Surfing & Email
This document will help you to safely surf (move around) the web and
handle emails properly. Some information is a bit technical, but you should
go through all of it once.
The basic elements of the Internet (World Wide Web) are HTML and HTML rendering
browser programs and email programs.
HTML is the HyperText Markup Language.
It allows the creation of computer files
which are rendered (processed)
by programs to produce desired effects.
In fact, this document is written in HTML.
Computer instructions are included in it to create headings, skip lines, embed images,
Specifically, the word "bold" (both here and in the previous sentence) is coded as:
A hyperlink (or link) is an HTML instruction which causes a
word or section of the currently-displayed
web page (possibly even a portion of an image) to be clickable.
When clicked, the rendering program will fetch (read)
another web page, jump to a different location on the current page, download a file,
or take some other action.
This is the mechanism which makes surfing the Web so easy.
In fact, HTML allows actions to be initiated just by mousing over (simply moving the cursor
over an area of the current page).
However, link HTML instructions,
like the bold instructions above, obviously hide some information
from you. Specifically, the text that you see in a link may be unrelated to the code
instructing the rendering program what to do when you click the link.
For example, the following link:
will not take you to the Google website. Instead, it will just
take you to the bottom of this
page (Try it! Then click
Back or the browser's BackButton to return here).
How can that be? Well, it's just the way it's coded, which is:
<a href = "#bottom">www.google.com</a>
So you see, when you click on a link, you should have a pretty good idea of who created
the link (someone you can trust),
and what's should to happen.
Web browsers are programs
which render HTML and present the resulting output to you on your screen. Some popular
are: Microsoft Edge, Microsoft Internet Explorer, Mozilla FireFox, Google Chrome, Opera, Safari, and
The web browser addressbar (or locationbar)
is used to enter a specific web address (the typical "www.somename.com"), which
is also known as a url (uniform resource locator) or uri (uniform
to fetch. You then press Enter or click Go, and the browser contacts the
website with the request.
Do not confuse the browser addressbar with a search engine input box
(as found, for example, on the real www.google.com web page).
Search Engines are designed to search the web
for items which are related to your input, but not
necessarily the single specific thing that you enter.
If you specify an incorrect web address, some web browsers, in some
instances, will automatically execute a web search and present you with the first result
of that search, so that the next web page you see might not be what you intended.
The reason you must be careful is as follows:
Say you wish to go to "www.bankwell.com" and
accidentally enter "www.bankweil.com" (mis-typing the first "i" for an "L").
Now suppose that someone has created
a website named "www.bankweil.com", and has copied all the relevant web pages from
As a result, you would see web pages that look exactly like bankwell.com's,
but actually could
be some crook's counterfeit website!
Don't let this happen to you, because the next thing you'll probably be asked to do is enter
username and password to access your account information. If this is indeed a counterfeit
website, you'll be giving away the items a crook needs to steal your identity.
Criminals create websites with names similar to legitimate websites,
but with common transpositions of mis-typed letters, numbers, etc. There is some policing
of these website names, but you still must be careful.
So, you must be sure to enter the correct web address. Obtain it directly from the resource you
want. In this example, you would call the bank or get it from your monthly bank statement.
You should examine your browser's "Search from Address Bar" options/facilities, and
The addressbar is also where you can see the result of a page request. That is, after fetching and
displaying a web page, the addressbar is set with information about the page.
For example, if you request the following page:
the addressbar might be set to:
The https indicates that the web page was transmitted to your browser using the
"HyperText Transfer Protocol Secure", which means that
the information being sent/received is encrypted (scrambled), making it difficult to understand
if surreptitiously viewed.
Some browsers change the color of the addressbar to indicate https is being used, or even
display a padlock.
The /index.jsp indicates a particular resource on the website. This might be a page of text,
or a program which performs some task.
The statusbar is usually at the bottom of the browser's window,
and displays information about the
current web page, browser activity, and more. It may also be a floating or pop-up window of information
which appears when the cursor hovers over a link before clicking.
