Free Ebook cover Cybersecurity Fundamentals for Absolute Beginners

Cybersecurity Fundamentals for Absolute Beginners

New course

14 pages
All courses > Information Technology > Cyber Security ::

Safe Browsing, Links, Downloads, and Phishing Signals

Capítulo 10

Estimated reading time: 14 minutes

+ Exercise

What “Safe Browsing” Really Means

Safe browsing is the habit of reducing risk while you use the web: visiting sites, clicking links, downloading files, and entering information. For beginners, the goal is not to memorize every technical detail, but to consistently apply a few checks that prevent the most common web-based traps. Most real-world incidents start with a simple action: clicking a link in a message, searching for a tool and downloading the wrong installer, or signing in on a fake page that looks legitimate.

Safe browsing is about controlling three things you can control: (1) where you navigate (the site and page you end up on), (2) what you allow to run or install (downloads, browser prompts, extensions), and (3) what you submit (credentials, payment details, personal data). The rest of this chapter focuses on practical, repeatable steps for those moments.

Understanding Links: What You See vs. Where You Go

A link has two “faces”: the visible text (or button) and the actual destination (the URL). Attackers rely on the fact that many people only look at the visible part. A button labeled “View Invoice” can lead anywhere. A link that looks like a familiar brand can still point to a look-alike domain.

How to inspect a link safely (without clicking)

  • On desktop: hover your mouse over the link and look at the preview shown by your email client or browser (often in the bottom-left corner). Read the domain carefully.
  • On mobile: press and hold the link to preview the URL. If the preview looks suspicious, cancel.
  • Prefer typing or bookmarks for important sites: for banking, email, cloud storage, and shopping accounts, use a bookmark you created yourself or type the address.

URL parts beginners should recognize

Being able to parse a URL helps you spot tricks quickly. Here is a simple breakdown:

https://accounts.example.com/login?source=email
  • https:// indicates an encrypted connection. It does not guarantee the site is trustworthy; it only means the connection is encrypted.
  • accounts.example.com is the domain. The most important part is usually the “registrable domain” (often example.com). Subdomains like accounts can be created by the owner of example.com.
  • /login is the path (a page on that site).
  • ?source=email is the query string (tracking or parameters). Attackers can hide misleading text here, but the domain is still the key.

Common link tricks to watch for

  • Look-alike domains: paypaI.com (capital “I” instead of “l”), micros0ft.com (zero instead of “o”), or extra words like secure-payments-example.com that are not the real brand domain.
  • Subdomain deception: example.com.login.verify-user.info is not owned by example.com. The real domain is verify-user.info.
  • Shortened links: URL shorteners hide the destination. They are not always malicious, but they remove your ability to judge the domain at a glance.
  • Redirect chains: a link may start on a legitimate site but immediately redirect to a different domain. If you click and the address bar changes to something unexpected, stop.
  • “Attachment in the cloud” links: messages that claim “document shared with you” and link to a login page. The key question is: is it the real cloud provider domain, and does it match how you normally receive shares?

Browser Signals You Can Use (and Their Limits)

Modern browsers try to protect you, but they are not perfect. Use browser signals as clues, not as proof.

Continue in our app.

You can listen to the audiobook with the screen off, receive a free certificate for this course, and also have access to 5,000 other free online courses.

Or continue reading below...
Download App

Download the app

HTTPS and the padlock

HTTPS means the connection is encrypted and the site has a certificate for that domain. It does not mean the site is legitimate. Attackers can get certificates too. Treat HTTPS as “privacy in transit,” not “trust.”

Full-screen popups and fake system alerts

Some malicious pages use scary messages like “Your computer is infected” or “Call support now,” sometimes with a loud sound or a fake scan animation. These are designed to push you into calling a number, installing software, or granting permissions.

  • What to do: do not call numbers shown in a browser page. Close the tab (or the browser). If it won’t close, use your operating system’s app switcher or task manager to quit the browser, then reopen it.
  • Do not interact with the page: avoid clicking “OK,” “Cancel,” or “X” inside the page if it looks fake; use the browser’s tab close button or quit the app.

Permission prompts: notifications, location, camera, clipboard

Websites can ask for permissions. Attackers often try to get notification permission so they can spam you with fake alerts later, even when you are not on their site.

  • Rule of thumb: only allow permissions when you clearly understand why the site needs it right now.
  • High-risk permissions: notifications (frequently abused), clipboard access, and any prompt that seems unrelated to what you are doing.
  • Example: a random streaming site asking to “Allow notifications to continue” is a red flag.

Safe Downloading: Reduce the Chance of Installing Something You Didn’t Want

Downloads are a common entry point for unwanted software, including installers bundled with extra programs, fake updates, and files designed to trick you into enabling risky features. Safe downloading is about verifying the source and understanding what you are about to run.

Step-by-step: a safe download workflow

  1. Start from the official source. Prefer the vendor’s official website or a trusted app store. Avoid “download mirror” sites and random “free download” pages that wrap the file in their own installer.

  2. Check the domain carefully. If you searched for the software, confirm you’re on the real site (not an ad or look-alike). If the brand is well-known, you can often find the official download page by navigating from the company’s main homepage.

  3. Choose the correct file type for your device. Be cautious with files that don’t match your platform (e.g., a Windows .exe offered when you’re on macOS) or that arrive as unexpected archives.

  4. Before opening, inspect the file. Look at the filename and extension. If extensions are hidden on your system, consider enabling “show file extensions” so you can see .pdf vs .exe clearly.

  5. Open with the right application. A document should open in a document viewer, not ask to install something. If a “PDF” download asks you to run an installer, stop.

  6. Decline extra offers during installation. If you do install software, choose “Custom” or “Advanced” install when available and uncheck bundled add-ons (toolbars, “system optimizers,” extra extensions).

  7. After installing, verify what changed. Check your browser extensions and homepage/search settings. Unwanted installers often modify these.

File types that deserve extra caution

  • Executables: .exe, .msi (Windows), .dmg, .pkg (macOS). Only run these from trusted sources.
  • Scripts and command files: .bat, .cmd, .ps1, .sh. These can execute commands quickly and are rarely needed from strangers.
  • Office documents with active content: documents that ask you to enable macros or “Enable Content.” If you weren’t expecting an interactive document, treat it as suspicious.
  • Archives: .zip, .rar, .7z. Archives can hide executable files. Don’t assume a ZIP is safe because it’s “compressed.”
  • Disk images and installers disguised as documents: filenames like Invoice.pdf.exe or Report.pdf that is actually an application icon. Showing file extensions helps.

Fake updates and fake installers

A common tactic is a website claiming “Your browser is out of date” or “You need a new video codec.” Legitimate browsers update through their built-in update mechanism or official app store channels, not via random popups.

  • Safe approach: if you think something needs updating, open the application’s settings and use its built-in update feature, or go to the official vendor site by typing it yourself.

Phishing Signals: How to Spot “Something’s Off”

Phishing is when someone tries to trick you into revealing information or performing an action by pretending to be a trusted entity. The most useful skill is recognizing signals that the message is trying to rush you, confuse you, or move you away from your normal process.

Message-level signals (email, SMS, chat)

  • Unexpected urgency: “Your account will be closed today,” “Payment failed—act now,” “Security alert—verify immediately.” Urgency is used to bypass your careful thinking.
  • Unusual sender details: display name looks right, but the email address is odd, misspelled, or from an unrelated domain.
  • Generic greeting or mismatched context: “Dear user” or a message about a service you don’t use.
  • Unusual attachments or links: especially if you weren’t expecting a file or if the link text doesn’t match the destination.
  • Requests for sensitive actions: “Confirm your password,” “Send a code,” “Approve a login,” “Buy gift cards,” “Change payment details.”
  • Too-good-to-be-true offers: refunds you didn’t request, prizes you didn’t enter, or “exclusive” deals with a short timer.

Website-level signals (login pages and checkout pages)

  • Domain mismatch: the page looks like a known brand, but the domain is different.
  • Unusual login flow: you are asked to sign in again unexpectedly, or the page appears after clicking a message link rather than through your normal route.
  • Form asks for extra information: a login page asking for unrelated details (e.g., full address, PIN, or “security questions” out of context).
  • Visual imperfections: inconsistent fonts, low-quality logos, awkward spacing. Not definitive, but often present.
  • Broken navigation: links like “Privacy Policy” or “Contact” don’t work or lead to unrelated pages.

Behavioral signals: how the interaction feels

Many phishing attempts share a “pushy” interaction style: they try to keep you inside the attacker’s path. Examples include discouraging you from leaving the page, insisting you must act immediately, or telling you not to contact official support.

  • Any request to keep it secret (“Don’t tell your manager,” “Don’t contact support”) is a major red flag.
  • Any request to switch channels quickly (from email to WhatsApp to phone) can be a tactic to reduce oversight.

Practical Step-by-Step: What to Do When You Receive a Suspicious Link

Use this routine when a message contains a link asking you to sign in, pay, download, or “verify.”

  1. Pause and identify the claim. What is the message asking you to do? “Pay an invoice,” “reset password,” “view document,” “confirm delivery.”

  2. Check whether you expected it. Were you waiting for this invoice or document? Did you initiate a password reset? If not, assume it may be malicious until verified.

  3. Inspect the link destination without clicking. Hover/press-and-hold to preview. Focus on the domain (not the first part of the URL, not the brand name in the path).

  4. Do not use the link to sign in. Instead, open a new tab and navigate to the service by typing the address or using your bookmark/app.

  5. Check your account status from the official site/app. If there is a real alert (payment issue, security notice), you should see it after signing in normally.

  6. Verify through a second channel you control. If the message appears to be from a coworker or vendor, contact them using a known phone number or a previously used email thread (not “reply” to the suspicious message).

