Intersections’ Consumer Security Adviser, Neal O’Farrell joins us again today with his take on the recent mid-year cybercrime report by the security firm Sophos. Enjoy, but be careful out there!

Hard to believe the year is already half over. Seems like only yesterday we were talking about a spike in identity theft over the Christmas holidays, and warning consumers to be extra vigilant as tax time approaches.

But it’s been such a busy year for scammers and hackers, it almost becomes a blur. To sort through the fog, security firm Sophos recently published their half year summary of threats and trends, and it should stand as a stark warning of the need to be constantly vigilant.

For example, Sophos claims that since the start of 2011 they have recorded an average of 150,000 new malware samples every single day. That’s works out to one piece of malicious software being discovered every single second, and a 60% increase over 2010.

Sophos has also identified an average of 19,000 new malicious URLs each single day in the first half of this year. That’s a stunning 4.5 new web threats detected every second. And, according to Sophos, 80% of those URLs are legitimate websites that were hacked or compromised by crooks.

The two top exploits favored by these crooks were fake anti-virus software and SEO poisoning – manipulating search engine results to drive users to malicious or infected web sites – and it might surprise you that the majority of these malware sites are hosted in the United States. The U.S. accounts for a whopping 37% of malware hosting web sites, while the next nearest culprit is Russia at just 13 percent.

There has also been a big change in the way people communicate, a change that now works even more in the favor of hackers. Sophos recorded a 59% decline in the use of email among 12-17 year olds, and a 34% decline in email use amongst 24-34 year olds. This is mainly due to a switch to texting and social networks as a way to communicate. And hackers love social networks because they make it much easier that email to launch more targeted and effective attacks. Hardly surprising that 81% of computer users surveyed by Sophos believe that Facebook presents the greatest security risk.

On the subject of social networking risks, Sophos also conducted a poll of nearly 2,000 people on their social media habits and worries. 71% reported that they, or one of their colleagues, had been spammed on a social networking site, 46% had been phished and 45% were sent malware.

“Social networking privacy issues have dominated the headlines in the first half of 2011. With most social networks, the default settings share everything and users have to reset their options to make their accounts more private. This opens up a host of security issues because so many people—both friends and not—have access to your information,” according to Sophos.

The report also highlighted a study by the FBI about how one cyber gang was able to dupe 1 million users into buying fake software, and could have made as much as $72 million from the scam. This is a problem for a lot of reasons. It means that not only were 1 million people duped into paying for something fake, they may also believe they have real virus protection on their computers when in reality they have no protection at all.

And that $72 million will be recycled by these gangs into even more sophisticated scams that will entrap even more victims and continue the cycle. Some of this money may even end up in the hands of terrorists who have the skills and resource to launch their own fake virus scams, or partner with organizations that can manage them on their behalf.

Links to videos that hide malware are also on the increase, especially on Facebook and Twitter. According to Sophos, nearly 69 million people have viewed the now-infamous YouTube music video Chocolate Rain, a clear sign that curiosity still trumps caution for most users.

The Mac is no longer a safe haven, and scammers are now firmly focusing on all things Apple to take advantage of the surge in use and adoption of Apple products, driven by the huge popularity of the iPhone and iPad. Apple’s success with these products obviously has a very dark side to it, and yet another reminder that wherever the crowds go, so will follow the crooks. You only have to look over your shoulder to spot one. But if you never bother looking, then don’t be surprised if you don’t spot the scam until it’s too late.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Advisor joins us today with a simple procedure to make sure that you’re not unwittingly sharing photos on Facebook.

Facebook is once again on the hot seat over privacy, and this time it’s all over something called facial recognition that the company announced last year but just very quietly introduced in the past few days. In fact, if you’re a regular Facebook user you probably won’t see anything about the new change on your Facebook page, any mention that it even exists, and worst of all, no mention that you’re now opted in to this troubling new feature without your permission.

Here’s how it works. As your friends add more photos to their albums, Facebook’s new technology will try to determine if any of the faces in the photos look anything like you. If they do, Facebook will urge your friends to tag the photo with your name. It’s not your decision, but the decision of the person uploading the photo.

You don’t get to approve any of the tags before they happen, but instead have to go to the trouble of un-tagging any photos you don’t want tagged. This is something that is not explained at all by Facebook.

Facebook probably thought that if they introduced this very controversial feature very quietly, they would avoid any serious media scrutiny and consumer complaints. But as Facebook should have learned by now, nothing goes unnoticed any more.

