Norton Study Reveals 'Over-Sharing' of Holiday Cheer Puts Consumers at Risk

Careless practices while shopping online and sharing whereabouts via mobile can pose real world threat to finances, says money expert Jean Chatzky

Dec 16, 2010, 05:00 ET from Norton

MOUNTAIN VIEW, Calif., Dec. 16, 2010 /PRNewswire/ -- With more than 1,300 merchants participating in national "Free Shipping Day" tomorrow, it's more likely that last-minute shoppers will be hitting the Internet in force. A new study commissioned by Norton shows that the holiday season elevates the amount of transactions people conduct online, but many consumers are not taking even the simplest steps to protect themselves – and their finances – from the bite of cybercrime. The study also revealed that more than half of people under the age of 35 are updating their social networking status with real-time references to their whereabouts– whether it be at a holiday party or shopping for Christmas gifts at the mall.

The "Connected but Careless" study, sponsored by Norton and conducted by Javelin Strategy & Research, surveyed more than 1,000 Internet users in the U.S. The survey revealed that despite repeated warnings about Internet threats, consumers are still somewhat cavalier and under-informed when it comes to Internet security, specifically in three areas: location-based services, mobile phone transactions, and online passwords.

Between Thanksgiving and New Year's, nearly half of the consumer respondents (47%) said they expected their online purchases to increase, with 14 percent saying that their transaction level would double or more than double. Another third of the respondents between the ages of 18-34 (31%) said they expected their social networking activity to increase over the holidays.

"We're seeing huge gains in people shopping and banking online, especially around the holidays," said personal finance expert Jean Chatzky, who collaborated with Norton on the development and analysis of the study. "The survey shows that people are still unaware of how their online activity can pose a 'real world' threat to their finances. It's like an invitation to cybercrooks."

Some of the risky Internet activity that the survey uncovered is highlighted below, along with the security implications of such behaviors:

Inviting Cybercriminals to Crash Your Party

As people are heading to parties, going to visit out-of-town relatives, or hitting the malls this holiday season, "geo-location" (telling people where you are via your mobile phone or social network) is a potentially risky activity, yet a scant 15 percent of people surveyed knew enough about geo-location to be able to explain it. This suggests that mobile Internet users may be engaging unknowingly in risky online behavior. Nearly one quarter of the respondents (22 %) who use their mobile or smartphones to connect to the Internet, admitted to giving applications on those devices permission to identify their location. In addition, 56 percent of people surveyed under the age of 35 said they update their social networking status with their location, which can inadvertently broadcast to real-world criminals that they're not at home.

"Giving away your location is a potential 'gateway' that people should be aware of and think about," said Chatzky. "The only people who need to know that you're out-of-town, or not where you usually are, are your family, close friends and maybe a trusted neighbor. Technology is changing so fast, that many people may not even be aware of the various ways they're opening themselves up to potential financial losses."

"Not-So-Smart" Phone Usage

Mobile security is an issue that consumers admit they take for granted. Nearly 4 in 10 (38%) consumers who access the Internet via their mobile or smartphone do so to check their bank account and make online purchases, and more than half (51%) are using their Internet-connected devices to check or make updates on social networking sites.

Despite the prevalence of mobile Internet activity, one in four people accessing the Internet this way aren't sure, or haven't even thought about, what's safe mobile practice, while another 42 percent have only a "general idea" of what constitutes safe practices. In addition, 52 percent of those people accessing the Internet via their mobile devices don't use the basic level of protection of having an access password in place on those devices.

"There are so many simple steps people can take online to protect themselves from identity theft, credit card loss and real world threats, and still stay connected," said Chatzky. "As the Internet becomes an even bigger part of our daily lives, I hope people will start taking Internet security more seriously than they are today. Unfortunately, that's not what we're seeing in the data."

Password Problems

Since online shopping accounts are generally tied to e-mail accounts, a cybercrook's ability to access an e-mail account could be a gateway to accessing credit card and bank account information. Additionally, cybercrooks can hack into social networking accounts, impersonating people's friends, and conning them into sending money to the crook's account. Despite this, consumers are still participating in some risky behavior when it comes to online password protection:

  • Nearly half (46%) of the people surveyed admitted that they never change their password on their e-mail accounts
  • About a third (31%) never change their password on banking and financial accounts
  • Forty-two percent never change their password on social networking sites
  • Seventy-one percent of respondents who have one password across different accounts/sites claim to do so, "because it's easier to remember"

"Strong, frequently updated passwords are an easy way of protecting yourself and your finances from cybercrime," said Chatzky. "Using the same passwords on all your accounts or site -- as we now know too many people do -- opens yourself up to potential hackers in a way that's easy to avoid."

Holiday Tips before Plugging In

  1. Protect your mobile phones – As people increasingly store and access financial information on their mobile devices, they should also be using password protection, but for those who don't, tools like the new Norton Mobile Security beta application allow Android smartphone carriers to remotely lock or wipe data from their phones if they are ever lost.
  2. Before you "plug in," think about who you could "let in"- It's fine if you need to connect to the Internet on the go; however, always assume your Wi-Fi connections could be being eavesdropped on. Never enter sensitive data (bank account information, debit card or social security numbers, etc.) when browsing the Web via a public Wi-Fi network. Norton DNS, a free tool that can be downloaded onto most computers and smartphones, does a quick check on each site to make sure that it isn't a bad site that's phishing for your personal info.
  3. Make a list, check it twice! Credit card fraud isn't so nice – Use one specific credit card for all your online shopping. This will limit your liability if a cybercrook steals your credit card number.

For more information about cybercrime and online security, as well as additional tips to stay safe this holiday season, please visit Norton's Internet Safety Advocate's Ask Marian blog.

About Norton by Symantec

Symantec's Norton products protect consumers from cybercrime with technologies like antivirus, anti-spyware and phishing protection -- while also being light on system resources. The company also provides services such as online backup, PC tuneup, and family online safety. Fan Norton on Facebook at and follow @NortonOnline on Twitter.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at

About Javelin Strategy & Research

Javelin provides superior direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives. Our advantages are rigorous process, independent position and expert people. For more information about this or other Javelin reports, please visit or contact Liz Travers at (925) 225-9100 ext. 31 or

The "Connected But Careless" Study Methodology:

The survey is based on research conducted in November 2010 by Javelin Research & Strategy, an independent market research firm, on behalf of Symantec Corporation. Javelin conducted a quantitative survey via landline and mobile phone among 1,003 Internet users over the age of 18 in the United States. Questions asked were identical across all participants and interviews were conducted via landline phones, as well as mobile phones. The margin of error for the total samples of adults is 3.09%. Raw data is available upon request.

For the study, Norton and Javelin Research and Strategy collaborated with award-winning journalist and best-selling author Jean Chatzky, Ms. Chatzkyis a contributing editor for More Magazine, and a columnist for The New York Daily News. She blogs daily at She is also the author of seven books, including her newest, Not Your Parents' Money Book: Making, Saving, and Spending Your Own Money, and recent release, Money 911: Your Most Pressing Money Questions Answered, Your Money Emergencies Solved, a New York Times best seller. She is also the author of The Difference: How Anyone Can Prosper in Even the Toughest Times and best sellers Pay It Down: From Debt to Wealth on $10 A Day (New York Times and Business Week best seller) and Make Money, Not Excuses (Wall Street Journal and New York Times best seller).

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec, the Symantec Logo, and Norton are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


Gerritt Hoekman

Helen Malani

Edelman Public Relations

Norton by Symantec

+1 (323) 202-1895

+1 (424) 750-7885