  7. If you must open the link for investigation, do it safely. Prefer a non-privileged environment (e.g., a separate device or a browser profile with no saved logins). Do not enter credentials.

Practical Step-by-Step: Handling Unexpected Attachments and “Shared Documents”

Attachments and shared-document links are common because they look like normal work. Use a consistent process.

  1. Confirm the sender and context. Does the sender normally send files? Is the topic relevant? If it’s from a known person but the message is unusual, their account may be compromised.

  2. Look at the file type. Be cautious with archives and executable formats. For documents, be wary of anything that asks to enable macros or “Enable Editing” to view content.

  3. Prefer viewing in a safe viewer. If possible, use a built-in preview or a web viewer rather than downloading and opening in a full desktop application.

  4. For shared-document links, verify the domain. Real sharing links come from the provider’s real domain. If the link goes to an unfamiliar domain and then shows a login form, stop.

  5. Validate by going to the provider directly. Open the cloud storage site/app normally and check “Shared with me” or notifications there.

Search Engine Safety: Avoiding Malicious Ads and Look-Alike Results

Many people find sites through search. Attackers take advantage of this by buying ads or creating pages that look like official downloads. The risk is highest when you search for popular software, drivers, “free” versions, or customer support numbers.

Step-by-step: safer searching for downloads and support

  1. Be cautious with sponsored results. Ads can look like normal results. If you’re downloading software, scroll past ads and look for the official domain.

  2. Check the domain before clicking. Don’t rely on the page title alone. Look for subtle misspellings.

  3. For support, avoid phone numbers from random pages. Use the official “Contact” page from the company’s main domain or the support section inside the app.

  4. Use bookmarks for frequent destinations. For banking, email, and shopping, bookmarks reduce the chance of landing on a fake site.

Browser Hygiene That Directly Improves Safety

Safe browsing is easier when your browser environment is clean and predictable.

Manage extensions carefully

Extensions can read and modify what you see in the browser. Some are helpful; others are risky or become risky after being sold to a different owner.

  • Install only what you truly need. Fewer extensions means fewer opportunities for abuse.
  • Review permissions. Be cautious with extensions that request access to “all sites” or to read and change data on every page.
  • Remove what you don’t use. If you haven’t used it in months, uninstall it.

Use separate browser profiles for different activities

Separating activities reduces the impact of a mistake. For example, keep a “personal finance” profile with minimal extensions and no casual browsing, and a “general browsing” profile for everything else. This helps prevent cross-contamination from risky sites to sensitive sessions.

Keep downloads organized and review them

A cluttered downloads folder makes it easier to accidentally run something later. Periodically delete installers you no longer need, and avoid storing random attachments indefinitely.

Realistic Scenarios and How to Respond

Scenario 1: “Package delivery failed” text message

You receive an SMS saying a delivery failed and you must pay a small fee. The link uses a shortener.

  • Signals: unexpected message, urgency, short link, payment request.
  • Response: do not click. Open the official carrier site/app by typing it or using your installed app, and check tracking using a number you already have. If you have no tracking number, treat it as spam.

Scenario 2: Email from “IT Support” asking you to re-login

The email says your mailbox is almost full and you must “validate” your account.

  • Signals: pressure, link to login, generic language.
  • Response: don’t use the link. Go to your email service directly and check storage settings there. If you’re in an organization, contact IT through a known internal channel.

Scenario 3: You search for a popular tool and click the first result

The site looks right, but the download button installs a “download manager.”

  • Signals: wrapper installer, not the vendor’s direct download.
  • Response: stop and leave. Find the official vendor domain and download directly. If you already ran it, check installed programs and browser extensions for unwanted additions.

Scenario 4: A “shared document” link opens a login page

You click a link that claims a document was shared. It opens a page that looks like a cloud provider login but the domain is unfamiliar.

  • Signals: domain mismatch, unexpected sign-in prompt.
  • Response: close the page. Open the cloud provider site/app normally and check shares. If the sender is known, verify via a separate message or call using known contact info.

Now answer the exercise about the content:

A message asks you to sign in using a link to fix an urgent account issue. What is the safest next step?

You are right! Congratulations, now go to the next page

You missed! Try again.

Do not use the link to sign in. Navigate to the service directly (typed address or your own bookmark) and check for alerts from the official site or app.

Next chapter

Device and Network Basics: Updates, Wi‑Fi, and Simple Hygiene

Arrow Right Icon
Learn Cyber Security

LearnCyber Security

Discover free online courses in Cyber Security, from fundamentals to advanced topics. Gain skills with free certifications in IT Security, Pen Testing, and more today!

 Learn Information Technology

LearnInformation Technology

Our IT free online courses offer top-notch training in the latest technologies and tools, including programming languages, web development, cybersecurity, and more.
Download the app to earn free Certification and listen to the courses in the background, even with the screen off.
QR Code - Baixar Cursa - Cursos Online

Download our app via QR Code or the links below:.

Get it on Google Play Get it on App Store