Webroot says online shopping security habits getting worse

In its latest annual online shopping security survey, Webroot claims that many shoppers plan to buy more gifts online this year, but whilst some online habits hold steady, others are worsening.

The survey of more than 2600 people in the UK, the US and Australia revealed that 55% say they plan to buy at least half of their gifts online this Christmas, up from 38% last year.

The survey also found that some of consumers’ online habits – including using search engines and public WiFi for online gift buying – may put them at risk.

Researchers discovered that roughly the same number of shoppers plan to use search engines rather than going directly to a trusted site: 48% of online shoppers frequently if not always use search engines to find gifts online, compared to 52% in 2009.

Trust in top search results, a target for malicious links, meanwhile, has grown: 59% of respondents who find gifts via search engines trust the first few pages of results, compared to 38% in 2009.

In addition, Webroot's researchers found that the use of risky public WiFi has increased slightly: 18% are likely to use a public wireless access point to shop online for gifts, compared to 12% in 2009.

Jeff Horne, the IT security vendor's threat research director, said that the survey reveals that one in seven respondents has already become a victim of credit, debit, or PayPal account fraud this year.

"In addition, 57% received phishing emails from bogus sources claiming to be a legitimate company – something we see rise around Black Friday and Cyber Monday", he said.

"To end the year on a safe note, we urge all online shoppers to adopt some best practices before breaking out their holiday gift lists", he added.

In response to these findings, Horne makes the following recommendations for online shoppers:

Go straight to the site: Type a store's web address directly into your browser instead of using a search engine to retrieve it. Cybercriminals plant malicious links that look like popular sites within the first few pages of search results. Unless you are using a security service that scans and classifies these sites as safe or unsafe for you, do not trust them.

Be strict about passwords: Use a different password for each site on which you have an account; do not allow your browser to store passwords for you; and use a password manager instead of writing down passwords or storing them in a Word document in order to remember them.

Look for the "signs of security": On sites where you are making a financial transaction, look for https in the address bar and a padlock icon in the browser Status Bar. On sites where the retailer uses extended SSL validation, look for the address bar to turn green on secured pages.

Keep Paypal your pal: If you use Paypal, check the accounts that Paypal debits from frequently to quickly detect fraud. When using plastic, shop with a credit card instead of a debit card so you can stop payments immediately if you suspect fraud.

Watch for seasonal scams: Be wary of spam emails claiming to be shipping confirmation or undeliverable package alerts that require you to open an attachment. Delete any message that claims to contain tracking information, but which lacks a tracking number in either the subject or body of the message. The safest way to track a package is through the shipper's Web site, or the online store where you made the purchase.

On a more positive note, 72% of respondents to the survey were found to use complex passwords, defined as mix of letters, numbers and symbols, and 62% said they also do not save their passwords in the browser.

What’s hot on Infosecurity Magazine?