Tuesday, October 23, 2012

Online Self Defense - Part 3 - Don't Click!

   This is the third post in my series on Online Self-Defense.  We've covered malware and passwords, two key issues effecting your online privacy and security.  If you've tried the simple tips I gave on those two subjects then you are now safer than most web surfers.

   Now, to keep you and your computer safe... don't click on that link!

   Of course, that's not really practical.  You use the web to find and share information.  The web is not a useful tool if you can't click.  So what should you do?

   Here are three simple things you can do to help protect yourself and your computer.

1. Look before you click - with most links to can "mouse over" the link.  That means you just move your mouse so it's on the link, but don't click yet!  Your browser will display the address to which the link will lead.  This displays at the bottom of the browser.  The actual link in the display should make sense and be the location you're expecting.  If not then... don't click!

2. Use link ratings - the free computer anti-malware program AVG has a web add-in that gives rating on google search links.  This can let you know if a link might be problematic.  If you'd like to crowd-source your link rating, and help with the process, WOT - Web of Trust, is a great site and browser plug-in.  WOT lets you see and provide ratings of websites... and warns you before you go to a poorly rated site.

3. Context is King - the old adage for websites is "content is king".  But when we're trying to decide whether to click on a link, Context is king.  How did you receive the link?  Was it from a page you trust?  If in an email, did the email make sense?  How was the grammar?  Did it come from a person who normally sends you link?  On a subject you normally share?  Stop and think... does it all make sense?

   As with the other posts in this series, if you can try the tips above, you will be much safer than the average web-surfer.  If you'd like to raise the bar further, here are some more tips to try.

4. Like attracts like.  There are simply certain kinds of websites that attract more trouble than others.  File sharing, gaming and gambling sites tend to get hacked and host malware or malicious links more often than other sites.  Any sites that host content of questionable legality should be suspect.  I'm not saying you should avoid these sites altogether... you may have a good reason to visit these sites.  But use care and think before you click.
5. Use care with:

  • Social Networking sites - just because a link comes from your "friend" doesn't mean it's safe. And limit your use of Facebook apps.
  • Ads - many sites, even well-known and legitimate sites, outsource their ads to third parties.  And we don't know how carefully these third parties vet their ads.
  • Pop-ups - while some legitimate sites do use pop-ups, most don't.  The best thing to do with pop-ups is to close the window.  In Windows, I recommend putting your cursor on the window and typing alt+F4 (hold down the alt key and press the F4 function key) rather than clicking the "X" or a close link... those could be malicious links!
  • Auto-complete - most browsers use auto-complete.  This means that the browser or search engine will try to "guess" what you're trying to type after a certain number of characters.  If the browser or search bar auto-completes what you are typing, be sure to take a look at what is there before you click "go" or "search" or hit return.  The resultant link may be fine, but you should always visually verify  that the auto-complete text is what you think it should be.
6. Lock it up - always use https, that is secure browsing, for shopping, banking or whenever you are entering personal information on a web page.  You should also look for the lock icon in the browser.

7. No PDI's, "Public Displays of Information" - while it's great fun to websurf at the coffee shop, don't use credit cards, do banking, handle medical records, or transact financial or personal business on open or public networks.  That can wait until you get home.  While many of these public networks are safe... if you can easily get on, so can anyone else, including someone who may want to steal your personal data.

8. Protect your web passwords - we've already talked about the use of password vaults and I highly recommend using one.  Most browsers ask if you want to save passwords and form data in the browser.  While browsers have improved their protections over the years, I generally recommend against this.  Use a vault both for passwords and secure form filling.

   And here's an advanced tip:

9. Just Say "No" to Scripts - malware on a website typically executes through scripts.  If you don't allow scripts, like javascript, to run, then you can decrease your risk.  Of course, you also decrease the website functionality.  So, if you're an advanced user, you might consider NoScript or similar script-blocking browser extensions.

   What other ideas do you have to minimize the danger of malicious links?  How do you know if a link is safe?  If you're a security professional, how do you teach others to use links safely?

No comments:

Post a Comment