There's no doubt that the internet is a wild west filled with malware, spyware and phishing scams all circulating around looking for a victim. You don't have to be a security editor to hear about data breaches constantly, to get told plenty of tips on how to stay safe online or to feel a little uncertain every time you open your inbox. It can feel overwhelming and disheartening, at the least, to realize what you're up against when all you want to do is apply for a job or buy concert tickets and you have to contend with hackers, scams and spam.
And while there are plenty of reasons to make sure you're staying up to date on the latest phishing scams and protecting yourself by keeping the best antivirus software up to date, it's often the smallest habits that help protect you the most.
When you live in a city, you get used to parking your car under streetlights and not leaving change in the center console. When you're online, you should get used to similar habits and practices to keep yourself safe from the various threats that might be out there waiting for you to slip up.
Careful where you click
From my time as a security editor, I can tell you there are several little practices you can put into place to make sure you – and all your devices – remain safe: keep your software and apps updated, get rid of old and unused accounts, only download apps from the authorized app stores, use passkeys and multi-factor authentication, and always use an antivirus.
However, if there is one rule I will never, ever break – ever – it is this one: I never, ever click on any link, attachment or QR code that I'm not expecting.
It doesn't matter if it's in a text message, email or through social media or what it says in the body of the message. If I'm not expecting it, there's no way I'm clicking.
Better safe than sorry
When I started getting texts saying I owed toll fees? I deleted them and marked them as junk. When I get emails with PDF attachments that claim to be invoices from people I don't immediately work with? I report them to the IT department as phishing.
Confirmations that claim I've purchased antivirus software? Shipping notifications from UPS? Thank you emails for orders I don't recognize? Social media messages asking me to model for a brand? Delete and report.
If it's something that is genuinely important, either I'm going to recognize who sent it or what it's about or the sender is going to resend it. Either way, I'd much rather ask forgiveness for a misunderstanding than have to deal with malware on my machine.
Granted, phishing is becoming more and more advanced and AI-enabled emails that resemble Netflix or Hulu are tricking even the savviest of computer users but that's even more reason to follow the rule: If it wasn't expected, it doesn't deserve a click.
You can (and should) always go to the source if you need to verify something.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
