Author Archives: Elizabeth Cornell

Tip #22 Cyberbullying: How to Get Help

Screen Shot 2015-10-26 at 4.14.40 PM

 

Cyberbullying doesn’t end at high school graduation. It can continue in college, too. You’d think that people who bully would grow out of this behavior, but college is a high-stress place. Tiffs between ex-boyfriends and ex-girlfriends can spiral out of control. Rifts among roommates or between athletic teams and individual players at other schools can escalate to the virtual world.

One common arena for cyberbullying is social media. Facebook, Twitter, Instagram, and other services provide easy opportunities for students to spread negativity and put personal vengeances into action. Cyberbullying can also happen via email, text messages, and embarrassing images and videos posted online.

Negative emotions and fear grow and take on a life of their own through manifestation on the Internet, as seen most tragically with the cyberbullying situation that involved Rutgers student Tyler Clementi in fall 2010. Mental and emotional-based cyberbullying acts may set the stage for other acts of aggression, such as physical bullying or even school shootings.

If you are a witness of cyberbullying, speak out for the victim and try to put an end to it. If you don’t feel comfortable doing that, or if you are the victim and don’t feel safe speaking up, contact a trusted authority, such as a parent or school official, who can help put an end to the bullying. For more signs and prevention of cyberbullying, see this government website on cyberbullying.

At Fordham University, we maintain an office that specifically handles complaints about discrimination, which may involve acts of cyberbullying. Other supports include the University’s Integrity Hotline. Fill out a report about cyberbullying, and it will be directed to the appropriate office–be it the University Information Security Office, the Office of Public Safety, or somewhere else–for addressing your situation.

Finally, if you have engaged in cyberbullying, it can be helpful to talk to a counselor or trusted adult to help you sort out the reasons behind this behavior. Fordham has resources for that, too.

By Nicole Kagan, Fordham IT News Editor.

Tip #21 So There’s No Fault: Default to No Automatic Downloads

Image: "Beautiful Polaroid Camera Sculpted in Lego," Wired. The original Polaroid Land Camera processed a photograph instantly, producing one paper copy only per image.

Image: “Beautiful Polaroid Camera Sculpted in Lego,” by Arvo. Wired. The original Polaroid Land Camera processed a photograph instantly, producing one paper copy only per image.

That cute picture attached to your email might be a virus in disguise. Many email clients, including Gmail and Outlook, are configured by default to block automatic picture downloads from the Internet. It’s best to keep the default settings because they can help you:

  • Avoid viewing potentially offensive material (when external content is linked to the message).
  • Keep malicious code from damaging the data on your computer.
  • Decide whether a particular image warrants the time and bandwidth required for downloading it, if you are on a low-bandwidth connection.

For more information read Block or unblock automatic picture downloads in email messages.

Tip #20 Public WiFi: Use Sparingly and Safely

Miami Beach

Image: Vintage postcard.

It sounds like a great plan: Finish your history paper on the plane and email your paper from Miami Beach. As soon as you click “send,” you can slap on the suntan oil and vacation will begin!

You’re expecting to the pay the hotel for the privilege of using their WiFi connection. But as you’re about to connect to the hotel network, you notice a network called Free WiFi.

Don’t join that network! Even if you have to pay, it’s much safer to use the hotel’s network with your computer’s settings adjusted for using a public network.

Hooking up to a free network or hot spot, supported by an unknown source, may cause you to become a victim of a common WiFi scam. Hackers make available an Internet connection that looks legitimate. In reality, you’re connecting to their computer and they’re watching every move you make. All your traffic goes through their computer, allowing them to gather personal information like emails, usernames, passwords, and credit card numbers. They can even lodge a virus in your computer. And you won’t know a thing about it, until it’s too late.

The history paper might have been sent for free, but ultimately it will cost much more than the hotel’s WiFi connection.

When you’re tempted to join a free WiFi connection, think twice! Limit your risk when you connect to ANY public network, free or paid, by following these security tips:

  • First and foremost, do not connect to unfamiliar networks.
  • Never join a network identified as computer-to-computer.
  • Verify that your computer is not set up to automatically connect to networks.
  • Turn off file sharing while traveling.
  • Use antivirus software and keep it updated. Fordham has free antivirus protection for students, faculty and staff.
  • Install security patches.
  • Use a firewall.
  • Use your browser’s security settings.
  • Avoid opening email attachments.
  • Treat Instant Messaging suspiciously.

