close
close

Association-anemone

Bite-sized brilliance in every update

I used to do these 7 things online until I learned the risks
asane

I used to do these 7 things online until I learned the risks

We all have at least a few bad habits, and our online activities are no exception. Here are some things I used to do online before I realized how risky they were that you should avoid too.

Searching websites on Google

How do you find a website if you don’t know its URL?

If you asked me this question a while ago, I told you to search the website and click on the top result. I have done it this way for many years and it has always worked. In fact, I did it even when I knew the correct URL because I didn’t want to go through the trouble of checking if I spelled it correctly.

However, it turns out that blindly trusting a search engine to direct you to the right website is not a good idea. I learned this when I read about hackers Arc browser hijacking launch.

They did it by creating fake websites that were deceptively similar to the original and then buying ads on Google Search so that the fake websites would be the first you saw. If you fell for it and downloaded from them, you’d have a malware-infected browser for your troubles.

Since reading that I’ve started taking the time to write down my URLs and I advise you to do the same.

You can still search for a website if you don’t know the URL, but don’t click the first link you see on the page. Check to make sure it’s not a fake site. You usually can spot the fraudulent ones through misspellings in the URL and invalid security certificates.

Acceptance of all cookies

Every time I visited a website and got the popup that said This website uses cookies… blah blah blah, I’d hit accept every time because it was the path of least resistance. I always thought it was no big deal, but it turns out cookies are more important than I realized.

More browser cookie dialog boxesMore browser cookie dialog boxes

More browser cookie dialog boxes

Browser cookies store information such as your browsing history, what items you have added to your shopping basket and your login details. In the right hands, that information could be used to improve your browsing experience (for example, by keeping you connected and personalizing your recommendations), but in the wrong hands it could be abused.

So if you’re even slightly skeptical of a website, you shouldn’t accept its cookies. If you already have, you should clean them.

Note that sometimes the website you’re trying to access won’t have an obvious “Reject cookies” button, but that might just mean you have to look around a bit to find it.

Reusing passwords across accounts

I used to reuse an old password I made up in high school when signing up for things. I knew it was a bad habit, but sometimes the browser’s password generator wouldn’t work, and my old password was the easiest thing I could remember.

An illustration of a passkey with a key, fingerprint, facial recognition and password input fields.An illustration of a passkey with a key, fingerprint, facial recognition and password input fields.

Lucas Gouveia / How-To Geek

I excused myself by making sure that none of the accounts I used with that password contained sensitive information, so even if I was the victim of a credentials stuffing attack, the hackers would receive nothing of value.

What I didn’t realize was that even though I suffered no immediate repercussions or financial loss, I was setting myself up for an even worse attack.

That’s because every website you sign up to collects some information about you, whether it’s your name, the college you went to, or your favorite book.

If my password were ever compromised, hackers could access all those websites, collect these disparate pieces of information, and assemble them into a detailed profile. This profile could then be used to achieve social engineering attacks against me.

If you’ve also reused old passwords, your best bet is to do like me and go through all your accounts, replacing all duplicate passwords with stronger ones. While you’re at it, stop using your browser’s password manager and invest in a good standalone password manager that won’t break when you need it.

Clicking on Links in emails

Some time ago I received an email from my bank that contained a link. Everything seemed genuine, but I’ve never received an email like this from them before, so I was a little skeptical. I finally decided to take the plunge and click on the link.

Fortunately for me, the email was genuine, but it could easily have been a phishing scamin which case my bank account would have been compromised.

Thinking about it, I realized that I had no reason to click on the link when I wasn’t 100% sure about it. I could have easily resolved the issue by visiting my bank’s website directly or contacting them for clarification.

You can avoid these phishing scams look for the signsbut i decided to play it safe by clicking on no links in my email if i can help it.

Sign up for everything with the same email

I only had one email address and used it to sign up for everything. This was bad for two reasons.

One was that managing my inbox was an absolute nightmare and the other was that it was serious compromised my privacy.

What I didn’t know at the time was that some of the services I was signing up for had poorly designed login systems. They let people know if an email was associated with the service, so anyone checking could see my browsing habits.

A phone next to a laptop with the Gmail logo and a visibility icon.A phone next to a laptop with the Gmail logo and a visibility icon.

In addition, some of these sites were selling my email address, which contributed to the endless spam and advertising messages I was receiving.

After I discovered this, I stopped signing up with my real email address and started using email aliases instead. Not only does it keep my real email address hidden, but it also helps me identify which sites are selling my data so I can avoid them.

Signing in to my Google Accounts on other people’s devices

There were times when I needed to sign in to my Google account on a borrowed device to check my email. The problem is that I don’t always remember to log out.

Having active sessions of your Google account on random devices is an obvious security risk, so if you’ve made the same mistake, you need to remotely log out of your account. Next time you need to check your email, make sure enable Guest mode first so that none of your data is saved on the borrowed computer.

Ignoring privacy settings on social networks

We’ve talked a lot about security and privacy, but it’s all moot if your social media accounts give scammers an easy window to learn about and access your life.

I rarely post on social media, so I used to think there was no point in turning on privacy features anymore. However, you’d be surprised how much information a person can glean from even a single Instagram photo.

There is also the issue of doxxing. Given how toxic the internet has become, there’s a good chance that online beef will spill over into the real world. If that ever happens, you’ll be glad to have sensitive information like your location restricted from prying eyes.

If you want to protect yourself, take the time to modify yours Instagram, TikTok, Facebookand Snapchat privacy settings so you only share what you want to share.


So here it is. I hope you learned something from my mistakes and it helps you stay a little safer online. If you’re interested in more ways to stay safe online, here are a few safety tips that even non-techies should know.