Category Archives: Cyber Security Awareness Month Tip

Alert: Online Scammers Require Payment Via Music Application Gift Cards

Via: IC3

Source: https://www.ic3.gov/media/2017/170801.aspx

Tip #21 Get Antivirus Protection!

computer-security

A very common cause for device issues is the lack of antivirus software or antivirus software that is outdated (i.e. threat signatures out-of-date). This sometimes overlooked layer of protection can have heavy consequences for the user and is an easy way for a machine to become compromised.

A virus as we outlined in previous tips can do a number of things to a device such as make it run slowly, prevent the device from booting up properly, steal personal information, etc. For this reason is is prudent to have up-to-date antivirus software on all your devices.

An antivirus software’s main objective is to defend against these threats while also seeking out and removing any threats to your system. This can only be truly effective with regular virus definition updates and periodic scans.

Again, Fordham IT offers free antivirus software protection.

Tip #20 Avoid Unlicensed Mobile Applications

1375185835133121347-account_id=1

There are ways in which some users manipulate their devices to accept unsigned or unlicensed apps on to their devices in order to circumvent some barriers. Taking these measures to install unfiltered apps is very dangerous. Installing pirated apps carries a heavy security risk.

The intention of the app “hackers” in many cases could be to inject malicious code that could compromise your mobile device. Many users save information on their mobile devices such as email passwords, banking information, contacts, Wi-Fi Passwords, etc.

By trying to circumvent the system in place that screens apps, you could be putting your personal information in danger.

Tip #19 Don’t Let Your Computer Get Sick (Viruses)

screenshot1

Viruses are small software programs that perform malicious actions and are designed to systematically spread from one device to another. These programs can perform malicious tasks that include deleting data, replicating itself by spreading through emails to your contacts, etc.

Viruses are often received through email attachments from untrusted sources. It is essential that users do not open attachments from other users unless you know who it is from and are expecting an attachment.

To protect yourself from viruses it is important to keep your device up-to-date as well as downloading the latest antivirus definitions.

Things you can to to protect yourself from devices include:

  • Use a pop-up blocker
  • Don’t open email’s or attachments from untrusted sources.
  • Use an anti-malware app
  • Keep your operating system updated

Tip #18 Gone Phishing? Don’t Get Hooked!

Phishing

Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Below is an example of a phishing campaign scam.

phishing_email_example

Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.

Tip #17 Don’t Be Forced to Pay for Your Stuff! (Ransomware)

ransom

Ransomware is a form of malware that prevents or limits a user’s access to their files or devices . The malware encrypts a user’s information and locks it using a secure private key. The attackers then force victims to pay a ransom, usually in the form of bitcoins, before they can get access back.

Ransomware is a huge threat but there are ways to protect yourself.

  • Perform regular backups.
  • Keep antivirus protection up to date. Get free Antivirus software from Fordham here.
  • Do not click on suspicious links or open suspicious attachments.

For more information see our in-depth research on ransomware here.

 

Tip #16 Be Wary of Malware

Malware

Malware is a name given to a malicious piece of software or code that is designed to compromise and disrupt the integrity and operation of your device and the privacy of your personal information and saved data. Worms, viruses, spyware and ransomware are common forms of malware.

Malware can infect your device through a variety of means that include being embedded in a malicious piece of software waiting to be executed, or passed through the network via a malicious link.

Once a malicious program has infected a device, its main task is to conceal itself by hiding itself from the user and from antivirus software. From there it will attempt to open backdoors to allow access to your device in the future.

The best way to protect yourself from these threats is to install antivirus software on your device. Keep your anti-virus definitions up to date to ensure complete coverage. Also check for operating system and software updates to ensure that you have no exploitable vulnerabilities on your device.

Tip #15 Be Aware of Your File Sharing Settings

File Sharing

File sharing settings on your computer can be dangerous if not implemented properly. Lax settings can allow malicious actors to transfer hostile files and applications to you without your knowledge. These malicious files can install malware on your machines or open up backdoors and avenues for malicious actors to further compromise your device.

Examine your file sharing settings to ensure that you are properly protected on untrusted networks. Requiring a password or restricting access completely are simple ways to prevent unwanted files from infecting your device.

Tip #14 Be Wary of Mandatory Software Downloads for Wi-Fi Access

McDonalds_WiFi-Enjoy_Free_Wi-Fi_Now-Sm

Some establishments offer free Wi-Fi access after accepting their terms of service policies. You should always familiarize yourself with what you are agreeing to when connecting to these unsecured networks.

Beware of public Wi-Fi access point that require you to download software before you can gain access to the internet. It is a common practice to bundle malicious software and distribute it to unsuspecting users to gain access to their devices.

For access to Fordham’s Wi-Fi, Windows users are required to run a Java-based compliance scan that will ensure their computers meet Fordham IT security policy requirements. This requires enabled installations of the following:

  • Windows automatic updates
  • Up-to-date antivirus software
  • Firewall software

When these requirements are met, users will have full access to the University’s public network.

Tip #13 Pay Attention to Permissions and Privacy Policies

android_app_permissions

Application permissions on your mobile devices grant an application access to certain information or functions of your phone. When you install an application you are usually greeted with a pop up listing all the permissions the application requests access to. Such permissions include the ability to access your device’s storage and place phone calls. While many simply click through to get the application up and running, it is important to consider what the application is requesting access to and if it is entirely necessary.

If an application is requesting permissions that do not fit the functions of the application (i.e. “find accounts on this device” and “modify your contacts, read your contacts” for an application that only changes your background photo) consider denying the permission to the application. Be cognizant of the applications you download to your device and ensure it is doing only what you intend it to do.

The same principle applies to privacy policies. Though many choose to gloss over them, it is prudent to see how certain information is used, especially in regards to social media sites and applications that require permissions to your information.  Make sure you are comfortable with what that information will be used for and how the information is stored.