In the attached reporting, CQR Consulting Information Security Consultant Jody Melbourne warns that the"viral" success of social networks such as MySpace and Facebook has created a fertile ground for predators, scammers and identity thieves.

Social Networking - Phishing and Scams

What is social networking?

Social networking and social media are terms used to describe various Internet services that enable people to connect with others who share their interests, beliefs, hobbies or profession.

Social networking sites allow people to build a personal profile, chat and send messages, and share media such as photos and videos with their family and friends. Most popular social networks allow users to find new friends by searching profiles for users who share their interests, by joining special interest groups or participating in discussion forums.

These sites have experienced explosive growth over the past few years. In many cases they provide new and unregulated platforms for advertising, promotion and data collection. This potential has been recognised by many enterprising groups from legitimate organisations to unscrupulous scammers, spammers and snake-oil salesmen. As with any medium of electronic communication or data-sharing, these social networks are also regularly poked assessed and attacked by hackers and identity thieves.

How are social networking sites used?

Some social networks are tailored to a specific interest group (MyChurch.com) or geared towards career and business interests (LinkedIn.com). Others, such as the wildly popular MySpace and Facebook networks, operate more as a universal platform for socialising and communication. For many users, the larger social networks are fast becoming an all-in-one service for communicating and sharing media.

Large social networking sites provide users with the ability to send messages and chat in real time through instant messaging. Many users are moving away from traditional email and chat services as these social networks become more popular and easier to use. Many social networking sites include applications that allow users to organise their social lives online. Users can organise and invite people to social functions via these sites.

Which social networks are most popular?

Facebook and Myspace are the two largest, general purpose social networking sites. Bebo and Orkut are popular amongst teens and young adults around the world. LinkedIn is currently the most popular social site for business networking and recruitment. The social features being added to major service providers like Google and Microsoft Live will bring social networking capabilities to millions of new users over the next two years.

What are some of the dangers of social networking?

Social Networking sites are not inherently dangerous but they do create some vulnerabilities for users. Predators seeking young people may use social networking web sites as a new way of seeking victims. It is easy to set up a profile and this enables predators to create false profiles to pose as a young person of the same or opposite sex. Online relationships could be formed which could lead to real life meetings. Many social networks have no means of verifying the age of users, so people of all ages can sign up and pretend to be children.

Identity thieves are targeting social networking sites for personal information that can be used for criminal gain. Scammers and hackers look to steal other's identities in a number of ways:

• sending a virus or a malicious link that allows them to gain access to your computer

• asking you to share your password or other sensitive details

• tricking you into providing your credit card or bank account details

• using your photos or personal information to impersonate you on the web

Many employers conduct research online about potential applicants. Job seekers are being turned down for employment because of inappropriate or incriminating information and pictures on their social network profiles.

Hints and Tips for safer social networking

Never post your personal information, such as your mobile phone number or home address, on a social networking service. This information should only be shared with trusted friends, family, work colleagues or potential employers.

Be aware that information you provide on forums, blogs and other web sites could put you at risk of victimisation. People looking to harm you could use this information to identify you or to gain your trust by pretending that they know you. Posting information about your friends or family members could also put them, and yourself, at risk.

Restrict the number of "friends" you add to your social network. Scammers and criminals often set up fake profiles and try to add as many friends as possible. If you don't know the person and have no reason to be connected to their social network, ignore their friend requests. Users who try to connect with as many friends as possible become prime targets for cybercriminals and predators.

Remember that you can't "take back" information or images once they have been posted on the Internet. If a web site has been indexed by search engines and caches, the information can be very hard to remove. Images and text can sometimes be recovered from caches long after a web page has been deleted.

Try to look at your social network profile and pictures from the perspective of others - how would a potential employer feel about the things you have posted online? How would your parents or grandparents feel if they saw some of the information you are sharing?

Be sure to utilise the privacy and security features of your social network. Most social networking sites allow you to restrict access to your profile so that only approved friends can access your information.

Look for yourself on popular search engines. Find out if any sensitive or inappropriate information or images have been posted online under your name. Search for your name on popular social networking sites and directories like Whitepages.

Be prepared to answer questions about your social networking page or other social accounts in job interviews. It is common for employers to check at least the major social networks such as Facebook and LinkedIn in the process of reviewing a job applicant.

Never respond to rude or harassing comments posted to your profile, or sent to you as a message. Delete any friends who continuously post abusive or threatening messages and report anyone who requests photos or your personal information to the support team of your networking site.

You should always login to your social network accounts by typing the address into your browser or by following a bookmark to the login page. Never follow a login link that has been sent to you over email or instant message. A popular tactic used by criminals is to trick users into clicking a link to a fake login page where usernames and passwords can be captured.