You may or may have not already heard about "phishing" and how it is being used online as a method of stealing personal information from unsuspecting internet users. In essence, phishing is the practice of tricking people on the internet into submitting personal information about themselves, usually for the purpose of fraud. Phishing is also commonly used on social networks to hijack user's accounts to market products or services to their online acquaintances.
Sites like PayPal and online banking sites are notorious phishing targets. Criminals lure victims to sites that may appear to be legitimate affiliates of the sites they are impersonating, or sometimes they may even appear to be the official site. They then prompt users to enter their username and password, and that information is then collected and used to transfer funds out of their accounts, often overseas. Due to the fact that the criminals executing this type of fishing are often in other countries, it is extremely hard to police.
Major financial institutions will never ask you for your personal information over email or through instant messaging, and you should always check the address bar of their sites to make sure that you are in fact visiting their official site and not an imposter site. Sometimes the phishing sites will be hosted on URLs that look very similar to the official site to dupe the consumer. For example (and this is strictly a hypothetical example), a criminal may use the domain PayPa1.com, which at a glance looks identical to PayPal.com. In this example, the letter "L" is replaced with the number "1", so the address may make the consumer think they are actually on PayPal's official site. The same technique is employed with email phishing attempts. You may receive an email from admin@paypa1.com, and thus believe that you're receiving an official email from PayPal.
Using phishing to hijack social networking accounts to promote products or services is less expressly illegal and arguably much less harmful, but it can still be a great inconvenience. The same techniques as mentioned above are used to collect usernames and passwords, and the data is then used to turn people's personal accounts into promotional vehicles. One major example is MySpace.com. Myspace has been battling with phishing artists for quite some time now. MySpace phishers routinely steal passwords from unsuspecting users and then use their accounts to post mass amounts of bulletins and comments and to send messages promoting things like ring tones, pornography, and even pharmaceuticals. In an effort to counteract phishing, MySpace has now implemented a system where any user clicking an outbound link is presented with a warning telling them that they are leaving MySpace.com and to not enter their personal information on whatever page they are taken to. Of course, the phishers' techniques are also continually evolving, and some have found ways to circumvent this error message.
While phishing on social networks is most commonly done to promote products and services, it is also used on occasion to redirect users to websites that load harmful and malicious scripts onto their computer. For this reason, you should always be wary of any suspicious outbound links. Sometimes pages on social networks are hacked and coded to appear unchanged, but all of the links on the page redirect to a phishing site or some other (potentially harmful) external site. For this reason, it may be a good idea to look at the bottom of your browser when hovering over links on suspicious pages to see if it is in fact an internal link, or if you are about to be directed outside of the website.
Now that you are informed about the practice of phishing, you can browse the internet confidently without fear of having your accounts (or worse, your identity) hijacked. As long as you remain on trusted websites and use your best judgment when visiting unknown sites you will be safe.
