Interviews Reveal What People Know, and Don’t Know, About How to Protect Themselves Online
Mountain View, California — Nov. 17, 2010 — Kindsight, developer of online ID theft protection services, took to the streets to see what consumers really knew about keeping themselves safe while surfing the web. Even with the U.S. Department of Homeland Security’s recent National Cybersecurity Awareness Month and recent widespread virus scares, it appears that many consumers still are not entirely sure of what type of activities to avoid, and what they can do to protect their identities online. Kindsight spoke with people in San Francisco’s bustling Union Square recently, and five key misconceptions about cybersecurity emerged:
Misconception #1 I’m safe because I never shop online
“When I enter my credit card information online, it’s a little bit scary because I know people can hack in and get that information,” said one respondent. Watch the Security Misconception 1 video.
Reality: While some people understood the risk, many surprisingly did not and focused only on the risks associated with online shopping. Every time you go online you are potentially placing your identity at risk because hackers can use many different attacks to takeover your computer and steal your personal information. In addition, most consumers are sharing more information online, which greatly magnifies the risks of online attacks—especially as attackers are becoming more savvy and aggressive.
Misconception #2 I’m safe because I have anti-virus protection
“Get the best anti-virus protection,” was the advice of one respondent when asked how to protect their identity online. Watch the Security Misconception 2 video.
Reality: The fact is that antivirus protection is not enough. You lock the doors and windows on your house to stop a burglar, but the lock can be picked or you may forget to lock a window. That’s why many have a burglar alarm to monitor their home and alert the authorities if someone breaks in. While having anti-virus protection is essential, you need an extra layer of protection—one that monitors your home network and alerts you of threats before the theft occurs.
Misconception #3 I’m safe because the website is secure
“Be aware of your surroundings… If you’re not familiar with a site, research it,” said one participant. Another one told us they “make sure they every website that I’m entering my information into is secure.” Watch the Security Misconception 3 video.
Reality: Ensuring the website is secure (https) is important but many websites only secure the login process leaving the rest of the session open for hackers to steal information; Firesheep is a perfect example of this hack. Consumers need to ensure the entire session is encrypted if they are using a public network. Criminals can also install keyloggers on computers and capture every keystroke—even on secure sites. End-users need to deploy an additional layer of protection that looks for the communication between the keylogger and its command site and alerts consumers if their identity is at risk.
Misconception #4 I’m safe because it’s easy to recognize fake sites
“Social networking websites…. I’d like to think not so many banks because that’s terrifying,” said one participant when asked about the type of fake websites hackers create. Watch the Security Misconception 4 video.
Reality: Banking sites account for nearly two-thirds of fake sites with online shops totaling a quarter of all sites. eBay and Western Union top the list of brands targeted with Visa, Amazon, Bank of America, PayPal and the IRS in the top 10. Hackers have become exceptionally smart and have purchased commonly misspelled URLs and have also been able to duplicate symbols that typically signify a “safe” site. With more than 57,000 new fake sites created each week, consumers need to be careful of all websites they visit as hackers work hard to make them look real; placing a legitimate site is no longer an easy process.
Misconception #5 Facebook is safe enough; no need to worry
“I personally don’t…other people do,” said one respondent when asked if they were worried about security on Facebook. Watch the Security Misconception 5 video.
Reality: Those individuals interviewed that used Facebook didn’t seem to worry about their security. What consumers don’t realize is how many times Facebook and other popular social networking sites have been used as a platform to launch malicious attacks. Things that seem incredibly simple such as Facebook statuses, tagging photographs and geotagging actually give cybercriminals pieces to the puzzle of your identity. Additionally, the amount of information people share on Facebook can be easily mined to guess passwords, initiate scams and steal identities.
“The responses we received show that the general public is still largely unaware of the many online threats that have the potential to put their identity at risk,” said Brendan Ziolo, Kindsight VP Marketing. “Cybercriminals are becoming more sophisticated and always looking for new and better ways to steal your identity online. We hope that by sharing these misconceptions, consumers will have a better idea of the dangers online and the knowledge to protect their personal information and home networks.“
More information on consumer’s most common misconceptions can be found on the Kindsight blog.
Kindsight partners with Internet service providers (ISPs) to provide consumers with an additional layer of protection against identity theft and other threats. The Kindsight Identity Theft Protection Service detects threats in your Internet traffic, sends you alerts and shows you step-by-step how to remove threats that put your personal information at risk. The Kindsight service is always-on, always-up-to-date and cannot be disabled by criminals since it is embedded in the ISP’s network. The Kindsight service is offered for a monthly fee or, like many Internet applications, at no-cost through relevant advertising. Visitwww.kindsight.net for more information.
SHIFT Communications for Kindsight
VP, Marketing for Kindsight