By now, most of us are pretty wary when an email arrives,
saying we have 24 hours to open a Word document, in exchange for four
billion dollars from Robert Mugabe – waiting, conveniently, in an
offshore account.
This often happens when a new “zero-day” vulnerability is found – and before browser companies have protected against it. One such attack against Internet Explorer was reported by ESET this week.
But you don’t have to be paranoid, or hang back, or stop yourself enjoying the best the web has to offer. You just have to be careful. Our tips should help you browse with confidence.
Don’t install oddball software – even plug-ins
Browser plug-ins are a common, and usually innocent way to
add functions to your browers – such as downloading YouTube videos, or
adding social feeds such as Facebook to your browser. But recently,
several malicious plug-ins have stolen user data – and even used victims as part of DDoS attacks.
Choose carefully – ideally from companies you’ve heard of, with good
reviews on your browser’s store. You should think very carefully before
installing ANY software – especially if it’s free.
Block pop-ups
Not all pop-up windows are bad – many are useful. But some
are used to deliver malware, or for phishing scams. Set your browser to
block them by default – that way you get to “inspect” any pop-ups that
do appear, and open the ones you want to see, rather than the whole lot.
Accepting Facebook requests to get a boost in a Facebook
game can seem like a good idea – but you’ve suddenly opened a “back
door” into your life, to people you don’t know at all. With Facebook’s
new Graph Search, this means your private data can easily be searched –
giving away, for instance, your location, your employer, and perhaps
your phone number. Accepting friend requests from people you don’t know
and trust puts your reputation at risk. Purge friends regularly to be
safe. You need to review your privacy settings on social media on a
regular basis as they may change.
Outrageous, funny news stories circulate very quickly on
Twitter and Facebook – so they’re perfect for cybercriminals to lure the
unwary. If a story seems too crazy to be true, it may well be. Google
it instead, find a real news source and read it there. When E! News was
hacked, the fake tweet “Breaking! Exclusive: Justin Bieber to E! online
‘I’m a gay’”, was retweeted 1,200 times. If you’re worried, use the free
ESET Social Media Scanner. And on a general note, never, ever click any link involving diets.
Wardrobe malfunctions from celebrities share quickly on social networks – but it could be your PC that ends up malfunctioning. One of the most basic safety steps for web users is to ensure programs such as Flash and Java are up-to-date – using older versions can allow cybercriminals an easy way to attack your PC. But if a video you’ve been sent says an update is required, don’t click – this is a common cybercriminal trick to install malware, often with sensational videos about news stories or celebrities. Update apps such as Java and Flash from your computer’s control panel – or when they prompt you to.
“Free” gifts online are not free
Any offer where you fill in personal details in exchange
for a chance to win an iPad or other consumer item should be treated
with extreme suspicion – cybercriminals use these attacks to harvest
personal details which can later be used in identity theft attacks.
Coffeeshop hotspots were an icon of the dotcom era – but
they’re also risky if you’re accessing work data or bank sites over a
“public” network. You’re safer using a smartphone’s 4G connection
“shared” with your laptop.
It’s a boring bit of housekeeping – but you should ensure
your PC is set up to update itself automatically if possible. Visit
control panels in Windows and set Windows Update to automatic, and
update your browser as regularly as possible as well – ie set it to
update without your permission if possible. By making sure you have the
most current patches issued to fill security holes in your computer’s
operating system and applications, you can enhance your online
protection.
Do it right, and your PC should be the safest device you own
There are times when your PC’s built-in protection offers
the muscle you need for business or secure transactions – smartphone
browsers often make it hard to see if you’re on a secure page or not,
meaning you could be on a decoy bank page, rather than the real one.
Make sure your PC’s software is up to date, use good AV protection, and
pay attention to warnings in your browser about secure/insecure sites.
Paying for Netflix rentals is epensive – but safe. Sites
offering “free” video are notorious for delivering malware – especially
if they are offering films that are still on at the cinema. Be very
careful of “free” films – as in life, on the internet, virtually nothing
is “free”
Browser warnings are good – but not bulletproof
When browsers such as Chrome warn you that a site is risky,
that’s a good sign to step back. Enable Safe Browsing – or the
equivalent for Explorer or Safari – and you’ll have warnings of sites
that may deliver malware. For added protection, AV software can block
domains and sites – useful if a family are sharing a PC.
Don’t store passwords in your browser
A recent blog post revealed how Google’s Chrome can “show
off” passwords in plain text if another user gets access to your
computer. Problems can also occur from simply forgetting to log out – so
for peace of mind, clear browsing history, and use a password manager
instead. ESET Senior Research Fellow David Harley says, “It’s a really
bad idea to save passwords in Chrome on a machine that can be accessed
without authentication (obviously a bad idea in itself), or where an
account is shared (also not good practice – especially on business
machines – but probably not uncommon on home machines). I’d suggest that
it’s usually better to use some sort of password manager to store your
passwords than a browser…”
Don’t leave things to chance
This week, Microsoft issued a “fix it” for a vulnerability
in its Internet Explorer browser – a patch which users could download to
protect themselves. But users had to learn about it, and do it,
themselves. Free AV software is useful – it lets you scan for known
threats, at that moment – but for 24-hour protection against new
threats, it’s worth considering a paid-for package.
