Tips for Safe Web Browsing

Why? Developers or others often discover vulnerabilities, or weaknesses, in a computer’s operating system (OS) or applications. These vulnerabilities provide hackers an opportunity to create malicious software (e.g., viruses, ransomware, bots, adware, worms, Trojans, etc.) that can infect your computer and steal your personal information. To counteract this, a security update (also called a “patch”) is created to fix vulnerabilities in computer software code. So, it’s important to keep your OS and security patches up to date. Simply running an antivirus program is not enough.

How do I keep my computer updated?

It’s easy to configure your computer to automatically download and install security updates so that you don’t have to remember to do it manually. In most cases, the updates will install in the background, and you will not be asked to download and install anything. Once set up, it should be easy to ignore those fake updates or pop-up notifications generated by hackers.

How to update Windows Security Patches (Source: kb.wisc.edu)

How to update Mac Security Patches (Source: kb.wisc.edu)

Why? VPNs can be potentially harmful depending on where you download and install it from. Some VPNs are not as reliable or secure.  UW–Madison uses WiscVPN because it is secure and also passes through the university’s web filtering system which can block potentially malicious links from ever being loaded onto your computer.

WiscVPN software encrypts internet traffic between a home/remote personal or work computer and the campus network, allowing you to use the internet securely on open networks. It’s offered free to UW–Madison faculty, staff, and students. Learn about WiscVPN – How to Install, Connect, Uninstall, and Disconnect WiscVPN Palo Alto GlobalProtect (Source: kb.wisc.edu).

Use websites with HTTPS, especially if you’re accessing or transmitting confidential information. These connections can be identified by the lock icon next to the URL or the “https://” at the beginning of the URL. The “S” in HTTPS stands for secure and means that the connection between your web browser and the website server is encrypted – making it more difficult for hackers to steal your data. However, it does NOT necessarily mean that the website is safe. You need to look at the domain name (or URL) to see that it matches the website or source you wish to go to: “it.wisc.edu” is correct but “it.wics.edu” has a spelling error which sends you to a malicious site.

Locate your browser below to learn how to change your settings to only go to HTTPS sites.

Safari (Mac):

1. Click on the Safari menu bar (at the top of your computer screen)
2. Click on Preferences
3. Click on the Security tab
   • Fraudulent sites: check the box in front of “Warn when visiting a fraudulent website”
4. Click on the Privacy tab
   • Website tracking: check the box, “Prevent cross-site tracking”
   • IP address: check the box, Hide IP address from trackers
   • Web advertising: check the box, “Allow privacy-preserving measurements of ad effectiveness
5. Switch on HTTPS-Only Mode in Safari
   • Safari doesn’t have an HTTPS-only mode. It does have the ability to automatically switch sites from HTTP to HTTPS if available. The feature is enabled by default (so it turns on automatically) with Safari 15 on macOS Monterey, macOS Big Sur and macOS Catalina. Be sure your Operating System (OS) is the most current.

Firefox:

1. Click on the Firefox application menu (the three dots/lines on the upper right-hand corner of your computer screen)
2. Click on SettingsClick on Privacy & Security
3. Under Browser Privacy
   • Click the circle in front of: “Send websites a “Do Not Track” signal that you don’t want to be tracked”
4. Scroll down to Security section, Deceptive Content and Dangerous Software Protection
   • Check the boxes in front of:
     • Block dangerous and deceptive content
     • Block dangerous downloads
     • Warn you about unwanted and uncommon software
5. Scroll down to Certificates
   • Check the box in from of Query OCSP response servers to confirm the current validity of certificates
6. Scroll down to HTTPS-Only Mode
   • Check the circle in front of “Enable HTTPS-Only Mode in all windows

Chrome:

1. Click on the Chrome application menu (the three dots/lines on the upper right-hand corner of your computer screen)
2. Click on Settings
3. Click on Privacy and Security
4. Go to Safety check
   • Click the “Check now” to run a safety check
5. Scroll down to Security and click on the arrow to the right
   • Check the circle in front of “Enhanced Protection”
   • Under “Always use secure connections” toggle the slider to the right (it will turn blue). This will warn you if you try to go to an unsecure (http

Microsoft Edge:

1. Click on the Microsoft Edge application menu (the three dots/lines on the upper right-hand corner of your computer screen)
2. Click on Settings
3. Click on Privacy, search, and services
   • Go to Tracking prevention and slide the button to the right (it will turn blue)
     • Select “Strict”
   • Scroll down to “Privacy”
     • Go to “Send ‘Do Not Track: requests”- slide the button to the right (it will turn blue)
   • Scroll down to “Security”
     • Slide the buttons to the right (it will turn blue) for the following:
       • Microsoft Defender SmartScreen
       • Block potentially unwanted apps
       • Typosquatting Checker
       • Turn on site safety services to get more info about the sites you visit.
       • Use secure DNS to specify how to lookup the network address for websites
4. To set up HTTPS-Only
   • First, go to edge://flags, enable ‘Automatic HTTPS’ and restart your browser
   • When you restart your browser you will see: edge://flags/#edge-automatic-https.
   • Go to the blue “button” with the drop down arrow to enable the feature (it should show a blue, “Enabled” button).
   • Now go to the Edge’s settings page by clicking on the three dots in the upper right of your page.
   • Go to Privacy, search, and services located on the left side of your page.
   • Go to the middle of the page where it reads, “Automatically switch to more secure connections with Automatic HTTPS”
     • Go down to “Always switch from HTTP to HTTPS (connection error might occur more often) and slide the button to the right (it should turn blue).

Hackers create browser pop-ups that look like real antivirus warnings. Sometimes called “scareware,” these pop-ups are designed to frighten you into engaging with them. They might say, “your computer is infected, click here to run a virus scan!” If you click, you might download malware instead.

To tell the difference between a real warning and a fake one, pay attention to what it’s asking you to do.

• A real browser warning will ask you NOT to do something — don’t go to this website, don’t go forward.
• A fake warning will ask you to do something — click this link, download this update. If you think a warning is fake, close the pop-up, then run a virus scan. If the browser warning is real, pay attention and do not visit the website.

To avoid these issues:

• Set up automatic updates for your operating system and applications. See the Guide: Securing Your Computer (Source: it.wisc.edu)
• Follow the instructions above to block pop-ups for your browser in “Select security and privacy setting”

Scammers have learned how to manipulate Google’s search technology and algorithms to get their fake (but legitimate-looking) websites indexed by Google’s search engine.

This means fake sites can get indexed and show up at Google search results.

Before you click, scrutinize the URL. There are several services you can use to verify a link. Google Safe Browsing is a good place to start.

Type in this URL https://google.com/safebrowsing/diagnostic?site= followed by the site you want to check, such as google.com or an IP address. It will let you know if it has hosted malware in the past 90 days.