Category Archives: Security Awareness

What is Malware?

Malware is a malicious software that is intended to disable certain files or the entire device it is attached to. There are different types of malware programs that each attack your device differently with the same end game, to infect your device, and hopefully others before you notice you’ve been compromised.

  • Trojan Horse Viruses
    • Similar to the Trojan Horse in the story of Troy, these viruses come in disguised as a legitimate program, and proceed to infect the system.
    • Once on the system Trojans can create a backdoor that can allow a cyber-criminal access to your device, which would in turn give them access to your personal information (SSN, and banking info). Trojans differ in that they do not reproduce by infecting other files, they also do not self-replicate.
  • Viruses
    • Are named for the way they spread, much like the flu, a virus can spread from user to user, but in order to replicate it depends on a host file. Meaning it needs to be downloaded to the device with the file the cyber-criminal created, so that it has access to the malicious code.
    • The goal of the virus is to alter the way the infected device operates. Some of the results include damaging the systems hardware and destroying data.
  • Worms
    • Are a version of malware that is self-replicating, unlike a traditional virus worms do not need to be controlled by a cyber-criminal, and do not rely on any additional computer applications for function.
    • The goal of a worm is to spread malicious code, exploit vulnerabilities, and spread across networks.
  • Pay attention when you’re opening emails
    • Often times we breeze through because we want to clear out inbox, but taking an extra minute to read the senders information and the subject line can keep you proceeded
  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.

Detailed information regarding Ransomware and Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Keep antivirus protection up to date. Get your free Antivirus software from Fordham University.

Using and keeping your Antivirus up to date is one of the major steps you can take to protect you from a Cyber Attack.

  • Tips for shopping for “Antivirus”
    • Like any other major purchase (while the cost may be competitive the use of the tool itself is a major key for cyber security) you should do a bit of research before grabbing something off of the shelf.
    • Consider your OS (operating System) while many major Antivirus’ should work cross platform, it wouldn’t hurt to look for a brand that is OS specific (Mac or Windows).
    • What are your needs? Do you use your device to surf, shop, game or just view and respond to emails?
    • Knowing what you need will help you determine how much protection you’ll want to buy.
    • If your current device is up to date, you may wish to locate an antivirus provider that will support your devices’ current OS.
    • Try to narrow down your search to a handful of hopefuls, then see if they offer free trials and give them a whirl.
    • The time you take to test drive each provider could help you find the right fit for your device, needs and budget.

Follow this link to get your free Antivirus issued through Fordham University: Bitdefender Endpoint Security Tools for Windows or Bitdefender Endpoint Security for Mac

https://www.fordham.edu/info/20623/information_security/3853/antivirus_protection

For more information on selecting an Antivirus visit: https://www.lifewire.com/antivirus-software-for-your-pc-152983

Don’t forget to back those files up!

Each OS offers automatic system backups, which can prevent forgetting and not having everything backed up to date.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

What is Ransomware?

Ransomware is malicious software that is installed onto your device once it is compromised, that will both take over important files on the device, or the entire device, and request a ransom be paid for the user to regain access. While ransomware isn’t new to the cyber criminals resume, other advances in technology have made it easier to request and receive untraceable payments. Making ransomware a very attractive option for cyber criminals.

  • Don’t pay the Ransom!
    • If you receive a message on your device indicating that you have been compromised, DISCONNECT your device from the internet so the malicious software isn’t spread.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.
    • There may be ways without paying to recover the files that are being ransomed.
  • BACK UP ALL YOUR IMPORTANT FILES.
  • Ransomware is banking on you desperately needing the files they’ve attacked, keeping your files backed up in different locations can reduce the effectiveness of this type of attack on your device.
    • Use an external hard drive these have recently become more affordable, and portable.
    • Fordham students and employees have access to unlimited storage on Google Drive, this can be used to help free up space on your device.
    • For important files backing up on an external device and using encryption would be ideal.
  • Prevention is the best medicine.

Detailed information regarding Ransomware or Malware scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.fyhu

Beware of This Apple iPhone Password Phishing Scam

ios security phishing

Apple’s iPhone customers could potentially fall victim to a scam that would see them unwittingly hand over their Apple ID credentials.

Security researcher Felix Krause on Tuesday published a proof-of-concept that shows how easy it is for hackers to replicate the familiar “Sign In to iTunes Store” Apple prompt on the iPhone and steal a user’s password. According to Krause, developers can turn on an alert inside their apps that look identical to the legitimate pop-up requesting a user’s credentials. If the person inputs the password, the malicious app owner could steal the information and users wouldn’t even know they were targeted.

“Users are trained to just enter their Apple ID password whenever iOS prompts you to do so,” Krause wrote in a blog post. “However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases. This could easily be abused by any app.”

Apple ID alerts are common fare in a typical day using the iPhone. They come up when users want to make an app purchase or when account content, like iCloud data, needs to be accessed. Apple’s legitimate pop-ups display information and then request users input their Apple ID passwords to proceed.

