How to Browse Securely Online
The internet is an amazing place. With just a few keystrokes, you can learn pretty much anything you want. Or, you can use the internet to connect with friends and family who live far away.
But, every day, criminals around the world try to use the power of the internet to steal your information. If they’re successful, these people can get access to your bank accounts, drain your life’s savings, and move the money halfway across the world before you ever noticed it was gone.
So, staying safe and secure on the internet should be a top priority for everyone. However, few people realize how exposed we are to hackers and cyber thieves every time we log onto the internet.
To help you protect your information, I’ve put together this guide to browsing securely online. Up next, I’ll discuss some of the many ways that hackers can get access to your information and what you can do to stop them.
What Is Hacking?
Technically, a hacker is anyone who can overcome a computer-based problem. But, when we talk about hackers on a day-to-day basis, we’re generally talking about someone who can get past a computer or computer system’s security network.
Interestingly, not all hackers are criminals. In fact, many highly-skilled hackers are actually hired by cybersecurity companies and even governments to help test security systems in an attempt to thwart any malicious activity.
These people are often called “ethical hackers” or “white hat hackers”, and their work is essential for any company that wants to stay a few steps ahead of cybercriminals.
Hackers are found all over the world and there are even annual hacking conventions. However, a small subset of hackers uses their skills to gain access to important personal and corporate information.
For the most part, criminal hackers do this in an attempt to steal money or important information.
The Dangers of Hacking
As we’ve mentioned, criminal hackers (often called “black hat hackers”) are often out to steal money or information.
For most regular people, hackers are focused on getting your personal information so they can empty your bank account or steal your credit cards to make fraudulent purchases.
On a larger scale, hackers can access hundreds of thousands of peoples’ information in just one go, providing them access to countless credit cards, bank accounts, and other personal data.
Some of the largest “data breaches” in history include:
- Adobe 2013 – 153 million user records
- Canva 2019 – 137 million user records
- eBay 2014 – 145 million user records
- Equifax 2017 – 147.9 million user records
- Marriot International 2014-18 – 500 million user records
Plus, malicious hackers cost the US economy hundreds of billions of dollars each year through their cyber attacks. Hackers can even get away with stealing tens of millions of dollars from large institutions.
For example, in 2016, hackers stole over $81 million from the Bank of Bangladesh in an elaborate scheme. Plus, they were able to steal over $12 million from Wells Fargo bank accounts in 2015.
These devastating losses make it clear that malicious hacking attempts are something we want to avoid at all costs.
How Do Hackers Hack?
The key to protecting yourself online is knowing what to look for when it comes to dangerous software, websites, emails, and the like. So, here are some of the most common hacking techniques that you need to know…
Phishing is one of the most commonly used hacking methods. In fact, you’ve probably received dozens of phishing emails, phone calls, and text messages in your life.
Basically, phishing is when someone poses as a legitimate business or institution, like your bank or car insurance company, in an attempt to get sensitive information. These people are usually interested in your credit card number, bank account details, and account passwords.
Phishing has been around since the early 2000s when a teenager in California tried to steal credit card details from people through a fake website. These days, though, most phishing happens through emails.
Malicious phishing emails usually try to offer you some sort of big prize or pretend to be a family member that needs urgent help. Once phishers lure people in, they can trick unsuspecting people into giving away sensitive private information.
UI Redress is a hacking technique that’s quite similar to phishing. But, instead of tricking people into giving away personal information, UI redress hackers create a link disguised as a button that sends people to an unfamiliar website.
Also known as clickjacking, UI redressing is a way for hackers to remotely take control of your computer. But, UI redressing can be quite complex and can take many forms.
Sometimes clickjacking will let someone else control the cursor on your computer, forcing you into accidentally “liking” something or buying an item off of Amazon. Or, clickjacking can also access files on your computer, allowing hackers to steal your data right under your nose.
Malicious Codes And Viruses
A virus is a type of malicious computer program that can replicate itself whenever it’s activated. When this virus spreads, it can modify computer programs to make a computer do a variety of unintended tasks.
The vast majority of viruses are meant to attack PCs. But, the motives behind viruses can be quite complex. Some people create viruses to get money (also called ransomware), while others use them for fun or to send a political message.
Rarely, people known as “grey hat hackers” will create viruses to hack into computer systems but not for criminal reasons. Instead, they do so to demonstrate weaknesses in the program’s security system.
Unlike black hat hackers, that create viruses with malicious intent, grey hat hackers try to improve computer security through their viruses.
Keylogger injection is one of the most dangerous hacking techniques out there. This form of malware can record all of your keystrokes, making it easy to figure out passwords and other personal information.
Some keylogger injection codes can also automatically steal cryptocurrency anytime you log into your wallet.
Denial of Service (DoS/DDoS)
Denial of Service (or, Distributed Denial of Service) is a way for hackers to remotely crash a computer server.
This type of malware usually uses bots that send hundreds of thousands of requests to a website in an attempt to overload and crash a server in a small period of time.
DDoS hacking is one of the reasons we have reCAPTCHA tests, which are meant to identify actual humans and stop bots in their tracks. These tests can prevent bots from sending requests and crashing a server, which is why you see them used all over the internet.
Cookie theft happens when a hacker steals your browser’s cookies, allowing him to access your important information. This type of hacking also provides people with access to your browsing history, log-in credentials, and more.
Often, cookie theft happens over unprotected WiFi networks with unencrypted connections.
How to Browse Securely Online
Now that you understand some of the most common methods that hackers use in an attempt to gain access to your information, it’s time to learn how to browse securely with confidence. Here are some top tips for staying safe while browsing the internet.
Keep Your Browser Updated
Your web browser is usually your first point of contact with any viruses or malicious software. One of the best ways to reduce the likelihood that a hacker can access your data is to keep it up to date.
It might seem annoying to have to update Safari, Chrome, or Firefox all the time, but software companies release new versions to help eliminate any potential holes or vulnerabilities in their platforms. This helps to minimize the likelihood that a hacker can get access to information through a web browser.
Keep in mind that you also have to update your plugins. Plugins, like QuickTime, Adobe Flash, and Java, are all prone to malware, too, so you need to update them frequently. The best way to do this is to set up update alerts so you know when a new browser or plugin is available.
Even better, you can uninstall them altogether, as they are deemed security risks by many.
A pop-up is a small window that appears on your computer without your permission. Pop-ups are often harmless advertisements for online stores.
When it comes to pop-ups, the majority are just really annoying. But, some can contain links to malicious software that you can accidentally download onto your computer.
Always ensure that your pop up blocker is turned on for any internet browser that you use. This is usually quite easy to do from the settings or preferences section of your browser.
If you notice pop-ups appearing on your computer even when your browser is closed, you may have accidentally downloaded an adware program to your computer. To solve this, you can try to run an anti-spyware program to remove the adware, as well as your computer’s antivirus software.
Use “Do Not Track” In Your Internet Browser
Most internet browsers, including Chrome, Safari, and Firefox, allow you to send a “do not track” request to every website you visit.
Many websites track your activity in order to send you targeted advertisements. This is why you’ll often get advertisements for products and services that you’ve recently researched.
While there is no guarantee that websites won’t track you, it’s worth sending the request to try to protect your information. It’s simple and easy to enable “do not track” in your web browser, so it’s a good start in making your browsing more secure.
If you’ve ever looked a URL, chances are pretty high that it started with either http:// or https://. But, what’s the deal? Why do some websites use HTTPS while others use just HTTP?
Basically, HTTP is the basis of how data is communicated across the World Wide Web. How it all works is a bit beyond the scope of what you need to know to browse securely online.
What you do need to know, though, is that HTTPS is a more secure method of accessing websites.
When you visit a site with HTTPS, your computer’s connection to the website’s servers is encrypted, even if you’re on a public WiFi network. These days, most websites will have HTTPS.
However, some sites will load HTTP by default, which means your connection is less secure. If you were to type https:// into every URL, you would quickly know if the site can provide you with a secure connection.
But, this is an annoying and time-consuming process. Alternatively, you can consider using a browser extension, like HTTPS Everywhere to force websites to automatically load HTTPS if it’s available for added security.
Clear Your Cache and Cookies
Since most websites won’t adhere to you “do not track” request, you can try to thwart them by regularly clearing your browser’s cache and cookies. By deleting your browser history, you can prevent websites and advertisements from following your movement on the internet.
Do keep in mind that clearing your cache and cookies will often delete your log-in credentials. Thankfully, many browsers now enable you to delete your browsing history without wiping out your log-in information.
Enable Private Browsing
There are private browsing functions on nearly every internet browser out there. “Incognito Mode” is a way to block some websites from tracking you, but it doesn’t fully protect you from outside intruders.
Private browsing is easy to turn on and is a simple way to reduce the number of cookies that accumulate on your browser.
However, private browsing does not stop your computer from sending your online activity from your internet service provider, nor does it provide a lot of security from hackers.
That being said, private browsing is really easy to use, so there’s no reason not to enable it.
Use A VPN
A VPN (virtual private network) is a way to hide and secure your browsing activity. VPNs basically mask your computer’s IP address, which makes your online activity and movements almost completely untraceable.
When using a VPN, your computer can create a secure, encrypted connection to the internet, which provides much more privacy than even the most secure of Wi-Fi networks. A VPN is particularly important if you’re browsing on unsecured networks that don’t require a password.
These open-access networks make it easy for hackers to track your browsing history and gain access to your private information. There are dozens of VPNs, out there, though, so you’ll need to do some research to find one that’s best for you. VPNs come in both free and paid formats, but you can usually test out a service for free before you commit to a subscription.
Use Antivirus Software
Most PC owners will know about the benefits of using antivirus software, but how many actually have this software downloaded to their computer?
Antivirus software is one of the easiest ways to protect yourself from particularly slick and savvy hackers who know how to disguise their malware.
While most malware and computer viruses come from sketchy websites and emails, hackers can get their way into some of the most reputable websites. This means computer threats could be lurking anywhere on the web.
There are plenty of antivirus software options out there today. Many companies offer a free version that lacks some of the features of the paid alternatives. But, free antivirus software is better than nothing, so it’s worth having one downloaded to your computer.
Oh, and mac owners, take note: There are viruses and malware out there that can infect an Apple computer. While these mac viruses aren’t as common as malware for PCs, they do exist. So, do yourself a favor and find a good antivirus program for your computer, regardless of your operating system.
Use Secure Passwords
Okay, okay, we know: Remembering hundreds of random passwords for all of your internet accounts isn’t easy. But, using unique, secure passwords on every website that you log into is incredibly important.
If you use the same password for your email, bank, and Facebook accounts, you leave yourself really vulnerable if someone manages to hack into one of those platforms. The more you re-use the same password, the more exposed you are to identity theft and hackers.
But, not all passwords are created equal. When creating passwords for your online accounts, the US Cybersecurity & Infrastructure Security Agency (CISA) recommends:
- Use different passwords on every website
- Never use passwords that involve easily guessed personal information
- Always use the longest password that a system allows
- Don’t use actual words that you can find in a dictionary, even if it’s in another language
You can use a site such as this one to generate a random strong pass, but you have to store it in a secure place because you won’t be able to memorize it.
To remember all of these random passwords, you can use a password manager such as LastPass. This way you only have to remember one master password.
LastPass comes as an extension to your web browser, so it automatically fills out the user and pass when it sees you access a known login page.
In addition to strong passwords, the US National Institute of Standards and Technology (NIST) highly recommends the use of two-factor or multi-factor authentication whenever possible. Two-factor authentication might sound complex, but you’ve probably already used it before.
The process of two-factor authentication is quite simple. Two-factor authentication is at play when you have to receive a code sent to your phone when logging into your bank account.
Using two-factor authentication can help protect your account, even if someone else manages to figure out your password. These days, some sites also use authenticator apps to generate a one-time use code to help protect your personal information.
While two-factor authentication might seem annoying, it’s a really important way to add an extra layer of security to all of your most important online accounts.
Learn to Spot Scam Emails
Accidentally clicking a link or responding to a scam email is a quick way to expose your computer to countless unknown viruses. So, the trick is knowing how to spot them in the first place. Here’s what you should keep an eye out for:
Look For Fake Emails
Phishing attempts usually confuse people because they pose as legitimate businesses. Even if an email says it’s from “Bank of America,” check the actual email address.
Chances are pretty high that it will have something odd like [email protected] instead of [email protected]. This is an immediate tell-tale sign of a phishing attempt.
Check for Spelling Issues
Most phishing attempts are often riddled with spelling and grammar issues that you would never find from a reputable institution. The reason being, they want to bypass your spam’s filter, that would otherwis identify those words and figure otu the email is not legit.
