Defend Your Data: 5 Online Security Don'ts

If any of those questions raise a red flag for you, don't click the link. And, if you want to verify the message, try contacting your friend directly about the offer.

Don't Ignore Updates

You may not realize it, but keeping your software up-to-date isn't just a question of adding new features to your programs; it can also be a critical part of protecting yourself online.

[See also: What Financial Records to Keep, What to Toss]

"Cybercriminals can get in through holes in unpatched computers," says Marian Merritt, a Los Angeles-based author of "Family Online Safety Guide," written for Symantec, the makers of Norton AntiVirus.

But updating software doesn't just mean making sure you have the latest version of your chosen anti-virus program, Merritt says.

"You also have to keep your computer's operating system and the programs that run on your computer up-to-date," Merritt says. "Don't ignore prompts to update your operating system or applications with critical security fixes."

But when you do update, you need to be careful. If you use a Microsoft operating system, you can safely update through Windows or Microsoft Update, which is a program that comes preinstalled on your computer. Macs have a similar updating program that prompts users when it's time to make an update. For other software programs, experts say it's a good idea to update through the company's website to ensure safety.

Don't Forget to Eye the URL

When you visit a new website, you should always take a moment to scan the site's Uniform Resource Locator, or URL, which is displayed in a bar at the top of your Internet browser. That URL is the address of the website, and online security experts have been warning consumers for years to look out for typos or other irregularities to make sure they really are connecting to a legitimate website and not just a clever imposter.

Most URLs will begin with the familiar "http" before the site's address. News, entertainment and other general interest websites all use this format for their URLs.

But these days, if money is about to change hands or you're asked to share sensitive information such as your Social Security number, it's a good idea to look for a URL with an extra letter, says Andrea Eldridge, CEO and co-founder of Nerds On Call, a computer and electronics repair service based in Redding, Calif.

[See also: The Best Video Games of 2011]

"Make sure that anytime that you are putting in sensitive information that the Web address starts with 'https' instead of 'http,'" Eldridge says. "That little 's' stands for secure, so the website has to have additional security precautions on the page keeping you safer and a whole lot less likely to have your information stolen."

Don't Assume Mobile Apps Are Safe

For sheer convenience, it's hard to beat the allure of banking with your smartphone. But before you download an app that promises to turn your phone into a wallet, it's a good idea to ask yourself if you're trading convenience for security.

"Smartphone users who want to use mobile banking should only use apps from their financial institution," says Eldridge, who warns third-party apps may not have the same privacy protections as apps offered by your bank.

But Albert Thiel, president of Your Data Center Incorporated, a website hosting and network security company based on Long Island, N.Y., says consumers shouldn't be too quick to adopt mobile banking until there's better security across the board for mobile apps.

"Don't ever use a cellphone to connect to your bank," Thiel says. "(Many of) those apps you have loaded continue to run, even when you exit them," which may put users at risk for having keystrokes and touch screen selections intercepted.

According to Thiel, security on mobile devices will get better as anti-virus and anti-spyware packages evolve, but for now, he cautions, "Just don't do it."

Don't Click on Shortened URLs

If you use Twitter, you're probably familiar with so-called shortened URLs, which are a method for streamlining a link so it can fit in Twitter's 140-character limit. While shortened URLs are handy for sharing information via Twitter, they're also dangerous, according to Gary Bahadur, CEO of Miami-based KRAA Security and author of "Securing the Clicks: Network Security in the Age of Social Media."

Even if you know the person who has posted the link, it's a good idea to proceed with caution. When you see a shortened link "you do not know what the actual Web address is until you click," Bahadur says.

According to Bahadur, scammers often use shortened URLs to lead victims to a malicious software, or "malware," website.

Thankfully, you don't have to skip the links your friends share. But you should take the extra step of expanding the link to see the full address before clicking on it, Bahadur says. But that's not as simple as a mouse click.

Many of the services that provide shortened URLs have stepped up their efforts to guard against scammers, but it's also a good idea to have a tool that allows you to safely open the shortened URL, Bahadur says. TinyURL.com can help, but there are others.

More from Bankrate: