10 dangerous things users still do online

Users show lack of discipline by persisting in unsafe Web habits despite knowing risks involved, say security experts, who highlight the most common online mistakes.
Written by Ellyne Phneah, Contributor

Despite knowing better, users still engage in dangerous behavior while on the Internet, IT security experts said.

A recent Symantec survey of 301 users revealed that people still disregarded online risks despite being aware of them. For instance, 80 percent of respondents recognized that the padlock icon represented Secure Sockets Layer (SSL) encryption, but only 55 percent indicated they would abort a transaction when the icon is missing.

Even though consumers understood security and the consequences of not being careful in their online activities, the key is discipline or enforcement of their security know-how, Myla Pilao, director of core technology marketing at Trend Micro's TrendLabs told ZDNet Asia in an interview.

Most users, she pointed out, still choose convenience over security. "Even though security gives them peace of mind, they view security as a barrier to [exercising] their habits."

Here are the 10 most common mistakes consumers still make online, according to security experts ZDNet Asia spoke to.

1. Sharing too much information
Most users, particularly younger ones, provide their personal details, emotional sensitivities, location and other intimate information "readily and jubilantly", observed John Ong.

These details could be easily exploited by online stalkers and fraudsters, the regional director for South Asia at Check Point Software Technologies said in an e-mail.

David Hall, regional consumer product market manager at Symantec Asia-Pacific, added that location-based applications or features allow users to broadcast their current location which provide ways for people to "track your favourite hangouts, know where you live and can give a good idea of your weekly schedule."

Last year, a woman's house was burglarized by her Facebook friend after she posted on her Facebook status that she was heading out, Trend Micro's Pilao told ZDNet Asia.

"We can’t stress enough how important it is to make sure that a social networking account is kept private and to be sure to only accept people that you know well," Hall advised. "Letting just anyone view your personal information and photos, or allowing strangers into your network increases the risk of being targeted online."

2. Trusting company Web sites to protect your information
Alvin Ow, technology consulting director of RSA Asia-Pacific and Japan, pointed out in an e-mail that one of the most common assumptions consumers make is that their data is secured by the company handling the information.

Consumers, however, need to protect their information as they are the ultimate owners of the data, he urged.

Pilao added that most consumers have the perception that they are safe on reputable Web sites but "no Web site is safe from attacks".

"Consumers leave security to the organizations but they [are] a part of the chain," Pilao pointed out. "You cannot outsource security."

3. Assuming Web links are safe to click on
Citing the Symantec Internet Security Threat Report Volume 16, Hall noted that cybercriminals used social networks to post shortened links to malicious Web sites so that the true destination was hidden from users.

The report further observed that 73 percent of users clicked on these malicious links in news feeds.

In addition, many consumers shopped at popular online destinations thinking they are safe but cybercriminals saw an advantage in exploiting this trust and targeted high traffic shopping sites, he said.

When users click on such links, they will be directed to malicious Web sites where their information is used without their knowledge or they unintentionally download viruses into their systems.

Hall said: "Always maintain a level of caution around any messages from within a Web site or that appears to be sent by a Web site."

4. Not educating themselves enough
According to Check Point's Ong, Singaporeans in particular tend to be trusting due to the safe, physical environment they grew up in, but this mindset is unsuitable on the Web where fraudsters and dangerous criminals may lurk.

RSA's Ow advised that education was key as that would give consumers the tools and ideas to "maintain safety and security" online.

"Users should also look to keep themselves up-to-date on cybersecurity news and developments, whilst ensuring their [security] software is up to date," he said. "This will ensure that they're aware of all threats and the latest methods being harnessed by online fraudsters."

5. Not updating antivirus and malware protection
Pilao observed that many consumers in the Asia-Pacific region were early adapters of new software, technology or social media and often "bypass security", choosing the easy way to "navigate technology".

Users must not neglect security, she advised, adding that regular antivirus and malware protection scans should be run.

Hall added that updates were also beneficial when it comes to online shopping. "Having a comprehensive, legitimate and up-to-date security solution not only removes the uncertainty associated with online transactions, they make online shopping safer."

6. Thinking that malware is seasonal
Pilao also reminded that "malware works 24/7 globally", although they may be more prevalent during holidays and special occasions.

For example, those currently purchasing their tickets online for the 2012 Olympics in London may think hackers would only attack nearer to the Olympic event. However, that perception was wrong, she pointed out.

"Every second [there] is a threat online," she said, citing the Trend Micro "Threat Predictions for 2011" report which found cybercriminals release 3.5 new threats every second.

7. Engaging in piracy
Users in the Southeast Asian region continue to engage in illegitimate content consumption as people still prefer "going for the fast and cheap, and are not conscious of the security risks", Pilao noted.

According to her, all file-sharing sites have security weaknesses," she said. "When you download a pirated movie or software, you are downloading everything that comes along with it, even viruses and malware."

A way for file sharers to protect themselves is to scan the file for malware after downloading it, she added.

8. Same password for multiple sites
Ow named using one password to access multiple social media, e-mail and online transaction sites as well as to access personal data online, as a common mistake made by users worldwide.

Having different passwords for different accounts is important because if one account is compromised, the others would not be, he explained.

"Having a different password for each account reduces the probability of your online presence being compromised whilst ensuring your personal information and data [are safe] online," said Ow.

9. Not bailing out of unsafe Web sites during transactions
The Symantec survey "People Know Online Risks But Often Ignore Them" also found that only 75 percent of respondents abandoned online transactions because they felt the Web site was not secure.

Hall noted that consumers should be on their guard if a site appears poorly built or programmed, or did not provide verifiable security information.

"If you feel that the Web site won't allow for your details to be protected, it's best for you to refrain from saving personal information on it," RSA's Ow added.

10. No sense of urgency

The Symantec survey also illustrated that only 17 percent were somewhat concerned when it comes to keeping confidential data safe when shopping or banking online, while 5 percent of respondents had no idea what phishing attacks were.

Trend Micro's Pilao said most malware worked quietly or on "stealth mode" and most data breaches exposed in the last several months were a result of malware planted many months ago.

Pointing out that users "must have a sense of urgency", Pilao cautioned that they have to raise their level of awareness and protection and not wait until they suffer a cybercrime attack.

Editorial standards