CS Fundamentals
Learn how to browse the internet safely — avoiding threats, recognizing suspicious websites, and protecting your personal information online.
Introduction
The internet is an incredible resource — you can learn anything, connect with anyone, and access services that make life easier in countless ways. But it also has a darker side. Cybercriminals create fake websites that look identical to real ones, embed malicious software in innocent-looking downloads, trick you into revealing personal information through deceptive emails, and exploit security vulnerabilities to access your accounts. Browsing without awareness of these threats is like walking through a busy city with your wallet hanging out of your pocket.
Safe browsing is not about being paranoid or avoiding the internet — it is about being informed and cautious. Just as you learned to look both ways before crossing a street, you need to learn basic internet safety habits. These habits take minimal effort once they become second nature but provide significant protection against the most common online threats.
Recognizing Secure Websites
The most basic indicator of website security is the URL itself. Look for HTTPS (not HTTP) at the beginning of the web address and the padlock icon in the address bar. HTTPS means the connection between your browser and the website is encrypted — data you send (like passwords or credit card numbers) cannot be intercepted by anyone monitoring the network.
However, HTTPS alone does not mean a website is trustworthy — it only means the connection is encrypted. A phishing site can also have HTTPS. So what else should you check? Look at the domain name carefully. Attackers create domains that look similar to legitimate ones: faceboook.com (extra 'o'), amaz0n.com (zero instead of 'o'), googIe.com (capital 'I' instead of lowercase 'l'). Always check the actual domain, not the page content.
Be suspicious of websites that have excessive pop-ups, create urgency ("Your computer is infected! Call now!"), ask for unnecessary personal information, have poor grammar and spelling, or look like professional sites but have slightly wrong URLs.
Safe Download Practices
Malware frequently spreads through infected downloads. Only download software from official sources — the developer's own website, official app stores (Google Play, Microsoft Store), or trusted repositories. Avoid downloading from random websites offering "free" versions of paid software — these "cracked" programs frequently contain malware.
Before running any downloaded file, check its extension. Be extremely wary of .exe, .bat, .cmd, .msi, .scr, and .vbs files from untrusted sources. Even seemingly harmless file types can be dangerous — a file named "vacation-photo.jpg.exe" looks like a photo but is actually an executable program (malware authors hide the real extension).
Keep your operating system and antivirus software updated. When your OS prompts you to install updates, do it promptly — many updates patch security vulnerabilities that attackers actively exploit. Windows Defender (built into Windows) provides adequate protection for most users when kept updated.
Password and Account Security While Browsing
Never enter passwords on websites you reached through email links. If you receive an email saying "Your bank account is locked — click here to verify," do not click the link. Instead, open a new browser tab, type your bank's website address manually, and log in there. If there really is a problem with your account, you will see a notification after logging in legitimately.
Use unique passwords for every website. If one site gets breached (and breaches happen regularly), attackers try the stolen email/password combination on other popular sites. If you reuse passwords, one breach compromises all your accounts. A password manager (like Bitwarden, which is free and open-source) generates and stores unique, strong passwords for every site.
Enable two-factor authentication (2FA) wherever available, especially for email, banking, and social media accounts. With 2FA, even if someone steals your password, they cannot access your account without the second factor (usually a code sent to your phone or generated by an authenticator app).
WiFi Security
Public WiFi networks (in cafes, airports, hotels, libraries) are convenient but potentially dangerous. On an unsecured public network, other users can potentially intercept your data. An attacker can also create a fake WiFi hotspot with a legitimate-sounding name ("Airport_Free_WiFi") to capture data from anyone who connects.
Protect yourself on public WiFi by avoiding sensitive activities (banking, entering passwords) unless absolutely necessary, using a VPN (Virtual Private Network) which encrypts all your internet traffic regardless of the network, and ensuring websites use HTTPS. On your home WiFi, use WPA3 or WPA2 encryption (never WEP, which is easily cracked) and change the default router admin password.
Browser Security Settings
Modern browsers have security features that you should keep enabled. Pop-up blockers prevent malicious pop-ups that might trick you into downloading malware. Safe browsing features (enabled by default in Chrome and Firefox) warn you about known malicious websites. Automatic updates ensure your browser has the latest security patches.
Install an ad blocker (like uBlock Origin) — beyond removing annoying ads, it prevents malicious advertisements ("malvertising") that can infect your computer without you clicking anything. Be cautious with browser extensions — only install from official stores, only what you genuinely need, and review permissions before installing.
Regularly clear your browser data (cookies, cached files) to remove tracking data and potentially compromised session tokens. Use private/incognito mode when browsing on shared computers to prevent your login sessions and history from being accessible to the next user.
Recognizing Social Engineering
Social engineering attacks manipulate human psychology rather than exploiting technical vulnerabilities. They create urgency ("Act now or your account will be deleted!"), authority ("This is the IT department — we need your password for maintenance"), or curiosity ("See who viewed your profile — click here!") to trick you into taking harmful actions.
The best defense is skepticism. Legitimate organizations will never ask for your password via email or phone. If something creates unusual urgency or seems too good to be true, it probably is. When in doubt, contact the organization directly through official channels (not through contact information provided in the suspicious message).
Key Takeaways
- Always verify HTTPS and check domain names carefully before entering sensitive information
- Download software only from official sources — never from random websites offering "free" paid software
- Use unique passwords for every site and enable two-factor authentication on important accounts
- Be extremely cautious on public WiFi — use a VPN for sensitive activities
- Keep your browser and OS updated to patch security vulnerabilities
- Install an ad blocker and keep browser security features enabled
- Recognize social engineering tactics: urgency, authority claims, and too-good-to-be-true offers
- When in doubt about a link or email, go directly to the website by typing the URL yourself
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Safe Browsing Practices.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Computer Fundamentals topic.
Search Terms
computer-fundamentals, computer fundamentals, computer, fundamentals, cybersecurity, basics, safe, browsing
Related Computer Fundamentals Topics