---

Tips for browsing safely

Check your favorite browser and your plug-ins for updates.
Cybercriminals are always looking for new weaknesses in browser software, and vendors often release updates and patches to fix them. Keeping your browser up to date makes it much harder to hack. If there’s an option to automatically update the browser in the future, select that option. 

Browser plug-ins or extensions are small pieces of software added to browsers that can add functionality. However, a plug-in can also add cybersecurity vulnerabilities to your browser. Remove plug-ins that you no longer need or use. The less software you have to update, the more secure you are. 

Pay attention to any browser warnings.
Browsers can often recognize malicious websites that are designed to cause you harm. If your browser warns you that a website is dangerous, close that browser tab or window right away.  

Beware of pop-up windows. 
Malicious websites can generate pop-up windows that look like messages from your browser or computer. A random prompt to install or upgrade software is a warning sign. Only download and install software from known, trusted sources. And downloading free content like movies, music and videos usually has a catch: it can come with a side of hidden viruses or other malicious software. 

Spot a safe web address. A web address, or URL, is usually found at the top of the browser window.

Check the domain. The domain identifies the website and is the most important part of a web address. It often ends in .com, .edu, .org or .gov for US-based websites. The domain for this webpage is illinois.edu. Watch for domains that don’t match what you’d expect, like a supposed government site that uses .com instead of .gov in the domain.
Be wary of hyphens and symbols in a web address. Cybercriminals use these elements along with known brands to make a web address more convincing. For example, www.google.com isn’t the same as www.google-search.com, which has a different domain.
Avoid numbers-only web addresses (also called an IP address). You have no way of knowing the true destination. Unless you are familiar with the IP address and know exactly where it will take you, don’t click this type of web address.
Treat short web addresses and QR codes with caution. Services like Tiny URL and Bitly let anyone make shorter links out of long web addresses, but a shortened web address is a disguise that may hide a malicious site. Similarly, QR codes can hide a dangerous destination. It can be hard to tell where QR codes go, and cybercriminals take advantage of that by using harmful QR codes.

---

Social media safety

To protect yourself when using social media, we recommend following these steps before you post, snap or tweet:

Check your social media privacy settings to ensure they’re set to your comfort level for information sharing. The Manage Your Privacy Settings page from the National Cybersecurity Alliance links to instructions for major social media platforms.
Share with care. Assume that anything you post on social media is public, and that anyone can see your posts now and in the future. For safety, don’t give away your location or mention how long you’ll be in a particular location. Here’s a good rule of thumb to think about before you post: consider how you would feel if your words or images became front-page news or went viral.
Think before you click. Links on social media can lead to malicious sites, and even trusted contacts may unknowingly share malicious links. Instead of clicking a link, type a known, trusted website address into your browser or use a trusted bookmark.
Check before you connect. Fake profiles could impersonate people familiar to you. If you get a connection request from someone you’re already connected to, it could be a scam. Confirm any duplicate requests with your existing connection, outside of social media if possible.
Don’t download or install any software from social media. If you are browsing social media and get a random prompt to install or upgrade software, that is a warning sign. Only download and install software from known, trusted sources like the app store or the software’s built-in update features found in the settings or help menu.

Fake profiles made with AI can be convincing and hard to detect. Follow these tips to be proactive in protecting yourself from AI-generated social media profiles and content.

Stay alert for inconsistencies and mismatched content, like profile pictures that don’t match the identity the profile claims to have or an account that suddenly posts in another language without explanation.
Be suspicious of accounts that are posting high volumes of content, especially if it is posted at unusual times for where the poster claims to live.

---

Security awareness training

To stay secure, the best defense is for all of us to understand how we can protect ourselves. Educating yourself about current cybersecurity threats you may face both at work and at home helps reduce your risk. Please reach out to us at securitytraining@uillinois.edu with any questions or feedback about security training.

Faculty and staff

Employee required training is available at https://go.uillinois.edu/securitytraining (log in required). Quarterly training for faculty and staff via the Proofpoint portal helps to keep cybersecurity top of mind. Small, targeted timely subject matter​ modules that can be accomplished in 20 minutes focus on practical knowledge that can be applied in work and personal situations. 
Additional training opportunities are available for those who want to delve deeper into a subject. To take an optional training, visit the cybersecurity training portal at https://go.uillinois.edu/securitytraining

Students

Illinois students are invited to join a free, open training in Canvas at https://go.illinois.edu/cybersecurity-champion.