This is an entry in our daily Internet Marketing Advent Calendar series. Each day your favorite marketing elves will focus on a new topic to get your internet marketing in order before the start of the new year.

The holiday season is upon us, and many of us may turn to the internet to do some of our holiday shopping. The benefits of doing your shopping online are great, no long lines, no gas wasted, and the ability to compare prices on the fly are among some of the benefits I enjoy the most.

Photo Credit: xcode

At the same time, the holiday season is also a time that you need to be extra careful when making purchases online. Email scams, Pop-up ads, and even faulty results from search engines step it up this time of year. Those ads for this year’s “can’t miss” toys and electronics will be tempting to click on.

Fortunately, there are ways around the risks involved in these ads. By using the confirmation principal, you can save yourself from some headaches in the future. Note the company or website that is offering you the deal. If it is a company you have not heard of try doing a search for that company or website and see what you find. Scams will most likely be revealed by reading through the first page or two of posts.

When it comes time to checkout you can also do a simple check to confirm you are on the website you think you are. There are scam websites out there that will mimic major companies’ websites in order to get users to hand over their personal information. Note the website URL and do a search for the company. Most major companies will come up as the first result in your search. They may own many domains, but in almost all cases they will all redirect you to the main website domain, which should be the address you see in that first post. If the two match, you are most likely okay to proceed with the purchase.

Giving your personal information over the internet is always going to have its risks. But by applying these simple principals when making your purchases, you will minimize your risk and can enjoy the benefits of shopping from home. Happy Hallidays!

Read the rest of the Internet Marketing Advent Calendar

• Dec. 3 – Make a List and Check it Twice
• Dec. 2 – Unclutter Your Website for the Holidays
• Dec. 1 – Walking in a Winter Wonderland of Unique Content

According to Facebook, they have seen five different security threats within the past couple weeks. These security threats are attempting to steal the identity of the friends, fans, and other groups within the social networking site.

One of the threats has been named The Koobface Worm. This worm installs malware onto computers of victims who click on links from friends to watch fake YouTube videos. They also are packaging the malware along with many third party applications that are used by Facebook users. They are trying to trick users into giving them their usernames and passwords so they can send more of these links to the friends and groups you are associated with.

This problem is not just restricted to Facebook, as other forms of this worm have been seen on other social networking sites like MySpace among others. These worms will look for the social networking site’s cookies to get your information and allow them access to connect to your machine. Once infected the malicious user can remotely run commands on your machine, slowing it down considerably and allowing them more computation power to do whatever it is they intend on using your machine to accomplish.

Users tend to trust links sent to them by friends and will not think twice about clicking on a link from a good friend. This is where we need to be more careful. Malware authors have copied the ideas from email spamming and manipulated the idea to work on social networking sites. This is not a new idea; it is just being executed on a different medium.

Think twice about applications and links – even if from a friend

Users are warned to be cautious when clicking on links to off site pages unless they can be absolutely positive that the link is genuine and not a threat to you or your friend’s computers. We also need to be careful when downloading new applications for our social networking sites. These applications are developed by third party developers not associated with Facebook, and can package malicious software like the Koobface Worm onto your computer.

My advice would be to think before downloading that new application invite from one of your friend’s. Ask yourself if the application serves a purpose or is it just another pointless application to prove how many friends you have. Keep these things in mind when using popular Social Networking sites like Facebook. By avoiding these ill advised clicks of the mouse your experience will be more about maintaining your relationships and less of a could-be hassle.

For More Information

Read: Facebook’s Application Privacy Policy

Over the past couple days a very serious security flaw has been discovered with Microsoft’s Internet Explorer Web Browser they are now calling the “Zero Day Exploit”  (Read more about it here, here, and here) All versions of the browser are affected including the most current versions 6 & 7. This exploit has the ability to compromise your personal information including credit card, and other personal information.

The attacks are seeking to load malicious software onto vulnerable machines. Microsoft has seen several hundred detections of exploits from around the globe, though the sites taking advantage of the vulnerability appear to be hosted on Chinese domains. The exploit sites that have been reported so far have been dropping a wide variety of malware onto affected machines. The most common type of malware being dropped has been password stealers like Win32/OnLineGames, and Win32/Lolyda. Other things include keylogger programs like Win32/Lmir, Trojan horse applications like Win32/Helpud along with some previously unseen malware which is generically detected as Win32/SystemHijack. We should expect that the variety of malware being dropped by this exploit will broaden as the exploit code starts to circulate around the Internet underground. What this means is that you should be wary while using Internet Explorer to surf the web, even in you predominantly surf trusted sites.

The exploit has made it possible for malicious code to be injected into some sites through a process called SQL Injection. Microsoft announced this afternoon that an emergency patch will be released as soon as it is available instead of users having to wait until next month’s regularly scheduled automatic patch update. In the meantime, Microsoft has given a few tips for users to help prevent them from being affected by the security flaw in their browsers. The company recommends setting the Internet zone security setting to “high” and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack. A better solution for you might be to switch to an alternative browser instead of worrying about having to possibly deal with a potential problem in the future. We at Hall are big fans of  open source browsers which are not only free but typically have better security and cool features such as built-in pop-up blocking and plug-ins. Specifically we recommend (for Windows Machines):

• Mozilla’s Firefox
• Opera Software’s Opera browser
• Apple’s Safari browser
• Google Chrome

Most of these browsers will give you the option to import your Internet Explorer settings, bookmarks, etc. when the browser is first installed and used so you’re transition is painless.  Enjoy safer, faster, and more secure browsing!

