According to Andrew Brandt, lead threat research analyst with Webroot, fake updates are a growing problem on the internet. Fake security alerts, he says, pop up when you least expect them, and phishing web pages are more cleverly designed than ever to steal your passwords.
The answer, he said, is quite simple: You have to think before you act, and make sure you understand the consequences of whatever you do, write, post, or click online.
In a blog posting made last night, Brandt said: "Once you develop your Internet spidey senses, you'll be able to spot something that's out of place, or weird, or just dodgy before it catches you out."
"Despite the increasingly clever tricks criminals employ, they still have to lie and cheat in order to steal. What follows are a few easy ways you can catch them out in their lie before it's too late."
Learn distrust
Brandt argues that what most criminals want is money, and cyber criminals get it by stealing information, then either selling or using that stolen information – commonly known as data theft in the IT security industry.
But, he says, it's not as easy as it used to be for cybercrminals to simply break in to people's computers. As computers become increasingly hardened against attack, he notes that internet criminals have turned their attention to the weakest links in a user's security armour.
"So criminals instead try to lure their victims to visit a web page, like an anglerfish, by offering the victim something he or she wants. When the victim visits the website, the criminal springs the trap", he said.
"If the trap is to convince you to give up a username and password, it's called phishing. If the trap is designed to infect your computer with dangerous trojan horse software or viruses, it's called an exploit. If the exploit forces your browser to get a trojan horse, without you doing anything other than clicking a link, it's called a drive-by download", he added.
According to the Webroot researcher, if a URL to something looks suspiciously like a trap, users should search for the words in the link using one of the major search engines.
Don't fall for the common tricks
Brandt says you can also usually tell when a page is a phishing site, simply by looking at the address bar in your browser.
Web addresses, he adds, can contain any number of words, but the most important part of the address is the domain name, the word that appears immediately before that appears to the left of the domain name is extraneous.
Protect yourself
There are a few other things you can do to make sure you don't end up a victim, says the security researcher.
User should update their computer and its programs, including security applications. If you use a Windows computer, then the Windows update website will make sure the operating system is protected.
Make sure you've updated Adobe Flash, Adobe Acrobat Reader, your web browser, and whatever instant messaging or chat programs you use.
"And if you use any kind of antivirus software, make sure it updates itself at least daily, and set it up to scan your computer periodically."