Everyday Online Safety: Common Risks and Safer Habits

What “Everyday Online Safety” Means

Everyday online safety is the set of habits that reduce your chances of being tricked, having accounts taken over, or losing files while doing normal tasks like reading email, shopping, messaging, banking, or using public Wi‑Fi. Most real-world problems come from social engineering (someone persuading you to act) and weak account protection (reused passwords, missing two-factor authentication, or outdated software).

Phishing Emails and Messages (Email, SMS, DMs)

What phishing looks like

Phishing is a message designed to push you into clicking, signing in, or sharing information. It often creates urgency (“account locked”), fear (“unusual activity”), or excitement (“you won”). It may impersonate a bank, delivery company, workplace, or a friend.

• Credential phishing: tries to get your username/password on a fake sign-in page.
• Payment phishing: asks you to pay a “fee” or “invoice” quickly.
• Data phishing: asks for personal info (address, ID number, verification code).
• Conversation hijack: replies in an existing email thread to seem legitimate.

Safer habit: slow down and verify using a separate path

If a message asks you to act, verify through a method you choose (not the one in the message): open the official app, type the company’s site yourself, or call a known number from a statement/card.

Step-by-step: what to do when a message asks you to “log in”

1. Do not use the message link.
2. Open the service directly (official app or a bookmark you already trust).
3. Check for alerts inside the account (security notifications, messages, billing).
4. If unsure, contact support using a trusted number (from your card, statement, or the company’s official website you access independently).
5. Report and delete the message (use “Report phishing/spam” in your email or messaging app).

Fake Support Pop-ups and “Your Computer Is Infected” Alerts

What these attacks try to do

Fake support pop-ups claim your device is infected or “locked,” then pressure you to call a number, install software, or grant remote access. The goal is usually to steal money, install malware, or capture passwords.

Safer habit: never call numbers or install tools from pop-ups

Legitimate security warnings come from your operating system or security software, not random web pages demanding immediate action.

Continue in our app.

You can listen to the audiobook with the screen off, receive a free certificate for this course, and also have access to 5,000 other free online courses.

Or continue reading below...

Download the app

Step-by-step: if a scary pop-up appears

1. Do not click inside the pop-up (including “Cancel”).
2. Close the tab or browser. If it won’t close, use your device’s force-quit method (Task Manager on Windows, Force Quit on macOS).
3. Reopen the browser and choose to restore tabs only if you trust them; otherwise start fresh.
4. Run a scan using your device’s built-in security tools or reputable security software already installed.
5. If you entered any info or installed something, disconnect from the internet and get help from a trusted person or official support channel you find independently.

Credential Theft: How Accounts Get Taken Over

Common ways credentials are stolen

• Password reuse: one leaked password unlocks multiple accounts.
• Fake sign-in pages: you type credentials into a lookalike page.
• Malicious extensions/apps: capture what you type or read your pages.
• “Verification codes” requests: scammers ask for a one-time code to log in as you.

Safer habit: treat one-time codes like cash

If someone asks you to read them a code you received by text/app, that’s usually an attempt to break into your account. Real companies do not need you to share your one-time code with a person.

Step-by-step: if you suspect your password was exposed

1. Change the password immediately on the affected account.
2. Change passwords on any other accounts where you reused the same or similar password.
3. Sign out of other sessions (many services offer “log out of all devices”).
4. Enable two-factor authentication (2FA) (see below).
5. Review account recovery options (email, phone number) to ensure they are yours.

Public Wi‑Fi: Risky Behaviors and Safer Alternatives

What can go wrong on public Wi‑Fi

Public Wi‑Fi networks (cafes, airports, hotels) can be monitored or spoofed. Attackers may create a network name that looks legitimate, or attempt to intercept traffic on poorly secured connections.

Risky behaviors to avoid

• Logging into sensitive accounts on unknown Wi‑Fi when you can wait.
• Entering payment details if you are not confident the connection is safe.
• Turning on file sharing or leaving device sharing features enabled.
• Auto-connecting to remembered networks without checking the network name.

Safer habits on public Wi‑Fi

• Prefer mobile data/hotspot for banking, payments, and account recovery.
• Confirm the exact network name with staff (don’t guess).
• Turn off sharing (file sharing, AirDrop/Nearby Share set to contacts only or off).
• Use a VPN if available to you (especially on open networks).
• Log out when finished on shared/public computers; avoid them for sensitive tasks.

