Etech

Lesson 2

Example:
 Etech

Malware
 Etech

Example:
Etech
 Etech

How to find if a website is legitimate?

2. Look at the website's connection type. A website that

has an "https" tag is usually more secure--and therefore
more trustworthy--than a site using the more common
"http" designation. This is because "https" sites' security
certification is a process most illegitimate sites don't
bother with.A site that uses an "https" connection can still
be unreliable, so it's best to verify the website using other
means as well.
Make sure the site's payment page in particular is an
"https" page
3 Check the site's security status in your browser's address bar. For most browsers, a "safe"
website will display a green padlock icon to the left of the website's URL.You can click on the
padlock icon to verify the details of the website (e.g., the type of encryption used).
4 Evaluate the website's URL. A website's URL consists of the connection type ("http" or
"https"), the domain name itself (e.g., "wikihow"), and the extension (".com", ".net", etc.). Even
if you've verified that the connection is secure, be on the lookout for the following red
flags:Multiple dashes or symbols in the domain name.
Domain names that imitate actual businesses (e.g., "Amaz0n" or "NikeOutlet").
One-off sites that use a credible site's templates (e.g., "visihow").
Domain extensions like ".biz" and ".info". These sites tend not to be credible.
Keep in mind as well that ".com" and ".net" sites, while not inherently unreliable, are the
easiest domain extensions to obtain. As such, they don't carry the same credibility as a ".edu"
(educational institute) or ".gov" (government) site.
 Etech

5. Look for bad English on the site. If you

notice a large number of poorly-spelled (or
missing) words, generally bad grammar, or
awkward phrasing, you should question the
site's reliability.Even if the site in
question is technically legitimate insofar
as it isn't a scam, any inaccuracies in language
will also cast doubt on the accuracy of its information, thereby making it a poor source.

6. Watch out for invasive advertising. If your

selected site has a stunningly large number
of ads crowding the page or ads that automatically
play audio, it's probably not a credible site. Additionally, consider looking elsewhere if you
encounter any of the following types of ads:
Ads that take up the whole page
Ads that require you to take a survey (or complete some other action) before continuing
Ads that redirect you to another page
Explicit or suggestive ads
 Etech

7. Use the website's "Contact" page. Most sites

provide a Contact page so that users can send
questions, comments, and concerns to the owner of the
site. If you can, call or email the provided number or
email address to verify the legitimacy of the
website.Make sure you scroll all the way to the bottom
of the site to search for the Contact page.
If the site in question doesn't have a Contact page listed
anywhere, it should be an immediate red flag.

8. Use a "WhoIs" search to research who has registered the website's domain. All domains are
required to display contact information for the person or company who has registered the
domain. You can get WhoIs info from most domain registrars, or from services such
as https://whois.domaintools.com/. Some things to look out for:
-
Private registration: It's possible register a domain privately, where a "private registration"
provider serves as the domain's contact, instead of the actual owner. If a domain uses private
registration, consider this a red flag.
- Contact information is suspicious: For example, if the name of a registrant is "Steve
Smith," but the email address is "ramsaybolton12345@hushmail.com", this might be a
sign that the registrant is trying to hide their true identity.
- Recent registration or transfers: A recent registration or transfer of a domain may indicate
that a site is not trustworthy.

Lesson 2 cont.
Etech
 Etech

7 Ways to protect your computer

Only Use Trusted Antivirus and Malware Software

• Few people these days will use a computer, smartphone or tablet without some type of
antivirus and malware detection software. In 2017, only 27% of Windows computers were
unprotected, as a report by Digital Journal shows. However, not all of those individuals utilize a
dependable or well-known provider.

• Antivirus software like Norton, Kaspersky, Comodo, AVG, Avast, and Webroot may cost you just
a bit more than self-described "free antivirus" applications, yet all have a longstanding tradition
for being effective and recognizing security threats.

• There are free antivirus software downloads on the web, but do you want to trust your
computer with just any type of software? Furthermore, many totally free antivirus programs are
themselves Potentially Unwanted Programs ("PUPs"), and come installed with some kind of
spyware.
 Etech

• Investing in high quality antivirus software is a small price to pay compared to the harmful
hijacking or cryptojacking that could occur on your personal devices.

• Important Note: Install software updates you receive immediately.

• Good antivirus software will go a long way in helping detect and remove malware, but it does
not help much if you do not keep the software, and all your other programs updated.

• With the latest Google Chrome zero-day vulnerabilities announcement, some browsers

remained exposed, even after the automatic update was installed, because the browser was not
restarted.

• So while IT teams may do a fine job of monitoring, notifying, and correcting security risks, they
also need help from you. Therefore, you need not only to install updates as soon as they
become available, but also to restart the systems as well, in order to fully implement the
updates.

Configure Regular Scans and Monitor Settings

• Antivirus software is something that everyone should have. If you ask the average person if they
need an antivirus program, they would probably agree. And yet, nearly half of all Americans
have no form of antivirus protection whatsoever, according to a recent study by Webroot.

• In 2017, the Erie County Medical Center in New York was hacked, exposing private patient data
and costing the hospital millions. The hackers ended up taking down their computer system for
a total of six weeks. They couldn't do anything—all the screens were blacked out. They ended up
having to shell out over $44,000 in Bitcoin to the hackers just to regain access to their own
equipment.

• And all of this because happened simply they didn't have any type of antivirus software to stop
this from happening.

• While it is intended to run in the background, you still need to manage it up front. It is a good
idea to set up automatic scans to run every few days or week to make sure the software is doing
its job.

