Author Archives: Gerald Johnson Jr.

Don’t pay the Ransom!

If you find that your device has been compromised, and a cyber-criminal is demanding a ransom to release the files or access to your device, DON’T PAY IT.

  • Payment does not guarantee the return of your files.
    • Many cyber-criminals that use ransomware also have their version of helpdesks, which will work with victims to try to convince them to pay the ransom.
    • In some instances they will even release some of the files in a show of “good faith”, yet this alone will not ensure you will get all of your files released, or that they won’t demand more money.
  • Paying the ransom will basically fund their next attack.
    • Often times the amount the cyber-criminals are requesting doesn’t seem as high as expected, however this is because realistically if a home computer is compromised and the requested ransom is $300.00 it’s more likely the victim can and will pay.
    • Funds they receive are used to increase their reach and power.
    • Cyber-criminals rely on their scare tactics to try to get victims to pay.
    • Requesting immediate action gives the user the feeling that they have a limited amount of time to comply with request, or even that they have a limited amount of time to recover their files.
    • Keep in mind that as the cyber-criminals grow with technology, so does law enforcement.
  • If your device has been compromised contact Fordham IT.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
  • Remember that prevention is the best medicine for all things cyber security.
    • Use antivirus
    • Keep your OS and Antivirus up to date
    • Run regular scans
    • Don’t open suspicious emails (unfamiliar senders, special offers, unexpected request)
    • Don’t download suspicious attachments

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

What is Malware?

Malware is a malicious software that is intended to disable certain files or the entire device it is attached to. There are different types of malware programs that each attack your device differently with the same end game, to infect your device, and hopefully others before you notice you’ve been compromised.

  • Trojan Horse Viruses
    • Similar to the Trojan Horse in the story of Troy, these viruses come in disguised as a legitimate program, and proceed to infect the system.
    • Once on the system Trojans can create a backdoor that can allow a cyber-criminal access to your device, which would in turn give them access to your personal information (SSN, and banking info). Trojans differ in that they do not reproduce by infecting other files, they also do not self-replicate.
  • Viruses
    • Are named for the way they spread, much like the flu, a virus can spread from user to user, but in order to replicate it depends on a host file. Meaning it needs to be downloaded to the device with the file the cyber-criminal created, so that it has access to the malicious code.
    • The goal of the virus is to alter the way the infected device operates. Some of the results include damaging the systems hardware and destroying data.
  • Worms
    • Are a version of malware that is self-replicating, unlike a traditional virus worms do not need to be controlled by a cyber-criminal, and do not rely on any additional computer applications for function.
    • The goal of a worm is to spread malicious code, exploit vulnerabilities, and spread across networks.
  • Pay attention when you’re opening emails
    • Often times we breeze through because we want to clear out inbox, but taking an extra minute to read the senders information and the subject line can keep you proceeded
  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.

Detailed information regarding Ransomware and Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Keep antivirus protection up to date. Get your free Antivirus software from Fordham University.

Using and keeping your Antivirus up to date is one of the major steps you can take to protect you from a Cyber Attack.

  • Tips for shopping for “Antivirus”
    • Like any other major purchase (while the cost may be competitive the use of the tool itself is a major key for cyber security) you should do a bit of research before grabbing something off of the shelf.
    • Consider your OS (operating System) while many major Antivirus’ should work cross platform, it wouldn’t hurt to look for a brand that is OS specific (Mac or Windows).
    • What are your needs? Do you use your device to surf, shop, game or just view and respond to emails?
    • Knowing what you need will help you determine how much protection you’ll want to buy.
    • If your current device is up to date, you may wish to locate an antivirus provider that will support your devices’ current OS.
    • Try to narrow down your search to a handful of hopefuls, then see if they offer free trials and give them a whirl.
    • The time you take to test drive each provider could help you find the right fit for your device, needs and budget.

Follow this link to get your free Antivirus issued through Fordham University: Bitdefender Endpoint Security Tools for Windows or Bitdefender Endpoint Security for Mac

https://www.fordham.edu/info/20623/information_security/3853/antivirus_protection

For more information on selecting an Antivirus visit: https://www.lifewire.com/antivirus-software-for-your-pc-152983

Don’t forget to back those files up!

Each OS offers automatic system backups, which can prevent forgetting and not having everything backed up to date.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What is Ransomware?

Ransomware is malicious software that is installed onto your device once it is compromised, that will both take over important files on the device, or the entire device, and request a ransom be paid for the user to regain access. While ransomware isn’t new to the cyber criminals resume, other advances in technology have made it easier to request and receive untraceable payments. Making ransomware a very attractive option for cyber criminals.

  • Don’t pay the Ransom!
    • If you receive a message on your device indicating that you have been compromised, DISCONNECT your device from the internet so the malicious software isn’t spread.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
    • There may be ways without paying to recover the files that are being ransomed.
  • BACK UP ALL YOUR IMPORTANT FILES.
  • Ransomware is banking on you desperately needing the files they’ve attacked, keeping your files backed up in different locations can reduce the effectiveness of this type of attack on your device.
    • Use an external hard drive these have recently become more affordable, and portable.
    • Fordham students and employees have access to unlimited storage on Google Drive, this can be used to help free up space on your device.
    • For important files backing up on an external device and using encryption would be ideal.
  • Prevention is the best medicine.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.fyhu

Take Fordham’s Cyber Security Awareness training.

 

 

Do you know the latest solutions for lowering your risk of getting hacked? Find out by taking our free, self-paced online Cyber Security Awareness training. It can be found under “My Organizations” in Blackboard, accessed at fordham.blackboard.com.

