If you ever wonder how safe you truly are online, consider the fact that even tech giants - the very people who should know better - have been targeted. In fact, the costliest phishing scam in history involved both Facebook and Google.

A Lithuanian hacker, who targeted them both between 2013 and 2015, impersonated a Taiwan-based company, Quanta Computer, and sent an elaborate fake invoice that cost them $100 million. Quanta Computer is an electronics supplier that both companies actually use, which is why the scam wasn’t immediately obvious. Google and Facebook both worked with the authorities to recuperate some of the funds. This particular scam - the most expensive on record - is a clear example of how poor handling of just one email can result in costly losses.

While it’s unlikely that anyone is targeting you for $100 million, you can be sure there are bad actors out there who would love to get their hands on your banking account information (or social security information, or even to know that you have a currently empty house).

The internet has provided a whole new landscape for many aspects of our daily lives, and as much order as there is, it can still feel like the wild, wild west in many ways. It’s essential for all internet users to understand online risks and pay attention to common internet safety tips. Unfortunately, that can be easier said than done, even when we are trying to be careful. In this post, we’re discussing the most common - and costly - internet safety mistakes that all of us make on occasion.

14 Internet Safety Sins

1. Using Weak Passwords

This one probably doesn’t come as a surprise. For as long as the internet has been around, most of us have known that passwords are important. However, that doesn’t mean we take the precautions that we should. It comes naturally to do what’s easy, which often means coming up with the shortest and simplest password for various platforms. Unfortunately, using simple passwords like "123456" or "password" makes it easier for hackers to guess or crack them. Additionally, using personal information such as your last name or child’s birthday can also make the password too easy to guess. Even more frightening is that once they’ve cracked that one, they can try it on other sites (see the point below). Use a combination of uppercase and lowercase letters, numbers, and special characters. Write the passwords down or use a password manager if you are afraid that you might forget them from site to site.

2. Reusing Passwords

The average employee reuses passwords 13 times while logging in to programs over 150 times each month.

That’s a pretty big problem because using the same password for multiple accounts means that if one account is compromised, all other accounts are at risk. This has always been the case but is increasingly dangerous as bots allow cyber criminals to scan hundreds of websites and apply password combinations in just a matter of minutes. We suggest using a password manager to generate and store unique passwords for each account.

3. Falling for Phishing Emails

In simple terms, phishing is a type of social engineering and cybersecurity attack where the attacker impersonates someone else via email or other electronic communication methods, including social networks and Short Message Service (SMS) text messages, to reveal sensitive information. You may have heard of “catfishing” when it comes to online dating, and phishing uses a similar concept. Phishing emails often appear to be from legitimate sources and request personal information or prompt you to click on malicious links. It’s important to verify the legitimacy of emails before clicking on any links or providing sensitive information. If you get an email from a friend that doesn’t sound like them or seems out of left field, open it with caution. Similarly, use caution when opening emails that appear to be from a company. Legitimate companies will never ask you for your bank account or other sensitive information via email.

Related Post: How to Secure Your Online Accounts

4. Not Updating Software or Devices

Believe it or not, there are a lot of benefits to updating your operating system, apps, or software. For one thing, developers frequently release updates to fix security vulnerabilities. Failure to update software and devices leaves them exposed to known exploits. You may want to enable automatic updates or regularly check for updates for your operating system, apps, and antivirus software. If you aren’t sure, you can view the latest release notes on the software to see what updates have been made and if any of them can help make your experience more secure.

5. Sharing Sensitive Information Online

We live in a society of over-sharers. Social media has made it common to let everyone know where you are and what you are doing. It’s easy to take that too far, especially when it comes to online risks. For example, posting your vacation pictures in real time lets everyone know that your house is sitting empty. Those first day of school pictures clearly display where your children attend school. Use more caution when choosing what to put online. Start by being  thoughtful about sharing personal information on social media, public forums, or unsecured websites. Think twice before sharing your address, phone number, financial details, or other sensitive information online. As we mentioned above, reputable companies will not ask for this information via email; they will use platforms with encryption or encourage you to get on the phone.

6. Ignoring Privacy Settings

Have you looked at your privacy settings lately? Many apps tweak their terms when they have updates or new releases, and you may not have the same security protections in place as when you signed up. Periodically review and adjust privacy settings on social media platforms and other online accounts to control who can access your information. Be mindful of what you share publicly and limit the visibility of personal details to trusted connections. If you have the need for a public-facing profile (such as for an influencer career), you may want to have multiple accounts - one for public consumption and one that has more personal information and photos.

7. Downloading Files from Any Old Source

When you are online, it can be a matter of habit to simply click on the “download” button to get information you want to access. However, unless you’re familiar with the source, that’s a bad idea. A smarter practice is to only download files and software from reputable sources. Be cautious of download links from unfamiliar websites or suspicious emails and try scanning  downloaded files with antivirus software before opening them.

8. Skipping Antivirus Software

Antivirus software has had an up-and-down reputation over the years. Due to some marketing tactics that tended to be on the annoying side, a lot of people gave up on antivirus software and almost looked at it as a nuisance. However, with the rampant increase in cyber crime, antivirus software can play an important role in keeping yourself safe. According to security.org, most people on most devices should have antivirus software in play. Their experts state that it’s almost never necessary on iPhones or iPad minis, though some extra protection never hurts. Other devices like Macs or PCs should have some form of antivirus software present. Do some research and install reputable antivirus software and keep it up to date. This will protect against not only viruses but also malware and some other threats. Then, regularly run scans to detect and remove any malicious software.

Related Post: Signs That Someone is Scamming You Online (And How to Prevent It)

9. Connecting to Unsecured Wi-Fi Networks

Wi-Fi is available almost everywhere you go - but that doesn’t mean you should take advantage of it. Public Wi-Fi networks are often unsecured, making it easier for hackers to intercept your data. You should only connect to networks that are secure, or use your own hotspot if you need to. If you do need to be on an unsecured network, make sure to avoid accessing sensitive information or conducting financial transactions. In fact, it’s best not to release any of this data or use any of your financial channels on a public network at all. You can also use a virtual private network (VPN) for added security. Finally, if you absolutely must do something like transfer some funds from a coffee shop, make sure to properly log out of all the programs before you close down.

10. Clicking on Suspicious Links or Ads

A good rule of thumb is that if it looks too good to be true, it probably is. We’ve all seen the ads on social media of incredible deals from noteworthy brands, perhaps at low prices we’ve never seen before. Well, that’s a good indication that it’s a fake site and you should be extra cautious. Always be careful of unsolicited links or ads, especially those promising prizes, discounts, or those too-good-to-be-true offers. Hover over links to check their destination before clicking, and avoid downloading files from unfamiliar sources. A good tip is to go to the company website directly and see if you can find that same information. For example, if you’re getting ads for a clearance sale from one of your favorite e-commerce sites, you should be able to go straight to that site from your browser, and find the sale by clicking on the “clearance” section. Don’t ever assume the brand set up a different site just for a special sale - a lot of people end up getting scammed that way.

11. Ignoring Two-Factor Authentication

We know, it’s a pain. We are just as guilty of groaning when the screen pops up asking to text or call for added verification. That being said, this is a very powerful tool in reducing online risks and staying safe online. If you look up a list of internet safety tips, you’ll find two-factor authentication near the top. Enable two-factor authentication whenever possible, which adds an extra layer of security by requiring a second verification step, such as a unique code sent to your phone. This reduces the risk of unauthorized access to your accounts. Not all programs offer this but it’s becoming more common. In the settings, or the first time that you log in, a software is likely to ask you if you’d like to enable 2FA. Say yes, even though it will add a few moments to the process of logging in. You’ll be glad to have the extra protection if someone else attempts to log into your banking or home security systems.

