Royal Army College

Lesson Overview

For most members, the web browser is the single most-used door between their device and the wider world, and so it is also the door through which a great deal of trouble arrives. Lessons 02 to 05 secured the credentials, taught the recognition of phishing, hardened the device, and disciplined how information is handled; this lesson takes the everyday act of browsing the web and the habits that keep it safe. A surprising share of cyber incidents begin not with a clever hack but with an ordinary person visiting a malicious site, clicking a deceptive link, or downloading something they should not, so the disciplined browser is one of the most valuable everyday defences a member has, and it costs nothing but attention and a few good habits.

The governing idea is that the browser is the front door, and you verify before you trust. The web is enormously useful and mostly benign, but it is also where deception is cheapest and most common: a fake site costs nothing to build, a malicious link nothing to send, a deceptive download button nothing to place, and all of them rely on the user trusting what they see without checking. So safe browsing is, above all, the habit of not taking the web at face value: confirming that a site is what it claims before entering anything sensitive, treating links and downloads as suspect until checked, and keeping the browser itself hardened. The member who browses with this disciplined, slightly sceptical attention closes the commonest avenue by which trouble reaches a device, while the one who clicks and trusts freely opens it.

This is the knowledge layer of safe browsing; the real protection comes from making these checks a habit, performed automatically every day. It rests on the recognised cyber-hygiene foundations brought down to earth, as the whole course does, and it is defensive throughout: the aim is to protect the member and the Principality's systems, never to attack or intrude. Read this to know the habits; the safety comes from keeping them.

By the end you will be able to explain why the browser is a chief avenue for trouble, recognise safe and unsafe sites and check a web address, browse and download safely while avoiding malicious sites and deceptive links, keep the browser itself hardened, and apply the habit of verifying before trusting on the web.

Key Terms

Web browser: the program used to visit websites; for most members the most-used connection between their device and the wider internet, and a chief avenue for threats.
URL (web address): the address of a web page, which can be read to check whether a site is genuinely what it claims to be.
HTTPS and the padlock: the sign that a connection to a site is encrypted; necessary but not sufficient for trust, because even fake sites can use it.
Typosquatting: registering web addresses that look almost like a genuine one (a misspelling or extra word) to deceive users who do not read the address carefully.
Malicious site: a website built to harm visitors, by deceiving them, stealing credentials, or delivering malware.
Drive-by download: malware delivered simply by visiting a compromised or malicious page, often without any obvious click.
Deceptive link: a link whose displayed text or appearance hides where it actually leads, used to send users to malicious or fake sites.
Browser hardening: keeping the browser updated and its settings and extensions safe, so the browser itself is not a weakness.
Extension (add-on): a small program that adds features to a browser, which can be useful but can also be malicious or over-privileged if installed carelessly.
Verify before you trust: the governing habit of confirming that a site, link, or download is genuine before entering anything sensitive or running anything.

The browser as the front door

It is worth seeing clearly why the browser matters so much to security: it is the place where the member's device meets the open internet most often and most directly, and therefore where it meets most of the internet's threats. Almost everything an ordinary member does online, reading, signing in to services, downloading files, filling in forms, passes through the browser, which makes the browser the busiest crossing point between the safe inside of the device and the unsafe outside, and crossing points are where defences matter most. A great many cyber incidents trace back to something that came through the browser, a visited malicious site, a clicked link, a downloaded file, which is why safe browsing is not a minor topic but one of the central everyday disciplines.

The reason the web is so fertile for deception is that, on the web, appearances are cheap and easily faked. In the physical world, a convincing fake of a bank or an official office takes real effort; on the web, a fake site that looks identical to the real one can be made in minutes, a deceptive link costs nothing to send, and a malicious download can be dressed up as anything. The attacker's whole method is to make the fake look like the real and rely on the user trusting what they see, and because faking the appearance is so easy, the user cannot safely trust appearance alone. This is the heart of the problem: the web presents a polished surface that may or may not be what it seems, and safe browsing is the discipline of not being fooled by the surface.

From this comes the single habit that organises the whole lesson: verify before you trust. Because appearance is unreliable, the safe member does not extend trust, by entering a password, downloading a file, acting on a link, on the strength of how a thing looks, but checks first that it is genuine. This is the same scepticism the phishing lesson taught, applied to the web at large: the link, the site, the download are treated as unproven until verified, and only then trusted. The rest of this lesson is the practical content of that verifying.

Recognising safe and unsafe sites

The first skill of safe browsing is checking that a site is what it claims to be before entering anything sensitive, and this rests mostly on reading the web address (URL), because the address is the one part of a site an attacker cannot perfectly fake: they can copy a site's look exactly, but they cannot use its real address. So the disciplined member, before entering a password or sensitive information, checks the address in the browser's address bar and confirms it is genuinely the site they intend, not a deceptive look-alike.

