Just because that link was tweeted or messaged to you by a colleague doesn't mean you should click it (in fact when I discovered the latest variant of Koobface spreading on Facebook, it was because the infected account of a former colleague, incidentally a VP of a global security company had sent it to me). Just because your friend published a list of 25 previously unknown things about themselves doesn't mean you need to reciprocate. Just because a celebrity that you respect tweeted a link, it doesn't mean it's safe to follow it, particularly when the real destination is obscured through a URL shortening service.

Social networking has rapidly gained acceptance in all walks of life, Facebook boasts close to 200 million users, MySpace doesn't advertise its figures but it is certainly Facebook's closest competitor in terms of user numbers and Bebo can count in excess of 40 million users. The customers of these social networking providers are not exclusively the school or university age either. In fact two-thirds of the world's internet population now visit social networking or blogging sites, accounting for almost 10 per cent of all internet time, according to a Nielsen report in March. It's not just about social networking sites though, the professional networking site LinkedIn has a new member joining almost every second and will soon hit 40 million members, and the micro-blogging service Twitter grew a staggering 1,382 per cent year-on-year in February 2009.

With explosive growth and user populations of this order it's hardly surprising that these services also appear to be coming of age as attack platforms for cybercriminals. Web 2.0 with its user-generated, rich, interactive content and social networking with its interlinked trust-based networks of people and groups, offer cybercriminals great scope for leveraging the capabilities offered, both to disseminate traditional forms of malware through new channels and also to carry out social engineering attacks for the purposes of target profiling or information harvesting.

There are several entry points available for cybercriminals into the interactive playground of social networking: fake or compromised profiles, malicious applications, malvertisements, cybersquatting, spam and phish masquerading as legitimate notifications from social networks, information harvesting through group memberships, cross-site scripting vulnerabilities and direct messages just for starters. Victims are at risk of identity theft, fraud, infection or simply of becoming an attack platform to infect or defraud their own friends and colleagues.

The one thing that all of these attacks have in common though is the very thing that binds social networks together: trust. Because the attacks, messages and links come from friends or colleagues, they appear far more credible than the average Spam email from a stranger. Even the Koobface worm with its almost textbook standard Spam messages such as "You are veryy ggood at pposing to a spy cameera!" becomes that little bit more believable when it comes from someone you know. And of course, when we choose to join a community, by default we naively choose to share all of our personal information with any other member of that community simply on the basis of a mutual shared interest.

Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks) of our personal lives in what is essentially a public or at best only semi-private forum, making the work of criminals such as carders and ID fraudsters far more simple.

We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire "25 Things About Me" and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your first name, name of your first pet, family name, mother's maiden name, isn't that exactly the kind of information needed to reset your email account password or access your financial data? And there is no need to volunteer the email addresses of friends and family when asked to recommend a "joke" website or application to 10 friends.

When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Sarah Palin!

Next time, before you hit "Post", ask yourself this: "If a stranger called me on the telephone asking for this information, would I tell them?" If the answer is: "No", then step away from the mouse.

- Rik Ferguson is the Solutions Architect at Trend Micro

Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.