[CLICK...] Is There Danger Ahead?
Do you know how to tell right away if a website (or link) is going to lead you into a world of hurt? A single click can lead to an unwanted download, a malware infection, stolen login credentials, or identity theft. Here are some practical tips and tools you can use to click smarter...
How To Tell If A Site May Be Dangerous
The quotation “Eternal vigilance is the price of liberty,” dates back to the late 1790s. And though there is some argument over who said it first, it’s a particularly relevant dictum in this Internet Age. The human race has never enjoyed more liberty of ideas, communication, and personal action than we have since the Web emerged as The Great Enabler.
But the need for constant vigilance against danger on the Web is also at an all-time high. Every click of a link has the potential to deliver malware infection, silently and instantly. Every new site that we visit stands a good chance of being a trap whose jaws can close on us so subtly we don’t notice until we’re swallowed.
Even sites we have visited a thousand times and know well can be mimicked with frightening accuracy by the bad guys. Eternal vigilance is, indeed, the price we must pay for the vast liberty the Web gives us.
We cannot rely on other people to keep us safe out there on the Web. Software alone cannot outwit the evil but highly intelligent and adaptable people who wish to do us harm. So-called “reputation services” such as Web of Trust are not much use, especially against brand-new rogue sites that have no reputation yet. The labels and reviews that WoT members assign to sites are often polluted by personal vendettas, branding good sites as bad; worse, the bad guys brand each other’s sites as “good.”
Nobody looks out for you as well as you can. So here is what to look out for, when you encounter an unknown site, or a familiar one that just doesn’t seem right.
Telltale Signs A Site May Be Dangerous
Raise your shields immediately if a site asks you to do something that seems unnecessary or out of the ordinary. You shouldn’t have to install a browser plug-in you’ve never heard of in order to view a site’s content. Registration of a username and password should never require a credit card, even if the site swears the card won’t be charged. A survey that asks where you bank, where you live, who your family members are, and other questions you would find impertinent from a stranger should set your alarms ringing.
If you see a message asking you to login and verify your account credentials (login, password, account number or social security number) be extra wary. Your bank or financial institution should never ask you for that information by email.
Unexpected email from strangers should always be approached cautiously. So should email that seems to be from someone you know (or a company you do business with) if it is “out of character” in timing, topic, or tone. If anything seems “off” about an email, approach it cautiously.
Do not click on any links in a suspicious email. Instead, hover your cursor over the link and right-click to reveal a drop-down menu. Select the option to “copy link address” without opening the Web page to which it links. Then go check out that URL (web page address).
Look Before You Leap
The Google Transparency Report is a great place to start, because it reports on websites, and not just individual pages. Comodo Web Inspector is a good tool to examine a specific web page. Just paste the suspect URL into the Inspector’s input box and it will scan the target site for malicious content. Analyzing the whole site, not just the page to which the URL leads, can take several minutes. Alternatively, the Zulu URL Risk Analyzer also does a thorough job of evaluating the potential danger of a site.
Virus Total scans a site using multiple antivirus engines. If the site has been scanned before and deemed malicious, Virus Total will warn you. If it has been deemed safe, Virus Total will report it safe; but that doesn’t mean it’s safe now, some time after it was last scanned by Virus Total. So trust only warnings, not assurances of safety.
If a URL has been shortened, it must be fully expanded before it can be scanned by Virus Total or another URL-checker. You don’t want to expand a shortened URL by actually fetching its target Web address; that could infect you with malware. Instead, copy the shortened URL to your clipboard and paste it into the form at Unshorten.it. The expanded URL will appear below the shortened one, and you can copy the latter to any place you wish.
A “secure connection” is vital when exchanging sensitive information, such a credit card details, with any site. Look at your browser’s address bar for the “https://” protocol symbol. The “s” in it means the current connection is secured with encryption so only you and the server to which you are connected can read the information exchanged. Your browser should warn you if a web server does not have a valid “digital certificate” to make secured connections. The certificate may - or may not - also authenticate the identity of the server and/or its owners.
Digital certificates are sold by “certificate authorities,” such as Verisign or Comodo. To create differentiated products and make more profit, certificate authorities sell different levels of certificates. A basic certificate secures an https connection, but provides no assurances about the server or the people who own it. A more expensive one may indicate that the certificate authority has verified the legitimacy of the server. The most expensive “extended validation certificates” deliver the authority’s assurance that it has thoroughly verified the business or people who own the server, too; that is the most trustworthy certificate. See Comodo’s explanation of the different types of digital certificates. When you understand them, you will be able to tell what level of trustworthiness a certificate offers.
What has been your experience with suspicious websites, emails, etc. How do you protect yourself? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 4 May 2016
|For Fun: Buy Bob a Snickers.|
[READ] Are Public Libraries Obsolete?
The Top Twenty
Geekly Update - 05 May 2016
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [CLICK...] Is There Danger Ahead? (Posted: 4 May 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved