Be a lot less friendly. Make your privacy settings high, so only friends can see what you post, and then cull “friends” list of anyone you don't know well (or at all).

 That can prevent direct access to your life, but it's not a bulletproof shield.

"That protects you from the world, but not from the weaknesses of your friends," Green said. In other words, anyone who successfully hacks a friend's account could get a good look around in yours.

Just savor that for a minute. You're only as secure as your least-secure friend on Facebook. The aunt who keeps sharing hoaxes and urban legends, thinking they're real? The buddy who doesn't even know Facebook has privacy settings? Yeah. Your security is in their hands. Great.

Click less -- a lot less. OK, maybe you know better than to click on the link that purports to be a friend saying, "I just saw you in this video LOL."

Any link or photo or video you click on can load malware onto your computer. Common types of malware include keyloggers that record everything you type, including user IDs and passwords, and programs that enslave your computer so you can inadvertently help spam or defraud somebody else.

Even the experts get fooled. Green got an email about an eBay purchase he hadn't made; the second he clicked on the link he realized his mistake. "Damn it, they got me," he said.

Green spent the next few hours wiping his hard drive, reinstalling his operating system and restoring his files from backup. Which brings us to the last bit of expert advice:

Be vigilant. That means doing all of the following, regularly:

  • Installing, updating and running anti-virus software.
  • Backing up your computers.
  • Checking your credit reports.
  • Monitoring your bank accounts.

None of these steps will necessarily prevent incursions but they should allow you to discover problems more quickly.

Have a cleanup plan. If your Facebook account is compromised or you otherwise become a victim of identity theft, your very first move should be to change your email password, Levin said.

That's because you'll be changing other passwords, and the confirmations will come to your email address, Levin said. If the criminal accessed your email account as well as your Facebook or financial accounts, he or she will be able to watch all the changes and then undo them.

If the identity breach is widespread, you may want help counteracting it. Your employer, insurer or bank may offer "identity theft resolution services" as a free perk, said Levin, whose Identity Theft 911 provides recovery services to about half the property and casualty insurers in the country as well as to employer assistance programs and financial institutions.

A good site to bookmark is The Identity Theft Resource Center, which has tons of information on recovering from this crime.


Think twice about everything you post. Privacy policies are constantly evolving. What a site assures you is private could become public. So the best policy is not to post anything you wouldn't share in public, since that's what you may be doing.

"Remember the fact that (Facebook founder Mark) Zuckerberg said the era of privacy is over," Levin said. "Everything you do you have to evaluate against that statement. . . . You should be limiting the information you provide in a public forum."

Liz Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy" (find it on Bing). Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. Join the conversation and send in your financial questions on Liz Weston's Facebook fan page.

More from Liz Weston:

Click here to become a fan of MSN Money on Facebook