Category Archives: Cyber Security Awareness Month Tip

What is Malware?

Malware is a malicious software that is intended to disable certain files or the entire device it is attached to. There are different types of malware programs that each attack your device differently with the same end game, to infect your device, and hopefully others before you notice you’ve been compromised.

  • Trojan Horse Viruses
    • Similar to the Trojan Horse in the story of Troy, these viruses come in disguised as a legitimate program, and proceed to infect the system.
    • Once on the system Trojans can create a backdoor that can allow a cyber-criminal access to your device, which would in turn give them access to your personal information (SSN, and banking info). Trojans differ in that they do not reproduce by infecting other files, they also do not self-replicate.
  • Viruses
    • Are named for the way they spread, much like the flu, a virus can spread from user to user, but in order to replicate it depends on a host file. Meaning it needs to be downloaded to the device with the file the cyber-criminal created, so that it has access to the malicious code.
    • The goal of the virus is to alter the way the infected device operates. Some of the results include damaging the systems hardware and destroying data.
  • Worms
    • Are a version of malware that is self-replicating, unlike a traditional virus worms do not need to be controlled by a cyber-criminal, and do not rely on any additional computer applications for function.
    • The goal of a worm is to spread malicious code, exploit vulnerabilities, and spread across networks.
  • Pay attention when you’re opening emails
    • Often times we breeze through because we want to clear out inbox, but taking an extra minute to read the senders information and the subject line can keep you proceeded
  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.

Detailed information regarding Ransomware and Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Keep antivirus protection up to date. Get your free Antivirus software from Fordham University.

Using and keeping your Antivirus up to date is one of the major steps you can take to protect you from a Cyber Attack.

  • Tips for shopping for “Antivirus”
    • Like any other major purchase (while the cost may be competitive the use of the tool itself is a major key for cyber security) you should do a bit of research before grabbing something off of the shelf.
    • Consider your OS (operating System) while many major Antivirus’ should work cross platform, it wouldn’t hurt to look for a brand that is OS specific (Mac or Windows).
    • What are your needs? Do you use your device to surf, shop, game or just view and respond to emails?
    • Knowing what you need will help you determine how much protection you’ll want to buy.
    • If your current device is up to date, you may wish to locate an antivirus provider that will support your devices’ current OS.
    • Try to narrow down your search to a handful of hopefuls, then see if they offer free trials and give them a whirl.
    • The time you take to test drive each provider could help you find the right fit for your device, needs and budget.

Follow this link to get your free Antivirus issued through Fordham University: Bitdefender Endpoint Security Tools for Windows or Bitdefender Endpoint Security for Mac

https://www.fordham.edu/info/20623/information_security/3853/antivirus_protection

For more information on selecting an Antivirus visit: https://www.lifewire.com/antivirus-software-for-your-pc-152983

Don’t forget to back those files up!

Each OS offers automatic system backups, which can prevent forgetting and not having everything backed up to date.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What is Ransomware?

Ransomware is malicious software that is installed onto your device once it is compromised, that will both take over important files on the device, or the entire device, and request a ransom be paid for the user to regain access. While ransomware isn’t new to the cyber criminals resume, other advances in technology have made it easier to request and receive untraceable payments. Making ransomware a very attractive option for cyber criminals.

  • Don’t pay the Ransom!
    • If you receive a message on your device indicating that you have been compromised, DISCONNECT your device from the internet so the malicious software isn’t spread.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
    • There may be ways without paying to recover the files that are being ransomed.
  • BACK UP ALL YOUR IMPORTANT FILES.
  • Ransomware is banking on you desperately needing the files they’ve attacked, keeping your files backed up in different locations can reduce the effectiveness of this type of attack on your device.
    • Use an external hard drive these have recently become more affordable, and portable.
    • Fordham students and employees have access to unlimited storage on Google Drive, this can be used to help free up space on your device.
    • For important files backing up on an external device and using encryption would be ideal.
  • Prevention is the best medicine.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.fyhu

Take Fordham’s Cyber Security Awareness training.

 

 

Do you know the latest solutions for lowering your risk of getting hacked? Find out by taking our free, self-paced online Cyber Security Awareness training. It can be found under “My Organizations” in Blackboard, accessed at fordham.blackboard.com.

