Prevention Tips and Advice
Although the sophistication and creativity of the attackers is considerable, there are several simple tips that you may consider to avoid most of the trouble that may be caused by the installation of malware by the “Drive by” methods:
Treat cautiously the unsolicited messages and as a rule of thumb, don’t open them unless you are certain 100% that they are legitimate.
If you receive unsolicited messages pretending to come from social networks informing you about a new post of photo, you can access the respective social networks by using their mobile apps or by manually TYPING their address in the browser and entering that way, avoiding clicking on URL-s in messages.
When you receive special offers from retailers, validate them in browser by manually entering your account and checking whether they are real.
All the messages coming from your bank or other financial services should be taking care with special attention. Please use as much as possible the manual access in a secure browser instance, in place of clicking on URL-s or checking e-mail attachments.
When you receive messages containing URL-s you can always check the URL structure and real Internet address at mouse over (when you pass with the mouse over it). Be careful as the attackers are using very similar names or trick you by using numbers (ex: Cit1Bank, or Micros0ft, or Gogle/Gooogle, or Aple, or 1NG Bank). Also, be careful at the URL structure – for example, while https://authentication.mybank.com is a subdomain of MyBank, a construction like https://authenticationservice.com/MyBank/ is a subdomain of authenticationservice.com.
Please maintain your browser and its extensions and add-ons permanently up-to-date from their respective official sources. Please don’t trust all the messages asking you to download add-ons and other executables and never use the RUN option, better download and scan the file instead. If a page is telling you that you need to install an add-on or browser extension, please try to get the original file from their official vendor and check whether they are signed and the certificate is valid.