please call asap – Spam Email Sent to the Fordham Community on 11/30/2016

This is a Spam email that has been reported. This message was
received on or about November 30th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: “Performance SLC” <slc@performanceslc.org>
Date: Fri, Nov 4, 2016 at 12:48 PM
Subject: please call asap
To: user@fordham.edu

Dear User,

Records indicate you have inquired in the past for student loan relief. You may now meet the new criteria for a student loan forgiveness program which may include loan consolidation into one new low payment, monthly payment deferments, loan discharge, or even complete loan forgiveness.

We are an A-rated BBB accredited agency, that offers graduated students help with a money back guarantee. You won’t pay us anything unless we complete your enrollment, and your call-in consultation does not cost you anything either.

Connect with a specialist now at  888-870-6120

It only takes a few minutes to find out your options. Call our direct line, and be instantly connected without waiting on hold between the hours of 7 AM- 6 PM PST(Pacific Standard).

Sincerely,

Performance SLC
888-870-6120

17748 Sky Park Cir.
#150
Irvine CA 92612
USA

To unsubscribe or change subscriber options visit: (LINK HERE)

—————————–End Message —————

Article: How to protect yourself while online shopping for the holidays

A recent article from Mashable provides researched geared towards protecting yourself online while shopping for the holidays:

—Begin—

With many retailers offering internet-only promotions to go along with their in-store doorbusters, more Americans than ever seem to be choosing to stay home to take advantage of the best deals of the season.

Research from Visa projects an 18 percent increase in online holiday spending this year, which follows 16 percent growth over the 2015 season from the year before. That uptick in 2015 resulted in about $11 billion of online sales over the five-day Thanksgiving weekend period (Thanksgiving Day through Cyber Monday). That’s why it’s essential that shoppers protect themselves and their personal information more than ever in 2016. Especially since “25 percent of all security breaches [are] taking place in the retail sector,” said Experts Exchange COO Gene Richardson in a statement to Mashable.

As a former head of the data security teams of IBM, Charles Schwab and Motorola, Richardson has extensive experience advising companies and consumers alike on how to avoid fraud and protect their identities online.

With that in mind, he’s assembled a set of helpful online shopping safety tips:

1. Ensure that the website address is secure and has a valid encryption certificate. It will usually display a “locked, green” indicator in front of the website name. If it doesn’t have that, it does not have a higher level of security that has been guaranteed by a known entity like Verisign, Symantec and others.

2. Ensure your system has the most recent recommended system and security patches.

3. Always use a credit card that is not tied directly to your personal bank account(s), even if you are using PayPal, Bitcoin or some other payment method.

4. Never give anything other than name, address and phone number. You should not need to answer security or privacy questions when making a purchase or checking out. If they ask, see if you can checkout as a “guest” instead.

5. Monitor your credit through a third party for identify theft and have SMS and email alerts sent to you immediately.

6. Set-up alerts with your credit card company that send both SMS and emails when any purchases are made and the credit card was not scanned (meaning, it wasn’t in someone’s hand when the charge was made). Set them as low as $25 per purchase. Also, set-up alerts for total purchases over $500 in a billing period to protect multiple $24.99 purchases. And if possible, a maximum amount of purchases allowed in a billing period such as $1500 before card will get declined.

7. Ensure that you have a reputable Antivirus program running on your computer and that your browser has an Ad blocking plug-in.

8. Ensure that the network your computer/device is on is secure and you know who has access to your network. This is usually done with your router. You want to lock down your router so that traffic can be initiated from the inside-out but you do not want traffic to be initiated from the outside-in. If you are using a WiFi connection, make sure that network is also secure and requires a password to join. If it is a public WiFi network that doesn’t require a password, then the traffic coming from your device can be monitored and stolen.

9. Any passwords that you use should be strong, hard to guess ones. Or, even better, hard to guess, but easy to remember.

10. Don’t click on unfamiliar links to sites advertising sales, coupons, etc.

11. Use two-factor authentication/verification, if it is offered.

Mobile Concerns

To stay safe while shopping on your phone or tablet, be sure to follow these tips, according to RiskIQ:

1. Only download apps from official app marketplaces like Google Play or Apple’s App Store.

2. Be wary of applications that ask for suspicious permissions, like access to contacts, text messages, administrative features, stored passwords, or credit card info.

3. Check out the background of an app before downloading. Research the developer and be cognizant of the spelling of brand names.

4. Make sure to take a deep look at each app. New developers, or developers that leverage free email services (e.g., @gmail) for their developer contact, can be enormous red flags — threat actors often use these services to produce mass amounts of malicious apps in a short period. Also, poor grammar in the description highlights the haste of development and the lack of marketing professionalism that are hallmarks of mobile malware campaigns.

Common Sense

Just like any other time of the year, a deal found online over Thanksgiving weekend that seems too good to be true might be just that.

In addition to Richardson’s first tip about web page encryption certificates, always check website addresses after following links on Twitter, Facebook or even Google to be sure you haven’t been redirected. Legitimate retailers will almost always be determined by the “S” in HTTPS at retail sites.

Finally, keep your personal and financial information close at hand. Never provide anything until you’ve done your homework on a site or app, and even then never input anything until you’ve selected your purchase and are checking out.

With a measured approach to online shopping, you can dodge the in-store lines and the security risks this holiday season.

