Parry Aftab, executive director of the nonprofit group WiredSafety, said the most pernicious attempts to get log-on information or install spyware remained phishing e-mails that appear to come from financial institutions. The account takeovers at social sites, by contrast, usually aim to send spam within a network, drawing people to porn sites or those selling questionable wares.
Major social networking sites are stepping up their defenses. Beverly Hills-based MySpace, which is owned by Rupert Murdoch's News Corp., now tries to have the Web links from its pages go through a sort of quarantine. When it recognizes that users are about to follow a link away from the site, MySpace flashes an explanation of the potential for fraud.
"MySpace employs a variety of technological, legal and policy solutions to protect our users from phishing attempts," Chief Security Officer Hemanshu Nigam said in a statement.
MySpace and Palo Alto-based Facebook Inc. declined to make executives available for comment.
"Facebook is committed to user safety and security and is constantly improving the site to provide new technology to catch phishers quickly and limit the damage they can do," it said in a statement. "We always encourage users to take precautions when clicking on any suspicious links and to only log in to Facebook from pages they know are legitimate."
Security experts said they expected identity theft and other scams on social networking sites to escalate.
Spam has evolved from advertising pitches to fake e-mails from banks and, most recently, highly targeted phishing attacks that focus on a given company's executives or customers. Some instances of that tactic, known as spear-phishing, rely on information about the targets gleaned from postings on Facebook, LinkedIn and other sites favored by professionals, experts said.
As the social networks do better at blocking fake or captured user accounts, the scams will become more harmful by automatically installing key-loggers and other data-stealing software, said Adam O'Donnell, director of emerging technologies at anti-spam firm Cloudmark Inc.
"As anti-spam improves, all the techniques they use for e-mail will work on social networks," he said. "This time, those techniques are going to have a much higher rate of success."
(BEGIN TEXT OF INFOBOX)
Protecting your ID
Here are ways to reduce the risk of identity theft on social networks:
* Post few identifying facts, such as the city and date of your birth. The more you say about yourself, the easier it is for a scammer to pretend to be you or to have a relationship with you.
* Use a different password for each website. Passwords can be easy to remember if you use the same combination of letters but, for example, add MS for MySpace or FB for Facebook.
* If you have already logged on to a site and then click a link within it, you should not be prompted to log in again. When in doubt, type the address, such as www.facebook .com, and start all over there.
* Before putting applications or the mini-programs known as widgets on your profile page, find out what others have said about those features. If the providers require a user name and password, use a new one.
* Be wary when strangers ask you to link up with them as a "friend."
* Make sure you have a computer operating system, firewall and anti-virus program that update automatically.
Source: Times research