Stay alert to schemes designed to hook users of Facebook, LinkedIn and Twitter. November 5, 2010 By Casey Mysliwy Social-media web sites, such as Facebook, Twitter and LinkedIn, have become fertile hunting grounds for bad guys phishing for your ID, angling for your money or hoping to redirect you to malicious sites. Be on the lookout for these three scams: Money transfers. You get a message from a friend saying that his wallet has been stolen while traveling, and he needs you to wire him money. Because the message seems to come directly from someone you know, you might be tempted to help. But if you receive one of these messages, get in touch with your friend -- offline -- to find out what's really going on. This scam first showed up in e-mails, and the social-media version works in a similar way: A hacker hijacks your social-media identity and then contacts your friends, usually through a private message, status update or chat message. Because hackers typically send the same message to several friends, you can usually identify the scheme based on the simplicity of the request. "Scammers try to keep their messages generic," says Chester Wisniewski, of Sophos, a data-protection firm. "They won't answer any kind of question that is off the beaten path." Advertisement Applications. You might see an update from a friend inviting you to take a quiz, view a "shocking" video or sign up for a free offer. Clicking on the link directs you to an application that asks for personal information -- phone number, Social Security number, or social-media user name and password -- before you can access the content. Don't take the bait. Providing information could leave you with a stolen identity, surprise charges on your phone bill or a hacked social-media account. The application could also use your account to send the bogus content to others -- which is probably how your friend unintentionally shared it with you. Before you click through, read user reviews of the application or search the Web to find out whether an application is legitimate. If a rogue app does access your account, social-media resource Mashable.com recommends that you remove it from your social-media site's application settings and then delete any messages it may have posted from your account. Shortened URLs. URL shorteners such as Bit.ly or TinyURL.com are popular ways to share long links on social-media sites. But a shortened URL can hide a link's true destination, sometimes directing users to a malicious Web site or damaging content. Advertisement To protect yourself, Wisniewski suggests installing a URL expander for your browser; Internet Explorer and Firefox both offer options. URL expanders allow you to preview the actual URL of a shortened link before you click. If you do click on a link that takes you to a suspicious site, avoid installing any programs or providing personal information, and make sure your antivirus software is enabled and up-to-date.