You are now in the main content area

Practice Safe Browsing

Every week, tens of thousands, external link, opens in new window of malicious websites are detected. Most often, the sites contain malicious software and are designed to trick you into downloading and installing it, or they mimic the look of legitimate sites to deceive you into entering confidential information.

Defensive computer use

The way you interact with browsers and computers can make a difference in keeping your personal information and online activity private. Here are some things to think about:

If you’re working in a public area like an open office or the library, do not leave laptops unattended without being physically secured as they are frequently stolen.

Even if it’s secured and you must leave your computer unattended, remember to lock the screen. This helps prevent opportunities for others to expose your confidential information from logging in to your personal accounts like banking or email if you’ve saved the passwords.

Get in the habit of locking before you leave every single time. To make this easier, there are ways to lock your screen quickly:

  • For PCs:
    On your keyboard, press the Windows key + L
  • For Mac desktops:
    On your keyboard, press Ctrl + Shift + Eject button
  • For Mac laptops:
    On your keyboard, press Ctrl + Shift + Power button

If you’re a Mac user, Apple also has a feature to create custom keyboard shortcuts using keys of your choice. Learn how to create keyboard shortcuts for apps on mac, external link.

Some browsers like Google Chrome have a safe browsing feature that warns you before visiting suspected malicious sites. It’s a good idea to heed Google’s safe browser warnings. In general:

  • Make sure browsers, browser plugins and extensions are kept up-to-date and that the auto-update features are enabled whenever available.
  • Only enable plugins and extensions for sites you know are trustworthy.
  • Disable any plugins you no longer need.
  • Before entering information on a webpage, be sure the link in the location bar is correct. Learn how to recognize the hostname of a link in the Suspicious Links section of our Phishing page.
  • Log off or shut down completely when you leave your device for the day.
  • Set your computer's power options to prompt for a password upon resuming from sleep or standby.
  • Any computer or tablet used by someone other than yourself is considered a shared machine, regardless of whether it belongs to a family member, friend, electronics store or library.
  • Always log out of web apps, e.g. social media sites, online banking or email to prevent accounts and information from being hijacked or misused.
  • Be aware of habits and avoid clicking "yes" to save your password for any sites visited, lest someone gain access and misuse your personal, work or school information.
  • Use a browser’s “private browsing” mode to minimize risk as it will never prompt you to remember logins or passwords or retain information from your session once you close it. Here are some helpful shortcuts for starting private browsing sessions:
    • Google Chrome’s Incognito mode:
      On your keyboard, press Ctrl + Shift + N
    • Mozilla Firefox’s Private Browsing mode:
      On your keyboard, press Ctrl + Shift + P
    • Apple Safari’s Private Browsing mode:
      In your Safari browser, click the Safari menu, then Private Browsing
    • Internet Explorer’s InPrivate Browsing mode:
      On your keyboard, press Ctrl + Shift + P

Malware and other online threats

Having knowledge of online threats can help keep your personal information safe from theft or compromise.

Malicious sites use a variety of methods to trick you into downloading and opening malware. Here are some real-life examples:

  • Websites that cannot be read without installing a special font that needs to be downloaded. Usually, the font file is really malware.
  • Websites asking to install an application or plugin in order to watch a supposedly controversial or viral video.
  • Links to “must watch” videos from an acquaintance you rarely interact with, arriving either by email or social media.
  • Websites offering normally expensive software for free.
  • Pop-up windows that claim your computer is infected, or appear to run an antivirus scan, or urge you to take immediate action.
  • Websites or emails requesting personal financial information, e.g. social insurance number, PIN or bank account information for an unsolicited financial transaction or purchase.

In every situation like these, it’s safest to ignore the site’s instructions and leave.


Some malicious sites open pop-up browser windows to entice you to download and infect your computer, tablet or mobile device. Often, it’ll claim your computer has a virus that you need to clean by following directions or calling a phone number.

In some cases, these browser windows cannot be closed by clicking but you can close the browser entirely using keyboard shortcuts.

For PCs:

  1. On your keyboard, press Control + Alt + Delete
  2. Click Task Manager
  3. Click the Processes tab, highlight your browser and click the End Task button.

For Macs:

  1. On your keyboard, press Command + Option + Esc to open the “Force Quit Applications” window.
  2. Highlight your browser and click the Force Quit button.

You may receive emails, social media messages or otherwise be directed to fake websites as part of a phishing scam for personal information. Have your guard up if you:

  • Receive emails of an urgent and confidential nature, e.g. “Your bank account has been locked”, but with a generic, unspecific greeting and a link to a website.
  • Read a comment on a help forum that someone solved a problem by downloading a driver from a specific link.
  • Receive a link via social media that claims someone is saying something about you or that a popular video is available.

The best strategy is to ignore these messages. If you think a message may be valid, you can always check the link without clicking it by doing the following:

  • On a computer, hover your cursor over the link to reveal the true destination address at the bottom-left of your browser window.
  • On a mobile device, press and hold the link to reveal the true address or a preview of the page.

Learn more about phishing and how to detect and report it.