Specifically, when you hover over a link,
the web address
associated with the link will be displayed in the statusbar.
Try it on this link: Hover here
You should see: "...This link goes nowhere!" in the statusbar.
If not, examine your web browser options, and turn this feature on.
Also, some browsers allow a right-click on a link to display
a Properties menu-item, which shows additional information about the link.
Cookies, Active Content, Scripting
Cookies are text files that your browser writes on your computer disk drive.
These allow websites to "remember" (by reading these files)
that you visited them previously, and perhaps specified certain
preferences for your browsing experience, etc. Generally, these files are safe, and should be
allowed in the browser's options.
Active Content refers to elements embedded within a web page which are dynamic.
These can range from a simple audio file playing background music while you surf, to complicated
which can interact with your mouse, keyboard, disk drive, microphone, etc.,
allowing web authors to create a much richer browsing experience.
With these facilities, such things as pop-up balloons,
automatic tables-of-content, floating menus, and
dynamic page content are possible.
In fact, if this web page is accompanied by a table of contents in the left column, then
and the browser's state) is active. If so, you may scroll the table of contents, click on an
entry, and thus reposition this page.
Active-X, and .NET).
Others, such as multi-media
players, will pop-up Download / Install dialogs when you first try to use them.
Download / Installs, Plug-Ins, Applets
As more content appears on the web, so, too, more programs are written
to render it.
No single web browser is capable of rendering all the various media types that are now
are developed to perform this task. Plug-Ins are browser
'helper' programs which you voluntarily Download and
Install on your computer.
Then, when your browser encounters a particular type of media, the appropriate Plug-In
is called to process it.
There may be several Plug-Ins available to handle any particular type of media.
It's like viewing a show on different TV's: The content is the same,
but the rendering and controls may differ.
Applets (application-ets) are programs that run within another program (like
your browser). They function like Plug-Ins, but are not associated with media types, and
are typically started manually (by mouse-click or -hover).
You must use caution when you Download / Install Plug-Ins, applets, and programs, obtaining only
There's a long list of legitimate software providers
(Microsoft, Adobe, RealNetworks, Apple, etc., etc.)
who have created many significant Plug-Ins and programs. In fact, one of the great strengths
of the web is the literally millions of lines of programming that are available for almost any
conceivable aspect of life.
When you surf to popular websites (like Google, YouTube, or WCBSTV) you can be sure that anything
they offer for download is OK.
However, you must be wary of third-party or "mirror" sites (possibly linked-to by
Google, YouTube, etc.) that offer downloads:
It is possible for unscrupulous people to piggy-back malicious software on a seemingly
harmless download. Download files from such sites can have the same name,
but different contents.
Malware: Adware, Spyware, Scareware, Tojans, Viruses, Worms
Malware (malicious software) and
Adware (advertising software)
refer to cookies and/or programs
that criminals or
advertisers install on your computer or embed in web pages
which may pop-up windows during your browsing to sell you
something, track your browsing (so they can try to figure out what to sell
to you), or otherwise disturb your computing experience.
Similarly, Scareware may pop-up windows with frightening
warnings about vulnerabilities in your computing environment.
Spyware, Trojans, Viruses, and Worms are types of malware that
you don't want on your computer. Therefore:
It is imperative that you run an anti-virus program on your
Anti-virus facilities screen disk-resident files (programs and data),
web pages, downloads, emails,
and email attachments,
removing such harmful malware
before it can infect your computer.
Microsoft Windows 10 has built-in anti-virus protection named "Windows Defender". So, immediately upon
initializing a new Windows 10 computer, you are basically protected.
Other anti-virus programs are often available from your ISP (Internet Service Provider),
or as freeware (free software) on the web.
The best of these programs (Defender, Norton, McAfee, Kaspersky, AVG, Avast!, and others) maintain current
virus definitions by periodically downloading a file from the company's servers.
You should become familiar with the workings of your anti-virus programs, their messages and warnings, and
actions that they take.
For example, some might issue Scareware notifications about
vulnerabilities to entice you to upgrade to "premium" versions, which can be ignored.
