Line art image of globe with a lock

Tips for Safe Web Browsing

 10 minutes to read & watch videos | Last updated June 15, 2022

How safely do you use technology in your daily life? There are countless threats that try to compromise your devices and steal your personal information. Learn how to browse the internet cautiously to prevent becoming a victim.


Important!

If you work on a computer owned by UW–Madison, check with your department IT administrator
before installing software or reconfiguring it.

If you are a student or you access UW resources from a home or other computer, please follow the steps below.

Follow these steps

This is an accordion element with a series of buttons that open and close related content panels.

Keep your operating system (OS) and versions up to date

Why? Developers or others often discover vulnerabilities, or weaknesses, in a computer’s operating system (OS) or applications. These vulnerabilities provide hackers an opportunity to create malicious software (e.g., viruses, ransomware, bots, adware, worms, Trojans, etc.) that can infect your computer and steal your personal information. To counteract this, a security update (also called a “patch”) is created to fix vulnerabilities in computer software code. So, it’s important to keep your OS and security patches up to date. Simply running an antivirus program is not enough.

How do I keep my computer updated?

It’s easy to configure your computer to automatically download and install security updates so that you don’t have to remember to do it manually. In most cases, the updates will install in the background, and you will not be asked to download and install anything. Once set up, it should be easy to ignore those fake updates or pop-up notifications generated by hackers.

How to update Windows Security Patches (Source: kb.wisc.edu)

How to update Mac Security Patches (Source: kb.wisc.edu)

Use a Virtual Private Network (VPN)

VPNs encrypt your data and hide your IP address. This prevents criminals from viewing your data. 

UW–Madison uses WiscVPN software which encrypts internet traffic between a home/remote personal or work computer and the campus network, allowing you to use the internet securely on open networks. It’s offered free to UW–Madison faculty, staff, and students. Learn about WiscVPN – How to Install, Connect, Uninstall, and Disconnect WiscVPN Palo Alto GlobalProtect (Source: kb.wisc.edu).

Use websites with HTTPS

Use websites with HTTPS, especially if you’re accessing or transmitting confidential information. These connections can be identified by the lock icon next to the URL or the “https://” at the beginning of the URL. The “S” in HTTPS stands for secure and means that the connection between your web browser and the website server is encrypted – making it more difficult for hackers to steal your data. However, it does NOT necessarily mean that the website is safe. You need to look at the domain name (or URL) to see that it matches the website or source you wish to go to: “it.wisc.edu” is correct but “it.wics.edu” has a spelling error which sends you to a malicious site. 

Locate your browser below to learn how to change your settings to only go to HTTPS sites.

Watch for fake warning pop-up messages

Hackers create browser pop-ups that look like real antivirus warnings. Sometimes called “scareware,” these pop-ups are designed to frighten you into engaging with them. They might say, “your computer is infected, click here to run a virus scan!” If you click, you might download malware instead.

To tell the difference between a real warning and a fake one, pay attention to what it’s asking you to do. 

  • A real browser warning will ask you NOT to do something — don’t go to this website, don’t go forward. 
  • A fake warning will ask you to do something — click this link, download this update. If you think a warning is fake, close the pop-up, then run a virus scan. If the browser warning is real, pay attention and do not visit the website.

To avoid these issues:

  • Set up automatic updates for your operating system and applications. See the Guide: Securing Your Computer (Source: it.wisc.edu)
  • Follow the instructions above to block pop-ups for your browser in “Select security and privacy setting”

Be wary of top search results

Scammers have learned how to manipulate Google’s search technology and algorithms to get their fake (but legitimate-looking) websites indexed by Google’s search engine.

This means fake sites can get indexed and show up at Google search results.

Before you click, scrutinize the URL. There are several services you can use to verify a link. Google Safe Browsing is a good place to start.

Type in this URL http://google.com/safebrowsing/diagnostic?site= followed by the site you want to check, such as google.com or an IP address. It will let you know if it has hosted malware in the past 90 days.

Safari: Select your security and privacy settings

Safari (Mac):

  1. Go to Preferences
  2. Under General, select Security tab
    1. Fraudulent sites: check the box in front of “Warn when visiting a fraudulent website”
  3. Select Privacy tab
    1. Website tracking: check the box, “Prevent cross-site tracking”
    2. IP address: check the box, Hide IP address from trackers
    3. Web advertising: check the box, “Allow privacy-preserving measurements of ad effectiveness.
  4. Switch on HTTPS-Only Mode in Safari
    1. Safari doesn’t have an HTTPS-only mode. It does have the ability to automatically switch sites from HTTP to HTTPS if available. The feature is enabled by default (so it turns on automatically) with Safari 15 on macOS Monterey, macOS Big Sur and macOS Catalina. Be sure your Operating System (OS) is the most current.
  1.  

Chrome: Select your security and privacy settings

Chrome:

  1. Go to Preferences
  2. Privacy and Security
  3. Go to Safety check
    1. Click the “Check now” to run a safety check
  4. Scroll down to Security and click on the arrow to the right
    1. Check the circle in front of “Enhanced Protection”
    2. Under “Always use secure connections” toggle the slider to the right (it will turn blue). This will warn you if you try to go to an unsecure (http) site.

Firefox: Select your security and privacy settings

Firefox:

  1. Go to Preferences
  2. Privacy & Security
  3. Under Browser Privacy
    1. Click the circle in front of: “Send websites a “Do Not Track” signal that you don’t want to be tracked”
  4. Scroll down to Security section, Deceptive Content and Dangerous Software Protection
    1. Check the boxes in front of:
      1. Block dangerous and deceptive content
      2. Block dangerous downloads
      3. Warn you about unwanted and uncommon software
  5. Scroll down to Certificates
    1. Check the box in from of Query OCSP response servers to confirm the current validity of certificates
  6. Scroll down to HTTPS-Only Mode
    1. Check the circle in front of “Enable HTTPS-Only Mode in all windows

Microsoft Edge: Select your security and privacy settings

Microsoft Edge:

  1. Go to Settings
  2. Privacy, search, and services
    1. Go to Tracking prevention and slide the button to the right (it will turn blue)
      1. Select “Strict”
    2. Scroll down to “Privacy”
      1. Go to “Send ‘Do Not Track: requests”- slide the button to the right (it will turn blue)
    3. Scroll down to “Security”
      1. Slide the buttons to the right (it will turn blue) for the following:
        1. Microsoft Defender SmartScreen
        2. Block potentially unwanted apps
        3. Typosquatting Checker
        4. Turn on site safety services to get more info about the sites you visit.
        5. Use secure DNS to specify how to lookup the network address for websites
    4. To set up HTTPS-Only 
      1. First, insert this URL:    edge://flags, enable ‘Automatic HTTPS’ and restart your browser
      2. When you restart your browser you will see: edge://flags/#edge-automatic-https.
      3. Go to the blue “button” with the drop down arrow to enable the feature (it should show a blue, “Enabled” button).
      4. Now go to the Edge’s settings page by clicking on the three dots in the upper right of your page.
      5. Go to Privacy, search, and services located on the left side of your page. 
      6. Go to the middle of the page where it reads, “Automatically switch to more secure connections with Automatic HTTPS”
        1. Go down to “Always switch from HTTP to HTTPS (connection error might occur more often) and slide the button to the right (it should turn blue).

Related Docs