  • Stay informed.
    • Visit our website: itsecurity.blog.fordham.edu
    • We will be sure to keep you in the know with trends and possible breaches.
    • Follow us on social media as well for quick informative updates!
      • Twitter – @FordhamSecureIT
      • Facebook – @FordhamSecureIT

Other reputable news sources also include cyber security resources.

Such as

Just to name a few.

  • Find a source you trust and visit it frequently.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Monitor all your accounts for suspicious activity.

  • Keep an eye on the activity on all of your accounts.
    • Review your bank statement and make sure there haven’t been any purchase or debits you don’t recognize.
    • Check your trash in your email accounts, hackers will delete login notifications, but not all of them think to empty the trash as well.
    • Have amazon or something similar? Check your order history and make sure there isn’t anything there you didn’t order.
    • Social media? Check your DM’s and make sure there aren’t any messages there you haven’t sent.
    • Go into your settings and check that things are still as you set them up.
    • Verify security questions are the same.
    • If there is a recovery email that it is the one you use.
    • If you get spam emails, flag them so your email provider can update their information and to keep your mail box clean.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Be wary of tech support scams, cold calls or web browser popups.

  • Most scams use tech support chats or messages with an 800 number to get your attention.
    • If the hacker is using the chat, they may try to convince you they need your IP address to help you diagnose and remedy your device. Giving up this information would allow the hackers full access to your computer.
    • If you receive a pop up message requesting immediate action, remember your computers security system may ask you to update software or run a scan, it wouldn’t request your login information or that you call to speak to someone.
    • If you aren’t sure if the pop up is legitimate or not call your security provider directly, use a phone number you have for them and not one that may appear in the pop up.

 

  • If you get an unexpected phone call or text message requesting immediate action, ignore it!
    • Again similar to the pop ups your provider wouldn’t be contacting you unless you initiated contact.
    • Hang up if you get a call requesting immediate action, or requesting you go online and allow the tech to remotely connect to your system.
    • If you receive a text message with a phone number, do not call that number.
    • Again if you want to be sure your device is safe, contact your security provider directly.

If you believe you received a call that is a scam, report it!

Reports about fraudulent calls and pop ups can be made at

Ftc.gov/complaint

For more information and tips on safety visit:

Federal Trade Commission

https://www.consumer.ftc.gov/articles/0557-tech-support-scams-infographic

Microsoft

https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/

Important info from this article

“Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.

Do not call the number in a pop-up window on your device. Microsoft’s error and warning messages never include a phone number.

Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.”

–Gregoire, Courtney

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Identity Protection Tips

 

One of the easiest things you can do to protect yourself is create a strong password. We’ve all struggled with meeting the criteria for some passwords (8 characters, one number, ect); however the sites that request these types of passwords are protecting their users by ensuring secure passwords.

  • Passphrases are the in!
    • As technology continues to grow and expand, so do the hackers and their abilities. Simply hashing your password isn’t enough anymore (h@$h1n6 P@55w0rd$) hackers have developed software that will help them crack passwords that use these characters.
    • Instead come up with a passphrase that consist of four or more unrelated words.
      • For example: PumpkinKartMineLoft. Simple words that the user can remember, but would be incredibly hard for a program to crack. 
  • If you’re worried you won’t be able to remember a phrase, then try hashing your password in different ways.
  • Try to avoid the common uses for special characters, instead try to use a varied combination of numeric and alphabetic characters.
    • If your password is elevator, try entering it as E13va70R

So what we did was capitalize the E then use the numbers 1 and 3 for the l and the next e we kept the v and capitalized the a then changed the t for a 7 the o for a zero and capitalized the r. This is just an example, play around with combinations that you are comfortable with and can remember.  Mixing up the alpha and numeric characters, along with capitalization can help keep your accounts safe.

  • Use two factor authentication whenever possible.
  • Some sites offer this additional protection which will require you enter and additional piece of information or have access to another piece of equipment.