Note: Microsoft has released the critical update that should fix their Internet Explorer browser’s security issue. This patch can be downloaded by running Windows Update, or by visiting this page and clicking on the link next to the description that best describes your current system setup.

It’s no news that major corporations are pushing hard to develop a positive image using social networking channels — see the McDonald’s Quality Correspondence Campaign or the backfired Wal-Mart blogging foray — and neither is it news that companies aren’t afraid to use legal recourse to protect their interests… Napster, anyone? But an interesting article about a VW Subpoena to YouTube that appeared in Wired this morning shows a different mix of the two forces: a company taking legal action to protect its copyrighted material, which just so happens to be a piece of negative PR.

Basically, the video in contention is a spoof of a recent VW Golf commercial with some rather unflattering Nazi-themed overtones. Volkswagen filed a subpoena and is now looking to get the user’s identity from YouTube, who complies with the law but alerts users of the filing to give them a chance to respond. While this sort of thing is almost a daily occurrence with file-sharing networks, legal action with social media sites is a relatively new beast, and Wired wonders how dedicated social media sites will be to protecting the identities of their users as more cases like this appear.

As I touched on a couple of weeks ago, the web has a funny way of making temporal comments permanent, and biting those who post things against their better judgment. With major companies taking assertive (and certainly not unreasonable) motions to protect their copyright (and brand), users should really be aware that they’re playing in the real world when they post anything online. At the same time, social media sharing sites should do their best to protect their users — within limits — from themselves.

An interesting article appeared in the New York Times last week concerning people who appeared in news stories that were wrong or incomplete coming back to haunt them later in life. The story points out the stories of several people for whom articles with inaccuracies appear at the top of Google — things like mismatched credentials, charges that were dropped later, stories phrased from one point of view without a counterpoint. While in the offline world these articles are long buried in stocks of microfilm no one will care to review, the supreme authority of nytimes.com keeps them at the top of Google ad infinitum.

It’s a very particular problem and I applaud the Times for taking it on, though the solution to the problem is a rather muddy one. Who’s to blame — SEO or Google? To what extent is an entity responsible for removing articles that may be inaccurate? And who polices all this information?

Of course, this is just one example of the bigger issue of what people can find about you on the ‘net determining the outcome of your job opportunities, reputation, and even criminal record — what with Facebook commonly scrutinized by job recruiters, MySpace pictures leading to criminal charges and the possibly damning result of Googling: “Insert your name here.” To some extent, this is the same question posed by the controversy around Google street view — how much privacy can you reasonably expect in our technology heavy times?

The glaring obvious answer is, of course, don’t say anything stupid on the internet, but it’s a fairly insufficient one. After all, while you may hope that no one sees comment #143 on an obscure message board or blog out there in cyberspace, the New York Times brings an inherent trust that is good enough for Google, and good enough for the person checking out your good name.

Chances are, even if you’re not a regular blogosphere reader you heard about the recent scathing privacy review given to Google in a report issued by Privacy International. The report evaluated 24 of the most popular web companies — from Amazon and Apple to Skype, LinkedIn and Google — and gave Google alone the crushing rating of “Comprehensive consumer surveillance & entrenched hostility to privacy.” Summarizing the several indictments against Google (including a vague privacy policy and foggy fate of collected data) is the bold statement of Google’s “track history of ignoring privacy concerns. Every corporate announcement involves some new practice involving surveillance.”

Though this study states it was conducted over a six-month period, we can only infer that the latter statement is inspired by the recent launch of Google Street View, a new service offering street-level views of San Francisco, New York, Denver, Las Vegas and Miami, which has lead to a vocal outcry from the blogosphere and more than a smattering of sites dedicated to finding compromising photos on the service. Even otherwise internetphiles find the service kind of scary.

Google, of course, was prompt to retort the condemning report, with Matt Cutts citing how Google held information from the US DOJ and will anonymize search logs after 18-24 months (and shortly afterwards, reduced that period to just 18 months). He also critiques the wanton selling of browsing history by ISPs to third parties, an equally unsettling issue handled completely outside the report.

While I certainly agree that Google received a possibly unearned damnation, the reality is that while their privacy record may not be that bad, it’s not that good either. Even if you’re motto is “Don’t be evil,” you can do a whole lot without intending it, and tracking the search results of millions upon millions of searches, scanning emails for relevant content to advertise, and aggregating in-depth information of physical geography and making it available to the world does open up a whole lot of potentialities that need to be considered very carefully.

Rather than pinning all the blame on Google, I think what this report points to is the need to have a national dialogue about these issues and reach an understanding, be it legal or cultural, about what expectations there are of both producers/users in the Web 2.0 world and the companies that make this world happen. We are living in an increasingly transparent planet, interconnected and quantifiable from your Blackberry to your credit card, and Google is not alone in its share of blame for the iffy privacy situation resulting from all of it. What we need, more than deflecting blame, is a comprehensive movement to confront the idea of privacy in the 21st century.