"Cyber criminals are constantly looking for that common interest to capitalize on and in this case it's love," said Molly O'Hearn, Vice President of Operations at Iovation. "Just like in the face-to-face world, if something seems too good to be true it probably is."

• Credit Card Fraud - Using a fake or stolen credit card, users create multiple accounts and scam others.
• Spamming - This happens a lot via email. When it happens on Internet dating sites, it takes the method of sending unsolicited bulk messages via email, postings and IMs. Like that Facebook "Win an iPad3!" scam, the spammer is promoting a specific product.
• Scams and Solicitations - Like that crazy door-to-door salesman who keeps trying to sell innocent people on a 3-for-1 neighborhood pizza deal that just doesn't exist, scams and solicitations on online dating sites try to get community members to take advantage of nonexistent products and services.
• Identity Mining - This method involves scoring personal information through phishing, keystroke logging and fake business websites.
• Profile Misrepresentation - A user is - gasp! - not who they say they are. It is the Internet, after all.
• Harassment/Bullying - Like mean teenagers online, people on Internet dating sites harass or abuse others unnecessarily.
• Chat Abuse - For anyone who leaves the chat function on, it's easy to creep up on other community members and harrass them through chat.

Iovation recently discovered a 150% increase in fraud attempts directed at dating websites and their customers. In 2011, Iovation found that 3.8% of transactions that took place over online dating sites were fake. That is a 150% increase from 2010, when the percentage was only at 1.4%. Things remained about the same in 2009, at 1.5%. In total, Iovation has halted 60 million fraud attempts on online dating sites.

Image courtesy of Shutterstock.

The Geeks Are Sexy post showed how users could find passwords that are saved to for websites that require a log-in in the "Manage Passwords Section" of the "Personal Stuff" tab under " Preferences" in Chrome. The passwords initially appear to be blocked out but can be revealed by clicking on the account and then clicking a "Show" button.

Lin said developers had debated some sort of added layer of password protection but ultimately decided that doing so may make users complacent when it comes to protecting their passwords.

"Now please, people, calm down. I only posted this to point out a 'possible' security problem to those who were not aware of it," Geeks Are Sexy reported at the time. "Now let's all take a deep breath and see this post for what it is: a simple warning."

Lin went one step better.

"If someone gets access to your device, it's going to be easy for them to gain access to your passwords....we tell our users if this concerns them they just have to select 'never save passwords' and they will never have to worry about it," said Lin who, for the record, doesn't let Chrome store her passwords and logins.

Google calls Good to Know its "biggest-ever consumer education campaign." It began with ad campaigns in the U.K. and Germany last fall. The ads highlight security tips like using Google's 2-step verification and checking websites for secure HTTPS connections. The campaign will now be extended to the U.S. with print and Web ads, as well as display ads in New York and Washington D.C. subway stations.

The campaign supports Google's existing resources, such as the Google Security Center, the Family Safety Center and Teach Parents Tech. By dedicating one chapter of the Good to Know website to Google's services, the rest of the document serves as a good general guide to using the whole Web responsibly.

These resources are available at google.com/goodtoknow

This prevents the user from having to type sensitive login credentials into a public machine, which could be compromised with keylogging software. The new QR code feature is an alternative to Google's 2-step verification. This generates a unique short code on your mobile, which you must input for each desktop login, using the presence of your phone as a form of identification.

Google's use of QR codes as a security feature is much more compelling than a Cheetos ad. Android users can use Google Goggles, and iOS users can use the free Google Search app. If you choose to use sesame to log in to your Google account, PC World has some great security tips.

If you're logging in on a computer using public Wi-Fi, it's safer to use the cellular data network on your phone, so packet sniffers can't catch the whole exchange. Also, make sure the site on the desktop uses a secure HTTPS connection from the real google.com domain, or else you're on the wrong site, and you shouldn't enter your account information.

Once again, the QR-based login is available at accounts.google.com/sesame.

The Twitter accounts of all three recording artists appear to have been hacked early Wednesday morning, according to MSNBC. The hacker or hackers posted messages supporting Republican presidential candidate Ron Paul.

"As you would all assume, We DO NOT support Ron Paul," Rise against said in a message to fans after the posts were discovered and removed.

All three artists are signed with Interscope records. Kelly Clarkson and Michelle Branch, who are on different labels, have unofficially thrown their support behind Paul, which may have tempted Paul-supporting hackers to go ne step further in portraying him as a rock star candidate.

We've reached out to Interscope and Paul's campaign staff for comment and will update when we hear back from them.

MSNBC said the first Tweet on No Doubt's twitter account read "Today We Officially Endorse Ron Paul 2012" and included a link to a site to make donations.

