close
close

I Did These 7 Things Online Before I Realized the Risks

I Did These 7 Things Online Before I Realized the Risks

We all have at least a few bad habits, and our online activities are no exception. Here are some things I did online before I realized how dangerous they were. These should also be avoided.

Search websites on Google

How to find a site if you don’t know its URL?

If you had asked me this question a while ago, I would have told you to find the website and click on the top result. I’ve been doing this for ages and it always works. In fact, I did this even when I knew the correct URL because I didn’t want to check if I had spelled it correctly.

However, it turns out that blindly trusting a search engine to direct you to the website you want is not a good idea. I found out about this when I read about hackers who hacked the Arc browser launch.

They did this by creating fake websites that looked deceptively similar to the original one, and then buying ads on Google search so that the fake websites would be the first one you saw. If you buy into this and download from them, you will get a malware-infected browser as a nuisance.

Since I read about this, I’ve started taking the time to type out my URLs, and I encourage you to do the same.

You can still search for a website if you don’t know the URL, but don’t just click on the first link you see on the page. Make sure it is not a fake site. Typically, fraudulent links can be detected by spelling errors in the URL and invalid security certificates.

Accepting all cookies

Every time I visited a website and got a pop-up that said “This website uses cookies… blah blah blah,” I clicked “Accept” every time because it was the path of least resistance. I always thought it wasn’t a big deal, but it turns out cookies are more important than I thought.

Multiple browser cookie dialogsMultiple browser cookie dialogs

Multiple browser cookie dialogs

Browser cookies store information such as your browsing history, what items you have added to your cart, and your login information. In the right hands, this information can be used to improve your browsing experience (for example, by keeping you logged in and personalizing recommendations), but in the wrong hands, it can be abused.

So, if you are even the least bit skeptical about a website, you should not accept its cookies. If you have already done this, you should clear them.

Note that sometimes the website you’re trying to access won’t have an obvious “Reject Cookies” button, but this may mean you have to do a little digging to find it.

Reusing passwords between accounts

I used to reuse an old password I came up with in high school when I signed up for something. I knew it was a bad habit, but sometimes the password generation feature in my browser wouldn’t work and the old password was the simplest one I could remember.

Illustration of an access key with fields to enter key, fingerprint, face recognition and password.Illustration of an access key with fields for entering key, fingerprint, face recognition and password.

Lucas Gouveia / How-To Geek

My justification was that none of the accounts I used with that password contained sensitive information, so even if I were the victim of a credential stuffing attack, the hackers wouldn’t get anything of value.

What I didn’t realize was that even if I didn’t suffer any immediate consequences or financial loss, I was preparing for an even worse attack.

This is because every website you sign up for collects some information about you, be it your name, the college you attended, or your favorite book.

If my password were ever compromised, hackers could gain access to all of these websites, collect these disparate pieces of information and assemble them into a detailed profile. This profile can then be used to launch social engineering attacks against me.

If you’ve also been reusing old passwords, your best bet is to do what I did and go through all your accounts, replacing any duplicate passwords with stronger ones. While you’re at it, stop using your browser’s password manager and buy a good standalone password manager that won’t break when you need it.

Clicking on links in emails

Some time ago I received an email from my bank with a link. Everything seemed genuine, but I had never received an email like this from them before, so I was a little skeptical. I finally decided to take the plunge and follow the link.

Luckily for me, the email was genuine, but it could very well have been a phishing scam, in which case my bank account would have been compromised.

Thinking back on this, I realized that there was no point in me clicking on a link unless I was 100% sure about it. I could easily resolve this issue by visiting my bank’s website directly or contacting them for clarification.

You can avoid these phishing attacks by paying attention to the signs, but I decided to play it safe and not click on any links in my email if I could help it.

Subscribe to everything using the same email address

I used to only have one email address and I used it to sign up for everything. This was bad for two reasons.

Firstly, managing my inbox was an absolute nightmare, and secondly, it seriously compromised my privacy.

What I didn’t know at the time was that some of the services I signed up for had poorly designed login systems. They tell people if an email is associated with that service, so anyone who checks can learn about my browsing habits.

Phone next to laptop with Gmail logo and visibility icon.Phone next to laptop with Gmail logo and visibility icon.

On top of this, some of these sites were selling my email address, which contributed to the amount of spam and promotional messages I received.

After discovering this, I stopped registering with my real email address and started using email aliases instead. Not only do they hide my real email address, but they also help me identify which sites are selling my details so I can avoid them.

Signing into my Google accounts on other people’s devices

There have been situations where I needed to log into my Google account on a borrowed device to check my email. The problem is that I don’t always remember to log out.

Having active sessions of your Google account on random devices is an obvious security risk, so if you made the same mistake, you need to log out of your account remotely. Next time, you will need to check your email and enable guest mode first so that none of your data is saved on the borrowed computer.

Ignoring privacy settings on social networks

We’ve talked a lot about security and privacy, but it’s all moot if your social media accounts give scammers an easy way to learn about and gain access to your life.

I rarely post on social media, so I used to think there was no point in turning on privacy features. However, you’d be surprised how much information a person can glean from even one Instagram photo.

There is also the issue of doxxing. Considering how toxic the internet has become, there’s a good chance your online disagreements could spill over into the real world. If this ever happens, you’ll be glad that sensitive information like your location will be hidden from prying eyes.

If you want to protect yourself, take the time to adjust your privacy settings on Instagram, TikTok, Facebook, and Snapchat so you can only share what you want to share.


So here it is. I hope you learned something from my mistakes and it will help you become a little safer online. If you’re interested in more ways to stay safe online, you may want to check out some security tips that even non-experts should know.