Scams Involving Payments or Personal Data

Common scam patterns

• Urgent payment requests: “Pay now to avoid fees/arrest/account closure.”
• Overpayment/refund scams: someone “accidentally” sends money and asks you to return it.
• Gift card/crypto requests: hard-to-reverse payment methods are a major red flag.
• Impersonation: pretending to be a family member, boss, or support agent.
• Data harvesting: forms asking for date of birth, ID numbers, or full address “to verify.”

Safer habit: separate “identity verification” from “payment”

If someone contacts you unexpectedly and wants money or sensitive data, verify their identity through a separate channel you control (call a known number, contact the person directly, or use the official app/site). Never rely on the contact method provided in the message.

Step-by-step: before you pay or share personal data

1. Ask: did I initiate this? If not, assume it could be a scam.
2. Pause and verify using a trusted method (official app, known phone number, in-person confirmation).
3. Check the payment method: irreversible methods (gift cards, wire transfers, crypto) are high risk.
4. Share the minimum: if verification is legitimate, provide only what is required, not extra details.
5. Keep records: screenshots, order numbers, and messages in case you need to dispute or report.

Safer Habits That Prevent Most Account and Device Problems

Use strong, unique passwords with a password manager

A password manager creates and stores long, unique passwords so you don’t have to memorize them. This prevents one leaked password from unlocking multiple accounts.

Step-by-step: getting started with a password manager

1. Choose a reputable password manager (built-in options on your device or a well-known provider).
2. Create a strong master password (a long passphrase you can remember).
3. Turn on lock protection (PIN/biometrics) and set auto-lock.
4. Update key accounts first: email, banking, shopping, social media.
5. Replace reused passwords with generated unique ones.

Tip: Your email account is often the “key” to resetting other passwords. Protect it first.

Enable two-factor authentication (2FA)

2FA adds a second proof (like an authenticator app code or a security key) so a stolen password alone isn’t enough.

• Best: security key (hardware key) or authenticator app.
• Okay: SMS codes (better than nothing, but can be targeted by SIM-swap attacks).

Step-by-step: enabling 2FA safely

1. Go to the account’s Security settings.
2. Choose authenticator app if available.
3. Save backup codes in a secure place (password manager secure note or printed and stored safely).
4. Confirm recovery options (recovery email/phone) are correct.

Check app and browser extension permissions

Some apps/extensions request access they don’t need (reading all pages, accessing contacts, managing downloads). Excess permissions can lead to data exposure or account theft.

Step-by-step: permission check routine

1. List what you installed recently (apps and browser extensions).
2. Remove what you don’t use.
3. Review permissions and disable anything unnecessary (location, microphone, camera, “read and change data on all websites”).
4. Prefer “Only while using” for sensitive permissions like location.

Keep software updated

Updates fix security holes that attackers actively exploit. Delaying updates increases risk, especially for browsers, operating systems, and common apps.

Step-by-step: a simple update habit

1. Turn on automatic updates for your operating system and browser.
2. Update important apps (banking, email, messaging) regularly.
3. Restart when prompted so updates actually apply.

Back up important files

Backups protect you from device loss, accidental deletion, and ransomware. A backup is only useful if it’s recent and you can restore from it.

Step-by-step: a practical backup plan

1. Pick what matters: photos, documents, school/work files, important scans.
2. Use two locations: one cloud backup and one external drive (or two separate cloud locations).
3. Schedule it: automatic daily/weekly backups where possible.
4. Test restore: open a backed-up file to confirm it’s really there.

Decision Mini-Scenarios: Choose the Safest Next Step

Scenario 1: Suspicious login alert

You receive an email: “New login from Windows device in another city. If this wasn’t you, click here to secure your account.”

Why B: You avoid a potentially fake sign-in page and take direct protective actions.

Scenario 2: “You won a prize” message

A text says: “Congratulations! You won a $200 gift. Pay $2 shipping to claim now.”

Why C: Small “fees” are a common way to collect card details and enroll you in unwanted charges.

Scenario 3: Fake support pop-up

While browsing, a full-screen page says: “Virus detected! Call Microsoft Support now: 1-800-… Do not turn off your computer.”

Why B: The page is not a trusted security tool; it’s trying to push you into remote access or payment.

Scenario 4: Download prompt for a “required update”

A website says: “To view this document, install our Secure Viewer” and offers a download button.

Why B: “Required viewers” are a common trick to get you to install unwanted or malicious software.

Scenario 5: Public Wi‑Fi and a quick payment

You’re on airport Wi‑Fi and want to pay a bill. The network name looks right, but you’re not sure.

Why B: Sensitive actions are best done on a connection you control.

Quick Reference: Red Flags vs. Safer Actions