Know who you're dealing with online.

And know what you're getting into. There are dishonest people in the bricks and mortar world and on the Internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know whom you're dealing with. If you're shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.

Phishing — bait or prey?

"Phishers" send spam or pop-up messages claiming to be from a business or organization that you might deal with for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a website that looks just like a legitimate organization's, but isn't. What is the purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

Don't take the bait: don't open unsolicited or unknown email messages; don't open attachments from people you don't know or don't expect; and never reply to or click on links in email or pop-ups that ask for personal information. Legitimate companies don't ask for this information via email. If you are directed to a website to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements. Or open a new browser window and type the URL into the address field, watching that the actual URL of the site you visit doesn't change and is still the one you intended to visit. Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

To ensure you're not being victimized and to detect unauthorized purchases, use the same practices as you do in the offline world. Check your credit card bill at least every month, and consider using services that inform you if someone has requested credit in your name.

Click here to learn more tips on phishing and pharming.

Free Software and File-Sharing — worth the hidden costs?

Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often the software is free and easily accessible.

But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents.

In addition, you may unwittingly download pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.

Therefore, downloading file-sharing software is not advisable and could place your personal information and computer at risk. If you do decide to use file-sharing software, set it up very carefully. Take the time to read the End User License Agreement to be sure that you're sharing files legally and that you understand the potentially high risk of any free downloads. For example, some license agreements include an agreement to allow spyware to be installed on your machine.

Spyware

Many free downloads whether from peers or businesses come with potentially undesirable side effects. Spyware is software installed without your knowledge or consent that adversely affects your ability to use your computer, sometimes by monitoring or controlling how you use it. Not only can spyware programs affect your computer use and access your personal information, but in some cases they can also use your computer to access or launch attacks against others. To avoid spyware, resist the urge to install any software unless you know exactly what it is. Your anti-virus software may include anti-spyware capability that you can activate, but if it doesn't, you can install separate anti-spyware software, and then use it regularly to scan for and delete any spyware programs that may sneak onto your computer.

Email Attachments and Links — legitimate or virus-laden?

Many viruses sent over email or Instant Messenger won't damage your computer without your participation. For example, you would have to open an email or attachment that includes a virus or follow a link to a site that is programmed to infect your computer. So, don't open an email attachmentóeven if it appears to be from a friend or coworkeróunless you are expecting it or know what it contains. You can help others trust your attachments by including a message in your text explaining what you're attaching.

Hackers often lie to get you to open the email attachment or click on a link. Some virus-laden emails appear to come from a friend or colleague; some have an appealing file name, like "Fwd: FUNNY" or "Per your request!"; others promise to clean a virus off your computer if you open it or follow the link.