Seven Stupid Online Security Mistakes You're Probably Making

Sent to you by Vachak via Google Reader: 

via Consumerist by Meg Marco on 10/3/08


A new study National Cyber Security Alliance says that you're probably making one of these 7 stupid mistakes when it comes to your own online security. The study shows that when Symantec, polled 3,000 online users and scanned the computers of 400 of them, 81 percent of respondents said they were using a firewall, but only 42 percent indeed had a firewall installed on their computer. Whoops.

Consumer Reports posted a list of 7 common online security mistakes that you might be making — and assuming you were protected was #1. Now, we know our readers aren't making these mistakes because they are so responsible and awesome, but maybe you have a family member who keeps sending money to Nigeria and wondering why Bank of America keeps emailing when they don't have an account. Maybe you could send this their way?

7. Shopping online like you do in stores. Avoid using a debit card and always look for the "https" in the website's address. You can get a virtual account number from your credit-card company. It’s good for only one purchase from a specific vendor.

6. Clicking on a pop-up that tells you your PC is secure. CR's survey showed "that 13 percent of respondents who saw such a pop-up tried to close it but launched it instead; 3 percent clicked on a pop-up and got a malware infection." Block pop-ups and/or be very careful to click the X, not the ad.

5. Thinking your Mac protects you from everything. Mac users fall prey to phishing scams at about the same rate as Windows users, says CR.

4. Downloading Free Software. "Fish-tank screen savers and smiley faces" are the enemy of everything good in the world. Download software from reputable sites (, and check out our sister site Lifehacker to see if they have any recommendations.

3. Using one password for everything.
Dumb! Here's some advice for creating and managing good passwords.

2. Accessing your account through email links. Don't do this. Don't. Please stop. Stop! CR says: No matter how official an e-mail message looks, trying to access a financial account by clicking on embedded Web links is risky. If the e-mail message is fraudulent, a cybercriminal could use the account number and password you enter to steal your identity or empty your bank account.

1. Assuming your security software is working. CR says: "Renew the subscription when the software prompts you. Make sure your security software is active when you’re online and that it has been updated within the past week or so."

No comments: