Online safety guide

Security tips to protect against scams, spam, malware, ransomware and viruses.

Keeping the nasties at bay on the web

Scams, spam, ransomware, viruses, malware. The online threats seem to be everywhere – and growing. It can be baffling trying to keep abreast of the latest risks and knowing how to deal with them, but there are a few basic rules that will go a long way to keeping you protected online. Here are the answers to common questions you might have when it comes to safely navigating the internet.

CHOICE tests, reviews and recommends the best antivirus security software, password managers and VPNs.

What security settings do I need for Internet Explorer?

We recommend the default security setting 'Medium-high'. It's safest for most websites and will prompt before downloading potentially unsafe content. If you opt for 'High', it will provide maximum security but disable some features and you may have trouble opening some files or visiting certain websites.

To check your setting, open IE and click the Gear icon > Internet Options > Security and click Internet zone and move the slider to Medium-high.

What can I do about spam?

Spam is electronic junk mail that has existed for nearly as long as we've been using email. Spam also comes in the guise of internet pop-ups, SMS/MMS, chat and telemarketing. Don't respond to spam email and never click on links in spam emails as they often include viruses and malware. If the email is from a genuine business, click on the unsubscribe link, but if it doesn't have an unsubscribe option, contact the business to complain and to be removed from the mailing list.

Where possible, protect your email address and mobile phone number to avoid it being harvested from forms and other places on the internet. Set up a free webmail account that you use for newsletters, online shopping, petitions and other general websites. Have a personal email address that you only use for personal and other trusted correspondence. If in doubt, check the privacy policy on the website to see how it manages your details and whether email addresses are shared with third-party advertisers and marketers.

It's good practice to regularly download security updates and use security software that includes anti-spam filters to limit incoming spam. Regularly change passwords for webmail accounts and close old, inactive accounts to avoid having your email hacked and becoming an accidental spammer. Contact your internet service provider to check if it offers a spam filter with the email account that's included in your plan. If you use an email application such as Outlook be sure to use the spam filtering to collect suspicious emails.

See the ACMA spam guide and spam complaint form.

See which antivirus products CHOICE recommends in our security software reviews

How do I protect my children on social media?

Firstly talk to your children and explain that what goes on the web, stays on the web and can have future social, academic and employment implications. Set boundaries for the type and amount of information they can share with others and get them to ask permission before uploading photos and videos.

Stay involved in your child's use of technologies by knowing the apps and websites they're using, who their online friends are and by having a copy of their passwords. Remind your child to create a 'safe' user name that does not indicate their gender, age, name or location. Insist that children and young teens have you as a friend on their social media accounts.

Familiarise yourself with privacy settings to limit their online information so that it can only be seen by friends on the social networking sites. Warn them never meet someone that they have met online without an adult in attendance or without your prior knowledge.

Encourage your child to be alert to people online who make them feel uncomfortable, and to block them. They should report inappropriate contact to the website administrators. Don't forget to reassure your child that you won't block their internet access if they tell you that they are uncomfortable or worried about what has been said online.

How can I protect my passwords?

Most of us have accounts with multiple online services such as Gmail, Facebook, eBay and Netflix, and security experts insist that we use a unique password for each one. If one of these services is compromised and cyber criminals gain access to your passwords, suddenly they can log in to your accounts. If you must use the same password, always use variations and always be case sensitive and include numbers or special characters.

If you're worried about forgetting many different passwords, then use a password manager. It will safely store passwords and will even help generate long, complex passwords that are safer, but that you don't need to remember. If you're logging on in public, always protect your screen and keyboard so they're not visible to others, especially when on public transport for example. 

Find out which products we recommend in our latest password manager reviews.

How do I protect myself against scams?

Won a lottery you didn't enter? How about an inheritance from someone you don't know or an unexpected windfall from the tax office?

Unfortunately, as we've moved more of our lives online, the scammers have joined in too, looking for opportunities to trap people into sharing personal information or banking details. The first thing to do is sign up for alerts from Stay Smart Online so you're aware of the latest scam doing the rounds.

Here are some other tips:

  • If it sounds too good to be true, it usually is. Be very suspicious of prize and windfalls scams.
  • If an email looks like it's from a government department, a utility service such as your electricity company, internet provider, financial institution or a payment service such as PayPal, check the email address carefully. If in doubt, ring the company and verify the address and the request.
  • Don't respond to phone calls or email offers about financial advice or opportunities. Check an investment or financial company or scheme is licensed on the ASIC website, and check Money Smart for a list of companies you shouldn't deal with, and for other financial scams information.
  • Scrutinise social media or online dating requests looking for money or help with a sad story, and never correspond outside of the platform and never provide financial details to someone you have never met. 
  • See Scam Watch which has a wealth of information on spotting scams.