The chief deception to guard against is typosquatting and look-alike addresses: web addresses that resemble a genuine one closely enough to fool a careless reader, a subtle misspelling, an extra or swapped word, a different ending, so that a fake site sits at an address one character off the real one. The member reads the address carefully, the whole of it, looking for these tricks, because the difference between the real site and a credential-stealing fake may be a single letter. A site reached by clicking a link is especially suspect, because the link may have sent the user to the look-alike; the safest practice for sensitive sites is to type the address yourself or use a saved bookmark rather than trusting a link to take you to the genuine site.

A word on HTTPS and the padlock, because they are widely misunderstood. The padlock and "https" mean the connection to the site is encrypted, which is good and necessary, but it does not mean the site is genuine or safe: encryption protects the data in transit, not the honesty of the site, and fake and malicious sites can and do use HTTPS and show a padlock too. So the padlock tells you the connection is private, not that you can trust who is on the other end; absence of the padlock is a clear warning, but its presence is not a guarantee. The member uses the padlock as one signal among several, never as a substitute for reading the address and judging whether the site is genuine. Recognising a safe site, then, is mainly reading the address carefully, preferring typed addresses and bookmarks for sensitive sites, and not mistaking the padlock for proof of honesty.

   CHECKING A SITE BEFORE YOU TRUST IT

   READ THE ADDRESS      the URL is the one thing an attacker can't fake;
                         read the WHOLE address, watch for typosquatting
                         (a letter off, an extra word, a wrong ending)
   TYPE IT / BOOKMARK    for sensitive sites, type the address or use a
                         saved bookmark, don't trust a LINK to take you there
   PADLOCK = PRIVATE,    HTTPS/padlock means the connection is encrypted,
     NOT SAFE            NOT that the site is genuine (fakes use it too).
                         No padlock = warning; padlock = not a guarantee.

   VERIFY BEFORE YOU TRUST: confirm the site is genuine BEFORE entering
   a password or anything sensitive.

Browsing and downloading safely

Beyond checking sites, safe browsing is a set of habits around links and downloads, the two things that most often carry trouble through the browser. With links, the discipline is the one the phishing lesson taught, applied everywhere: a link's displayed text or appearance does not reliably tell you where it leads, so before clicking, especially from an email, a message, or an unfamiliar site, the member checks where it actually goes (by hovering to see the real address, or by caution with shortened or disguised links) and does not click links that are unexpected, unsolicited, or that lead somewhere other than they claim. The deceptive link, whose appearance hides its destination, is the web's commonest delivery vehicle for fakes and malware, and treating links as suspect until checked is the defence.

With downloads, the rule is to download only from sources you trust, and treat everything else as suspect. Software and files are a common way to deliver malware (the subject of the next lesson), so the member downloads programs only from their genuine, official sources, never from a random site, a pop-up, or a link of unknown origin, and is especially wary of the deceptive "download" buttons that malicious and cluttered sites use to trick users into downloading the wrong thing. A file offered unexpectedly, a program from an unofficial source, a download that started by itself, are all treated as dangerous until proven otherwise. Where the device or the Army provides security tools that scan downloads, the member uses them, but the first defence is simply not downloading from untrusted sources.

A particular danger to know is the drive-by download and the malicious site that harms simply by being visited: some compromised or hostile pages can attempt to deliver malware on mere visit, with little or no clicking, which is one more reason to avoid dubious sites altogether and to keep the browser updated (the patching of Lesson 08), since an up-to-date browser is far better protected against these attacks than an old one. The safe browser, then, treats links as suspect until checked, downloads only from trusted sources, avoids dubious sites entirely, and keeps the browser current, which together close the main ways trouble rides in through ordinary browsing.

Hardening the browser, and the habit of scepticism

The browser itself should be hardened, so that the door is sound as well as watched. The most important measure is to keep the browser updated, because browser makers constantly fix security flaws that attackers exploit, and an out-of-date browser carries known holes that a current one has closed; this is the patching discipline of Lesson 08 applied to the most exposed program on the device. Beyond updates, the member is careful with extensions (add-ons): useful as they can be, extensions are programs with access to your browsing, and a malicious or over-privileged extension is a real risk, so the member installs only extensions they genuinely need, from trusted sources, and removes those they do not use. Sensible browser settings, and caution with the pop-ups, scripts, and ads that dubious sites use to deceive, complete the hardening. A hardened browser, current, with only trusted extensions and sensible settings, is much harder to turn against its user.

Running through all of it is the habit this lesson keeps returning to: a disciplined, slightly sceptical attention to what the web presents. The safe member browses with a quiet awareness that appearances may be faked, checking addresses before trusting sites, links before clicking, sources before downloading, and not letting the web's polished, convincing surface substitute for verification. This is not paranoia or a fear of the web, which is mostly benign and immensely useful, but the same ordinary prudence one would use with a stranger's claims in the physical world, applied to a medium where claims are even cheaper to fake. The member who makes "verify before you trust" an automatic habit, performed in a moment without friction, browses safely without thinking hard about it, which is the goal: not a constant anxious effort, but a settled, low-cost discipline that closes the browser as an avenue for trouble. The browser is the front door; the safe member keeps it sound and watches who comes through it.

In Practice: An Ordinary Member, an Ordinary Day's Browsing

A member of the Royal Kaharagian Army goes about an ordinary day's web use, and the difference between safe and unsafe browsing is made not by any dramatic event but by a handful of small habits kept or skipped. A careless member trusts what they see, clicks freely, downloads from wherever is convenient, and is, sooner or later, caught by a fake site or a malicious download. The disciplined member browses by the habits of this lesson, and is not.

Needing to sign in to an Army or official service, the member does not click a link in an email to reach it but types the address or uses a saved bookmark, because they know a link could send them to a credential-stealing look-alike. At the sign-in page they read the address carefully, confirming it is genuinely the right site and not a typosquatted fake one letter off, and they note the padlock but remember it means only that the connection is private, not that the site is honest, so the address check is what they rely on. Later, an unexpected message offers a link; the member checks where it actually leads before clicking and, finding it disguised and unsolicited, does not click it. Needing a piece of software, they download it only from its genuine official source, ignoring the deceptive "download" buttons and the offer from an unknown site, because they treat downloads from untrusted sources as dangerous.

None of this costs the member more than a moment's attention, and none of it makes their day harder; it is simply the settled habit of verifying before trusting, performed automatically. They keep their browser updated so it is protected against the latest attacks and the drive-by sites, and they run only the few extensions they trust. At the end of the day nothing has gone wrong, not because nothing tried, a disguised link and a dubious download both passed through their day, but because the member met the web with a quiet, disciplined scepticism and closed the front door to both. That is safe browsing: not fear of the web, but the ordinary prudence that keeps its commonest dangers out.

Check Your Understanding

Explain why the web browser is "the front door" and a chief avenue for cyber trouble, and why "appearances are cheap and easily faked" on the web. What single habit organises safe browsing?
Describe how to check that a site is genuine: reading the web address, guarding against typosquatting, preferring typed addresses and bookmarks for sensitive sites, and why the padlock (HTTPS) means the connection is private but not that the site is safe.
Set out the habits for safe links and downloads (treating links as suspect until checked, downloading only from trusted sources, avoiding dubious sites, the danger of drive-by downloads) and how the browser itself is hardened (updates, careful with extensions, sensible settings).

Reflection (write a short paragraph): This lesson argues that on the web the user cannot safely trust appearance alone, because a convincing fake costs an attacker almost nothing, and that the defence is the low-cost habit of verifying before trusting. Think about how often you click a link or enter a password on a site without really reading the address or checking where the link goes. What would it take to make "read the address, check the link, trust the source" an automatic habit for you, performed in a moment, and why is that small, settled discipline worth more than occasional bursts of caution?

Summary

The web browser is the most-used and most direct crossing between a member's device and the open internet, and so a chief avenue for cyber trouble. On the web, appearances are cheap and easily faked, so the user cannot trust appearance alone; the organising habit is verify before you trust.
Check that a site is genuine by reading the web address carefully (the one thing an attacker cannot fake), guarding against typosquatting (look-alike addresses a letter or word off), and preferring to type the address or use a bookmark for sensitive sites rather than trusting a link. The padlock/HTTPS means the connection is encrypted, not that the site is genuine, fakes use it too.
Browse and download safely: treat links as suspect until you check where they lead (the deceptive link is the web's commonest delivery vehicle), download only from trusted, official sources (beware deceptive "download" buttons), avoid dubious sites entirely (the drive-by download can harm on mere visit), and keep the browser current.
Harden the browser: keep it updated (it is the most exposed program; Lesson 08), install only extensions you need from trusted sources, and use sensible settings, with caution toward pop-ups, scripts, and ads on dubious sites.
The aim is a settled, low-cost scepticism, ordinary prudence applied to a medium where claims are cheap to fake, made an automatic habit so browsing is safe without constant effort, not fear of the web but a quiet discipline that closes its commonest dangers.
This is the knowledge layer; the protection comes from keeping these checks as daily habits. The lesson applies the link-and-deception scepticism of Lesson 03 (phishing) and the device discipline of Lesson 04, depends on the updates of Lesson 08, leads into the malware and scams of Lesson 07, and feeds the spotting and reporting of Lesson 10. Everything here is defensive and lawful.

Safe Browsing and the Web