12. Not Backing up Data

If you’ve ever lost something important due to not having it backed up, then you know how crucial this process is. And yet, so many of us skip it. ExpressVPN’s survey across the U.S., UK, Germany, and France revealed that most people don’t back up their data regularly, with 22% of all respondents not backing up their data at all. The study also shared that lack of knowledge, habit, and perceived complexity are the major barriers that prevent people from backing up their data. Additionally, concerns about cloud storage costs and trustworthiness deter some users from using online backup solutions. Even with such concerns, it’s important to get educated on your options so that you can feel comfortable, because backing up data is essential. Create a plan to regularly back up important files and data to an external hard drive, cloud storage, or another secure location. In case of data loss due to device compromise or failure, you can restore your files without permanent loss. IDrive, Dropbox Backup, or Microsoft OneDrive are all good options, but there are several choices with different features you may want to take a look at.

13. Falling for Online Scams

Nobody ever says to themself: “I am really vulnerable and think I’ll give an online scam a try.” In fact, most people think they are too smart to ever fall subject to such a thing. At the same time, nationwide fraud losses topped $10 billion in 2023, a 14% increase over 2022. So, online scams are common and becoming more so. Protect yourself by understanding that you, too, are vulnerable, and need to pay attention to due diligence. Be skeptical of offers or requests for money or personal information that seem too good to be true. Research and verify the legitimacy of websites, businesses, or individuals before engaging in any financial transactions or sharing sensitive information.

For example, Venmo alone has several scams associated with the platform (and we’re not picking on them - cyber criminals have found ways to leverage almost all technologies these days). In an “accidental” money transfer scheme, Venmo scammers can send you money using a stolen credit card and then contact you claiming that it was a mistake. The scammer asks you to just send the money to their Venmo account. Later, when Venmo discovers that a transaction was made from a stolen card, it takes back the money from your account, while the hacker keeps the money you sent to them. And, though Venmo discourages people from using the app to receive funds from strangers, many users still do so. This can open you up to serious risks. Let’s say you sold your old iPad online, and a buyer paid you on Venmo. After you send the tablet to the new owner, you’re notified that they retracted the payment, ultimately scamming you out of the item you “sold” them. There is no shortage of ways to get ripped off using payment platforms or other technology, so it’s more important than ever to be aware.

14. Ignoring Internet Safety Tips

If you neglect to educate yourself on internet safety, then you are particularly susceptible to problems. This is especially true as technology continues to evolve at an unprecedented pace. A lot of the technology we are using is brand new, so very few people have foreseen the issues that might arise with new developments. Savvy internet users will stay informed about the latest online threats, scams, and security best practices. We also suggest following reputable sources, participating in online safety courses, and educating yourself on how to protect your digital presence.

Stay Safe with Shift

Using the right browser can also play a role in keeping your internet activity safe. That’s why your privacy and security are of particular concern to the developers behind Shift. Not only is Shift a powerful tool, but it’s completely safe and secure for users.

We have robust internal procedures to ensure the data we collect is secure and our systems are in check. All the Shift desktop application data is kept local to your computer. This includes the data that keeps you logged into your accounts within Shift. That means that your data is as secure as your own computer.

Furthermore, password data is not backed up or stored on Shift's servers. Any saved passwords in the Shift browser are local to your computer. To help ensure your password data is safe and backed up, we recommend using a trusted extension such as 1Password or Bitwarden. When it comes to network security, all data to and from the Shift service is encrypted using secure SSL/TLS protocols. Data is never sent to our services without encryption. Our system is protected from Denial of Service (DoS) attacks via several mitigations, including (but not limited to) IP blocklists and web application firewalls.

We also have extensive authentication security measures in place. Access to our source control and cloud environments is controlled via role-based access controls. Access to these systems is logged. That means data is encrypted in transit and at rest. Importantly, Shift employees cannot view any email content, passwords, calendar information, app, extension information, etc. The limited access our team does have is only given so they can assist you. When Shift employees leave, their access is revoked immediately upon departure, and they no longer have access to internal systems.

Related Post: Why Everyone Needs an App Integrated Browser

These are just a few of the security measures Shift has put in place to keep our users safe and secure. You can learn more about other security aspects like incident response plans and customer controls in our support section.