Protecting yourself on the web. Be careful what you click for, you might just get it!

Browsing the web today, whether it be on Internet Explorer, Firefox, Opera, Chrome, Safari, or any of the other myriads of flavors out there, is as safe as you make it, or as dangerous. Surfing the web at work complicates things tremendously.

Most small to medium sized businesses today either do not have the resources to, or choose not to filter web traffic in and out of their companies’ network infrastructure. More than likely they do in fact, however, filter email. This is most likely not due to the fact that they feel email exploitation is a factor, though many do, but more because spam is “annoying” to sort through and reduces productivity of their employees.

Being on the web at work is inevitable. So many things are going to the cloud. And many times, that employee needs a break to “check that email, see the latest scores, find that shopping deal”, or many other personal reasons that are available only a click away whilst surfing.

But what mechanisms are put in place to guard against accidental malicious online browsing activity of regular employees? Yes, you probably have a firewall. And that firewall will guard against outside scans, malicious penetration of internal networks, and brute force hack attempts, and yes, you may have an anti-virus/malware application that scans and protects against these things during the attack. Yes, you may have a web filter that prevents many known sites that can install malware on your PC.

But what if you don’t have those filters? What if your antivirus DOESN’T detect malicious websites?

The biggest up-and-coming exploit, arguably is the “Watering Hole” attack. This attack consists of three phases:

1)      Guessing (or observing) which websites the group or company often uses.

2)      Infect one or more of these websites with malware.

3)      Eventually, some member of the targeted group or company will get infected

Another common exploit is a browser redirect exploit.

OK, admit it, we have ALL incorrectly typed the URL to a website we wanted to visit. You know how you can tell? You didn’t end up at the website you intended to visit.

OK, sarcasm aside, this is also another exploit by hackers. Want to try and see? Open your browser and type in a crazy URL that you know couldn’t possibly exist. Try (At the time of this writing, this site is harmless, but always be careful) You SHOULD expect it to return an error stating that “Website could not be found”, and in a nice world, and some protected browsers, you may in fact get that. And in Internet Explorer, depending on the default search-engine add-on you have installed, you may get a webpage for search results of the search engine showing you results of what you could possibly have been searching. However, may times you may end up on a website making you ask yourself “How on earth did I end up here?”. If this happens to you:

1)      Stop everything you are doing. Your first reaction to anything that is warning you that you have malware or viruses is to click on something that says “Keep me protected”, or “Fix my PC”, or “Help”. Don’t click on ANYTHING. Just STOP what you are doing and look at the page. If it’s doubtful, get away from it. I know it is also tempting to use the webpage itself to get away from the page. You may get a pop-up that’s says are you sure you want to leave now? Do NOT click on “Yes” or “No”. The malicious site may be designed to install software on your system regardless of which button you click.

There are two safe effective ways to exit out of that malicious webpage without clicking on anything on the page itself:

1)      Click on the “X” at the top right hand corner of your internet browser. Yes, that will exit you out of all of your sessions, but you will also close out the malicious session also.



2)      Open up task manager by pressing this key combination: “Ctrl + Shift + Esc”. When task manager opens, look for the Internet Explorer icon, or whichever browsers’ icon you are using, right-click it, and select “End Task”. This will exit your browsing session, hopefully protecting you from any exploit.


Remember, it takes an affirmed act on your part to install malware, it doesn’t just install itself, you must click on something to get it. So, be careful what you click for, you might just get it!

September 08, 2014 by Lauren Winstead Category: General IT, IT Security 0 comments

Recent Posts