Webroot Releases Annual Holiday Cybersecurity Survey


Shoppers plan to buy more gifts online this year; some online habits hold steady while others worsen

Bracknell, UK – November 17, 2010 – Webroot, the first Internet security service company, today released the results of a survey exploring consumers’ online shopping habits leading up to the holidays.

In a survey of more than 2,660 individuals in the United Kingdom, United States and Australia, more than half (55 per cent) of respondents say they plan to buy at least half of their gifts online this Christmas, up from 38 per cent of shoppers last year. The survey also found that some of consumers’ online habits – including using search engines and public WiFi for online gift-buying – may put them at risk.

Among the key findings:

•Roughly the same number of shoppers plan to use search engines rather than going directly to a trusted site: 48 per cent of online shoppers frequently if not always use search engines to find gifts online, compared to 52 per cent in 2009

•Trust in top search results, a target for malicious links, has grown: 59 per cent of respondents who find gifts via search engines trust the first few pages of results, compared to 38 per cent in 2009

•Use of risky public WiFi has increased slightly: 18 per cent are likely to use a public wireless access point to shop online for gifts, compared to 12 per cent in 2009

Top 5 Tips for Staying Safe this Season
“This holiday season, we want to make it easy for people to buy gifts online safely,” said Jeff Horne, threat research director at Webroot. “Through our survey, we learned that one in seven respondents has already become a victim of credit, debit, or PayPal account fraud this year. In addition, 57 percent received phishing emails from bogus sources claiming to be a legitimate company – something we see rise around Black Friday and Cyber Monday. To end the year on a safe note, we urge all online shoppers to adopt some best practices before breaking out their holiday gift lists.”

Horne recommends the following actions:

1.Go straight to the site: Type a store’s Web address directly into your browser instead of using a search engine to retrieve it. Cybercriminals plant malicious links that look like popular sites within the first few pages of search results. Unless you’re using a security service that scans and classifies these sites as safe or unsafe for you, don’t trust them.

2.Be strict about passwords: Use a different password for each site on which you have an account; do not allow your browser to store passwords for you; and use a password manager instead of writing down passwords or storing them in a Word document in order to remember them.

3.Look for the “signs of security”: On sites where you’re making a financial transaction, look for “https” in the address bar and a padlock icon in the browser Status Bar. On sites where the retailer uses extended SSL validation, look for the address bar to turn green on secured pages.

4.Keep Paypal your pal: If you use Paypal, check the accounts that Paypal debits from frequently to quickly detect fraud. When using plastic, shop with a credit card instead of a debit card so you can stop payments immediately if you suspect fraud.

5.Watch for seasonal scams: Be wary of spam emails claiming to be shipping confirmation or undeliverable package alerts that require you to open an attachment. Delete any message that claims to contain tracking information, but which lacks a tracking number in either the subject or body of the message. The safest way to track a package is through the shipper’s Web site, or the online store where you made the purchase.

Additional Survey Findings:

Password Practices:

•Only 37 per cent of respondents use unique passwords for each password-protected site where they shop

•More than a quarter (26 per cent) of respondents reported someone else sent friends a message in their name using their social network, IM, or email account (implying a compromised password)

•On a positive note, 72 per cent use complex passwords, (mix of letters, numbers and symbols)

•62 per cent also do not save their passwords in the browser

Secure Site Sensibility:

•52 per cent of respondents do not check for an https connection before making purchases

•And 50 per cent do not check for the padlock in the browser’s Status Bar before making purchases

•When shopping online, more than half (52 per cent) only purchase from sites with some form of trust certification, such as those issued by BBB or VeriSign

WiFi Weaknesses:

•18 per cent of respondents are likely to use a public wireless access point to shop online for gifts

•23 per cent feel completely safe shopping over a free public wireless connection

Regional Differences:

•A higher share of UK holiday shoppers prefer buying gifts online: 64 per cent versus 51 per cent in the US and 34 per cent in Australia

•UK respondents were also more likely to use complex passwords: 77 per cent versus 71 per cent in the US and 63 per cent in Australia

•US respondents make it a rule more often only to use credit cards for online shopping: 54 per cent versus 48 per cent in the UK and 39 per cent in Australia

For information about antispyware and antivirus products to help secure holiday online shoppers, please visit http://www.webroot.com/.