10 Dumbest Things to Do Online

Trying to get scammed? Engage in these stupid but common online practices and the smart money is that you likely will.

1. Falling for emotional bait. Online and otherwise, scammers line their pockets on your emotions — greed, fear, curiosity — and often fuel each with “Act Now!” urgency. Offers of easy money and threats of negative consequences phish for your money and/or personal information. Promises of forbidden photos or links, especially with terse “Check this out!” messages, are used to install information-stealing malware.

>> 10 Ways to Protect Yourself From Identity Theft

2. Accessing your financial accounts from email links. No matter how official an email looks, don’t access bank, credit card or other sensitive accounts from links or attachments in emails — and never act on a “Dear Customer” message asking for log-in credentials or account numbers. It’s best to check accounts by typing (or bookmarking) the website address yourself. And be sure to read through your account confirmations, since that’s likely where you’ll see the first sign of trouble if anyone has tampered with your information.

3. Having weak passwords and not changing them. Longer is stronger, so aim for at least 12 (ideally, 15 or more) characters, mixing letters, numbers and symbols. Use different passwords on different accounts, changing them within three months, or a password manager that issues and stores them in an encrypted database. Don’t click “remember me” options on cellphones or computers that others can access.

4. Not “really” reading messages. Does the sender’s address differ from his or her name, like egy5boo@yahoo for Mike Jones? Are tone, spelling and grammar off the mark? Are signature titles overly generic or flat-out weird? Do emails from businesses end with a Hotmail, Gmail or Yahoo address, rather than companyname.com or .org? All scams. And how can you check whether a website is authentic? Without clicking, place your cursor over links; if the pop-up address doesn’t match, assume the worst.

5. Believing a caller who detects a computer virus. If your computer is infected, you won’t be telephoned by legitimate vendors of computers, of operating systems like Windows, or of antivirus protection; this is the tactic of  scammers trying to sell phony protection or get remote access to your device. When new viruses are circulated, expect updates sent en masse over the Internet to users of that software. But check for regular updates anyway, and do a weekly “full scan.”

6. Oversharing on social media. Friend and Tweet away, but don’t post details about upcoming vacations, photos identifying family members, even your address, birthdate, hometown, high school or other snippets that could be pieced together for identity theft. Even with privacy settings, the more information you share online, the easier it is for the wrong people to get it. Be cautious about “l ikes” from others, and know the sneakiest Facebook scams.

7. Overtrusting emails. Neither the government nor banks or credible merchants will ask for personal or account information by email. Be suspicious of messages from friends asking for money. (Wouldn’t they call?) As Mom advised decades ago, don’t trust strangers.

8. Trusting a “free download.” It’s the most malware-laden search term of all. Get apps from trusted sources, such as Google and Apple app stores, and updated versions of programs like Adobe Flash Player from manufacturer websites, not from pop-ups or links offered in pages. Don’t trust free screen savers (malware can lurk amid those swimming fish) or “free trials.”

9. Thinking your Mac protects you. There once was a time when the Mac didn’t warrant attention from cybercrooks because phishing was better with more widely used PCs. But Mac attacks have grown with their popularity, exposing similar vulnerabilities and gotcha rates.

>> Get discounts on financial services with your AARP Member Advantages.

10. Shopping online as you do in stores. Don’t use debit cards for online purchases; credit cards offer better protections. Never enter card data on any page without “https” in the website’s address. Type retailer web addresses yourself, rather than relying on links from search results. To get coupons and purchase confirmations, use a dedicated email address that’s different from your primary account.

For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: Insomnia Cured Here/Flickr

Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs