firm Trend Micro, he managed to infect more than 25,000 computers in the three months leading up to June of this year using a malware toolkit that is freely available on the internet.

His success, at infecting so many computers and making so much money in such a short timeframe, should be a warning to every consumer to be ever vigilant when it comes to online banking. Soldier is one only of probably thousands of hackers using the same or similar crime kits to plunder online bank accounts.

So if you want to avoid being Soldier’s next victim, here are some simple tips to beef up your defenses.

1. Lock down your computer. Every computer should be protected by multiple layers of security, including anti-virus and other malware protection, encryption to protect your data, browser security to steer you away from malicious web sites etc.

2. Beef up your passwords. Weak passwords are your worst enemy – make them strong, random, and original. No sense in creating one strong password and then using it for every web site you know.

3. Sign up for alerts. Most financial institutions provide email or text alerts when certain things happen with your account – a transfer is attempted, an ATM withdrawal is made, or a check more than a certain amount is presented. Sign up for these alerts because they can be your earliest warning that something’s not right.

4. Be very careful with the apps you use. Apps are great, especially if they’re free. But apps are the wild west of security, with little control over who makes and sells them, and how securely the code is written. So use as few apps as you need and only from trusted sources.

5. Think twice about mobile banking. While banking from your smart phone sounds like a great idea, it’s still in its infancy and new security holes are being discovered daily. If you’re not completely confident about the security of your smartphone, stick to doing your online banking from a computer you do trust. Or at least trust a little more.

6. Don’t access your bank account over a public Wi-Fi network. It’s very easy to snoop on any computers using Wi-Fi networks in places like coffee shops and hotels. So much better to wait until you get home before checking your balances or paying bills.

7. Limit access to your computer. The fewer people who have access to your computer, the less risk you have of compromise. So it might be smart to ban family members from using the computer you use to bank online. That way, you won’t be at risk from their mistakes or bad habits.

8. Consider using a separate computer just for online banking. That’s the advice of the security expert who discovered the first banking Trojan a couple of years ago. If you use a separate computer just for online banking, you reduce the risk of malware sneaking on to your computer through drive-by downloads, infected attachments etc.

9. Use a keylogger prevention system, like PRIVACYPROTECT® which comes free with your IDENTITY GUARD® TOTAL PROTECTION(SM) membership, to protect your passwords from being snooped upon. Keyloggers are able to sniff and steal logins and passwords by monitoring what you type on your keyboard, but products like ID Vault allow you to bypass the keyboard and enter your login credentials using a virtual keyboard instead.

10. Take Facebook security very seriously. It’s not only an easy way for thieves to deliver the kind of malware that can steal your bank account login and password, it’s also a great way for thieves to find the answers to the most common “secret” questions – like the city you were born, your first pet, favorite teacher, and mother’s maiden name.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares some very valuable social networking safety tips today. He comments on a recently published Facebook security guide.

There is a growing collection of guides, web sites, and even Facebook pages devoted to the evolving topics of Facebook security, safety and privacy. And for good reason. In spite of all Facebook’s efforts to keep their users safe, Facebook is still a haven for all kinds of scammers and scams just waiting for careless or busy users to slip up.

The latest arrival is a concise 14-page guide from Facebook and authored by a team of writers with a mixed background of internet safety, online security, and teaching. It’s called “Own Your Space: A Guide to Facebook Security 13 Top Tips for Staying Secure on Facebook” and you can download the complete guide from the link below. If you’re not familiar with the basics of Facebook security, I strongly recommend that you download and use a copy. And especially if you have kids who are already on Facebook or plan to be soon.

Here’s what the authors of the guide offer as their top tips for staying safe – print them out, keep them close, and consult them often:

• Only “Friend” people you know.

• Create a good password and use it only for Facebook.

• Don’t share your password.

• Change your password on a regular basis.

• Share your personal information only with people and companies that need it.

• Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type www.facebook.com into your browser address bar.

• Use a one-time password when using someone else’s computer.

• Log out of Facebook after using someone else’s computer.

• Use secure browsing whenever possible.

• Only download Apps from sites you trust.

• Keep your anti-virus software updated.

• Keep your browser and other applications up to date.

• Don’t paste script (code) in your browser address bar.

• Use browser add-ons like Web of Trust and Firefox’s NoScript to keep your account from being hijacked.

• Beware of “goofy” posts from anyone—even Friends. If it looks like something your Friend wouldn’t post, don’t click on it.

• Scammers might hack your Friends’ accounts and send links from their accounts. Beware of enticing links coming from your Friends.

And remember, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.