For more insight and stats visit https://xkcd.com/936/

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Guard Yourself Against Identity Theft

Protecting your identity while online is one of the biggest steps you can take to prevent yourself from being a target of a cyber-attack or identity theft.  While many of us may think it won’t happen to me, or why would anyone want to steal my identity? Hackers are equal opportunity and will search for vulnerable users to exploit. Here are a few simple tips to lower your risks.

  • Don’t over share.
    • Things such as your date of birth, children’s, or pet’s names can be used to try to determine your password.
    • Vary your user names, while it may be hard to remember them all for different sites it will ensure if one account is compromised they won’t all be.
    • Try to avoid user names that give up too much information as well. Avoid using your email handle as your user name, while it may help you keep track, again if the account is compromised now your email address may be compromised as well.
    • Consider having two separate email addresses. One you use strictly for banking and other financial needs, the other for social media and shopping.
      • This could help identify a phishing email, if say you get a message about your bank or credit card account, and it’s linked to a different email address.
  • Be selective with who you add on your social media sites.
    • If you aren’t personally familiar with the person sending the request you may wish to ignore or deny that request.
      • Many hackers/scammers use social media to try to either scam users into sending them money or to hack their account to get the users contact info, as well as the contact for their friends.
  • Use different passwords for each site.
    • Having different user name and password combinations will help keep your accounts protected.
      • This would be especially helpful for your online banking accounts or credit card accounts.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Dont Fall for Scare Tactics!

(Photo from – http://www.telugunow.com/news-headlines/ransomware-effect-companies-hyderabad-320479.html)

Hackers hope their victims are uninformed and easily persuaded, because that’s the perfect recipe for success in their business. If users don’t know what to look out for, they can easily be baited into downloading malware, or giving up confidential information.

  • Don’t feel forced to into immediate action.
  • If you receive a suspicious email that is threating and requiring immediate action, take a moment to decide what your next step should be.
  • Is this an email about your banking or credit card account?
  • Then you should contact that institution directly, by phone whenever possible.
  • Is this a message saying that you have a virus on your system?
  • Perhaps you should run your antivirus software scan.
  • Taking a few moments to assess the situation and make your own decision can really make a difference and keep your accounts safe.
  • Many times your account or device hasn’t been compromised, and the hacker is leading you to a link that will compromise your account/device.
  • Remember that hovering over a link will show you its true destination. This is a good way to verify website.
  • Do not download any attachments included in any suspicious emails or use links provided within the body of the email to visit a suggested website.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Cyber Criminals Are After Your Information

One of the most valuable currencies on the internet is information, and there are attackers dedicated to accruing it around the clock. Shared below are some of more commonly used techniques.

Pharming

Pharming is also referred to as Domain Name System (DNS) poisoning. Pharming modifies a system’s host files or domain name system to automatically redirect users to a fake URL or website, even if the user enters the correct web address or uses a bookmarked page. When successful, this form of phishing can collect the desired information with the user none the wiser as they have navigated to legitimate website.

Content Injection

Content Injection phishing is similar to pharming in that it uses a legitimate website to compromise the user’s personal information. The difference being that the hack/malware is added to the back end of a legitimate website instead of the user’s device. With this type of phishing, the hacker is able to mislead and redirect the user to get them to give up their personal information.

These two forms of phishing may be a little harder to detect without the proper tools

Man-in-the-Middle Attacks

Man-in-the-middle (MitM) attacks occur when a hacker sets up between the user and the websites they are trying to use, like an online banking site or even social networking page. They then take the users’ information as it’s being entered, making it harder to detect this type of phish.

 

Search Engine Phishing

Search engine phishing is executed by hackers creating malicious webpages. They often contain enticing offers and attempt to get users to click on the page, when it is pulled up as a result from a search engine query. It’s important to pay attention to the web addresses you are being directed to in order to avoid being tricked into providing your personal information.

Stay Protected

  • Use anti-virus and spyware software
  •  Antivirus and spyware software is sometimes underrated. Having the software on all of your devices can seriously reduce the risk of pharming and content injection phishing schemes.
  • Make sure all of your programs, apps, and tools are up to date.
  • When updates are pushed they ensure that vulnerabilities are detected and patched, and if the updates aren’t installed, it can put your device(s) at risk.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.