Avoid these seven online blunders These common mistakes can ruin your computer or invite identity theft
Illustrations by David Flaherty
is protecting you
Security software is fully effective only when activated and frequently updated. (Most products can update automatically.) To update most commercial software products, you must pay an annual fee. Last fall, the National Cyber Security Alliance and the software maker McAfee found that nearly half the users polled who thought their software was protecting them hadn't updated it regularly. Software bundled with a new computer requires special attention because its subscription may expire within weeks.
What you can do: Renew the subscription when the software prompts you. Make sure your security software is active when youíre online and that it has been updated within the past week or so. (Most products will display that information.) If it wasnít updated recently, verify that its automatic updating feature is enabled. If it isnít, thatĎs the problem; enable it, then update manually. If you canít, your subscription has probably expired. Renew it or call the software maker. If you can update only manually, automatic updating might not be working. Call the software companyís support line for help. (For help in choosing security software, see our latest security suite report and Ratings of security software, available to subscribers.)
No matter how official an e-mail message looks, trying to access a financial account by clicking on embedded Web links is risky. If the e-mail message is fraudulent, a cybercriminal could use the account number and password you enter to steal your identity or empty your bank account.
What you can do: If an e-mail message asks you to update your password, account number, or other information, donít take the bait. Access an online account only by using your existing browser bookmark or typing in the institutionís Web address. If you suspect that an e-mail is a phishing attempt, forward it to email@example.com and firstname.lastname@example.org.
What you can do: Using different passwords need not be burdensome. Do what 15 percent of the respondents to our survey do: Use variations on one password. A well-crafted password uses a combination of at least eight letters, numbers, or punctuation symbols. For convenience, you can use a fingerprint reader to store passwords for sites you go to often. For more on secure passwords, go to How to tame the password tangle.
What you can do: Download freeware only from reputable sites such as SnapFiles.com and Download.com. Tell your kids that free software is often anything but. Eliminate most spyware by downloading the free Microsoft Windows Defender and scanning your PC. If you use Windows Vista, there should already be a copy of Defender on your computer.
According to this yearís State of the Net survey, Mac users fall prey to phishing scams at about the same rate as Windows users, yet far fewer of them protect themselves with an anti-phishing toolbar. To make matters worse, the browser of choice for most Mac users, Appleís Safari, has no phishing protection. We think it should.
What you can do: Until Apple beefs up Safari, use a browser with phishing protection, such as the latest version of Firefox (shown at right) or Opera. Also try a free anti-phishing toolbar such as McAfee Site Advisor or FirePhish.
Fifteen percent of respondents to our survey who saw pop-up ads clicked on them. But thatís never a good idea. Even if you know such pop-ups are phonies, theyíre still dangerous. Itís easy to click inside the ad by mistake and be transferred to a spyware site or, worse, have malware automatically downloaded onto your computer. Our survey showed that 13 percent of respondents who saw such a pop-up tried to close it but launched it instead; 3 percent clicked on a pop-up and got a malware infection.
What you can do: When closing a pop-up (shown at left), carefully click on the X on the upper left or right corner, not within the window. To avoid pop-ups altogether, enable your browserís pop-up blocker or use a free add-on blocker such as Google Toolbar.
Online shopping requires special precautions because the risks are different than in a walk-in store: You canít always be sure who youíre doing business with. You must disclose more personal information, such as your address, to the online retailer. Thieves can sneak in undetected between you and the retail site.
What you can do: Use a separate credit card just for your Internet shopping, as did 7 percent of respondents to our survey. Donít use a debit card. Sites that display "https" before their address when youíre entering sensitive information and those displaying certification symbols from TRUSTe and other organizations are usually safe, but there are no guarantees. When in doubt, get a virtual account number from your credit-card company. Itís good for only one purchase from a specific vendor.
Consumer Reports has no relationship with any sponsor or advertiser of CTV.
Copyright © 2004-2008 Consumers Union of U.S., Inc.