MIAMI (CBS4) - It was a typical day on Twitter when Amy McGraw received a message from a friend.
"The message was, 'You've got to check out this pic I've found of the two of us,' with a link," said McGraw.
Amy clicked the link and it brought her to a Login page. She entered her password without thinking twice.
"Within minutes, that same direct message was sent to my entire address book."
Amy had been reeled in by a phishing scam, one of several targeting sites such as Facebook, MySpace and Twitter.
The Internet security group Symantec says millions of people and their private information are being compromised. Symantec has a warning: Keep your eyes peeled, because hackers are using the holiday season as a way to grab your attention.
"They're trying to lure you into clicking on that link and opening up something, so that your machine could be compromised or tricked into paying money, or tricked into buying some software," explained John Harrison of Symantec.
Even the savviest social media users are being fooled. That's because these scams look like they're coming from friends and family.
One of the latest out there is "Like" Jacking, also known as "Click Jacking."
"Have you ever seen one of those posts from your friend, and you go why did Joe post that? Joe could have been looking at football scores, or clicked on a link to watch a video, but behind the scenes what's happening is there's an invisible "like" button," Harrison explained.
Clicking that invisible button will update your status with spam, or even change your privacy settings.
Another popular scan that can spread like wildfire is the questionnaire or survey.
"They'll ask your name, your address, your phone number. They're then brokering that information and selling it to people," said Harrison.
Symantec also warns to be wary of shortened U-R-L'S. That's because the full website address is hidden.
"You may actually be taken to a site that silently infects your computer with malware," Harrison cautioned.
And Social Media Apps are all the rage, but some scammers are creating their own, "Rogue" versions. They may look legit, but you're actually giving hackers access to your account, Symantec's Harrison warns. "Look at the reviews, find out whether these are real applications before you install things, and watch the types of things that it's asking for."
Other ways to prevent an attack include making sure you have up-to-date security software and using a different, complex password for each social media account. Most importantly, think before you click.
"Be careful about links in e-mails or via message, especially if it may be out of someone's normal nature to share something like that," said Harrison
In the end, Amy changed her Twitter password and took back control of her account. She hopes others will learn from her mistake.
"I was distracted, and that's all it took was just one moment of distraction for me to get hacked," said McGraw.
Symantec says changing your password is usually enough to get rid of the bad guys. Then you should run your security software to make sure your computer isn't infected.
for more features.