And now security experts and legislators around the world are once again criticizing Facebook’s sneaky insult to user privacy. According to Graham Cluley of security firm Sophos “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.”

PC World was even stronger in its criticism “Facebook is officially getting super-creepy,” adding that “the new facial recognition technology, which was announced in December but only introduced to a small test group, is basically Facebook’s way of creating a huge, photo-searchable database of its users. And yes, it’s terrifying.”

And according to PC World, Facebook’s members upload over 200 million photos every single day, adding to the estimated 90 billion photos that already reside on Facebook. Many of the privacy concerns revolve around how easy it could be for inappropriate photos of you to end up being viewed and judged by complete strangers around the world, without your knowledge or permission – photos that may not actually be of you.

“At the end of the day, Facebook’s facial recognition technology is downright creepy,” said Sarah Jacobsson Purewal of PCWorld. But what’s even creepier is how hard Facebook makes it for the average user to disable facial recognition. It even took me quite a while to figure it out, and it’s very obvious that Facebook is doing everything possible to make sure as many users as possible find it hard to opt out and just give up.

Here’s how to opt out of facial recognition – bear in mind, you’re wasting your time looking for any link or reference to facial recognition on Facebook because they absolutely refuse to even use the term.

• Click on the Account link at the top right of your Facebook page and go to Privacy Settings (I really hope this is a place you’re very familiar with!)

• Towards the bottom of the page you’ll see a lonely little link “Customize Settings.” Click on that link and scroll down to “Suggest photos of me to friends.”

• Next to “Suggest photos of me to friends,” click on “Edit Settings>”

• You’ll probably see that this feature has been “Enabled” by default, meaning that if you do nothing, facial recognition will always be turned on.

• Change Enabled to Disabled, and you’re done. At least until the next time Facebook tries another sneaky privacy end-run.

Editors Note: Since writing this article, the Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission, asking the FTC to bar Facebook from using the facial recognition technology.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Sophos, Mashable, ID Guardian and a number of other media outlets have reported today about a scam that is targeting fans of the popular series “Twilight.”

Users are being tricked into “Liking” the scam links, but the ultimate goal is to steal your personal information. By clicking on the “Play Now” button, you will be “clickjacked” and the scam will spread itself virally to all of your other friends on Facebook (not a good thing!).

What to do if you’ve already been hit by this scam? Sophos has created a YouTube video that will show you how to clean up your Facebook account. As we always say, please, please be careful on which links you click, even if they are from a “friend” on Facebook!

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

When I mention identity theft to my “20-something” friends, they generally respond by saying, “I’m too young to have to worry about that!” Or, they may say, “I don’t have enough money to worry about ID theft.”

But according to the 2010 Identity Fraud Survey Report released by Javelin Research and Strategy, “younger consumers who conduct more online transactions take longer to detect fraud and are victims for longer periods of time.” The report also found that social networking sites were often to blame. While younger users tend to be very Internet-savvy and spend a lot of time online (according to Akamai’s State of the Internet report, 93% of 18-29 year olds are online), they still have a lot to learn about the wicked ways of online criminals.

Personal information (i.e. your name, address, email, date of birth, and more) that used to be private and take weeks for an identity thief to discover, is often readily available and accessible on social networking sites. According to the Javelin study, young people are not protecting themselves before a fraud occurs. As a result, they take longer to detect fraud (132 days) and are fraud victims longer (149 days) than any age group.

So, what can you do to protect yourself online on sites like Facebook? Internet security firm Sophos recently published these tips 3 top tips:

• Don’t blindly accept friends. Treat a friend as the dictionary does, namely “someone whom you know, like and trust.” A friend is not merely a button you click on. You don’t need, and can’t realistically claim to have, 932 true friends.

• Learn the privacy system of any social networking site you join. Use restrictive settings by default. You can open up to true friends later. Don’t give away too much too soon.

• Assume that everything you reveal on a social networking site will be visible on the Internet forever. Once it has been searched, indexed, and cached, it may later turn up online no matter what steps you take to delete it.

In a previous post, we published our 7 tips for protecting yourself against the latest threats. It’s definitely worth taking a look at this list, too.

Social networking sites can be a lot of fun, but you have to remember to protect your identity. It’s more than just your name.

Learn more about the flexible and innovative solutions from IDENTITY GUARD®.