In other instances, where an actual virus is detected, the offending file may be "quarantined" for later
examination, or simply deleted.
There are other security methods used on the web to ensure software legitimacy, such as "Digital
Signatures" and "Digital Certificates" that are associated with files and providers which can be
verified. However, a good anti-virus program with current virus information will normally suffice.
A firewall program (or device)
monitors and controls the flow of data between
your computer and other computers or devices. Rules can be set to allow only certain types of
For example, there's a type of data request which can devulge your computer's existance.
This is a relatively harmless type of traffic.
However, certain types of viruses, if activated on your computer, attempt to act like web servers,
creating unsolicited communications with other computers. A properly-configured firewall will stop
Windows XP and above all have
a built-in firewall, and there is firewall freeware available, too.
In order to identify yourself to a website, you are often asked to register by creating an
account, consisting of a username (or userid)
This provides a way for the website to customize your web surfing experience.
The username is a public identifier.
It might appear on the "home" page of the website you're
visiting in a salutation, like:
Or, it might be published to other users of the same site, so that they can communicate
Some websites request your email address as your username or as a separate item.
This is useful because your email address is unique to you, since each ISP
(like Verizon, Comcast, etc.) must assign a different email address to each customer, to be
able to correctly deliver your mail.
Your password, however, is a private identifier.
It should only be known to you.
You should ensure that your password
can't be guessed or figured-out. Don't use your name, birth-date,
house address, anything related to you or your life, or a single common word, etc.
A fairly good choice is a combination of
some words with numbers or punctuation between them. For example:
Also, don't use the same password on multiple
websites: Would you like it if your email
provider also knows your bank-logon password? No.
Websites have varying criteria for usernames and
passwords: length, disallowing certain characters, etc.
The username that you request on a particular website may already be in use by someone else.
Be patient, and thoughtful about this.
In order to prevent the disclosure of your username and
password to illicit websites (see Addressbar above, and
Phishing, below), some websites have instituted a SiteKey
security procedure, as follows:
During the registration process, you select an image and/or phrase for verification.
During logon, after entering your username, the image and/or phrase is presented to you.
Since this information is known only to you and the legitimate website, you can be sure
that you're really communicating with the right website if the image/phrase is the correct one.
Only after you verify the correct SiteKey do you enter your password, and complete
the logon process.
If you don't recognize the SiteKey, you don't enter your password, thus keeping
it from being disclosed.
Favorites / Bookmarks
As you surf the web, you will collect many website/username/sitekey/password sets.
All web browsers have a Favorites (or Bookmarks) capability to save and quickly
access stored websites with their associated web address. Make sure that you save the correct
For each website, you must also keep a record of these username/sitekey/password sets.
Do not keep this information near your computer or workspace when
you're not around.
If someone accesses or steals your computer but doesn't have your
username/sitekey/password list, then your web-based information is still safe.
Some browsers have the option of "remembering" usernames and passwords,
automatically inserting them when you surf to specific websites.
There are also separate programs which allow you to store such information on your computer in
encrypted files. If you choose to use these facilities, make sure that you understand their
capabilities and pitfalls, if any.
Again, if you allow your browser to automatically supply
usernames and passwords, what happens if your computer is stolen?
All modern email programs render (and can create) HTML messages.
Popular ones are: Microsoft Outlook, AOL, Mozilla Thunderbird, and many more.
This allows authors to create email messages which contain links. It's a
very convenient way to send a message to someone, and point them to an interesting item on the
web. You just include the appropriate link. The reader then clicks the link, which starts their
default web browser, and the item is presented.
Crooks send emails which are made by copying pages from legitimate websites
(banks, stores, services, etc), claiming that some change has to be made to your account
for some reason. Would you please click this link, then do this and that, then
make the required changes? No! Don't do it!
This trick is known as phishing. It has the same trappings as a counterfeit
New versions of web browsers have anti-phishing facilities. They try to determine
if the link you click is legitimate. They maintain lists of known, suspect web
addresses, and will warn you if you attempt to surf to these websites, but you still must
Don't even click on unsubscribe or opt-out
links, which are supposed to eliminate you from
advertising emails (spam), or the like. Doing so only sends an email to someone, announcing that, in
fact, you really exist!
