We all have at least a few bad habits, and our online activities are no exception. Here are some things I used to do online before I realized how risky they were—you should avoid them too.
Searching for Websites on Google
How do you find a website if you don’t know its URL?
If you’d asked me this question a while back, I’d have told you to search for the website and click on the top result. That’s how I did it for ages, and it’s always worked. As a matter of fact, I did it even when I knew the right URL because I didn’t want to bother checking that I spelled it right.
However, it turns out that blindly trusting a search engine to direct you to the right website is not a good idea. I learned that when I read about hackers hijacking the Arc browser launch.
They did it by creating fake websites that were deceptively similar to the original, and then buying Google Search ads so that the fake websites were the first ones you saw. If you fell for it and downloaded from them, you’d get a malware-infected browser for your trouble.
Ever since I read that I’ve started taking the time to type out my URLs, and I advise that you do the same.
You can still search for a website if you don’t know the URL, but don’t just click the first link you see on the page. Check to make sure it’s not a fake website. You can usually spot fraudulent ones by spelling mistakes in the URL and invalid security certificates.
Accepting All Cookies
Anytime I visited a website and got that popup that said “This website uses cookies…blah blah blah”, I used to hit “Accept” every time because it was the path of least resistance. I always figured it wasn’t a big deal, but it turns out cookies are more important than I realized.
Browser Cookies store information like your browsing history, what items you’ve added to your shopping cart, and your login details. In the right hands, that information could be used to improve your browsing experience (e.g., by keeping you logged in and personalizing your recommendations), but in the wrong hands, it could be abused.
So, if you’re even a little skeptical of a website, you shouldn’t accept its cookies. If you already did, you should clear them.
Note that sometimes the website you’re trying to access won’t have an obvious “Reject Cookies” button, but that might just mean you need to do a little digging to find it.
Reusing Passwords Across Accounts
I used to reuse an old password I made up in high school when I was signing up for things. I knew it was a bad habit, but sometimes, my browser’s password generation feature wouldn’t work, and the old password was the easiest thing I could remember.
I justified it by assuring myself that none of the accounts I used with that password contained important information, so, even if I was the victim of a credential-stuffing attack, the hackers wouldn’t get anything of value.
What I didn’t realize was that even if I didn’t suffer any immediate repercussions or financial loss, I was setting myself up for an even more serious attack.
This is because each website you sign up to collects some information about you, whether that’s your name, the college you went to, or your favorite book.
If my password were ever compromised, hackers would be able to access all of those websites, collect these disparate bits of information, and assemble them into a detailed profile. That profile could then be used to carry out social engineering attacks against me.
If you’ve also been reusing old passwords, your best bet is to do as I did and go through all your accounts, replacing all the duplicate passwords with stronger ones. While you’re at it, stop using your browser’s password manager and invest in a good standalone password manager that won’t break when you need it.
Clicking Links in Emails
A while back, I got an email from my bank that contained a link. Everything looked genuine, but I’d never gotten an email like that from them before, so I was a little skeptical. Ultimately, I decided to take the plunge and click the link.
Fortunately for me, the email was genuine, but it could just have easily been a phishing scam—in which case my bank account would have been compromised.
Thinking back on it, I realized that there was no reason for me to click the link when I wasn’t 100% sure of it. I could have easily addressed the issue by visiting my bank website directly or contacted them for clarification.
You can avoid these phishing scams by looking out for the signs, but I’ve decided to play it safe by not clicking any links in my email if I can help it.
Signing Up for Everything With the Same Email
I used to have just one email address, and I used it to sign up for everything. This was bad for two reasons.
One was that managing my inbox was an absolute nightmare and the other was that it seriously compromised my privacy.
What I didn’t know at the time was that some of the services I was signing up for had poorly designed login systems. They let people know whether an email was associated with the service, so anyone who checked could get a look at my browsing habits.
In addition to that, some of these sites were selling my email address, which was contributing to the endless spam and advertising messages I was getting.
After discovering this, I stopped signing up with my real email address and started using email aliases instead. Not only do they keep my real email address hidden, but they also help me identify which sites are selling my data, so I can avoid them.
Signing In to My Google Accounts on Other People’s Devices
There have been situations where I needed to sign in to my Google account on a borrowed device to check my email. The problem is that I don’t always remember to sign out.
Having active sessions of your Google account on random devices is an obvious security risk, so, if you’ve made the same mistake, you need to remotely sign out of your account. The next time, you need to check your email, make sure you enable Guest mode first so that none of your data gets saved on the borrowed computer.
We’ve been talking a lot about security and privacy, but it’s all moot if your social media accounts give scammers an easy window to learn about and access your life.
I rarely post on social media, so I used to think that there was little point in enabling privacy features. However, you’ll be surprised how much info a person can glean from even a single Instagram picture.
There’s also the matter of doxxing. With how toxic the internet has become, there’s a high chance your online beef could spill over into the real world. If that ever happens, you’ll be glad to have sensitive information, like your location, restricted from prying eyes.
If you want to protect yourself, take the time to tweak your Instagram, TikTok, Facebook, and Snapchat privacy settings so that you’re only sharing what you want to share.
So, there you have it. I hope you learned something from my mistakes, and it helps keep you a little safer online. If you’re interested in more ways to stay safe online, you can check out some safety tips that even non-techies should know.