• If you find that the performance of your PC is vastly reduced when running a scan, then don't
run the scan while you're using your machine. Late at night, for example, is a logical choice for
most people.

• Finally, in order to ensure the scan runs, you should make sure that the system is not turned off
and cannot go to sleep and/or hibernation.
 Etech

• All the major

software
providers
have their own
operating
systems, and each have their own antivirus defenses. Yet, they still have to do updates on a
regular basis to address newly-discovered vulnerabilities. While you may feel that restarting
your system and upgrading to a newer version is not necessary, you need to know these
updates are designed to decrease your exposure to possible exploits.

• Security teams are always issuing new patches that fix malware threats and zero day
vulnerabilities. However, if you continue using an older operating system—ignoring constant
request to upgrade your OS to a newer version—your computer is at risk of being infected with
malware.

• Getting notified about a computer update is like hearing your in-laws are in town to visit.
Although you may feel obligated to do it, at the end of the day it just seems there are more
enjoyable things to do.

• However, operating system updates are important. If you put them off, the consequences could
be much worse than disgruntled in-laws.

• Take, for example, what happened with the Wannacry ransomware attack, in which more than
200,000 computers were compromised across 150 different countries, with total damages that
ranged in the hundred millions to billions of dollars. With the proper antivirus software installed,
this could have been thwarted fairly easily.
 Etech

• With the mass adoption of wireless technology in the last decade, our personal information is
constantly being sent over public networks...and it's not always protected as well as we think.
Our computers connect to files, printers, and the internet constantly, and hackers love to prey
on unprotected internet traffic.

• The reality is, you're playing with fire if your do the following:

• Insist on using public Wi-Fi without browser protection

• Do not use a password for your own personal network (and share that information with others)

• Rely only on WEP router encryption, the weakest there is.

• Whenever using a Wi-Fi network, whether it's at home or your local Starbucks, consider using a
virtual private network (VPN) with strong encryption.

• You need a wireless network at home that is WPA or WPA2 encrypted. Never broadcast your
SSID to others even if you have trustworthy guests who want to share the network. Instead,
create a guest SSID and different password for those people.

• Bottom line: if your network is not secure, you need to use a virtual private network. But you
can't just use any VPN. You need to know what to look for in a quality VPN and, specifically, you
need to check and make sure that the VPN you are using is not logging your data, which some
VPNs (typically free ones) often do.

(Encrypted)
Employ Browser Common Sense
When it comes to street crime, there are common-sense principles that automatically keep you safe,
such as never traveling alone at night, staying in well-lit areas, and so on). Likewise, the same principles
of self-preservation apply when browsing the internet.

Avoid websites that feature pirated material, particularly torrent sites like The Pirate Bay. These kinds of
places are loaded with malware. You should never open an email attachment from someone you do not
recognize, which could be part of a phishing scam.

Here are a few tips:

 Scan every file before you download it, even if the file is sent from family or friends.
 Etech

• Hover your mouse over a shortened link to see what URL it is taking you too before clicking it,
especially if the link is in an email from someone you don't know or recognize.

• According to the most recent statistics, more than 18 million sites on the internet are infected
with malware. There are obvious red flags regarding corrupted websites, so you should not only
immediately leave them, but also report them to your antivirus provider.

• Secondly, always make sure that you visit a website with an SSL certificate. You can verify this by
looking for the secured icon to the left of the URL (the web address).

• When a browser, such as Chrome, notifies you that a website in not secure, take action to
prevent the entire page from being loaded.

• Malicious websites are often hosted in the data centers of cheap web hosting providers, many
of which are host thousands of sites on a single shared server with little to no quality control. As
a result, when it comes to internet safety, an ounce of prevention is worth a ton, compared to
undoing all the damage

Keep a Tight Grip on Your Personal Information

• It is getting increasingly difficult to manage all of your personal information online.

• Why is this?

• Shouldn't advances in encryption technology and standards make us more safe, not less? The
reality is, all companies today are "internet" companies. They keep your all data in digital form—
your home address, social security numbers, usernames, passwords, and transaction history. All
of which are just few hacks away from getting exposed.

• And though encryption is stronger today than ever before, so too is the value of your digital
secrets. One small hack can release the private information of thousands or millions of users.

• And that's not even starting with message boards and social media profiles where hackers can
social engineer personal information.

• Recent legislation, such the EU's GDPR and California's CCPA, are designed to protect consumer
data, but could actually backfire. A recent report by Panda Security shows how stronger
encryption standards could make it easier for some forms of malware to infect your computer.

• Many online businesses have policies for GDPR compliance, but they could inadvertently create
a backdoor for new forms of encrypted malware.

• In summary, there are not nearly enough precautionary methods you can take to avoid identity
theft. Make sure your privacy settings on social media profiles are as strict as possible, and be
cautious of giving out any real information including your real name.

Stay Up-to-Date on the Latest Attacks

• Cybercriminals are frequently adjusting and introducing new malware. Malvertising, for
example, is just one example of malware.
 Etech

• In addition to staying updated with all your programs and operating system, also remove any
software you no longer use. Outdated programs no longer have patches (updates/fixes) and
leave you vulnerable to attacks.

• And while many people don't like the U.S. government looking over our shoulders, security
agencies are actually helping. In fact, there's a branch of Homeland Security called the Cyber
Security Division. The analyze all types of threats, both private and public, and regularly
update their database of vulnerabilities targeting both small and large business. Though many
staunch libertarians may argue that this is another form of "Big Brother" trying to spy on us,
they actually help us—with and without our permission.

Lesson 3

How Search Works

 Etech

How can you make your research easier?

Etech
 Etech

Lesson 1