By switching a letter or two, the spam filters are tricked into thinking the contents of the email is innocent because it won’t find any red flags within the e-mail, which it will send straight to your inbox.
Hover Over Hyperlinks Before You Click
Hackers try to hide malicious URLs through hyperlinks, which are the blue underlined words in text that link you to websites.
If you see a misspelled hyperlink, like “bamkofarnerica.com” this is good sign that your email is a scam. If an email wants you to press on a button, hover over it to see if it’s trying to send you to a fake website.
Be Suspicious of Attachments
Never open an email attachment unless you can verify that it was sent to you by someone you trust. Doing so is an easy way to download malware to your computer.
Be Cautious Of “Urgent Messages”
Many phishing scams try to convince you that one of your relatives is stuck in some far off place and desperately needs your money to get home. Hackers often send messages like this in order to create a sense of urgency that makes you forget about cybersecurity.
When in doubt, try to get in contact with the friend or relative in question before taking the message seriously.
Never Give Away Your Personal Information By Email
Your bank or credit card company won’t send you an email asking for your personal information if they need your attention. Rather, they’ll send you an email telling you to log into your account to access their “secure message center.”
If anyone asks you directly for your personal information, account numbers, PINs, social security number, or passwords through an email that should immediately raise a red flag. When this happens, the best option is to delete the email.
Then, if the potential scam email claimed to be from your bank or credit card company, navigate directly to that institution’s website and log into your account. If the email was legitimate, you’ll almost certainly have notifications on your account dashboard or message center telling you what you need to do to fix the issue.
When in doubt, go to an institution’s website, find their contact information, and call them directly. Never rely on any contact information or hyperlinks within an email unless you’re sure it’s from a legitimate person or organization.
Try A Secure Web Browser
These days, most commonly-used web browsers, like Firefox, offer some form of basic secure browsing. But, the privacy you can get on a standard browser is nothing compared to what you can find on a truly secure alternative.
If you’re serious about internet privacy, you can try secure browsers, like Tor, I2P, Brave, and Waterfox.
The highly popular Tor browser is often associated with the dark web, but it’s a solid option if you’re interested in the highest level of security.
Tor redirects all of your traffic through virtual servers so it’s nearly impossible to track your browsing. Plus, Tor never stores your information or cookies, so it is one of the best browsers for maximum privacy.
Switch To A Secure Search Engine
While Google is perhaps the most popular search engine, it provides minimal protection from hackers and unwanted tracking. In fact, Google’s algorithms purposefully tracks you in order to send you more targeted advertising.
So, if you want truly anonymous browsing that doesn’t track or store your data, consider switching to a secure search engine. Duckduckgo and Search Encrypt are considered the cream of the crop in the world of secure internet searches.
Using these secure search engines will encrypt your activity, prevent cookies, and even eliminate some advertisements.
Other good secure search engines include:
Consider Disposable Email Addresses
If you hate spam and phishing attempts, you can try a disposable email address. Somewhat like the online equivalent of a “burner phone,” a disposable email address allows you to provide websites with an alternative email address.
But, unlike fake email addresses, when you use a disposable email address, you can actually read your messages. Disposable email addresses protect your actual account from getting spammed by stores and websites, especially if their servers get hacked.
There are plenty of great options out there for creating disposable email addresses. Some popular choices include:
- Burner Mail. This disposable email service can create new addresses in seconds so you can securely fill out online forms. Plus, you can even set up these disposable addresses to forward to your actual account without disclosing your information. The site offers free and paid options, based on how much you plan to use disposable email addresses.
- Mailinator. Mailinator’s disposable email service lets you create unique addresses whenever you want. Then, the site deletes the addresses after a few hours. The downside to Mailinator is that the free version makes your disposable email address publicly available until it’s deleted. But, you can get added protection with their premium subscription.
- 10 Minute Mail. As the name suggests, 10 Minute Mail creates disposable email addresses that last just 10 minutes. But, you can refresh the timer manually if you need more time. The best part? 10 Minute Mail is completely free and doesn’t require an account to get started.
Cybersecurity should be a top concern for anyone that spends time online. However, all too often, we accidentally put ourselves and our families at risk of malicious software.
To protect yourself against hackers, it’s important that you understand how criminals gain access to our computers in the first place. Then, you can start taking steps to more securely browse the internet to minimize your exposure to hackers.