Fordham University’s own network is secure because it requires you to log in with your AccessIT ID and password.

By Nicole Kagan, Fordham IT News Editor

Tip #19 Deal of the Century! (Too bad it’s a scam!)

Image: Wallace Brown Greeting Cards, Boys' Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Image: Wallace Brown Greeting Cards, Boys’ Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Scroll through some of the previous posts on the Fordham IT Security News blog, and you’ll find all sorts of scams. No doubt you’ve received a few yourself. 

Be on the alert. If it’s too good to be true, especially if you have to give away information about yourself or pay money, it’s probably a scam. 

Job Scams Cyber criminals post their advertisements on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.

These sites might charge fees for services that real companies would never render. After you submit your resume and personal information, they might ask you for a $50-$100 fee. Normally, after a few days the thieves close the scam and disappear.

Donation Scams Natural disasters, political campaigns, and global health issues are often the emphasis of donation phishing scams. For instance, recently, cyber criminals have used earthquakes and tsunamis to create illegal “charity” businesses to help the survivors of these events.

Many of these scams begin with an email or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a given link, you are taken to a phony website devised to trick you into providing your personal financial information.

Fake E-cards E-cards are made the same way that websites are: they’re built on the Internet, just like this web page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.

This means an e-card you receive could actually be a phishing scam spam or a spyware installer, or a computer virus.

Read Microsoft’s helpful pages about more best practices on how to avoid these kinds of scams.

By Nicole Kagan, Fordham IT News Editor

Tip #18 Are You SURE You Want to Download that App?

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p.64.

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p. 64.

A Snapchat notification twinkles out at you from the phone. It’s midterms week and you’re craving a break from studying. Before you can open up the (probably very funny) “snap” your best friend sent you, an ad for something called SnapNSave pops up. “Save and view snaps as many times as you like,” reads the app’s description. You think to yourself, What a great idea!

But little do you know, the Snapchat you’re about to save will be hacked and exploited like the other 500Mb of photos that were just stolen by this app.

Legitimate third-party applications can offer entertainment or functionality. But use caution when you decide to enable any application on a device. Avoid applications that seem too good to be true, or significantly change the operation of a trusted app. Also, adjust your settings to limit the amount of information an application can access.

Read more about third-party app risks in this article from FireEye.

By Nicole Kagan, Fordham IT News Editor

Tip #17 Free Antivirus Protection from Fordham

Image: Caules son los mejores antivirus para Android? androidzone.org

Image: Caules son los mejores antivirus para Android? androidzone.org

Did you know that Fordham University provides free antivirus protection to all students, faculty and staff? We provide this protection because a protected computer is essential to keeping your personal information safe and, in some cases (especially for faculty and staff), information about other people at Fordham. 

For more information and a download link for free software, see our Antivirus Protection webpage.

Maintain antivirus software on your computer and run regular scans to ensure that your system is safe and sound. This will give you the assurance that all is running smoothly. It will secure your computer against any hidden viruses or phishing hooks lurking in the depths of your computer.

To detect the latest viruses, use the most current version of your antivirus software. Make sure to run a full virus scan of your computer at least once a month. Your software can be configured to run automatic updates and scans that run in the background.

By Nicole Kagan, Fordham IT News Editor

Tip #16 Tips for a Strong, Secure Password

Image: Threats and Attacks Against Your Network, Aries Institute of Technology

Image: Threats and Attacks Against Your Network, Aries Institute of Technology

Yesterday’s Tip #15 mapped out the perils of sharing your password and why it’s important to have a robust and different password for each of your accounts. Today, we offer some tips for creating a strong, secure password.

