Author Archives: Rose Hernandez

Encrypt your mobile devices.

Encrypt your mobile devices.

(Photo from – http://www.androidauthority.com/how-to-encrypt-android-device-326700/)

Encrypting important files on your desktop, laptop, or mobile device will ensure that if the device is compromised, the hacker won’t be able to read these important files.

  • To encrypt your files on Mac visit: http://www.hongkiat.com/blog/encrypt-mac-folder/
    • This site will walk you through the process of encrypting your files.
  • An alternative to encrypting your mobile device would be to keep all personal information off of the device.
    • Limiting the amount of confidential information on your cellphone can greatly reduce the risk of being compromised if the device is lost or stolen.

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

 

 

Strong passwords (or phrases) can keep you safe.

Strong passwords (or phrases) can keep you safe.

(Photo from – https://thehackernews.com/2016/07/best-password-manager.html)

Many of us have taken cyber security trainings that encourage us to use special characters such as the @ symbol for an “a” or $ for an “S”, however cyber-criminals have developed technology that can help them crack passwords that use these tactics.

  • Consider a passphrase instead.
    • Passphrases are a series of unrelated words that are being used in place of our traditional passwords ( 8 characters 1 capital and special character).
    • For your passphrase to be strong and secure be sure to use at least 4 unrelated words.
    • ILoveYorkiePuppies can still be cracked if the cyber-criminal has done their homework.
  • Too many passwords, and not enough memory?
    • Consider using a reputable password manager.
    • These services allow you to store your information for several sites securely
    • There are several options available, as with any software there are free and paid versions available.
    • Do your homework and find one youll feel confident using.
  • A few highly rated free versions include:

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

Backup all of your devices, and do it often!

Backup all of your devices, and do it often!

(Photo from – https://www.fusionspan.com/backup-disaster-recovery-small-office/)

Backing up your files can help you if you are ever a victim of a cyber-crime.

  • Regular backups can help
    • Recover files that may have been ransomed or corrupted
    • Allow you to do a full wipe of a defected device
    • Ensure even in an accident ( such as water damage) your important files are safe to be recovered
    • Keep your device running smoothly
    • If you are doing regular backups you can go through and update important files and delete those you no longer need, therefore freeing up space and allowing your device to run effectively.
  • There’s more than one way to backup your important files
    • Create a backup or system image directly on the device.
    • Use reliable cloud storage.
    • Consider a portable device.
    • USB Flash Drives can be useful.
    • Consider the amount of data you are backing up and if it needs to be encrypted or not
    • Many options and sizes are available to meet your needs.
    • Ideal if you do not have a need to store a large amount of files.
    • USB’s can be easy to loose, consider password protection.
    • Remember the smaller the USB drive (in physical size not GB) the slower it maybe.
    • Portable External Hard Drives.
    • Have recently become more affordable
    • Also come in many different sizes, colors, and styles to meet your needs
    • Can be password protected and encrypted as well.
    • Would be ideal if you have a need to store a large amount of files as many being at 1TB

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

Keep your mobile device safe!

Keep your mobile device safe!

(Photo from – https://www.thompsoncoburn.com/insights/blogs/cybersecurity-bits-and-bytes/post/2016-09-28/the-serious-security-vulnerabilities-of-mobile-devices)

  • Don’t think you’re device is safe from cyber-attacks or criminals.
    • Mobile devices are just as susceptible to the same types of attacks.
    • Including malware and phishing.
  • Use the same security on your mobile device as you would your personal or business computer.
    • Use a strong password
    • Passphrases are strong and hard to crack, use 4 or more unrelated words to create a difficult password for your device.
    • Such as PumpkinMovieCarStar
    • Alternate the letters you capitalize for additional protection, or add a special character as well.
    • It may take longer to log in, but it will ensure your device is secure
  • If you have a newer mobile device fingerprint recognition as well as facial recognition may be available.
    • Using these options allow you to unlock your device quickly, while ensuring it can’t be accessed by another party.
    • When using fingerprint recognition remember it allows you to store more than one print. Consider using one finger on each hand for ease of use.
  • If it connects to the internet, it should be protected.
    • Tablets, iPads, and net books can also be compromised.
    • Password protect these devices, encrypt important data on them
    • Do not save your user names and passwords on them.
    • Consider a password management system
    • Do not download applications from untrusted sites.
  • If your device has been compromised contact Fordham IT.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.

 

Additional steps to say protected.

(Photo from – http://everhelperblog.com/new-nimbus-note-iphone-manual-note-encryption/ )

Ransomware, and malware like other types of cyber-attacks can be prevented with regular maintenance and vigilance. 

  • Back up your files
    • Set your system to do regular backups of your important information.
    • Don’t forget to back up your mobile devices as well. Including tablets, iPads, and cell phones.
  • Encrypt your files whenever you can
  • Be sure to patch and update all of your software.
    • Your software providers are constantly working to keep your OS and applications running smoothly, this includes patches to close up vulnerabilities.
  • If you suspect any suspicious activity, or believe you may have downloaded a malicious file.
    • Disconnect from the internet, this way no other devices are affected on the network.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Dont Fall for Scare Tactics!

(Photo from – http://www.telugunow.com/news-headlines/ransomware-effect-companies-hyderabad-320479.html)

Hackers hope their victims are uninformed and easily persuaded, because that’s the perfect recipe for success in their business. If users don’t know what to look out for, they can easily be baited into downloading malware, or giving up confidential information.