  • Stay informed.
    • Visit our website: itsecurity.blog.fordham.edu
    • We will be sure to keep you in the know with trends and possible breaches.
    • Follow us on social media as well for quick informative updates!
      • Twitter – @FordhamSecureIT
      • Facebook – @FordhamSecureIT

Other reputable news sources also include cyber security resources.

Such as

Just to name a few.

  • Find a source you trust and visit it frequently.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Monitor all your accounts for suspicious activity.

  • Keep an eye on the activity on all of your accounts.
    • Review your bank statement and make sure there haven’t been any purchase or debits you don’t recognize.
    • Check your trash in your email accounts, hackers will delete login notifications, but not all of them think to empty the trash as well.
    • Have amazon or something similar? Check your order history and make sure there isn’t anything there you didn’t order.
    • Social media? Check your DM’s and make sure there aren’t any messages there you haven’t sent.
    • Go into your settings and check that things are still as you set them up.
    • Verify security questions are the same.
    • If there is a recovery email that it is the one you use.
    • If you get spam emails, flag them so your email provider can update their information and to keep your mail box clean.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Be wary of tech support scams, cold calls or web browser popups.

  • Most scams use tech support chats or messages with an 800 number to get your attention.
    • If the hacker is using the chat, they may try to convince you they need your IP address to help you diagnose and remedy your device. Giving up this information would allow the hackers full access to your computer.
    • If you receive a pop up message requesting immediate action, remember your computers security system may ask you to update software or run a scan, it wouldn’t request your login information or that you call to speak to someone.
    • If you aren’t sure if the pop up is legitimate or not call your security provider directly, use a phone number you have for them and not one that may appear in the pop up.

 

  • If you get an unexpected phone call or text message requesting immediate action, ignore it!
    • Again similar to the pop ups your provider wouldn’t be contacting you unless you initiated contact.
    • Hang up if you get a call requesting immediate action, or requesting you go online and allow the tech to remotely connect to your system.
    • If you receive a text message with a phone number, do not call that number.
    • Again if you want to be sure your device is safe, contact your security provider directly.

If you believe you received a call that is a scam, report it!

Reports about fraudulent calls and pop ups can be made at

Ftc.gov/complaint

For more information and tips on safety visit:

Federal Trade Commission

https://www.consumer.ftc.gov/articles/0557-tech-support-scams-infographic

Microsoft

https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/

Important info from this article

“Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.

Do not call the number in a pop-up window on your device. Microsoft’s error and warning messages never include a phone number.

Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.”

–Gregoire, Courtney

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Identity Protection Tips

 

One of the easiest things you can do to protect yourself is create a strong password. We’ve all struggled with meeting the criteria for some passwords (8 characters, one number, ect); however the sites that request these types of passwords are protecting their users by ensuring secure passwords.

  • Passphrases are the in!
    • As technology continues to grow and expand, so do the hackers and their abilities. Simply hashing your password isn’t enough anymore (h@$h1n6 P@55w0rd$) hackers have developed software that will help them crack passwords that use these characters.
    • Instead come up with a passphrase that consist of four or more unrelated words.
      • For example: PumpkinKartMineLoft. Simple words that the user can remember, but would be incredibly hard for a program to crack. 
  • If you’re worried you won’t be able to remember a phrase, then try hashing your password in different ways.
  • Try to avoid the common uses for special characters, instead try to use a varied combination of numeric and alphabetic characters.
    • If your password is elevator, try entering it as E13va70R

So what we did was capitalize the E then use the numbers 1 and 3 for the l and the next e we kept the v and capitalized the a then changed the t for a 7 the o for a zero and capitalized the r. This is just an example, play around with combinations that you are comfortable with and can remember.  Mixing up the alpha and numeric characters, along with capitalization can help keep your accounts safe.

  • Use two factor authentication whenever possible.
  • Some sites offer this additional protection which will require you enter and additional piece of information or have access to another piece of equipment.

For more insight and stats visit https://xkcd.com/936/

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Guard Yourself Against Identity Theft

Protecting your identity while online is one of the biggest steps you can take to prevent yourself from being a target of a cyber-attack or identity theft.  While many of us may think it won’t happen to me, or why would anyone want to steal my identity? Hackers are equal opportunity and will search for vulnerable users to exploit. Here are a few simple tips to lower your risks.

  • Don’t over share.
    • Things such as your date of birth, children’s, or pet’s names can be used to try to determine your password.
    • Vary your user names, while it may be hard to remember them all for different sites it will ensure if one account is compromised they won’t all be.
    • Try to avoid user names that give up too much information as well. Avoid using your email handle as your user name, while it may help you keep track, again if the account is compromised now your email address may be compromised as well.
    • Consider having two separate email addresses. One you use strictly for banking and other financial needs, the other for social media and shopping.
      • This could help identify a phishing email, if say you get a message about your bank or credit card account, and it’s linked to a different email address.
  • Be selective with who you add on your social media sites.
    • If you aren’t personally familiar with the person sending the request you may wish to ignore or deny that request.
      • Many hackers/scammers use social media to try to either scam users into sending them money or to hack their account to get the users contact info, as well as the contact for their friends.
  • Use different passwords for each site.
    • Having different user name and password combinations will help keep your accounts protected.
      • This would be especially helpful for your online banking accounts or credit card accounts.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Alert: Tragic Event Related Scams

Via: US-CERT

“In the wake of Sunday’s tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

Source: https://www.us-cert.gov/ncas/current-activity/2017/10/03/Tragic-Event-Related-Scams