Going online offers great opportunities, but not without risk or threats.
One of the most public threats is posed by the growth of "phishing" - where someone asserts false claims or identities in an attempt users to do something: provide money or credit card information, valuable personal information, or open files or visit websites to infect user devices with viruses under false pretenses. A recent report from the Anti-Phishing Working Group shows the number and variety of phishing attacks continue to increase, despite increased public awareness and improved detection techniques.
Number 1 on the list is to establish online email access sites that look like the real ones, but with small variations in the URL address - so they come up if people mistype the URL. And then collect user IDs and passwords as individuals attempt to log in. Some even redirected users and logged them into the real site, so that users wouldn't be aware of the phishing attempt.
Number 2 was using public social network information details to attempt to gain the victim's trust. My father almost fell for this one recently. Someone used information from my nephew's Facebook page to identify relatives and note from a post that he was traveling at a certain town. My father then got a call from someone posing as a lawyer that claimed my nephew had been arrested there and asking for money to cover bail. Luckily, he was able to contact folks and discovered the phishing tale was false before he had sent the funds.
Historically, most phishing attacks use email - but now they've expanded over to SMS text messaging. Some I've seen are spoofed claims of winning prizes or discount coupons, or appearing to come from service providers or other official sources. What brings this to #3 goes beyond the new means of contact - most cellphones and mobile OS don't have the same level of protection from malware and attacks that most PCs have - clicking on a link could provide access to device and user information from various programs and services on the device. And returning a message to a number can be costly - owners of numbers can set fees (which is how charities allow donations of set amounts by texting or calling a certain number). Phishers won't tell you about this, and the charges may not show up before your next bill, by which time they're long gone.
If you're online, you need to be aware of the problem of phishing and the various ways it can occur. And if you're a media outlet on the Internet, you need to not only worry about you (and your employees) falling for phishing attacks, you also need to be concerned that the website or firm the phishers are spoofing (posing as) is yours, and take steps when you can to make those attempts less effective.
Source: 6 Most Evil Phishing Scams of 2012, Information Week report available here