A follow up Tweet reading "If you actually read what Ron Paul is saying, you will discover that for the first time in your life a politician is not lying to you" was posted a short time later.

Photo credit Gage Skidmore.

Editor's note: This story is part of a series we call Redux, where we're re-publishing some of our best posts of 2011. As we look back at the year - and ahead to what next year holds - we think these are the stories that deserve a second glance. It's not just a best-of list, it's also a collection of posts that examine the fundamental issues that continue to shape the Web. We hope you enjoy reading them again and we look forward to bringing you more Web products and trends analysis in 2012. Happy holidays from Team ReadWriteWeb!

The study, by Dr. Sabina Datcu, a researcher at Bitdefender's Romanian research lab, put together two phony profiles of a 25-year old woman. In one profile, she was shown as an IT worker, while in the other she was specifically shown as an IT security worker. Over the course of many weeks, the phony profile gradually gained the trust of her 100 presumably real people with a series of online chats. Datcu noted what kinds of personal information her marks would disclose. It is a chilling result.

"The study revealed that no matter if working in the IT security industry or as a 'bad guy' (i.e. hacker), everyone can be vulnerable, and can disclose sensitive information to an unknown friend," she states in the paper.

For example, 81% of the IT security people gave their mother's maiden name, while 78% of the hackers divulged this information. Similar percentages show that both groups use the same password for multiple accounts. And even 7% of the hacker group provided their passwords! Almost all of the participants gave out information about their families.

"The results of this study suggest not only that people accept unknown people into their group based solely on a nice profile and on apparently having the same interests, but also that they are willing to reveal personal, sensitive information to such unknown people in an online conversation," she wrote in her paper.

No surprise that people develop this false sense of anonymity over social media and are willing to share too much information. But this study shows that you really do need to be careful about what you say online about yourself, and whom you befriend or at least engage in conversation.

Find His Porn is cynically exploiting the paranoid and freaked-out, violating privacy, jeopardizing security and taking people's money. It has been created under a total veil of secrecy. Oh, it's also "perfect for ✓ Boyfriends, ✓ Husbands and ✓ Kids" with the "goal of empowering women everywhere." With its marketing finely tuned, Find His Porn profits off of people's engrained norms, broken trust and technical ignorance.

How evil is Find His Porn? Let us count the ways.

"I told all my girlfriends about it!"

We'll start with the marketing. "We started Find His Porn with the goal of empowering women everywhere," says the About page. "With over 1 million adult websites being visited by males on average 15 minutes per day, it's naive to think he's not watching porn behind your back too." Hm. How is this empowering anyone? We asked them via info@findhisporn.com, their only public point of contact. We can't wait to see what they say.

"Technology has advanced to the point where traditional ways for women to keep track of their guys just don't work anymore." That is the attitude of Find His Porn. Heterosexual relationships have a "tradition" of spying and distrust, and you - the straight female customer - need this Web service to keep up with the times.

"As opposed to typical monitoring software..."

Not only does Find His Porn exploit people's relationship problems, it also takes advantage of their technical naïveté. "No downloads!" boasts the Learn More page. It just "scans your computer hard drive" with its "advanced algorithm," creating "a much deeper and more complete search then [sic] you could ever do by yourself."

"No downloads," of course, but it is only compatible with Windows computers with Java. If you're not sure "if have Java," as the FAQ page eloquently says, you can click a link to go download it. No downloads, though. ;^)

This is a one-time thing. You PayPal it some money, and it runs the scan on the computer you're using. You get a thorough rundown of the porn on the disk and in the Web history, and then it's gone. You have to pay to see it again. The site says Find His Porn does not store the results of the search.

We've reached out to our contacts at Sophos to see if they can help us get a detailed rundown of what this software really does. But Find His Porn doesn't want you to worry about all that. Just fork over the cash and let the thing go to work. It's so easy. There's a demo video on the Find His Porn homepage. Warning: It contains some explicit filenames, and it's exploitative and NSFW for a few seconds at the end.

Find His Porn is taking too much money, offering a dubious technical solution to an emotional problem. If you're having trouble in your relationship, this is not a solution. It's a scam.

Try Communicating Instead

We're not taking a position on the propriety or impropriety of porn, whether consumed in a relationship or not. However, if you're in a relationship and have concerns about your partner's viewing habits, we strongly recommend that you consider talking to your partner rather than overpaying for a one-time application to spy on your partner.

Aside from the obvious concerns about the safety and efficacy of the application, if you don't trust your partner to discuss this with you honestly, the relationship has larger issues than whether someone's looking at porn.

Now then. Let's lighten up a little, huh?

