CIO.com just published a ten point slideshow on how to avoid losing your account to scammers and snake oil peddlers. While much of the article is, well, generic (really, we had no idea that clicking links beginning with, “Hey, is this you?”  was a bad idea!), CIO does offer two excellent points and a great underlying principle.

1. Never Enter your Password. This is the rule that everyone is most likely to forget. Facebook, Twitter and Google will never ask for your password because not only would that be a potential security breach, it’s also unnecessary (they have access to the backend of their services; they don’t need front end access). Still, this scam is very common and very effective, perhaps because entering a password is just so easy and quick.

2. Pay Attention to Hover-over Links. A lot of scam websites have been set up with a proxy name that redirects from an innocent domain (facebook/profile.php) to a less innocent name (malwarecentral.rf). If you hover your curser over a link, however, you’ll see where the link is ultimately directed. Consider using urlex.org to expand shortened, twitter-style links which may not reveal their final destination.

The key to online security remains counter intuitive: trust no one. It is odd to write that since the driving force behind web 2.0 is sharing and openness, but remember that what you put online can never just be your property or your opinions again. It’s an extension of you. And just like you’d never intentionally put yourself in a dangerous situation, you should never put your online reputation or identity in a dangerous situation. For proof, check out these 15 scams. Note that not one on this list appeals to your Facebook page or even your interests. They’re all personal appeals to you. Appeals to preserve your identity, to earn security, to get a new copy of Diablo III if you directly appeal to your friends. If you can remember to verify any of these personal appeals before being taken in by them, you’ll save yourself a lot of time and worry.