—End—
Source: http://mashable.com/2016/11/21/online-shopping-safety-black-friday-cyber-monday/#6OHl_1zRaqql

Article: Random text? Wait, wait, don’t click that!

“Here’s a tip that’s worth repeating:

Don’t click on a link in a text message you get on your phone that says you’ve won a terrific prize or a gift card, or that asks you to click on a link. Don’t reply either. It’s probably a scam.

The Federal Trade Commission settled charges with a group of marketers that were part of a scheme that sent millions of unsolicited spam text messages promoting supposedly free merchandise like $1,000 gift cards for Wal-Mart and Best Buy.

People who clicked the links in the messages didn’t get the promised prizes. Instead, they were taken to websites that asked them to give personal information and sign up for multiple offers, often involving purchases or paid subscriptions.

What can you do about unwanted text messages?

  • Delete unwanted text messages that ask you to enter a special code, or to confirm or provide personal information. Legitimate companies won’t send you a text asking for sensitive information.
  • Don’t click on links in the text message. Links can take you to spoof sites that look real but will steal your personal information.
  • Report spam texts to your carrier. Copy the original message and forward it to 7726 (SPAM) free of charge, if you are an AT&T, T-Mobile, Verizon, or Sprint subscriber.”

Though scams involving free gift cards and merchandise are common there are also other types of scams prevalent via text messages. Below is an example of  a scam text message.

textscam

Source: https://www.consumer.ftc.gov/blog/random-text-wait-wait-dont-click

Article: Post-Election Spear Phishing Campaigns

A recent article warns of election related spear-phishing and malware infected emails.

—Begin—

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns.

These e-mails came from a mix of attacker created Google Gmail accounts and was appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS). These e-mails were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies. Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged. The last attack claimed to be a link to a PDF download on “Why American Elections Are Flawed.”

The post-election attacks launched by the Dukes on November 9 were very similar to previous attacks seen from the Dukes in both 2015 and 2016. The PowerDuke malware, first seen in August 2016, was once again used in these most recent attacks. Three of the five attack waves contained links to download files from domains that the attackers appear to have control over. The other two attack contained documents with a malicious macros embedded within them. Each of these different attack waves were slightly different from one another and are detailed below.

Attack Wave 1: eFax – The “Shocking” Truth About Election Rigging
Attack Wave 2: eFax – Elections Outcome Could Be revised [Facts of Elections Fraud]
Attack Wave 3: Why American Elections Are Flawed

—End—

More information can be found at: https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/

Webmail Filter Activity- Phishing Email Sent to the Fordham Community on 11/04/2016

This is a Phishing email that has been reported. This message was
received on or about November 4th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From:  Candelaria, Marcella U <candelaria_mar@aps.edu>
Date: Fri, Nov 4, 2016 at 12:48 PM
Subject: Webmail Filter Activity
To: user@fordham.edu

Please note that your Mailbox Filter is not active. Kindly Update Now to get new mails. (LINK HERE)

Thank you,

Candelaria Marcella

ITS support for Faculty and Staff

—————————–End Message —————

Tip #21 Get Antivirus Protection!

computer-security

A very common cause for device issues is the lack of antivirus software or antivirus software that is outdated (i.e. threat signatures out-of-date). This sometimes overlooked layer of protection can have heavy consequences for the user and is an easy way for a machine to become compromised.

A virus as we outlined in previous tips can do a number of things to a device such as make it run slowly, prevent the device from booting up properly, steal personal information, etc. For this reason is is prudent to have up-to-date antivirus software on all your devices.

An antivirus software’s main objective is to defend against these threats while also seeking out and removing any threats to your system. This can only be truly effective with regular virus definition updates and periodic scans.

Again, Fordham IT offers free antivirus software protection.

Article: Free Tools to Remove Ransomware Infections From Your PC

“Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC . Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.”

You can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection as well as links to the the No More Ransom Project and Malware Hunter Team’s ID Ransomware online service in the article.

Source:http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools/

Tip #20 Avoid Unlicensed Mobile Applications

1375185835133121347-account_id=1

There are ways in which some users manipulate their devices to accept unsigned or unlicensed apps on to their devices in order to circumvent some barriers. Taking these measures to install unfiltered apps is very dangerous. Installing pirated apps carries a heavy security risk.

The intention of the app “hackers” in many cases could be to inject malicious code that could compromise your mobile device. Many users save information on their mobile devices such as email passwords, banking information, contacts, Wi-Fi Passwords, etc.

By trying to circumvent the system in place that screens apps, you could be putting your personal information in danger.

Tip #19 Don’t Let Your Computer Get Sick (Viruses)

screenshot1

Viruses are small software programs that perform malicious actions and are designed to systematically spread from one device to another. These programs can perform malicious tasks that include deleting data, replicating itself by spreading through emails to your contacts, etc.

Viruses are often received through email attachments from untrusted sources. It is essential that users do not open attachments from other users unless you know who it is from and are expecting an attachment.

To protect yourself from viruses it is important to keep your device up-to-date as well as downloading the latest antivirus definitions.

Things you can to to protect yourself from devices include:

  • Use a pop-up blocker
  • Don’t open email’s or attachments from untrusted sources.
  • Use an anti-malware app
  • Keep your operating system updated

Tip #18 Gone Phishing? Don’t Get Hooked!

Phishing

Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Below is an example of a phishing campaign scam.

phishing_email_example

Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.