Whether they explicitly ask you to do it or not, chances are your parents' Web browser could use an upgrade. The Atlantic's Alexis Madrigal put out a humorous call to action asking that you do just that, with or without the consent of your parents. Lifehacker goes so far as to show how to trick them into thinking nothing's changed.

So, this Friday is Update Your Parents' Browser Day. As Madrigal points out, the more up-to-date everyone's Web browsers are, the easier life will be for people who design and code websites for a living. Sure, a few hundred people upgrading their parents' browser on Friday isn't going to put a noticeable dent in the current browser marketshare break-down. Yet if enough people got into the habit of performing this task, we could perhaps see older browsers phased out a little more quickly over time.

It goes without saying that the browser in most dire need of being phased out is Internet Explorer 6, the decade-old, hard-to-kill browser that now even Microsoft wishes wants to get rid of. If somebody in your family is still running IE6, do the world a favor and upgrade them to a newer version of IE or, if you can get away with it, install Chrome or Firefox.

It'll Be Faster, Mom

If your folks (or other relatives guilty of having outdated browsers) are hesitant, one way you can sell them is with a promise of increased browsing speed. Everybody seems to think their computer runs slower than it should. Chrome has an especially solid reputation for speed among the major browsers, so it's a good candidate to install. It has a different UI from IE and Firefox, but it's pretty intuitive and shouldn't be hard for newcomers to get used to.

Improve Security (and Reduce Those Year-Round IT Phone Calls)

One of the most compelling reasons for keeping any software up-to-date is of course security. This is especially true of browsers. If family members are running anything other than the latest stable release of a browser, update it. Again, if they'll let you, switch them to a browser with a better track record for security, such as Chrome. Just remember to carry over their bookmarks and browser settings.

The more you can keep malware and security threats at bay, the lighter your load will likely be the next time you come around and are asked to play Family IT Director.

Other HTTPS Google services include Docs and Google+, as well as SSL Web search. All these services are now forward secret when HTTPS is turned on. Initially, only Chrome and Firefox will use forward secrecy by default with Google services, because Internet Explorer doesn't support Google's combination of the RC4 authentication and ECDHE key exchange mechanisms. "We hope to support IE in the future," the security team says.

You can see whether your connection is secure by clicking the green padlock in your browser's address bar when on an HTTPS site.

Google's Progress on Security

Google made encrypted Web search available in 2010, but it did not anticipate that the secure domain would conflict with the Children's Internet Protection Act, which requires schools to monitor and block certain websites. Since secure search prevented schools from logging, filtering or blocking search results, schools were caught in the lurch. Google resolved the problem by giving secure search its own encrypted.google.com domain.

We asked and culled your responses from Facebook, Google+, Twitter, the original post and we used Storify to present it all back to you. If you have additional responses, please leave them in the comments.

The breach, which was confirmed by CNet today, affects the security of encrypted data accessed over HTTPS, in addition to raising privacy issues.

An initial attempt to fix the problem was unsuccessful, but MoboTap pushed out a second update pushed out today claims to have resolved the issue.

Dolphin had long been a popular browser among Android users when it launched on iOS earlier this year.

After the jump you'll find more of this week's top news stories on some of the key topics that are shaping the Web - Mobile, App Stores and Identity - plus highlights from some of our six channels. Read on for more.

4chan's Chris Poole: Facebook & Google Are Doing It Wrong

Chris Poole had already stressed the importance of anonymity earlier this year at SXSW, but since the release of Google Plus, which he says is even more worrying, he reiterated his assertion that allowing handles on the web is essential. The resulting discussion of the ramifications of forced real names, handles and identity as only based on the name on your ID card, was one of the most interesting I've seen in months. When you take the time to read through this story, don't forget to pour through the comments. There's real wisdom therein.

Where Is the iPhone Malware? Lookout Releases iOS Security App

Lookout, a popular Android security app, has released a version of their app for iOS. The app works differently on iOS than on Android, primarily in that it doesn't detect and remove malware. Dan explains the other differences, including the fact that the new app wasn't possible until iCloud was released.

Everything that Lookout does is in the cloud - almost nothing runs on the device itself.

ReadWriteWeb Meetups Around the World

Did you miss our Portland meetup? We're throwing a worldwide technology meetup on November 15 and you're invited! Right now we already have meetups planned in Tokyo, Seoul, Vladivostok, Russia, Amsterdam, New Zealand, St. Louis, MO, Washington, DC and more.

Reach out to our community manager if you have any questions or need some help with promotion.

