Threat level 1:
No malware, please
Most folks, especially businesses, want to avoid
malware at all costs. Two of the most common
vectors are links that download malware and
drive-by-downloads, in which malware is
downloaded automatically just by loading a web
page. Dangerous links can be found on
webpages, in email, or on IM. Scammers often
use social networks and URL shorteners to spread
malicious links in disguise, in hopes that
someone will click.
Threat level 2:
I don’t like spyware, either
An attacker who manages to compromise your
browser can uncover all kinds of information.
Here, browser add-ons are not necessarily your
friend. Use them sparingly, as they can become
an unforeseen delivery mechanism for malware.
Periodically check your list of extensions
(chrome://extensions in Chrome, about:addons in
Firefox) to see whether anything unfamiliar or
inexplicable is there. You can rarely go wrong by
disabling something that looks suspicious. Also
be mindful of web pages that try to trick you into
installing browser extensions -- for example,
“Click ‘add’ to speed up this website” or some
other deceptive prompt.
Threat level 3:
No tracking at any time
It’s happened to all of us: After browsing for floor
tiles on HomeDepot.com, ads for home
improvement pop up everywhere on the internet.
Advertisers rely on cookies to follow you online
and serve up ads based on your activity. But it’s
not just advertising. Websites use cookies to
remember your accounts, passwords, and
browsing history, and to track your activity on
their site. When you disable and clear cookies you
cut down on the personal data cybercriminals can
obtain.
Threat level 4: Hands off my information
Cookies are prime targets for cybercriminals
because of the information they contain,
especially those with emails, account names, and
passwords. Even when obscured, this information
can be used nefariously. Cross-site scripting
attacks use JavaScript on a webpage to extract
user details and session information from cookies
and impersonate them online, and cross-site
request forgery attacks use session cookies to
forge requests for other sites.
Threat level 5: Don’t phish me
Phishing sites are fraudulent websites designed to
steal personal information. This isn’t limited to
login credentials for email or banking sites.
Phishing sites can masquerade as contests and
ask for your SSN. Phishing attacks can also
redirect victims to a bogus site where malicious
code is downloaded and the malware collects
sensitive information. We see potential phishing
attacks everywhere, so our natural inclination is to
not click on any links.
Epic.. Very informative especially now with the ransomware out to endanger the safety of computers.
ReplyDelete