M-209 cryptographic device.

Cybersecurity Basics:
Safe Email and Web Browsing

Email and Browse Safely

So your software is up to date, your passwords are impractical for anyone to guess, and you have unique passwords for every account that you easily access with a password manager. Now you're ready to get on the Internet!

Email tools

This isn't nearly as important as other items on this list, but it sure seems to me that a standalone mail program has multiple security advantages over web mail, which is to say viewing your mail in a web browser.

Personally, I prefer Thunderbird for reasons of both security and ease of use. Alternatives include SeaMonkey and Mailbird.

Yes, there is Microsoft Outlook, but its history of security and intercompatibility problems makes me very leery. I suppose standalone email with Outlook is a little better than web mail with Explorer, but you can do better than either.

Email format

It is safer to view email in plain text mode. There are exploits that only work when you view email as HTML.

The problem, however, is that many organizations simply do not send messages that you can make any sense of without HTML viewing turned on. For example, airline and hotel loyalty programs. Sure, most of their messages are attempts to sign you up for American Express credit cards. But once in a while there's actually something important in there. Depending on how you use email, plaintext message viewing may be impractical.

Learn to be safely skeptical

If it's "Too good to be true", then it isn't true.

Take this "Phishing IQ Test". They show you a series of email messages and ask you to select "Legitimate" or "Phishing" (that is, a scam) for each. Then the best part is that they explain the tell-tale warning signs for every example.
SonicWALL Phishing IQ Test

Also see the overview from PayPal and the additional quiz from the Washington Post.
PayPal: Recognize fraudulent emails and websites Washington Post phishing quiz

Safe browsing

Of course, keep your browser up to date! As I mentioned earlier, your browser updates may be separate from the operating system itself. So, set up automatic updates on your browser.

Updating Google Chrome Updating Mozilla Firefox

Understand what your browser window is showing you

Learn how to make sense of the URL, that Internet address in the box near the top of the browser window specifying the page you're looking at. Also pay attention to the URLs you see at the bottom when you hover over a link. Hover your mouse over that green "Updating Google Chrome" button above. You should see at the bottom of your browser that clicking there would take you to a page at a server named support.google.com, which is a part of google.com, which is the company that runs the Google search engine and maintains the Chrome browser. So, a click there should take you to a trustworthy source of information on updating that browser.

Look at the URL at the top of this browser window. This page is either:
https://cromwell-intl.com/cybersecurity/basics/06-safe-email-and-web.html
or, if you're looking at the all-in-one version:
https://cromwell-intl.com/cybersecurity/basics/all.html

The first part is the protocol. It's https for this page, meaning two forms of security. The server is authenticated, meaning that you can be certain you're really getting the page from that specific server. Also, the connection is encrypted, meaning that if you're on an insecure network at a hotel, someone could capture the traffic but they would see nothing but encrypted gibberish. If it were plain old http then you wouldn't really know which server you had connected to, and all communication would be plaintext, or unencrypted.

The second part is the server. It's cromwell-intl.com for this page. That probably doesn't mean anything in particular to you, and that's fine for a page you are reading simply for information or entertainment. But if a page looked like the login screen for your bank, and the server name had nothing to do with your bank, that would be a very bad sign!

The third part is the specific resource from that site. It's either /cybersecurity/basics/06-safe-email-and-web.html or /cybersecurity/basics/all.html for this page. That part might be helpful to figure out how the site is organized or what this page is related to. I have organized my site with cybersecurity pages under /cybersecurity/, Linux and related pages under /open-source/, travel pages under /travel/, and so on, but that's just organization and it doesn't have anything to do with security.

Be careful about clicking on links on pages you don't have reason to trust, and especially in email from people you don't know.

If a web site prompts you to install a viewer to watch a video, or view a slideshow, or listen to something, STOP and do not install anything as this is a scam.

Completely clean up after banking

When you finish your session of on-line banking (or any similarly sensitive activity), click the "Logout" button and also terminate all your browser tabs and windows. Don't just minimize the window, click the "X" in the upper right corner of every browser window and fully end that browser session.

This is one of these inconveniences we unfortunately need in order to be safe on line. Remember that trade-off?

Don't install Flash

This is about the Flash video standard and the Adobe software for viewing it.

Flash RAM memory as found in USB thumb drives is entirely different.

Adobe, the company that developed it, has given up on the Flash video format.

It seemed important in the early 2000s. But starting about 2007, video for the web started moving away from Flash format

Much of what you now see about "You must install Flash to view this content" is actually an attempt to trick you into installing malware instead.

Next❯ Be careful on social media