Facebook, LinkedIn, MySpace and Twitter users are more vulnerable to financial loss, identity theft and malware infection than they realise, a survey has revealed.
Three in 10 people admitted they had been attacked by cybercriminals through social networking sites in the past year.
These attacks include identity theft, malware infection, unauthorised password changes and friend-in-distress scams.
Yet, two-thirds of respondents said they did not restrict any details of their personal profile from being visible to search engines.
Some 80% allow at least part of their profile to be accessed by search engines and more than half are not sure who can see their profile.
Criminals typically use personal information to guess passwords and access accounts, warned Mike Kronenberg, chief technology officer at Webroot's consumer division.
"A third of those polled said they include at least three pieces of personally identifiable information in their profiles," he said.
Once criminals are able to access accounts they hijack them to send legitimate looking messages containing malware to other members of the social network.
More than a third of respondents said they use the same password across multiple sites, which means if one account is compromised, all others are vulnerable.
This risk is higher among users under 30, where 51% said they used the same password for all online accounts.
Social networkers should use privacy setting to restrict access to personal information, restrict personal information in profiles and use different passwords, said Kronenberg.
"Malware authors are continually writing new programs to avoid detection, so even if users have anti-malware installed, they should remain vigilant," he said.