Though experts don’t yet agree on what’s going on (is it a security hole or just a phishing attack?) we’re learning of ongoing problems for users of the leading online music store and the leading online payment company. The result is some unlucky consumers are finding significant fraudulent charges on their accounts. Fortunately, the two e-commerce leaders are working closely with owners of the hacked accounts to restore their funds and help them reinstate security features but don’t let this happen to you!

Assuming that this problem begins with a traditional phishing attack, this is an opportunity to remind everyone of the nature of the problem and the simple steps for staying safe. Phishing attacks can start from an email, even one from a friend’s account; a link in a social network or microblog, even an unexpected text message. Even clicking a link that takes you to an infected webpage can help a cybercriminal steal your private information. A malware-hosting website may be able to allow dangerous programs like keystroke loggers to hop onto your computer even without you downloading or taking further action. Simply by exploiting unpatched holes in internet browsers or other programs, the malware stealthily gets onto your computer and then reports back to the cybercriminal as you enter account information, passwords, credit card information and the like. And then there’s also the music lover’s delight, peer to peer software, which when used incorrectly opens your whole computer network up to cybercrime.

Sometimes the victims never figure out where the stolen information leaked from. 

But the problem is definitely real and growing. Take a visit to your favorite social network and type the phrase “music account hacked” and select “posts by everyone”. You’ll soon see evidence of the problem.

OK, so what to do to make sure you avoid this problem?

1. Make sure the passwords you use for important online accounts (like banks, payment companies, ecommerce sites) are UNIQUE and secure. Don’t use the same password on multiple accounts since this increases the chance a hacker who gets you to fall for a phishing attack can access your whole online life.
2. Sharing your music with the rest of the family is great – but try to limit the number of devices having access to your account.
3. Have an older account you no longer use? Cancel it. I had the misfortune to have allowed an abandoned online auction account to remain live, attached to my checking account. Even I woke up one day to find my account wiped out. Fortunately, the bank and the auction site helped me recover the funds and close the account.
4. Watch out for dangerous links! If the attack comes through a phishing attack, it probably started with a link in an email, on a social network page, as a shortened url in a microblogging site.  If you use Facebook, get the Norton  Safe Web application to make sure your links are safe.
5. Use a comprehensive internet security suite like Norton 360 or Norton Internet Security! Each includes a license for up to 3 computers so make sure every computer in your home is buttoned up tight.