Yale University

ITS Information Technology Services

Yale ITS Home

Help Desk
203.432.9000
203.785.3200

ITS Office
Yale University
25 Science Park
P.O. Box 208276
New Haven, CT
06520-8276
USA

Using the web securely

Free programs and utilities on the Internet can be a source of security vulnerabilties. Those seemingly harmless games, and utilities can work behind the scenes to:

  • Transfer malicious code to your computer when you download seemingly harmless software
  • Send a thief your passwords, or your credit card information

Web pages are very easy to fake

Because of the relatively open nature of web technology, it is very easy for criminals to fake the look of web pages with very convincing graphics.

How to tell you are on a legitimate site, and not a fake

  • Always navigate to a sales site with your own links or a URL that you type in, and never with links in an email.
  • Be very suspicious of obvious typos in text, odd words or phrases, or the feeling that the site just doesn't look right. It's easy to steal graphics, but thieves are often very clumsy writers.
  • Check the URL line at the top of your browser windows from time to time to be sure you are linked to a real site with a familiar URL (e.g. http://www.netflix.com, or http://www.amazon.com).

If you ever see an IP number in a URL, leave the site immediately. It is almost certainly a fraudulent site:

Example of a rogure web iste using an IP number instead of a legitimate URL.

Software downloads from the Web

Download software only from Yale servers or well-known software vendors (Apple/Microsoft/Symantec).

Purchasing through the web

Use the Yale E-Portal to link to University-approved vendors or type in the URL yourself. If a vendor is not linked-to from this site, check with the Purchasing Office before making an alternate web-based purchase.

For your personal web purchases, always navigation to familiar, well-known vendors through your own web links (e.g., type "www.amazon.com" into the browser yourself, or follow your own saved links). Do not use web links links embedded in emails messages to you.

When you are ready to "proceed to checkout" to buy your items, or make any kind of payment on the web, always check to be sure the payment information are secure web pages with URLs that start with "https:"

Beware of fraudulent links to impostor web sites

If you are wary of a link you see within your web browser, you can confirm that an embedded link goes where it is expected to go, BEFORE you click on it. There are two ways to do this:

  1. In a browser, roll your cursor over the link and look at the bottom left of the screen. The expected or familiar URL should display (e.g., http://www.amazon.com/...). If it doesn't, try step 2.
  2. Copy the link text and then paste the link into Microsoft Word. After pasting in the link, move your cursor over the link text to see the Word URL pop-up. A legitimate link will show a the expected or familiar URL. If there's not an exact match, the URL looks odd or misspelled, or the URL has an IP number within it, it is a link to a fraudulent site.

Example of a fraudulent link pasted into Microsoft Word:

A fraudulent email link pasted into Word, showing the real hidden URL.

Related topics

Jump to top.

Last modified: Wednesday, 27-Aug-2008 15:14:46 EDT. (pl)