Read more:

How do I protect myself against malware and ransomware?

Be vigilant and aware in the first instance for anything that may be suspicious. Always verify emails from companies by checking the sender's address and calling the company to confirm the email address or other details in the email.

  • Don't click on suspicious emails, email attachments or links in emails. 
  • Check the email is legitimate by hovering over the email in the inbox list and looking at the status bar to see if it is going to the place where the link says it should go. If the sender email address doesn't match the return address, delete and contact the company or sender to check and alert them.
  • Always run security software and keep it up to date for protection against the latest attacks. 
  • Be sure to keep the operating system and applications up to date for all internet-connected devices to have the latest security patches. See the ACMA mobile guide for more on mobile operating systems. 
  • Be wary when clicking on links that have been shortened as these can be a front for an illegitimate site, this is especially true for random tweets from people you don't know on Twitter.

How can I protect myself when using public Wi-Fi?

If you need to use public Wi-Fi, be very careful about the kinds of transactions you're doing. Avoid all banking and financial transactions and check that 'https' or the padlock icon is showing on secure sites. To be extra cautious, change your passwords after logging in to your accounts and set 'Forget network' in Wi-Fi settings to stop automatic logins to hotspots in the future.

If you're regularly using public Wi-Fi and have sensitive information to transmit, use a mobile VPN. And be sure to keep your operating system updated and use up-to-date security software to avoid malware and viruses.

See which VPN services CHOICE recommends in our VPN reviews.

How do I secure my home Wi-Fi?

Not securing your home wireless network is like leaving your front door wide open to any person. Make sure you set the highest encryption standard supported by your router and devices (WPA2 is the latest).

Always create your own Wi-Fi password using a phrase, made-up word, or word and number combo (it helps if it is something you and those in your home can remember). Don't write down the password, but if you must, don't say what it is for and don't place the note anywhere the device for which it applies.

Finally, your network name should not be left as the default that comes with the router as this can easily give away the ISP or brand you use and it's easier to guess the default password. Don't identify your house or yourself in your wireless network name and don't make the network name and password similar. 

How can I 'hide' online?

Are you concerned about the government's metadata retention regime? It stores personal details such as phone numbers, email addresses, time and location of communications while serious safeguards such as how the data will be stored and protected are missing. The simplest way to protect yourself online is with a VPN that offers desktop and mobile browsing protection. If this isn't enough, try email encryption, secure messaging with programs such as Signal for iPhone or TextSecure for texting and RedPhone for voice calls on Android. 

Can I get rid of my search history?

If you don't like the idea of your search history following you around the web, you can dispose of it and start again with a clean browser. To do this, you'll need to delete items such as cache, browsing history, logins and cookies.

Chrome: Customise > Settings > then under Privacy > Clear browsing data and choose some or all of the items.

Firefox: Options > Privacy > and click 'clear your recent history' and select the time range and the items.

Opera: Menu > Settings > Privacy & Security and select 'clear browsing data' and select items and time frame.

Internet Explorer: Star icon > Internet Options > Browsing history > Settings and select 'History' tab to remove history and 'Caches and databases' tab and Delete. 

Safari: History > Clear History and choose how far back to remove browsing history.

How do I shop online safely?

If using a shopping site, check that it has a padlock symbol in the browser bar before entering your personal and payment details. This is the quickest and easiest indicator that your information will be protected when transmitted to and from the website. We also suggest that you check the site has contact details in case anything goes wrong and you need to follow up.

If possible, when shopping online, it might be preferable to make purchases through PayPal rather than use your credit card/debit card directly. That way your card details won't be shared with the e-tailer.

What are cookies?

Cookies are applications that recognise if a user is new to a site, or is registered and has recorded preferences for certain content or settings. Login cookies identify your computer but there are also tracking cookies that record the websites you visit and collecting data on who you are, what you like, and what you might be interested in as you move through the web from site to site. 

Tracking cookies belong to third-party companies like advertisers and have a long timeline for expiry and gather your browsing habits to collect data on what sites you visit beyond the original website. Cookies can be removed, although if you delete them all, you'll lose some website customisation and preferences.

Chrome: Customise > Settings > Show advanced settings then under Privacy > 'Content settings' to block cookies, and 'All cookies and site data' to delete cookies.

Firefox: Tools > Options > Privacy tab and 'remove individual cookies'.

Internet Explorer: Gear icon > Internet options > Privacy > 'Advanced' for cookie settings.

Safari: Safari > Preferences > Privacy tab > Block cookies > from third parties and advertisers.

Leave a comment

Display comments