Security & Safety Resource Center

Some invasive web ads take the form of alerts telling you to call support for help with a system infection. You should never follow their advice, since doing so will likely put you at greater risk of paying exorbitant fees for call to premium phone numbers or clicking on links to compromised sites.

Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.

Desktop apps can consume a lot of power even when you’re not using them. Plus, they might be collecting considerable information and transmitting it to servers, or worse. To save electricity and reduce your exposure to harm, consider closing any program from your web browser to your conferencing app if you’re not currently using them.

If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your access point can utilize your connection. The typical indoor broadcast range of an access point is 150 – 300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or condominium, failure to secure your wireless network could potentially open your internet connection to many unintended users. These users may be able to conduct illegal activity, monitor and capture your web traffic, or steal personal files.

HTTPS is fundamentally more secure than HTTP. Look for a padlock and/or green-colored certificate holder name in your web browser to ensure that your connection to the site is encrypted.

Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message. When your mail client downloads the graphic from their web server, the spammers know you’ve opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.

Microsoft Office and productivity software in general are both magnets for cyberattacks, since they’re so widely used, meaning any successful attempt will have huge ripple effects. Accordingly, you should, if possible, use the latest versions of these applications, as they’re much more secure than their predecessors and are patched against many known vulnerabilities.

A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.

Chances are, you wouldn’t give someone your Social Security number or address to a stranger who asked for it on the street. Likewise, you shouldn’t hand it over to someone who calls purporting to be a tech support specialist (a common scam) or in an email saying you’ve won a prize and need to fill in some additional information.

A digital signature—a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document). Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents. In emails, the email content itself becomes part of the digital signature. Digital signatures are significantly more secure than other forms of electronic signatures.

Phone call spam has gotten much worse throughout the 2010s, with many people receiving multiple scam calls per day. Most smartphones allow specific numbers to be blocked, which is advisable for any number that you don’t know and aren’t expecting any calls from.

Use Cybersecurity best practices to help you protect your internet-connected systems and devices against cryptojacking. Use and maintain antivirus software, it recognizes and protects a computer against malware, allowing the owner or operator to detect and remove a potentially unwanted program before it can do any damage. Keep software and operating systems up-to-date so that attackers cannot take advantage of known problems or vulnerabilities.

March 19, 2004: The Witty worm is a record-breaking worm in many regards. It exploited holes in several IBM Internet Security Systems products. It was the first worm to take advantage of vulnerabilities in the very pieces of software designed to enhance network security, and carried a destructive payload, unlike previous worms and it spread rapidly using a pre-populated list of ground-zero hosts.

Visiting a website for the first time, perhaps via an email link? Look for the tell-tale signs of phishing. These include misspellings and grammatical mistakes on the page, aggressive advertising and especially unusual and complex URLs. If you see some or all of them, leave the page immediately.

Responding with hostility is likely to provoke a cyberbully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, you may be able to block the messages on social networking sites or stop unwanted emails by changing the email address. If you continue to get messages at the new email address, you may have a stronger case for legal action.

Bluetooth is a technology that allows devices to communicate with each other without cables or wires. It is an electronics “standard,” which means that manufacturers that want to include this feature have to incorporate specific requirements into their electronic devices. These specifications ensure that the devices can recognize and interact with other devices that use the Bluetooth technology.

Modern credit cards often have three mechanisms for in-person purchases – swiping, chip insertion and tapping. From a security perspective, the latter two are much more secure and should be used if available. Mobile tap-to-pay solutions like Apple Pay and G Pay are also very secure.

Cybercriminals may have infected these computers with viruses or install malicious software One example is keylogger malware which, when installed, captures the keystrokes of the computer’s users and sending this information to criminals via email. Through this malware, criminals are able to receive users’ personal information, such as name, credit card numbers, birthdates, and passwords.

Many phishing scams involve the phisher posing as a major retailer and then sending emails claiming to contain coupons that you redeem by clicking them in an email. To stay safe, never click on one of these offers if it seems to good to be true, comes from a long/garbled email address or is contained in a message with odd grammar and typos.

Creating a strong password is only part of the password battle. You also need to update it regularly to hedge against the possibility it’s been compromised. If there’s a publicly disclosed data breach that affects your account, then you’ll want to change your password immediately.  

All major desktop and mobile browsers let you create bookmarks for individual websites, which can be clicked/tapped from a list to visit the site in question. It might seem like a trivial feature, but it’s actually a good security enhancement, since it spares you from needing to manually type in URLs or click on links in emails or other collateral – you always have a safe saved copy of the address you can visit with a single touch.

Like on an airplane or in an airport, hotel, train/bus station or café-be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Using your mobile network connection is generally more secure than using a public Wi-Fi network.

URL typos aren’t always harmless – the slightly misspelled website might actually be a registered domain that could put your device in harm’s way. The risk has grown as the number of top-level domains has increased; instead of just .com or .org, now there’s also .xyz, .capital and many more. Double-check any URL you type for correct spelling and punctuation before trying to visit it.

You might have a few active subscriptions, perhaps to services for video or music streaming. The subscription model has also migrated to apps, some of which present them in very confusing ways that involve you getting a free trial that segues into a expensive annual subscription that can be surprisingly difficult to cancel. Read carefully if ever offered any options containing the words “free,” “trial,” “plan” or “subscription.”

Ads designed for mobile devices can be assertive and disruptive. For example, you might be loading a page in a browser only to see a message telling you you’ve won a prize and then redirecting you to a different page. Never click on anything these ads show you. To avoid them entirely, it might be worth activating a content blocker on your phone or tablet.

Turn off features on your computer or mobile devices that allow you to connect automatically to Wi-Fi. Once you’ve finished using a network or account, be sure to log out.

Modern email spam filters are very powerful and can keep many common threats at bay without them ever hitting your inbox. Still, it’s advisable to periodically take a look at your spam folder to see if the filter is too aggressive and is blocking mail you want to see. Marking items as spam or not spam can help the filter become more accurate for your requirements.

Use strong passwords or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.

Just because a connector fits your device doesn’t mean you should use it for charging. Unlicensed third-party cables might damage your phone or PC. There’s also the more subtle risk of quicker-than-normal battery degradation through fast-charging. All batteries lose their ability to hold a charge over time, but high-voltage charging accelerates this process.

Losing a critical password can be disastrous, locking you out of a key account like online banking or email. Password managers are useful for keeping track of your credentials. As another layer of security, you can also write down passwords and keep them in a very safe location. Paper-based backup has the advantage of being completely offline and inaccessible to hackers.

While many updates to operating systems and applications are minor and take just a few minutes to complete, others are huge and make require hours. To minimize delays and hassle, it’s a good idea to schedule updates overnight, when you’re not using the device and when update servers aren’t as busy. This will also help you avoid issues like the rush of people trying to update their devices on gift-giving holidays like Christmas.