A skeptical approach must be taken to public-access internet connections. These range from
computers in friends' homes to kiosks in hotel lobbies, WiFi Hotspots in restaurants, cafes, or airports,
or WiFi networks in hotels and condos.
A keylogger program is one which captures every keystroke on a computer and secretly
makes that information available by either saving it in a file, or
transmitting it somewhere on the internet.
If such a program is running on a computer that you use, even password-protected information
Now, this is not to say, for example, that if you go to a friend's house, and start to do some work on
the internet, that he's intentionally capturing your passwords for criminal use.
However, it may be that your friend does no important work on the internet, and doesn't care
about security. In such a case, perhaps a keylogger program was accidently downloaded and
installed. And perhaps this keylogger program sends a record of each keystroke to a criminal's
computer somewhere on the internet.
You don't want this to happen while you're paying your bills
through your online banking facility.
Similarly, kiosks and shared public computers (often in hotel lobbies or "computer rooms")
may have such keylogger programs running. Even computers in well-known establishments may be
compromised because anyone using the computer before you may have installed a keylogger.
For safe, secure web surfing, you cannot use public-access computers or terminals*.
Ethernet, WiFi, HotSpots
Ethernet is a cabled connection to an access point
which may then be connected to the internet.
WiFi and Hotspots are wireless access points which may then be
connected to the internet.
Such access points are actually radio transmitters/receivers which talk wirelessly to your computer,
and then send/receive the information to/from the internet.
There are some dangers here which you must be aware of:
Network Legitimacy vs. Spoofing
Imagine that you're staying at a "Motel 21" somewhere, and when you check in, your're told
that WiFi is available.
So you check in, get comfortable, start your computer, and, using your wireless network software
you see that the following networks are available:
You then click on the first entry, and connect to motel215O4, and begin your work.
The problem here is that motel215O4 is not valid!
Notice that there is a difference between the letter "O" in "motel215O4" and the number zero in
the other "motel215nn" specifications (This will be more or less obvious, depending on the font you're
In this scenario, "motel215O4" could be a criminal's computer that is "spoofing" a real
Motel 21 access point. That is, it appears to be a valid network, but is actually
inspecting all information that it receives, and then passing it along through another network
Your computer's wireless software may even be configured to automatically logon to whatever access point
it finds, without even informing you.
Clearly, there is a risk here. Therefore:
You must be sure of your network connections.
Network Logon Passwords, Encryption
Now, let's assume that you have connected to a legitimate WiFi/Hotspot network, and
you begin to do your work. You logon to your email account, and then onto your bank account.
The consideration here, is that if you logged on to a WiFi network without having to specify a network
password, you may be transmitting at least some of your information in clear text.
That is, the data is humanly readable. Remember, the data is
being transmitted everywhere on a simple radio signal.
Requiring a network logon
mean that the data being transmitted between your computer and
the access point is encrypted, making understanding such information much more difficult (but
not impossible). However, just requiring a logon password is not proof of encryption. Therefore:
You should inquire about network encryption.
Network Admin Passwords
When a WiFi access point (typically a router) is added to a network, it must be configured by an
administrator. There are many options, such as enabling encryption, which computers are allowed to
connect, how computers can connect, etc., etc.
In addition, there's an administrator password which should be specified, which protects
the configuration from unauthorized changes.
When an access point device is manufactured, it is loaded with code (known as firmware or microcode) to
perform its tasks.
Many of these devices are also loaded with a default administrator password
that is well-known in the computer industry.**
So, unless the device has been properly password-protected, it is possible for a criminal to re-load the
firmware (even wirelessly), and install a keylogger-type routine to spy on users' communications.
You might think that if you check in to a well-known establishment, the computing environment is safe and
secure. However, in our Motel 21 example, imagine that the motel is off the beaten path, run by
folks who have no computer knowledge whatsoever.
