Some tips for safe online browsing

Internet browsing, online shopping and carrying out financial transactions via home banking are all daily actions that can expose us to risks.

Online criminals use phishing, deceptive internet addresses, malicious websites and malware to attack your devices. This helps them to obtain confidential data about you, your family or your work, use your passwords and steal your digital identity. They can use that identity to extort money or use your computer to carry out attacks against other inexperienced users.

Here are a few tips on how to use the Internet as safely as possible and keep cybercriminals at bay.

Make sure you are on a trustworthy website

Cybercriminals create fake websites that are very similar to the original ones so that they can carry out scams at your expense. You can tell whether the website you are visiting is the one you were actually looking for by paying attention to specific clues.

Identify the website domain

Every website can be reached through an address (URL): Banca d'Italia's website URL is https://www.bancaditalia.it. The address of the website you are visiting is written in the browser's address bar.

The domain is the most important part of the address, as it indicates the website we are on, identifies the website owner and also its degree of trustworthiness. You know you can trust all addresses whose domain is bancaditalia.it because this domain belongs to Banca d'Italia.

Look at the address very carefully

Malicious websites often use domain name and addresses purposely created to mislead users.

Don't trust any addresses whose website domain name is not clear or has strange features, such as:

• an IP address, which is a sequence of numbers such as http://85.159.192.76:80;
• an address that is masked through url-shortening services such as tinyurl.com or bit.ly, for instance http://bit.ly/1vwRM0A;
• a deceptive address whose domain name looks very similar to that of a known site, but differs in some characters; for instance, in bancadltalia.it the first lower case 'i' was swapped for a capital 'I';
• a deceptive address whose actual domain is different from the one we see when we read it quickly, for instance: http://www.bancaditalia.it-login.support/account.

If you have any doubts about a website's authenticity, read the content of the browser's address bar carefully.

Pay attention to the links

Before clicking on a link, it is advisable to examine the destination website address: these simple tips could stop you from falling into a trap.

On your laptop, you can display a link's address by placing your cursor over the link without clicking on it: the address will be displayed in the bottom part of the box.

On your smartphone, you can display a link's address by holding the link down.

In order to access the websites you normally visit safely, especially the 'important' ones, such as home banking or your favourite shop, remember to:

• Type the address. By typing the website address in the address bar, you can avoid using links created by others.
• Add it to your Favourites. Once you have added it to your favourites, you can get to the website without running any risks.

Read the security alerts

Despite all your precautions, you could still end up on a malicious website.  In this case, the browser can be a good ally: its protection features often help detect deceptive and harmful websites, preventing you from opening them and displaying a security alert.

Do you want to know what a security alert looks like? Try opening these links (don't worry, they are just for demonstration purposes):

• to see a mock malware
• to see a mock deceptive website

If a security alert appears on your browser, close the website immediately! It is a good rule of thumb to make sure your security settings are on: the main browsers' guides, such as Mozilla Firefox, Google Chrome and Safari, provide more information on how to protect yourself by making the most of your browser's security alerts.

Check out a website's reputation

If you are in doubt about a website's trustworthiness, you can check a few more aspects:

• Make sure it is a well-known site.
• Look up the official website address on Google.
• Check whether the address is connected to instances of fraud, for instance by adding keywords such as 'scam' or 'phishing' to the search.
• Use diagnostic tools (such as Google's) to check whether the website is included among the 'notoriously' malicious ones.

Make sure the website connection is safe

There are two important indicators on the address bar: the symbol of a locked padlock and the https prefix indicate that the website connection is private, that is, that any information exchanged with the website is encrypted and can't be read by third parties. If these two security indicators are missing, you mustn't enter any personal information (password, bank account number, credit card number) because you are using an unsafe connection!

The most commonly used browsers use warning signs in this case: the padlock icon either has a yellow triangle or is crossed out.

Beware! Even a website with a locked padlock and the https prefix could be unsafe/dangerous: cybercriminals can 'padlock' their own website, which will grant you a private means of communication... but it will also be a scam!

Use an antivirus

An antivirus is a software that intercepts and blocks malware before it causes any damage. Having an active antivirus on your device (laptop or smartphone) is essential to protect you from malware! Updating your antivirus regularly is just as important, so that it can detect and remove the most recent viruses.

Keep your device up to date

Cybercriminals are constantly creating new malware, and the most elaborate examples exploit our devices' new weak points. In order to ensure the highest level of protection, always update your browser, your operating system (Windows, Android, iOS, ...) - as well as all the Apps and other software - to the latest available version. To make your life easier, make sure you activate automatic software updates.