When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats lurking on many website pages. Some of them are readily apparent, but others are well hidden.
The Top Browser Threats
Malvertising, a form of malicious code that distributes malware through online advertising, can be hidden within an ad, embedded on a website page, or bundled with software downloads.
This type of threat can be displayed on any website, even those considered the most trustworthy. According to security firm RiskIQ, malvertising increased by 260% in the first half of 2015 compared to the same timeframe in 2014.5
End users also need to beware of social media scams. Hackers have created a playground of virtual obstacles across all the major social media sites.
According to an article in The Huffington Post, some of the most common Facebook hacks and attacks include Clickjacking, phishing schemes, fake pages, rogue applications and the infamous and persistent Koobface worm, which gives attackers control of the victim’s machine while replicating the attack to everyone on their Facebook contact list.
Twitter isn’t immune to security issues either. Since the microblogging site is both a social network and a search engine, it poses extra problems.
According to CNET News, just 43 percent of Twitter users could be classified as “true” users compared to the other 57 percent, which fell into a bucket of “questionable” users. Among the things to watch for on Twitter are direct messages that lead to phishing scams and shortened URLs that hide malicious intentions.
As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees.
11 Tips for More Secure Website Browsing
- Keep your browser software up-to-date as new patches are often released to fix existing vulnerabilities in browser software
- Be conservative with online downloads and scan files before downloading
- Don’t click links in emails—go to sites directly.
- Beware antivirus scams where a pop-up advertisement mimics a genuine warning alert generated by computer security software that your computer is infected.
- Confirm each site is the genuine site and not a fraudulent site.
- Interact only with well-known, reputable websites.
- Use HTTPS: The “s” in “https” stands for secure, meaning that the website is employing SSL encryption a security technology for establishing encrypted links between Web servers and browsers.
- Use social media best practices.
- Avoid public or free Wi-Fi as information is sent over unprotected networks and attackers often use wireless sniffers to steal users’ information.
- Regularly monitoring your bank statements allows you to react quickly in the event that your account has been compromised.
- Turn on your browser’s popup blocker or download one like Adblock Plus
Stay tuned for next week’s’ chapter on The Value of an MSP in ensuring Employee Cybersecurity