They may have sub-contracted the computer support to some local company, possibly not even within the
corporation's guidelines, which would then have access to all the guest's communications. You can see the
possibility here for some problems. Therefore,
You should inquire about network maintenance procedures.
Finally, some of the above may seem somewhat outlandish or convoluted, but consider this:
People who frequent nice hotels or rent condos (especially in resort locations)
and who use computers to manage their life's activities, will generally be at least moderately
wealthy. Thus, such individuals are high-probability targets for criminals.
And it's not really too troublesome for a criminal to lounge on a balcony at some luxurious
hotel, with a laptop, running programs to intercept and analyze such communications.
Therefore, before you enjoy the convenience of available-anywhere internet access,
you must be fully aware of the above pitfalls, and act accordingly.
There are advanced security facilities (both software and hardware) that can overcome various
public-access problems, but these are not addressed in this document.
Many access-point manufacturers and ISPs now provide devices with individualized administrator passwords
(usually printed on a removable label). This greatly increases security.
If you use a common-sense approach to your surfing, you'll be OK.
For example, say you obtain a trusted web address (like your bank), and
register a username and password, with your email address,
thus creating a new user account.
Typically, you are told that you will be sent an email with a link which will
activate your new account. This allows the website to
verify your email address.
And so, you receive the email, which contains a link.
You click the link, and are brought to a web page which requests your
username, password, and other personal information.
Since you initiated this process, you can be sure that it's legitimate. Go ahead and enter
On the other hand, let's say you receive an unsolicited email, apparently from your
bank, saying that there's been some suspicious activity on your account, would you please
click here, to confirm something, and blah, blah, blah.
What you should do is:
If in fact, there's something
wrong with your account, you'll be advised when you get to it via your
- Exit the email
- Start your web browser
- Enter the web address for your bank that you know is
correct (from your Favorites)
So, the essential things to remember are:
When being asked to enter personal, private,
important information on the internet (either in an email or while surfing),
you must ask yourself:
If you can't satisfy the above queries,
you probably should not continue.
How did I get to this request?
Did I initiate the process?
Is there a logical, sensible thread connecting this request with some
previous action of mine (like the register/email activation
Can I determine, in fact,
that this request (web page)
is indeed from the real website of the entity
(bank, company, etc.) that I wish to communicate with?
So now you're safely surfing the internet, and come upon a very official-looking website
which seems to contain much information about something that you're vitally interested in.
And the gist of the information seems to go against all you previously understood
to be true. What are you to think of it?
Here's where the essence of the internet shows: Anyone can publish on the internet!
In the old days, if you wanted to publish anything more than a handout, you
had to get a fair amount of money together and a willing publisher.
But with the internet, it's as easy as typing a letter. And the graphics and special effects
that are available can be very impressive.
But all this doesn't mean that there's any more truth on a website than if you bumped into a stranger
on the street, and were told by him that the world is flat.
You must verify things found on the internet: The website you obtain your information from is key.
Is it a celebrated publishing house? Is it an established news organization?
Also, don't be fooled by volume. You may find many references to something, but that doesn't
make it fact. At one time, and for a long, long time, people did think that the world was
flat! Check it out.
A good place to start your web browsing is the official website of your computer's hardware
manufacturer (Dell, eMachines, Gateway, Toshiba, etc), then the
software operating system (Microsoft for
Windows, Apple for Mac). It's usually simply the name, followed by ".com" (i.e. dell.com).
Most modern computers now come with an automated 'update' facility which logs onto the manufacturer's
support website, usually on a schedule (daily, weekly, etc), to see if any new or updated software is
available for your particular system.
With all the thousands of lines of programming that a modern computer system requires, there
are always going to be occasional updates. Such updates improve reliability, security, and
performance. Check your computer system documentation.
Additionally, the following are some useful websites:
Open Source (free-to-the-public)
office suite which completely supplants Microsoft Office, for free!
There's a word processor, spreadsheet, presentation manager, and more.
Open Source software development.
Computer, Software, Hardware and Electronics Review.