Think first, then click: Avoiding most common traps on the internet
12 Jan 2017
Internet attackers using tricks such as trojan viruses and phishing are becoming ever more inventive, but computer users can protect themselves if they follow a few simple tips.
Emails and phishing: The most frequent method of infection is still via email attachment. When you open one, malicious software is secretly installed on your computer. Or you may be directed to a fake website that seeks your personal data (phishing).
The emails are usually invoices and the fakes are getting better and better.
"For example, the attackers look at the contacts of a person on Facebook and then send emails using their names," says Joachim Wagner, spokesman for the Germany Office for Information Security (BSI).
Usually only the address of the sender makes it clear that the email isn’t coming from who it purports to be coming from.
"When it comes to banking, blocked accounts and the like and you’re asked to click on something, you should always be sceptical," advises Maurice Ballein, an editor with the IT portal Netzwelt.de.
"Think first, then click!" says Wagner. The recipient should ask themselves three questions: Do I know the sender? Is the subject line meaningful or vague? Do I expect an attachment? "If there any doubts, delete the email unopened."
You can also contact the company that purportedly sent the email or log into your account to see if anything is really happening - just don’t follow the link in the suspicious email to get there.
Ransomware: Crypto-trojan viruses encrypt the files on a computer and criminals then blackmail the owner to pay to have them decrypted. Ransomware is spread via manipulated websites, downloads and email.
"We strongly advise against paying the ransom," says Frank Timmermann from the Institute for Internet Security in Gelsenkirchen, Germany.
The best defence, Wagner says, is to make the potential area for attack as small as possible. Your browser, operating system and programs should always be up-to-date.
"It’s important to have appropriate security solutions, from the firewall to anti-virus software," says Ballein. All three experts recommend regular backups to external media.
Security gaps: There are always weak points in current software. Once vulnerabilities are discovered it can take the developer a few days to plug the gap. You should always install any updates promptly - after first making sure you’re downloading them from the legitimate site.
Online banking etc: Here, safe passwords are essential.
"Please use different passwords for important accounts and change them regularly," advises Wagner. Many services offer two-factor authentication for extra security.
Secure websites can be recognized by the "https" in their address. Click on the lock icon next to it to see information about the security certificate.
Don’t ever carry out sensitive transactions in a public WiFi network. Your home WiFi also needs a good password. And don’t forget to always log out of active accounts.
Manipulated advert banners: Ad banners even on legitimate websites can be manipulated to infect people’s computers with malicious code. "The browser should be up-to-date and have real-time security detection," says Ballein.
A compromise between protection and functionality is to use the NoScript add-on for Firefox - it allows users to decide whether or not to let scripts and plug-ins run on certain pages.