Cybersecurity Basics:
Safe Email and Web Browsing
Email and Browse Safely
So your software is up to date, your passwords are impractical for anyone to guess, and you have unique passwords for every account that you easily access with a password manager. Now you're ready to get on the Internet!
Email tools
This isn't nearly as important as other items on this list, but it sure seems to me that a standalone mail program has multiple security advantages over web mail, which is to say viewing your mail in a web browser.
Personally, I prefer Thunderbird for reasons of both security and ease of use. Alternatives include SeaMonkey and Mailbird.
Yes, there is Microsoft Outlook, but its history of security and intercompatibility problems makes me very leery. I suppose standalone email with Outlook is a little better than web mail with Explorer, but you can do better than either.
Email format
It is safer to view email in plain text mode. There are exploits that only work when you view email as HTML.
The problem, however, is that many organizations simply do not send messages that you can make any sense of without HTML viewing turned on. For example, airline and hotel loyalty programs. Sure, most of their messages are attempts to sign you up for American Express credit cards. But once in a while there's actually something important in there. Depending on how you use email, plaintext message viewing may be impractical.
Learn to be safely skeptical
If it's "Too good to be true", then it isn't true.
Take this "Phishing IQ Test".
They show you a series of email messages and ask you to
select "Legitimate" or "Phishing" (that is, a scam)
for each.
Then the best part is that they explain the
tell-tale warning signs for every example.
SonicWALL Phishing IQ Test
Take the "Banks Never Ask That!" quiz:
Banks Never Ask That!
Also see the overview from PayPal and the additional
quiz from the Washington Post.
PayPal: Recognize fraudulent emails and websites
Washington Post phishing quiz
Safe browsing
Of course, keep your browser up to date! As I mentioned earlier, your browser updates may be separate from the operating system itself. So, set up automatic updates on your browser.
Understand what your browser window is showing you
Learn how to make sense of the URL, that Internet address
in the box near the top of the browser window
specifying the page you're looking at.
Also pay attention to the URLs you see at the bottom
when you hover over a link.
Hover your mouse over that green "Updating Google Chrome"
button above.
You should see at the bottom of your browser that clicking
there would take you to a page at a server named
support.google.com
, which is a part of
google.com
, which is the company that runs
the Google search engine and
maintains the Chrome browser.
So, a click there should take you to a trustworthy source
of information on updating that browser.
Look at the URL at the top of this browser window.
This page is either:
https://cromwell-intl.com/cybersecurity/basics/06-safe-email-and-web.html
or, if you're looking at the all-in-one version:
https://cromwell-intl.com/cybersecurity/basics/all.html
The first part
is the protocol.
It's https
for this page, meaning two forms of security.
The server is authenticated, meaning that you can
be certain you're really getting the page from
that specific server.
Also, the connection is encrypted, meaning
that if you're on an insecure network at a hotel, someone
could capture the traffic but they would see nothing but
encrypted gibberish.
If it were plain old http
then you wouldn't really know which server you had
connected to, and all communication would be plaintext,
or unencrypted.
The second part
is the server.
It's cromwell-intl.com
for this page.
That probably doesn't mean anything in particular to you,
and that's fine for a page you are reading simply for
information or entertainment.
But if a page looked like the login screen for your bank,
and the server name had nothing to do with your bank,
that would be a very bad sign!
The third part
is the specific resource from that site.
It's either
/cybersecurity/basics/06-safe-email-and-web.html
or
/cybersecurity/basics/all.html
for this page.
That part might be helpful to figure out how the site is
organized or what this page is related to.
I have organized my site with
cybersecurity pages under /cybersecurity/
,
Linux and related pages under /open-source/
,
travel pages under /travel/
,
and so on, but that's just organization
and it doesn't have anything to do with security.
Be careful about clicking on links on pages you don't have reason to trust, and especially in email from people you don't know.
If a web site prompts you to install a viewer to watch a video, or view a slideshow, or listen to something, STOP and do not install anything as this is a scam.
Completely clean up after banking
When you finish your session of on-line banking (or any similarly sensitive activity), click the "Logout" button and also terminate all your browser tabs and windows. Don't just minimize the window, click the "X" in the upper right corner of every browser window and fully end that browser session.
This is one of these inconveniences we unfortunately need in order to be safe on line. Remember that trade-off?
Don't install Flash
Adobe, the company that developed it, has given up on the Flash video format.
It seemed important in the early 2000s. But starting about 2007, video for the web started moving away from Flash format
Much of what you now see about "You must install Flash to view this content" is actually an attempt to trick you into installing malware instead.
Beware of Browser Extensions and Add-Ons
It is far too easy to unintentionally install some extension or add-on that takes advantage of you. These may replace your home page, or force all searches to be done through their interface. Fix this:
Chrome:
3-dot menu → Extensions → Manage Extensions
Firefox:
3-linemenu → Add-ons → Extensions
Also click Plugins to see what's listed.
It's a good idea to check these once in a while, just in case.
Next❯ Be careful on social media