It’s estimated that half of today’s threats reach their victims through social engineering attacks. This means that unsuspecting users are taking a deliberate action that leads to the infection of their systems. Knowing what to look for, which actions to take, and more importantly which not to take, greatly reduces your vulnerability to compromise. These list serves the basis for staying safe online and is the same used by many security professionals on a daily basis.
- Seek out information yourself, rather than following promises of information pushed to you:
- Confirm, confirm, confirm: If you receive a notification or alert via email, or other medium, bring up a web browser, go to the site in question, and check your account for genuine notifications. DO NOT trust that the email is legitimate as more often than not it is a scam. Nearly 3/4 of all email is spam.
- If you receive an email (or contact through a social network) from someone you know that is asking you to take some action, be leery. That attachment might not actually contain photos, and that hyperlink may not lead to a reputable site. When in doubt, ask the sender to confirm that they sent the message and the content is legit.
- Stay on the beaten path:
- When searching online, it is common to come across unwanted links, even in the top search results. Inspect the destination address to see if the site is recognizable.
- When shopping online, check that the site is secure (HTTPS), and that the site has a good reputation. A lack of reputation is a bad sign when it comes to e-commerce
- Keep your operating system, applications, and security software enabled and up to date:
- Some people disable their anti-virus software while playing games and performing other heavy operations, but forget to re-enable that protection afterwards. It may be prudent for such individuals to carry out broader internet facing tasks such as email and web browsing on a separate system, such as a tablet or virtual machine.
- Most system updates default to automatic installation, but sometimes these require a reboot to take effect which gets put off for days or weeks; or users disable the update due to annoying popups. Failing to apply such updates greatly increases your vulnerability to attacks
- The same is true for your web browser and browser plugins; Adobe Flash, Sun Java, Microsoft Silverlight, and others are targets for exploitation and must be kept up to date.