Tip #18 Gone Phishing? Don’t Get Hooked!


Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Below is an example of a phishing campaign scam.


Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.

Tip #17 Don’t Be Forced to Pay for Your Stuff! (Ransomware)


Ransomware is a form of malware that prevents or limits a user’s access to their files or devices . The malware encrypts a user’s information and locks it using a secure private key. The attackers then force victims to pay a ransom, usually in the form of bitcoins, before they can get access back.

Ransomware is a huge threat but there are ways to protect yourself.

  • Perform regular backups.
  • Keep antivirus protection up to date. Get free Antivirus software from Fordham here.
  • Do not click on suspicious links or open suspicious attachments.

For more information see our in-depth research on ransomware here.


Tip #16 Be Wary of Malware


Malware is a name given to a malicious piece of software or code that is designed to compromise and disrupt the integrity and operation of your device and the privacy of your personal information and saved data. Worms, viruses, spyware and ransomware are common forms of malware.

Malware can infect your device through a variety of means that include being embedded in a malicious piece of software waiting to be executed, or passed through the network via a malicious link.

Once a malicious program has infected a device, its main task is to conceal itself by hiding itself from the user and from antivirus software. From there it will attempt to open backdoors to allow access to your device in the future.

The best way to protect yourself from these threats is to install antivirus software on your device. Keep your anti-virus definitions up to date to ensure complete coverage. Also check for operating system and software updates to ensure that you have no exploitable vulnerabilities on your device.

Tip #15 Be Aware of Your File Sharing Settings

File Sharing

File sharing settings on your computer can be dangerous if not implemented properly. Lax settings can allow malicious actors to transfer hostile files and applications to you without your knowledge. These malicious files can install malware on your machines or open up backdoors and avenues for malicious actors to further compromise your device.

Examine your file sharing settings to ensure that you are properly protected on untrusted networks. Requiring a password or restricting access completely are simple ways to prevent unwanted files from infecting your device.

Tip #14 Be Wary of Mandatory Software Downloads for Wi-Fi Access


Some establishments offer free Wi-Fi access after accepting their terms of service policies. You should always familiarize yourself with what you are agreeing to when connecting to these unsecured networks.

Beware of public Wi-Fi access point that require you to download software before you can gain access to the internet. It is a common practice to bundle malicious software and distribute it to unsuspecting users to gain access to their devices.

For access to Fordham’s Wi-Fi, Windows users are required to run a Java-based compliance scan that will ensure their computers meet Fordham IT security policy requirements. This requires enabled installations of the following:

  • Windows automatic updates
  • Up-to-date antivirus software
  • Firewall software

When these requirements are met, users will have full access to the University’s public network.

Tip #13 Pay Attention to Permissions and Privacy Policies


Application permissions on your mobile devices grant an application access to certain information or functions of your phone. When you install an application you are usually greeted with a pop up listing all the permissions the application requests access to. Such permissions include the ability to access your device’s storage and place phone calls. While many simply click through to get the application up and running, it is important to consider what the application is requesting access to and if it is entirely necessary.

If an application is requesting permissions that do not fit the functions of the application (i.e. “find accounts on this device” and “modify your contacts, read your contacts” for an application that only changes your background photo) consider denying the permission to the application. Be cognizant of the applications you download to your device and ensure it is doing only what you intend it to do.

The same principle applies to privacy policies. Though many choose to gloss over them, it is prudent to see how certain information is used, especially in regards to social media sites and applications that require permissions to your information.  Make sure you are comfortable with what that information will be used for and how the information is stored.

Alert: Notice of McAfee Class Action Settlement Email

This is an questionable email that has been reported. This message was
received on or about October 12th, 2016. It is advised that you DO NOT respond to this message or anything that looks like it. You may disregard and delete
this message if you did not use the product listed. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email:helpit@fordham.edu.

——————–Begin Message ——————————
From: McAfee Class Action Settlement Claims Administrator <administrator@qgemail.com>
Date: Wed, Oct 12, 2016 at 9:20 AM
Subject: Notice of McAfee Class Action Settlement.
To: user@fordham.edu

Personal Identification #: #########
Confirmation Code: #######
Class Action Settlement Notice
If you bought McAfee or Intel Security software between January 10, 2010 and February 10, 2015, you may be entitled to benefits from a class action settlement.
You must file a Cash Election Form to receive a cash payment.
To file a Cash Election Form, click here.
Read this notice carefully, as it affects your rights.
For more information, visit www.McAfeeWilliamsonSettlement.com or call 1-844-343-1478
WHAT IS THIS CASE ABOUT? Two consumers filed class action lawsuits saying that McAfee engaged in certain unfair practices about auto-renewal charges and the advertising of discounts and reference prices. McAfee denies that it did anything wrong. The settlement is not an admission of wrongdoing.
WHO IS INCLUDED? You are in the “Auto-Renewal Class” if you are in the United States and you: (1) were charged by McAfee for the auto-renewal of any McAfee or Intel Security software from January 10, 2010 to February 10, 2015; (2) your first auto-renewal charge was at a higher price than the price you paid McAfee for your initial software subscription; and (3) that auto-renewal charge was not fully refunded to you by McAfee or fully credited to you on your credit or debit card.
You are in the “Reference Price Class” if you are in the United States and: (1) you purchased from McAfee or manually renewed through McAfee a subscription for any McAfee or Intel Security software from January 10, 2010 to February 10, 2015, and (2) you paid a discounted price for that purchase or manual renewal.
If you received this notice, you have been identified as being in the Auto-Renewal Class, based on McAfee’s records.
WHAT DOES THE SETTLEMENT PROVIDE? McAfee has agreed to provide an $11.50 settlement benefit to all class members in the Auto-Renewal Class. You can elect to receive the $11.50 settlement benefit as cash, but only if you file a Cash Election Form by no later than December 23, 2016. Eligible class members who don’t file a Cash Election Form will instead receive an $11.50 McAfee value certificate good towards the purchase of McAfee or Intel Security consumer products. In addition, McAfee has agreed to implement certain practice changes concerning auto-renewal transactions and pricing advertisements. For more information, visit www.McAfeeWilliamsonSettlement.com.
HOW DO I RECEIVE A CASH PAYMENT? You must file a Cash Election Form to receive a cash payment. There are two ways to file a Cash Election Form: (1) File online, at www.McAfeeWilliamsonSettlement.com; or (2) Print a Cash Election Form, available at www.McAfeeWilliamsonSettlement.com, fill it out, and mail it (with postage) to the address listed on the Cash Election Form. Cash Election Forms must be filed online or postmarked by December 23, 2016. If you file online, you can choose to receive the cash payment as a check or as a direct credit to your PayPal account. For Cash Election Forms filed by mail, cash payments will be made by check. Only eligible class members will receive payments.
YOUR OTHER OPTIONS. If you don’t want to receive a cash payment or other settlement benefits and don’t want to be bound by the settlement and any judgment in this case, you must send a written request to exclude yourself from one or both classes, postmarked no later than November 28, 2016. If you exclude yourself, you will not receive benefits from the settlement. If you don’t exclude yourself, you will give up the right to sue McAfee and related entities about any of the issues related to this case. If you don’t exclude yourself, you may object to the settlement or to the request for fees and costs by Class Counsel. The detailed class notice, available at www.McAfeeWilliamsonSettlement.com, explains how to exclude yourself or object. The Court will hold a hearing in the case (Williamson v. McAfee, Inc., Case No. 14 cv 158 EJD; Kirby v. McAfee, Inc., Case No. 14 cv 2475 EJD) on January 26, 2017 at 10:00 a.m., to consider whether to approve: (1) the settlement; (2) attorneys’ fees and costs of up to $2,400,000 for Class Counsel, to be paid by McAfee in addition to the benefits provided to class members; and (3) service awards of $1,250 each for the two class representatives in this case. You may appear at the hearing, but you don’t have to. The Court has appointed attorneys (called “Class Counsel”) to represent the class members. These attorneys are listed in the detailed class notice. You may hire your own attorney to appear for you, but if you do so, it will be at your own expense.
WHERE CAN I GET MORE INFORMATION? For more information, visit
www.McAfeeWilliamsonSettlement.com or call
A federal court authorized this notice. This isn’t a solicitation from a lawyer. You aren’t being sued.
——————–End Message ——————————

Tip #12 Keep Software Up-To-Date


Companies release patches to improve on software that you may have installed on your system. These patches improve on software functionality and possibly add new features. These updates also address possible vulnerabilities that may have been discovered post-release.

It is important to install these updates as soon as possible. While not all vulnerabilities present in software may affect you, it is better to be safe than sorry. Any vulnerability can be a cause for concern when trying to safeguard your personal information and device.

Be sure to update your devices and software regularly, to include your anti-virus software, Windows, and Mac devices.

Tip #11 Use Two-Factor Authentication



Two-Factor Authentication (also known as two step verification) is an extra layer of security that can be enabled on many different services such as Facebook, Twitter, LinkedIn, Microsoft, Google, Apple, etc.. Two factor authentication requires not only a username and password but also something you possess (passcode, secret key, etc.)  or something you are (fingerprint, gait, etc.).

Using two-factor authentication can help to lower cases of identity theft and phishing. Attackers may initially be able to acquire your password but the second layer of protection may not be as easily compromised thus adding complexity to accessing a given account. It is an ever-increasing way to keep your accounts and information more secure.

Check with your services and consider activating two-factor authentication today.

Image Source: https://www.integritysrc.com/blog/263-why-is-two-factor-authentication-2fa-important-for-remote-access

Tip #10 Avoid Conducting Sensitive Business over Public Wi-Fi Networks


Public unsecured Wi-Fi is a huge target for malicious actors looking to steal the identities of others in order to commit fraud. The next time you stop at a public Wi-Fi hotspot you could also be sitting near someone committed to trying to compromise your information.

Also consider that data that is transmitted over Wi-Fi hotspots is not secure and generally not encrypted. This is much easier to capture, therefore, it’s safer to keep personal information and transactions away from publicly accessible unsecured networks. It is possible for someone to perform what is called a man-in-the-middle attack, in which they are able to redirect given traffic to a malicious site to further compromise your information or your machine.

Another danger of using public Wi-Fi aside from the risk of your information, malicious attacker can hijack the connection point of thew Wi-Fi and prompt pop ups to occur which when clicked can download malware. These cases are more rare than just the collection of information of the viewing of the traffic from a given machine, but it is still possible.

For these reasons it is smart to stay off of public Wi-Fi unless absolutely necessary. In cases where it is necessary use a VPN (Virtual Private network) connection, keep your machine up-to-date , and avoid conducting sensitive business over public Wi-Fi networks.