September 2008
send to a friend printable version
Protect yourself online
The biggest threats & the best solutions

Illustration of a computer as a lock against viruses, spam, spyware, ID theft, and phishing.
Illustration by David Flaherty
Several major online threats—spam, spyware, and virus infections—have declined significantly over the past few years, our new State of the Net survey has found.

But online threats are still of great concern, according to our research and national survey of 2,071 online households conducted this past spring by the Consumer Reports National Research Center. Consider these findings:

  • The odds of becoming a cybervictim have dropped to 1 in 6, from 1 in 4 last year. Still, American consumers lost almost $8.5 billion and replaced about 2.1 million computers because of viruses, spyware, and e-mail scams over the two years the survey covered, we estimate.

  • Phishing—sending authentic-looking but fraudulent e-mail designed to steal sensitive personal information—is still a serious concern. About 6.5 million consumers, or roughly 1 in 13 online households, gave such scammers personal information over the past two years. Fourteen percent of them lost money.

  • There’s still plenty of spam out there. One of the newest types, cell-phone spam, is a minor nuisance to most online homes, our survey found. Still, 1.2 million people nationwide received more than 25 such messages each during a recent six-month period, we estimate.

  • Government is one of the biggest culprits compromising consumers’ security. Our investigation found that recent lapses by federal, state, and local government have resulted in the loss or exposure of at least 44 million consumer records containing sensitive personal information. (See ID leaks.)

  • Many consumers continue with risky online behaviors, including failing to maintain security software on their PCs. Our new tests of free and commercial security software found most products to be very good, though some suites offered less-thorough protection. Suites and stand-alone software that claim to flag phishing sites varied in effectiveness.