Internet Security

  • Learn how to stay safe when using the Internet.  Click on any of the links below to learn more.

    • Where is that Link Taking You?  Learn how to read a web address / URL

    Learn to Read a URL or Web Address

    Internet criminals prey on people who do not know how to protect their information and computers.  Learn how to read a website address, also known as a URL or Uniform Resource Locator, and start protecting yourself.  Web addresses contain important information, including whether or not you have a secure connection; the name of the server the information resides on and the sub-directory where it is located; the name of the country where the website is hosted; the type of domain; and the type of file on the page.  There are three main parts to a URL: transfer protocol, server and domain name; and directory and sub-directories.

    Sample URL -- http://www.mediacollege.com/video/shots/point-of-view.html

    Part 1: Transfer Protocol -- HTTP vs HTTPS

    What is this? 

    Hypertext Transfer Protocol tells the computer browser to contact the web server where the website is located and tells the browser how to load the page.

    HTTP -- This is an unsecure or unencrypted Internet connection.  People with special programs can eavesdrop on your electronic communications and collect personal information. 

    HTTPS stands for Hypertext Transfer Protocol Secure -- This is a secure connection and it is often indicated by a small padlock icon in the address bar of the browser.  This means you have a secure communication channel between your computer and the web server, even if you are on an unsecure public WiFi network. A secure connection protects you from eavesdropping or tampering.

    FTP stands for File Transfer Protocol, and indicates that a file is about to be sent to your computer. Proceed with caution!

    Part 2: Server Name and Domain Name 

    In our sample URL, we are focusing on the mediacollege.com section of the URL.  The first part, mediacollege , identifies the server which hosts, or stores the page or file. 

    The second part .com is the domain name.  A domain name indicates what type of organization or institution owns the website.  Below are some of the most common domains.

    • .biz = Business
    • .com = Commerce
    • .org = Organization
    • .net = Network; usually associated with an Internet Service Provider, such as comcast.net
    • .edu = College or University in the United States; other educational institutions
    • .k12 = K-12 education institution in the United States
    • .ac = Academic; College or university in the United Kingdom
    • .gov = Government agency in the United States; can be used by city, county, state, or federal government
    • .mil = United States military


    Country Codes

    The United States does not use country codes for websites hosted inside the U.S.  For websites hosted in other countries, you will see a two-letter country code as part of the URL.  For example, www.media-awareness.ca . The .ca indicates that this website is in Canada.  Some sample country codes are below:

    • .au = Australia
    • .br = Brazil
    • .ca = Canada
    • .cn = China
    • .it = Italy
    • .jp = Japan
    • .uk = United Kingdom / England
    • .za = South Africa

    Click here to view other country codes.


    Part 3:  Directory and Sub-directories

    In our sample URL, this is the part enclosed in the forward slash marks /video/shots/point-of-view.html

    The information that appears after the domain name and between the forward slash marks / indicates the directory and sub-directories where the file is stored on the server. The information provided here directs the computer to the exact location of the page or file on the server. Think of the server as a file cabinet.  The directory is like a drawer in the file cabinet, and sub-directories function as a file folder inside that drawer.   For example, with the  URL http://it.spps.org/security/ internet-security/read-urls  we are looking at the page Read URLS which is located in the sub-directory Internet Security which is in the directory Security on the website it.spps.org.  


    File Type

    Sometimes at the end of a URL, you will see a file type appended, such as .html in our example. This indicates what type of file you are opening.  Common file types are listed below:

    • .html or .htm  = Web page
    • .jpg, .bmp, .gif = Image
    • .mov, .wmv, .m4v = Movies
    • .PDF = Portable Document Format (document)
    • .zip = zipped or archived file; this will download something to your computer proceed with caution


    Other Information Found in a URL

    /users/ -- This indicates that you are about to access a page or file that belongs to an individual

    ~jsmith -- When you see the tilde (~) followed by what appears to be a name, it means that you are about to access a page on someone's personal account.  Keep in mind that anyone can publish content on the Internet.  So seeing something like ~jsmith as part of a URL should indicate that this person is the one responsible for the content on this page.


    Finding the Home Page on a Website

    You can always find the home page of a website by deleting all of the URL back to the country code or domain name.  So, if you were using our sample URL, you would delete the end of the URL and leave only http://www.mediacollege.com to view the first page of the website.  This can be helpful if you are trying to find the owner of the page or site.

    • Phishing for Information - Learn about Phishing Scams

    Phishing and Spear Phishing Scams

    Internet criminals often send out an email message impersonating a legitimate business in an attempt to trick people into giving out their personal information.  This type of Internet scam is called Phishing.  When the fraudsters send a message targeting a department or person within your organization, it is called Spear Phishing.

    The SPPS Technology Services Department will never send out an email asking for user names and passwords.

     

    Recognizing Phishing Emails and Texts

    Check the Sender's email address -- Does it match the domain name for the company?  If they claim to be the email administrator for SPPS, but the sender's email address is @buckley.org, it is not a legitimate email.

    Watch for misspelled words, random capital letters, and grammatically incorrect or awkward sentences -- Phishing emails and spam frequently include grammatical errors and spelling errors.

    Pay attention to the website's URL -- Carefully examine the URL for any links inside an email or text message. The URL may look legitimate, but the domain may be different.  For example, a phishing email telling users to update their email account to gain more storage space may use a link that sends users to http://storage.spps.net.  In SPPS, all of our websites end with .spps.org, so this URL in a message is a clear indicator that this is NOT an SPPS website.

    If the offer seems too good to be true, it is likely a phishing email -- If an offer seems too good to be true, don't click on any links. Trust your instinct, and throw the email in the trash.


    DON'T:

    • Provide requested information
    • Reply to the email
    • Click on links inside the message
    • Call the phone numbers provided in these messages
    • Click on or download any files or attachments

    What should I do if I receive a Phishing email?

    • Delete email and text messages that ask you to submit or confirm personal information
    • Forward the email to the Service Desk as a service ticket

    Email Security - Learn how to keep your information secure when using email

    Email messages are like postcards, and your messages can be easily intercepted.

    1.  Use separate email accounts for work and personal communications --  If you frequently register for different websites, create an email account that can be used for registrations and notifications.  If one account is compromised, your other accounts are secure.

    2.  Create unique passwords -- Create a unique password for each account, and do not share the passwords with anyone.

    3.  Beware of Phishing Scams -- Be wary of emails requesting you to update personal information or enter user names and passwords.

    4.  Never click on links --  Do not click on links in emails, unless you are expecting it.  It is easy for scammers to falsify a link, so proceed with caution.  Many account registration processes include an email with a link to verify the account and complete a registration process.  It is OK to click on those links if you have initiated the process and are expecting the email.

    5.  Don't open unsolicited attachments -- Don't open email attachments unless you are expecting it and know the sender.  It is easy for a scammer to falsify a file type to download an infected file onto your computer or device.

    6.  Avoid public WiFi --  Avoid accessing your email on a public WiFi network, as it is easy for unscrupulous people to intercept your log in credentials

    Link: Tips for Using Public WiFi - Learn how to protect your computer and files when using a public WiFi network