  • Don’t feel forced to into immediate action.
  • If you receive a suspicious email that is threating and requiring immediate action, take a moment to decide what your next step should be.
  • Is this an email about your banking or credit card account?
  • Then you should contact that institution directly, by phone whenever possible.
  • Is this a message saying that you have a virus on your system?
  • Perhaps you should run your antivirus software scan.
  • Taking a few moments to assess the situation and make your own decision can really make a difference and keep your accounts safe.
  • Many times your account or device hasn’t been compromised, and the hacker is leading you to a link that will compromise your account/device.
  • Remember that hovering over a link will show you its true destination. This is a good way to verify website.
  • Do not download any attachments included in any suspicious emails or use links provided within the body of the email to visit a suggested website.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Cyber Criminals Are After Your Information

One of the most valuable currencies on the internet is information, and there are attackers dedicated to accruing it around the clock. Shared below are some of more commonly used techniques.

Pharming

Pharming is also referred to as Domain Name System (DNS) poisoning. Pharming modifies a system’s host files or domain name system to automatically redirect users to a fake URL or website, even if the user enters the correct web address or uses a bookmarked page. When successful, this form of phishing can collect the desired information with the user none the wiser as they have navigated to legitimate website.

Content Injection

Content Injection phishing is similar to pharming in that it uses a legitimate website to compromise the user’s personal information. The difference being that the hack/malware is added to the back end of a legitimate website instead of the user’s device. With this type of phishing, the hacker is able to mislead and redirect the user to get them to give up their personal information.

These two forms of phishing may be a little harder to detect without the proper tools

Man-in-the-Middle Attacks

Man-in-the-middle (MitM) attacks occur when a hacker sets up between the user and the websites they are trying to use, like an online banking site or even social networking page. They then take the users’ information as it’s being entered, making it harder to detect this type of phish.

 

Search Engine Phishing

Search engine phishing is executed by hackers creating malicious webpages. They often contain enticing offers and attempt to get users to click on the page, when it is pulled up as a result from a search engine query. It’s important to pay attention to the web addresses you are being directed to in order to avoid being tricked into providing your personal information.

Stay Protected

  • Use anti-virus and spyware software
  •  Antivirus and spyware software is sometimes underrated. Having the software on all of your devices can seriously reduce the risk of pharming and content injection phishing schemes.
  • Make sure all of your programs, apps, and tools are up to date.
  • When updates are pushed they ensure that vulnerabilities are detected and patched, and if the updates aren’t installed, it can put your device(s) at risk.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

Have you heard of Spear and Whale Phishing?

Spear Phishing

(Photo from – https://oxen.tech/blog/spear-phishing-new-twist-old-scam/)

Spear Phishing is really what it sounds like, a directly pointed attack. The attackers gather as much information as they can from the internet to build a more personalized, and believable attack.

  

(Photo from – http://resources.infosecinstitute.com/category/enterprise/phishing/spear-phishing-and-whaling/#gref)

 Whaling

Whaling is a specific form of spear phishing, in which the attacker goes after a high-profile target associated with a business, or government entity.  These victims may include but are not limited to senators, CEO’s, and those with access to company’s finances.

  • Pay close attention to the emails you receive.
  • Look for spelling and grammatical errors. Hover over URLS to reveal the destination of the link. Also hover over the links at the bottom of the email, many times these may look functional but are not.
  • If you’re being requested to verify personal information (name, D.O.B, or SSN) don’t use any forms provided in the email. Visit the home page for the business instead and check your account that way, or call customer service for more information when possible.
  • Businesses can avoid whale phishing by simply implementing a specific stationary for their emails directed to their employees. Making it easier to spot a spoofed email.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What are Smishing and Vishing?

(Photo from – YouTube.com )

What is Smishing??

Smishing is SMS-Phishing, messages that are sent to your mobile device to attempt to obtain your credentials (usernames, and passwords) or financial information (credit card, and social security numbers).  While these may be a little easier to spot (How did I win $1000.00 Wal-Mart gift card if I never signed up for a contest?) we should still be mindful that the potential risk is still there.

(Photo from – https://info.phishlabs.com/blog/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks)

Vishing

Similar to Smishing is Vishing. Hackers use IVR software to try to obtain sensitive information.

As with email phishing schemes there are a few steps we can take to ensure we aren’t targets of these two forms of phishing.

  • If it sounds too good to be true, it just might be!
    • If you receive a text message from a number you don’t recognize, do not click any links that may appear in the body of that message.
    • Also if you receive a phone call from a phone number you aren’t familiar with, allow it to go to voice mail. Reputable businesses will leave you a message if necessary.
  • Avoid sharing your mobile number.
    • While there may be many offers/memberships that request your cell phone number, limiting the number of websites you enter your cell number into will reduce your risk of Smishing and Vishing.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

What is Phishing?

(Photo from – http://www.uidaho.edu/infrastructure/its/departments/security/phishing-scams)

Phishing is a fraudulent communication sent that appears to come from a reputable company or person, with the intent to obtain the users credentials (usernames, and passwords) or their financial information (i.e. credit card, and Social Security numbers). While phishing is one of the oldest types of cyber scams or attacks that is still prevalent in today’s world, the criminals that launch the attacks have evolved with technology making some phishes harder to identify than others.

How do I spot a phishing scam?

  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.
  • Don’t trust that link!
    • If you receive an email requesting you log in to verify account information, navigate to their home page directly. Avoid using the links provided within the email as they may automatically download Malware to your device or take you to a website that will do so.
  • Don’t fill in those blanks!
    • Do not enter your personal information (name, D.O.B, SSN, etc.) on to a form that is embedded into a suspicious email. Again if you need to verify account information for a reputable business navigate to their page directly. 
  • Does something look off?
    • Pay attention to the emails you receive regularly, they can help you spot a phony in the future. Great phishers will recreate websites with small discrepancies, keeping an eye out for minor or careless mistakes can keep you safe.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.