Practice Safe Browsing
Every week, tens of millions of unsafe websites are detected By Google’s Safe browsing system (external link) . These sites are designed to trick you into downloading or installing malicious software or entering your private information.
With a few mindful habits, you can ensure your browsing remains secure.
Every browser offers something different. Get online more securely by choosing a browser that offers a level of security you’re comfortable with and the unique convenience features you want.
Between the top five most popular browsers Chrome, Edge, Firefox, Opera and Safari, you can decide which browser is best (external link) with the help of an analysis completed by PCMag.com.
Unless logging in to a well-trusted site like my.torontomu.ca, use a browser’s “private browsing” mode to minimize risk. Private modes will never prompt you to remember logins or passwords, or retain information from your session once you close it.
Here are some helpful shortcuts for starting private browsing sessions:
- Google Chrome’s Incognito mode:
On your keyboard, press Ctrl + Shift + N
- Mozilla Firefox’s Private Browsing mode:
On your keyboard, press Ctrl + Shift + P
- Apple Safari’s Private Browsing mode:
In your Safari browser, click the Safari menu, then Private Browsing
- Microsoft Edge’s InPrivate Browsing mode:
On your keyboard, press Ctrl + Shift + N
- Private browsing or ‘Incognito’ mode creates a temporary session that is isolated from a browser’s main session.
- This means that your searches, visited pages, login details and cookies will not be saved on the device after you close your browser window.
- Although private browsing mode deletes cookies and search histories when you close the window, it does not hide your traffic from third-parties including:
- internet service providers (ISPs)
- government officials;
- network admin at your school or place of work.
- Private browsing also does not secure your traffic from being exploited by hackers, attacks or security vulnerabilities.
- While effective for ensuring sensitive data such as passwords or credit card numbers are not saved, note that any risks inherent associated with less secure choices remain even when using private browsing mode.
Defensive computer use
The way you interact with browsers and computers can make a difference in keeping your personal information and online activity private. Here are some things to think about:
- Log off or shut down completely when you leave your device for the day.
- Set your computer's power options to prompt for a password upon resuming from sleep or standby.
- Any computer or tablet used by someone other than yourself is considered a shared machine, regardless of whether it belongs to a family member, friend, electronics store or library.
- Use a browser’s “private browsing” mode to minimize risk as it will never prompt you to remember logins or passwords or retain information from your session once you close it.
- Always log out of web apps, e.g. social media sites, online banking, email to prevent accounts and information from being hijacked or misused.
- Be aware of habits and avoid clicking yes to save your password for any sites visited, lest someone gain access and misuse your personal, work or school information.
If you’re working in a public area like an open office or the library, do not leave laptops unattended without being physically secured as they are frequently stolen.
Even if it’s secured and you must leave your computer unattended, remember to lock the screen. This helps prevent opportunities for others to expose your confidential information from logging in to your personal accounts like banking or email if you’ve saved the passwords.
An easier way to lock—every single time
Get in the habit of locking your screen quickly using these shortcuts:
- For PCs:
On your keyboard, press the Windows key + L key
- For Mac desktops:
On your keyboard, press Ctrl + Shift + Eject button
- For Mac laptops:
On your keyboard, press Ctrl + Shift + Power button
If you’re a Mac user, Apple also has a feature to create custom keyboard shortcuts using keys of your choice. Learn how to create keyboard shortcuts for apps on Mac (external link) .
Malicious sites use a variety of methods to trick you into downloading and opening malware. Here are some real-life examples:
- Websites that cannot be read without installing a special font that needs to be downloaded. Usually, the font file is really malware.
- Websites asking to install an application or plugin in order to watch a supposedly controversial or viral video.
- Links to “must watch” videos from an acquaintance you rarely interact with, arriving either by email or social media.
- Websites offering normally expensive software for free.
- Pop-up windows that claim your computer is infected, or appear to run an antivirus scan, or urge you to take immediate action.
- Websites or emails requesting personal financial information, e.g. social insurance number, PIN or bank account information for an unsolicited financial transaction or purchase.
In every situation like these, it’s safest to ignore the site’s instructions and leave.
Some malicious sites open pop-up browser windows to entice you to download and infect your computer, tablet or mobile device. Often, it’ll claim your computer has a virus that you need to clean by following directions or calling a phone number.
In some cases, these browser windows cannot be closed by clicking but you can close the browser entirely using keyboard shortcuts.
- On your keyboard, press Control + Alt + Delete
- Click Task Manager
- Click the Processes tab, highlight your browser and click the End Task button.
- On your keyboard, press Command + Option + Esc to open the “Force Quit Applications” window.
- Highlight your browser and click the Force Quit button.
You may receive emails, social media messages or otherwise be directed to fake websites as part of a phishing scam for personal information. Have your guard up if you:
- Receive emails of an urgent and confidential nature, e.g. “Your bank account has been locked”, but with a generic, unspecific greeting and a link to a website.
- Read a comment on a help forum that someone solved a problem by downloading a driver from a specific link.
- Receive a link via social media that claims someone is saying something about you or that a popular video is available.
The best strategy is to ignore these messages. If you think a message may be valid, you can always check the link without clicking it by doing the following:
- On a computer, hover your cursor over the link to reveal the true destination address at the bottom-left of your browser window.
- On a mobile device, press and hold the link to reveal the true address or a preview of the page.
Learn more about phishing and how to detect and report it.