  1. Don’t use one password across multiple accounts. It’s possible that an employee at a site where you use that password could share it or use it to break into your accounts at other sites.
  2.  Create passwords that are at least 8 characters long. The longer the better; lengthier passwords are harder for thieves to crack.
  3. Avoid using simple dictionary words. If it’s in the dictionary, someone might guess your password. There’s even software that criminals use to test for real words used in passwords.
  4. Infuse numbers, capital letters and symbols into your password. Consider using a $ instead of an S or a 1 instead of an L, or including an & or %. *Note that “$1ngle” is NOT a good password. Password thieves are onto this. But something like “Mf$1avng” (short for “My friend Sam is a very nice guy”) is an excellent password.
  5. Don’t post your password out in the open. This might seem fairly obvious, but studies show that many people post their password on their monitor with a sticky note. Not a good idea! If you feel that you must write your password down, hide the note somewhere where no one can find it.
  6. And of course, never tell anyone your password. Never give it to friends, even if they’re your best friends. A friend might – perhaps even accidentally – pass your password along to others or become an enemy and abuse it.

Our website has more details about Fordham University’s password policies and guidelines.

By Nicole Kagan, Fordham IT News Editor

Tip #15 Your First Line of Defense: Strong Passwords

Image: "Knights in Shining Armor," Pascal, Flickr.

Image: “Knights in Shining Armor,” Pascal, Flickr.

Your workout buddy, Fred tells you his Facebook account is acting glitchy. He wants to look up on Facebook this month’s schedule of classes at Crossfit, so he asks if he can use your account on his phone.

“Sure,” you say. You’ve forgotten that you only met Fred last month. But you feel like you’ve known him forever. He seems like a nice guy. “Easy as pie,” you tell him. “It’s ‘apple123,’” you say while you type next to the blinking cursor. “Thanks, Bud!” says Fred.

Fast forward to the next morning. You’re at Starbucks, and your first cup of coffee is only a gulp away. Except you’re staring at “insufficient funds” on the card swiper. Turns out, while you were sleeping, your buddy, Fred (later you’ll discover his name was not Fred), hacked into your bank account last night. It was easy to do, since you use the same password for everything.

Even though it’s tempting to use a single password that’s easy to remember, that won’t do you any good against hackers, who are pretty smart when it comes to figuring out easy passwords–and even more difficult ones.

A strong password is your first line of defense against intruders and imposters. Also, using a different password for every site you go to is an equally strong line of defense to take.

To be safe, make sure your password uses upper and lower case letters, numbers, and characters. Change it often, too. At Fordham University, we want you to be careful, so we require everyone to change their AccessIT ID password every 180 days. Read more about Fordham’s password policies and guidelines.

 

Tip #14 First It Was Phishing, Now It’s Smishing

Example of a phishing text and how the consumer handled it using Twitter.

Example of a phishing text and how the consumer handled it using Twitter.

On another (very important) note, another phishing technique lures consumers by using text messages containing URLs and phone numbers. Such a message  usually asks for one’s immediate attention, and requires one to respond or click on the URL.

Oftentimes, the message will come from a “5000” number instead of an actual phone number. This indicates the text message was sent via email to one’s cell phone, rather than from another cell phone.

So don’t turn into another stolen cell phone statistic. Or a consumer who’s been tricked. Regardless of what you’re doing, make sure your cell phone is secure and keep an eye out for odd, seemingly “phishy” text messages.

If you think you’ve received a phishing message, contact IT Customer Care immediately: 718-817-3999 or HelpIT@fordham.edu.

Read more about cell phone safety in Tip #11.

 

Tip #13 Is that a Fish on Sale or a Phish?

Image: Phishing. adampop, Flickr.

Image: Phishing. adampop, Flickr.

Would an Ebay representative threaten to close your account lest you submit $150? Would Amazon normally offer you $100 free store credit? Would your favorite clothing store usually give you 80% off on fall clothes purchases? Chances are, if an offer seems too good to be true, it probably is!

If you’re surfing the web and you encounter something feels “phishy” or suspicious, take note! If an offer seems too good to be true, forget it! Some of the most common phishing scams target Internet users that blindly click and submit personal information, so make sure to be mindful of the way design and information are presented — before you click.

Phishing sites often try to replicate the “look and feel” of an existing site. They attempt to lure people into using phony websites that look just like the authentic sites of larger companies, organizations, or agencies that they are impersonating. Because we conduct meaningful transactions online every day, ranging from making simple purchases, to paying bills, to even paying taxes, it’s important that we’re alert to subtle changes on websites that we normally use. These deviations might be link names, header titles, text, or layout of a site.

So, take note and be careful when perusing the web. Unfortunately, a growing strategy for attackers is playing on the innocence and ignorance of Internet users.