Webroot Releases Annual Holiday Cybersecurity Survey | Threat Research | Webroot

Shoppers plan to buy more gifts online this year; some online habits hold steady while others worsen

BOULDER, CO - November 17, 2010

Webroot, the first Internet security service company, today released the results of a survey exploring consumers' online shopping habits leading up to the holidays.

In a survey of more than 2,660 individuals in the United States, the United Kingdom, and Australia, more than half (55 percent) of respondents say they plan to buy at least half of their gifts online this holiday season, up from 38 percent of shoppers last year. The survey also found that some of consumers' online habits – including using search engines and public WiFi for online gift-buying – may put them at risk.

Among the key findings:

  • Roughly the same number of shoppers plan to use search engines rather than going directly to a trusted site: 48 percent of online shoppers frequently if not always use search engines to find gifts online, compared to 52 percent in 2009
  • Trust in top search results, a target for malicious links, has grown: 59 percent of respondents who find gifts via search engines trust the first few pages of results, compared to 38 percent in 2009
  • Use of risky public WiFi has increased slightly: 18 percent are likely to use a public wireless access point to shop online for gifts, compared to 12 percent in 2009

Top 5 Tips for Staying Safe this Season

"This holiday season, we want to make it easy for people to buy gifts online safely," said Jeff Horne, threat research director at Webroot. "Through our survey, we learned that one in seven respondents has already become a victim of credit, debit, or PayPal account fraud this year. In addition, 57 percent received phishing emails from bogus sources claiming to be a legitimate company - something we see rise around Black Friday and Cyber Monday. To end the year on a safe note, we urge all online shoppers to adopt some best practices before breaking out their holiday gift lists."

Horne recommends the following actions:

  1. Go straight to the site: Type a store's Web address directly into your browser instead of using a search engine to retrieve it. Cybercriminals plant malicious links that look like popular sites within the first few pages of search results. Unless you're using a security service that scans and classifies these sites as safe or unsafe for you, don't trust them.
  2. Be strict about passwords: Use a different password for each site on which you have an account; do not allow your browser to store passwords for you; and use a password manager instead of writing down passwords or storing them in a Word document in order to remember them.
  3. Look for the "signs of security": On sites where you're making a financial transaction, look for "https" in the address bar and a padlock icon in the browser Status Bar. On sites where the retailer uses extended SSL validation, look for the address bar to turn green on secured pages.
  4. Keep Paypal your pal: If you use Paypal, check the accounts that Paypal debits from frequently to quickly detect fraud. When using plastic, shop with a credit card instead of a debit card so you can stop payments immediately if you suspect fraud.
  5. Watch for seasonal scams: Be wary of spam emails claiming to be shipping confirmation or undeliverable package alerts that require you to open an attachment. Delete any message that claims to contain tracking information, but which lacks a tracking number in either the subject or body of the message. The safest way to track a package is through the shipper's Web site, or the online store where you made the purchase.

Additional Survey Findings:

Password Practices:

  • Only 37 percent of respondents use unique passwords for each password-protected site where they shop
  • More than a quarter (26 percent) of respondents reported someone else sent friends a message in their name using their social network, IM, or email account (implying a compromised password)
  • On a positive note, 72 percent use complex passwords, (mix of letters, numbers and symbols)
  • 62 percent also do not save their passwords in the browser

Secure Site Sensibility:

  • 52 percent of respondents do not check for an https connection before making purchases
  • And 50 percent do not check for the padlock in the browser's Status Bar before making purchases
  • When shopping online, more than half (52 percent) only purchase from sites with some form of trust certification, such as those issued by BBB or VeriSign

WiFi Weaknesses:

  • 18 percent of respondents are likely to use a public wireless access point to shop online for gifts
  • 23 percent feel completely safe shopping over a free public wireless connection

Regional Differences:

  • A higher share of UK holiday shoppers prefer buying gifts online: 64 percent versus 51 percent in the US and 34 percent in Australia
  • UK respondents were also more likely to use complex passwords: 77 percent versus 71 percent in the US and 63 percent in Australia
  • US respondents make it a rule more often only to use credit cards for online shopping: 54 percent versus 48 percent in the UK and 39 percent in Australia

For information about antispyware and antivirus products to help secure holiday online shoppers, visit www.webroot.com.

About the Research

An online survey of consumers in the United States, United Kingdom and Australia was fielded November 5 through November 7, 2010 by ResearchNow. Respondents qualified for the survey if they own a computer or laptop, made at least one purchase online in the past year, and plan to purchase holiday gifts this year (online or retail). At the 95 percent confidence level the margin of error is ±1.9 percentage points for the full sample of 2,663 respondents, ±3.0 points for the US sample of 1,093, ±3.0 points for the UK sample of 1,046, and ±4.3 points for the Australian sample of 524.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.