How and why to be careful on-line
The good folk at Malwarebytes have come up with this summary of how to stay safe on-line – together with the reasons why:
Do not click on links asking to fill out your personal information. Your financial institutions will not send emails with links to click, especially if those links are asking you to update personally identifiable information (PII). If a website promises you something in return for filling out personal data, they are phishing. In return for your data, you will probably get lots more annoying emails, possibly an infection, and no gift.
Don’t fall for too-good-to-be-true schemes. If you get offered a service, product, game, or other tantalizing option for free, and it is unclear how the producers of said service or item are making money, don’t take it. Chances are, you will pay in ways that are not disclosed with the bargain, including sitting through overly-obnoxious ads, paying for in-game or in-product purchases, or being bombarded with marketing emails or otherwise awful user experiences.
Don’t believe the pop-ups and phone calls saying your computer is infected. Unsolicited phone calls and websites that do so are tech support scams. The only programs that can tell if you have an infection are security platforms that either come built into your device or antivirus software that you’ve personally purchased or downloaded. Think about it: Microsoft does not monitor billions of computers to call you as soon as they notice a virus on yours.
Don’t download programs that call themselves system optimizers. We consider these types of software, including driver updaters and registry cleaners, potentially unwanted programs. Why? They do nothing helpful—instead, they often take over browser home pages, redirect to strange landing pages, add unnecessary toolbars, and even serve up a bunch of pop-up ads. While not technically dangerous themselves, they let a lot of riff raff in the door.
Never allow web push notifications. I have yet to find a useful reason for these, beyond advertising.
Beyond staying away from “allow” and “download” buttons, and steering clear of links asking for PII, users who conduct any kind of financial transaction on their machines, be it online shopping or banking, should approach those transactions with extreme caution. Here’s where we ask users to take action, looking for security clues and doing a little research before paying that bill or buying that new book.
Use a designated browser you trust. This needn’t be for all surfing, but for purchasing especially, research the different browsers and see which one you feel safest with, whether that’s because they have few vulnerabilities, don’t track your surfing behavior, or encrypt all communication. Major browsers such as Firefox, Safari, and Chrome have strengths and weaknesses they bring to the game, so it’s a matter a personal preference. We do suggest staying away from older browsers rife with security holes, such as Internet Explorer.
Look for HTTPS and the green padlock. No, it’s no longer a guarantee that the site is safe just because it has a green padlock, but it does mean the communication is encrypted. If you combine that with being on the true website of a trusted vendor, you can breathe easier knowing your payment details cannot be intercepted in transit.
Use a password manager. Simple as that. Passwords are a real problem, as users tend to re-use the same ones across multiple accounts, keep old ones laying around because they’re the only ones they can remember, or write them down somewhere they can be easily found. No need for 27 different passwords. Just one manager, preferably with multi-factor authentication. (Bonus points for healthcare or bank organizations with logins that use physical or behavioral biometrics.) [we recommend RoboForm].