7 Online Blunders That Threaten Your Identity

These common mistakes can ruin your computer or invite identity theft

1. Assuming Your Security Software Is Protecting You

Security software is fully effective only when activated and frequently updated. (Most products can update automatically.) To update most commercial software products, you must pay an annual fee. Last fall, the National Cyber Security Alliance and the software maker McAfee found that nearly half the users polled who thought their software was protecting them hadn't updated it regularly. Software bundled with a new computer requires special attention because its subscription may expire within weeks.

What you can do: Renew the subscription when the software prompts you. Make sure your security software is active when you're online and that it has been updated within the past week or so. (Most products will display that information.) If it wasn't updated recently, verify that its automatic updating feature is enabled. If it isn't, that's the problem; enable it, then update manually. If you can't, your subscription has probably expired. Renew it or call the software maker. If you can update only manually, automatic updating might not be working. Call the software company's support line for help. (For help in choosing security software, see our latest security suite report and Ratings of security software, available to subscribers.)

2. Accessing an Account Through an Email Link

No matter how official an e-mail message looks, trying to access a financial account by clicking on embedded Web links is risky. If the e-mail message is fraudulent, a cybercriminal could use the account number and password you enter to steal your identity or empty your bank account.

What you can do: If an e-mail message asks you to update your password, account number, or other information, don't take the bait. Access an online account only by using your existing browser bookmark or typing in the institution's Web address. If you suspect that an e-mail is a phishing attempt, forward it to spam@uce.gov and reportphishing@antiphishing.org.

3. Using a Single Password for All Online Accounts

Nine percent of home Internet users who responded to our State of the Net survey said they used a single password for all their accounts. That practice lets someone who gets your password and steals your identity easily access all your accounts.

What you can do: Using different passwords need not be burdensome. Do what 15 percent of the respondents to our survey do: Use variations on one password. A well-crafted password uses a combination of at least eight letters, numbers, or punctuation symbols. For convenience, you can use a fingerprint reader to store passwords for sites you go to often.

4. Downloading Free Software

You couldn't resist that neat, free utility. Or your teenager couldn't resist those fish-tank screen savers and smiley faces. Now your computer runs more slowly than ever. That's because spyware was probably packaged with the freebies.

What you can do: Download freeware only from reputable sites such as SnapFiles.com and Download.com. Tell your kids that free software is often anything but. Eliminate most spyware by downloading the free Microsoft Windows Defender and scanning your PC. If you use Windows Vista, there should already be a copy of Defender on your computer.

5. Thinking Your Mac Shields You From All Risks

According to this year's State of the Net survey, Mac users fall prey to phishing scams at about the same rate as Windows users, yet far fewer of them protect themselves with an anti-phishing toolbar. To make matters worse, the browser of choice for most Mac users, Apple's Safari, has no phishing protection. We think it should.

What you can do: Until Apple beefs up Safari, use a browser with phishing protection, such as the latest version of Firefox (shown at right) or Opera. Also try a free anti-phishing toolbar such as McAfee Site Advisor or FirePhish.

6. Clicking on a Pop-up Ad That Says Your PC Is Insecure

Fifteen percent of respondents to our survey who saw pop-up ads clicked on them. But that's never a good idea. Even if you know such pop-ups are phonies, they're still dangerous. It's easy to click inside the ad by mistake and be transferred to a spyware site or, worse, have malware automatically downloaded onto your computer. Our survey showed that 13 percent of respondents who saw such a pop-up tried to close it but launched it instead; 3 percent clicked on a pop-up and got a malware infection.

What you can do: When closing a pop-up (shown at left), carefully click on the X on the upper left or right corner, not within the window. To avoid pop-ups altogether, enable your browser's pop-up blocker or use a free add-on blocker such as Google Toolbar.

7. Shopping Online the Same Way You Do in Stores

Online shopping requires special precautions because the risks are different than in a walk-in store: You can't always be sure who you're doing business with. You must disclose more personal information, such as your address, to the online retailer. Thieves can sneak in undetected between you and the retail site.

What you can do: Use a separate credit card just for your Internet shopping, as did 7 percent of respondents to our survey. Don't use a debit card. Sites that display "https" before their address when you're entering sensitive information and those displaying certification symbols from TRUSTe and other organizations are usually safe, but there are no guarantees. When in doubt, get a virtual account number from your credit-card company. It's good for only one purchase from a specific vendor.

Consumer Reports has no relationship with any advertisers on Yahoo!