More Top Posts:

• Teenagers Will, Like, Totally Abandon Facebook for Google+
• Be Careful Whom You Befriend on Social Networks
• Infographic: A History of Facebook Failures
• Gmail to Unveil New Interface to Help Fight Information Overload
• Meet the New APIs Behind Android Ice Cream Sandwich
• Why You Can't Downgrade iOS
• Mary Meeker's 2011 Web 2.0 Summit Presentation
• How Mobile Payments Will Evolve In the Next Several Years

ReadWriteWeb Channels

Enterprise

• Infographic: A History of Facebook Failures
• Infographic: Why Content is King for SEO
• Be Careful Whom You Befriend on Social Networks

Cloud

Follow ReadWriteCloud on Twitter and join the ReadWriteCloud LinkedIn Group.

• Diaspora Becomes PayPal's Latest Victim
• Cassandra Reaches 1.0: What's Next?
• Is Simplicity the Secret of Amazon Web Services Success?

Hack

Follow ReadWriteHack on Twitter.

• Chrome Gets Text-to-Speech APIs
• Will BlackBerry BBX Matter?
• Red Hat Green-lights a Behavior Modeling Platform for JBoss

Mobile

• Where Is the iPhone Malware? Lookout Releases iOS Security App
• Meet the New APIs Behind Android Ice Cream Sandwich
• Why You Can't Downgrade iOS

Start

• Want $50k in Seed Funding? Apply now.
• Why Can't Filing a Patent Be As Easy As Buying a Book?

ReadWriteWeb Community

You can find ReadWriteWeb in many places on the web, a few of which are below.

• ReadWriteWeb on Facebook
• ReadWriteWeb on Twitter
• ReadWriteWeb on LinkedIn

Subscribe to the ReadWriteWeb Weekly Wrap-up

Want to have this wrap up delivered to you automagically? You can subscribe to the Weekly Wrap-up by RSS or by email.

Some owners of Android-powered smartphones in Russia were surprised recently when they tried to download an ICQ chat app by scanning a 2D barcode. What they got instead was an unusually large phone bill after their phone sent a series of SMS messages to a premium texting service, which charges a few dollars per text.

A Real Threat to Smartphone Security?

It's kind of surprising that this problem didn't arise earlier. Since QR codes can point to and open any URL, it wouldn't be at all difficult to set one up that points to a page that loads some kind of malware and even installs something nefarious on the phone.

At the same time, the incentive for hackers to do this probably hasn't existed until recently. QR codes are still far from being mainstream technology, but they are being recognized and used by more consumers, as smartphone adoption continues to grow.

This type of exploit is probably easier to execute on handsets powered by Android, whose "open" nature (we know, it's debatable) has the downside of allowing more security holes than its chief competitor, iOS. iPhone users sometimes have trouble opening seemingly common file types, let alone an unauthorized, executable file that could do real damage.

The rise of this type of security threat is pretty much to be expected as any technology grows in popularity. Look at social networks. Yesterday, as news of the death of Libyan dictator Muammar Gaddafi spread throughout Twitter and Facebook, so too did malware disguised as photos or videos of the ousted leader's final moments.

Just as with social media and email, the first line of defense in smartphone security lies with the user, who needs to be discerning and cautious, whether they're clicking links or snapping photos of a barcode.

If you're like me, that unthinkable list includes things like your personal email, work email, Mint.com account, Google Docs, and all of the data you have stored in Evernote and Dropbox. If they were feeling particularly mischievous, they could post embarrassing updates to Facebook and Twitter under my name and avatar, and even publish something wildly inappropriate on ReadWriteWeb.

More than half of consumers do not lock their smartphones, the survey found. Of those, 44% said it was "too cumbersome" to bother with. Thirty percent say they're not concerned about the security risk. All of this is despite the fact that about half of them use their smartphones for banking or some other financial purpose.

This has risky implications not just for individuals and their private data, but for the companies those people work for. As smartphones become more popular among consumers, people are increasingly using them to access work email and networks, even in cases when the device is not company-owned or administered by the corporate IT department.

Mobile security will only get more important moving forward, as the line between our work and personal lives continues to blur and as the eventual mainstream adoption of NFC turns our phones into a substitute for our wallets, our keys and much else. If you think the idea of losing your phone is nightmarish now, just wait a few years.

Wikipedia has made several steps away from the growing trend of encouraging users to share their data with one another, in some cases explicitly contrasting the giant encyclopedia's policies and ethos with Facebook's.

Facebook itself began offering HTTPS as an optional setting in January. Twitter did the same in March.

There are down sides to using HTTPS connections, however. Some third party apps that you do want to allow access to your browsing data, the fabulous Apture for example, are unable to access and thus provide services on top of data on HTTPS pages.

Many people will welcome the change none the less.