Social networks (ie Facebook, MySpace, etc) are really a horrible vector by which to get royally screwed.

All it takes is for one person in your friends list to get hacked – and that hacked account to send you a link.

I mean, really, are you NOT going to click that link? Do you event think about what people send you?

I use Steam for my gaming and game management on my PC. It has a built in social network feature. You can join groups, add friends, and send chats. Someone’s account in one of those groups got hacked. They are sending out chat messages with a supposedly funny link. To the untrained eye it looks legit – but hey, this is part of what I do for a living so I knew something was up as soon as that linked flashed in the text box.

The user has been subsequently reported and a screen shot tossed up on all the gaming forums I know of to hopefully warn others off.

That’s how it happens. That’s how you end up entering your log-in info into a website that looks remarkably legit. Maybe you think you are logging into your Facebook, MySpace or Steam account. All you are really doing is sending your login and password directly to a bad guy. Moreover, if you are like most people, your login and password are the same across the web, for your bank, for your gmail, for your computer. Once that bad guy has your information, it’s a short hop to try it out at popular websites. Then you are really compromised.

Welcome to the wonderful world wide web. Be on your guard or you will get screwed.

NEVER open up a suspicious link in a regular web browser. I use Sandboxee which locks things down and keeps malicious code from running amok.