Webroot Releases Annual Holiday Cybersecurity Survey

Shoppers plan to buy more gifts online this year; some online habits hold steady while others worsen

Boulder, CO – November 17, 2010

Webroot, the first Internet security service company, today released the results of a survey exploring consumers' online shopping habits leading up to the holidays.

In a survey of more than 2,660 individuals in the United States, the United Kingdom, and Australia, more than half (55 percent) of respondents say they plan to buy at least half of their gifts online this holiday season, up from 38 percent of shoppers last year. The survey also found that some of consumers' online habits – including using search engines and public WiFi for online gift-buying – may put them at risk.

Among the key findings:

  • Roughly the same number of shoppers plan to use search engines rather than going directly to a trusted site: 48 percent of online shoppers frequently if not always use search engines to find gifts online, compared to 52 percent in 2009
  • Trust in top search results, a target for malicious links, has grown: 59 percent of respondents who find gifts via search engines trust the first few pages of results, compared to 38 percent in 2009
  • Use of risky public WiFi has increased slightly: 18 percent are likely to use a public wireless access point to shop online for gifts, compared to 12 percent in 2009

Top 5 Tips for Staying Safe this Season

"This holiday season, we want to make it easy for people to buy gifts online safely," said Jeff Horne, threat research director at Webroot. "Through our survey, we learned that one in seven respondents has already become a victim of credit, debit, or PayPal account fraud this year. In addition, 57 percent received phishing emails from bogus sources claiming to be a legitimate company - something we see rise around Black Friday and Cyber Monday. To end the year on a safe note, we urge all online shoppers to adopt some best practices before breaking out their holiday gift lists."

Horne recommends the following actions:

  1. Go straight to the site: Type a store's Web address directly into your browser instead of using a search engine to retrieve it. Cybercriminals plant malicious links that look like popular sites within the first few pages of search results. Unless you're using a security service that scans and classifies these sites as safe or unsafe for you, don't trust them.
  2. Be strict about passwords: Use a different password for each site on which you have an account; do not allow your browser to store passwords for you; and use a password manager instead of writing down passwords or storing them in a Word document in order to remember them.
  3. Look for the "signs of security": On sites where you're making a financial transaction, look for "https" in the address bar and a padlock icon in the browser Status Bar. On sites where the retailer uses extended SSL validation, look for the address bar to turn green on secured pages.
  4. Keep Paypal your pal: If you use Paypal, check the accounts that Paypal debits from frequently to quickly detect fraud. When using plastic, shop with a credit card instead of a debit card so you can stop payments immediately if you suspect fraud.
  5. Watch for seasonal scams: Be wary of spam emails claiming to be shipping confirmation or undeliverable package alerts that require you to open an attachment. Delete any message that claims to contain tracking information, but which lacks a tracking number in either the subject or body of the message. The safest way to track a package is through the shipper's Web site, or the online store where you made the purchase.

Additional Survey Findings:

Password Practices:

  • Only 37 percent of respondents use unique passwords for each password-protected site where they shop
  • More than a quarter (26 percent) of respondents reported someone else sent friends a message in their name using their social network, IM, or email account (implying a compromised password)
  • On a positive note, 72 percent use complex passwords, (mix of letters, numbers and symbols)
  • 62 percent also do not save their passwords in the browser

Secure Site Sensibility:

  • 52 percent of respondents do not check for an https connection before making purchases
  • And 50 percent do not check for the padlock in the browser's Status Bar before making purchases
  • When shopping online, more than half (52 percent) only purchase from sites with some form of trust certification, such as those issued by BBB or VeriSign

WiFi Weaknesses:

  • 18 percent of respondents are likely to use a public wireless access point to shop online for gifts
  • 23 percent feel completely safe shopping over a free public wireless connection

Regional Differences:

  • A higher share of UK holiday shoppers prefer buying gifts online: 64 percent versus 51 percent in the US and 34 percent in Australia
  • UK respondents were also more likely to use complex passwords: 77 percent versus 71 percent in the US and 63 percent in Australia
  • US respondents make it a rule more often only to use credit cards for online shopping: 54 percent versus 48 percent in the UK and 39 percent in Australia

For information about antispyware and antivirus products to help secure holiday online shoppers, please visit http://www.webroot.com/ca/en/.

About the Research

An online survey of consumers in the United States, United Kingdom and Australia was fielded November 5 through November 7, 2010 by ResearchNow. Respondents qualified for the survey if they own a computer or laptop, made at least one purchase online in the past year, and plan to purchase holiday gifts this year (online or retail). At the 95 percent confidence level the margin of error is ±1.9 percentage points for the full sample of 2,663 respondents, ±3.0 points for the US sample of 1,093, ±3.0 points for the UK sample of 1,046, and ±4.3 points for the Australian sample of 524.


©2014 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.

ABOUT WEBROOT

Webroot® is the market leader in cloud-based, real-time internet threat detection for consumers, businesses and enterprises. We have revolutionized internet security to protect all the ways users connect online. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud® security intelligence platform, and its SecureAnywhere™ suite of cloud-based security products for endpoints, mobile devices and corporate networks. Over 7 million consumers, 1.5 million business users and 1.3 million mobile users are protected by Webroot. Market-leading security companies, including Cisco, F5 Networks, GateProtect, HP, Microsoft, Palo Alto Networks, Proofpoint, RSA and others choose Webroot to provide advanced Internet threat protection for their products and services. Founded in 1997 and headquartered in Colorado, Webroot operates globally across North America, Europe and the Asia Pacific region. For more information on our products and services, visit www.webroot.com.