By Nagarjuna Chirumamilla
World Informatix Cyber Security
People are using web browsers for various purposes like shopping, social networking, E-mailing, reading, finding directions, banking etc. Web browser (Some of the most popular web browsers, like Internet Explorer, Mozilla Firefox and Google Chrome) are the most common points of entry for attackers. As web browsers are used so frequently, it is important to configure them securely to enhance web browser protection. Often, the web browser that comes with an operating system is not set up in a secure default configuration. If a user does not secure a system web browser, it can lead to some kind of computer problems like spyware being installed without any knowledge of user to criminals taking control of computer.
Technique of intrusion is not always same, which is why user needs to harden the security of web browser and must consider few security practices during reading and opening attachment from email. Weak web browser protection leads to many issues and system compromising is the main one.
How attackers target users mail account/machine:
There is no magic key but few common techniques which an attacker uses to break into target user email/computer machine. Given below are common tricks which attacker use now-a-days.
Case 1 (Phishing Mail): Phishing mail is a technique in which attackers craft one email having a malicious document or zip file attached to it and sends the crafted email to targeted victim. As soon, user opens the attachment, a malicious program starts its execution and start working as per its algorithm i.e start performing a task for which it was designed for.
Case 2 (Fake domain): In this case, cyber criminal creates fake website which looks likes a original website and send it to targeted victim through email ,in which the victims are told the enter their confidential details like username ,passwords and bank details.
Outdated web browser:
Flash player and java scripts are two common components used for web development. If the flash player or other plugins are not updated with recent security patches, the major risks come in the form of risks of cyber attacks and Trojan horse viruses—particular in conjunction with visiting sites that are infested with malware. They can wreak havoc on user computers, destroy productivity, and compromise the integrity of private information about user customers.
This is a technique that makes user to redirect vulnerable web browser and force them to download malware binary into the system without of knowledge of user.It is widely used way of breaking web browser protection.
Ways to protect Email and web browser:
Implement the sender policy framework:
Implement the sender policy framework (SPF) by developing SPF records in DNS and enabling receiver-side verification in mail servers.It will reduced the chance of spoofed email messages.
Scan and block all email attachments entering the organization’s email gateway if they contain malicious code or file types that are unnecessary for the organization’s business.This scanning should be done before the email is placed in user’s inbox.
Stay away from phishing attacks:
- Don’t open any attachment you are not expecting ,even it comes from a trusted source,such as a family member,co-worker, or friend.
- If you do not know the sender of a message that includes an attachment, delete the message without reading it.
- Do not open any attached file ending in .exe,.vbs or .lnk.
- Do not send any personal information and bank details through email, even if you are close with the receiver.You never know who may gain access to your email account, or to the person’s account to whom you are emailing.
Keep the browser up-to-date with the latest patches:
Use a current web browser and keep automatic updates enabled.Don’t use an outdated web browser like Apple’s safari and older versions of Microsoft’ts Internet Explorer. Use Google Chrome or Mozilla Firefox,leave automatic updates enabled and always keep updated version of web browser (whichever in use ). Web browser protection is most important for user’s online security.
Uninstall Plug-ins You Don’t Need:
Uninstall any plug-ins you don’t need to secure user web browser. Check your web browser’s list of installed plug-ins and uninstall the plug-ins you don’t need. Java is particularly dangerous and used by few websites — uninstall that unless you really need it. The one plug-in you’re most likely to need is Flash, and even it is becoming less necessary.
Use a good antivirus program against viruses:
It is important to have a good security software on user system, one which should include a real-time scanning engine. That means that files you download from online locations are analyzed as soon as they are on your computer. Find the best solution by checking the test results run by important names in the security industry, such as McAfee Antivirus, Kaspersky Anti-Virus Plus, Avira Antivirus Pro select the best antivirus solution for your system.
Block the scripting languages:
Use secure websites for sensitive operations:
User should be very careful when running financial transactions on any web location.To visit a secure website, make sure the web address starts with “https://”. Https indicates user are connected to a website where data, which is sent and received in the encrypted manner.
Monitor your bank account with Online Banking Alerts:
You can set up alerts for any change in your banking account, such as when you receive money or when money are taken from your account. Normally, you will be informed when your salary is received or when an automatic payment has been done.But it is useful also in case someone tries to remove unauthorized money from the account.
Online user must consider web browser protection and should never think it won’t be a threat for the system if user don’t take care of web browser protection policies. User email is the thing which may have sensitive information or even a compromised email account can lead to compromising of other online account which are registered using that mail account. Web browser protection and email account security is a serious issue and it should be consider before attacker take advantage of the weakness in any of these things.