According to Krause, any app developer can create an identical pop-up, and he was able to do just that as part of his research. Users, then, would be hard-pressed to determine whether it was a legitimate password request or one that could leave their credentials open for theft.

Still, Krause said that users can protect themselves by never inputting passwords into pop-ups and instead going into the iPhone’s Settings menu and do it there to ensure it’s a legitimate request. He also suggests clicking the home button when a pop-up is displayed. If the home button closes the app, it was a phishing scam, but if the pop-up remains, it’s a real Apple request.

Looking ahead, Krause believes the best way to fix the problem is by Apple making some tweaks to the way apps ask for Apple ID passwords. Rather than use pop-ups, he says, Apple should ask users to open the Settings app and input their credentials there, thereby eliminating the apps from the process altogether.

(source: http://fortune.com/2017/10/10/apple-iphone-password-phishing-scam/)

Take Fordham’s Cyber Security Awareness training.

 

 

Do you know the latest solutions for lowering your risk of getting hacked? Find out by taking our free, self-paced online Cyber Security Awareness training. It can be found under “My Organizations” in Blackboard, accessed at fordham.blackboard.com.

  • Stay informed.
    • Visit our website: itsecurity.blog.fordham.edu
    • We will be sure to keep you in the know with trends and possible breaches.
    • Follow us on social media as well for quick informative updates!
      • Twitter – @FordhamSecureIT
      • Facebook – @FordhamSecureIT

Other reputable news sources also include cyber security resources.

Such as

Just to name a few.

  • Find a source you trust and visit it frequently.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Monitor all your accounts for suspicious activity.

  • Keep an eye on the activity on all of your accounts.
    • Review your bank statement and make sure there haven’t been any purchase or debits you don’t recognize.
    • Check your trash in your email accounts, hackers will delete login notifications, but not all of them think to empty the trash as well.
    • Have amazon or something similar? Check your order history and make sure there isn’t anything there you didn’t order.
    • Social media? Check your DM’s and make sure there aren’t any messages there you haven’t sent.
    • Go into your settings and check that things are still as you set them up.
    • Verify security questions are the same.
    • If there is a recovery email that it is the one you use.
    • If you get spam emails, flag them so your email provider can update their information and to keep your mail box clean.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Be wary of tech support scams, cold calls or web browser popups.

  • Most scams use tech support chats or messages with an 800 number to get your attention.
    • If the hacker is using the chat, they may try to convince you they need your IP address to help you diagnose and remedy your device. Giving up this information would allow the hackers full access to your computer.
    • If you receive a pop up message requesting immediate action, remember your computers security system may ask you to update software or run a scan, it wouldn’t request your login information or that you call to speak to someone.
    • If you aren’t sure if the pop up is legitimate or not call your security provider directly, use a phone number you have for them and not one that may appear in the pop up.

 

  • If you get an unexpected phone call or text message requesting immediate action, ignore it!
    • Again similar to the pop ups your provider wouldn’t be contacting you unless you initiated contact.
    • Hang up if you get a call requesting immediate action, or requesting you go online and allow the tech to remotely connect to your system.
    • If you receive a text message with a phone number, do not call that number.
    • Again if you want to be sure your device is safe, contact your security provider directly.

If you believe you received a call that is a scam, report it!

Reports about fraudulent calls and pop ups can be made at

Ftc.gov/complaint

For more information and tips on safety visit:

Federal Trade Commission

https://www.consumer.ftc.gov/articles/0557-tech-support-scams-infographic

Microsoft

https://blogs.microsoft.com/on-the-issues/2017/05/18/fight-tech-support-scams/

Important info from this article

“Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.

Do not call the number in a pop-up window on your device. Microsoft’s error and warning messages never include a phone number.

Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.”

–Gregoire, Courtney

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Identity Protection Tips

 

One of the easiest things you can do to protect yourself is create a strong password. We’ve all struggled with meeting the criteria for some passwords (8 characters, one number, ect); however the sites that request these types of passwords are protecting their users by ensuring secure passwords.

  • Passphrases are the in!
    • As technology continues to grow and expand, so do the hackers and their abilities. Simply hashing your password isn’t enough anymore (h@$h1n6 P@55w0rd$) hackers have developed software that will help them crack passwords that use these characters.
    • Instead come up with a passphrase that consist of four or more unrelated words.
      • For example: PumpkinKartMineLoft. Simple words that the user can remember, but would be incredibly hard for a program to crack. 
  • If you’re worried you won’t be able to remember a phrase, then try hashing your password in different ways.
  • Try to avoid the common uses for special characters, instead try to use a varied combination of numeric and alphabetic characters.
    • If your password is elevator, try entering it as E13va70R

So what we did was capitalize the E then use the numbers 1 and 3 for the l and the next e we kept the v and capitalized the a then changed the t for a 7 the o for a zero and capitalized the r. This is just an example, play around with combinations that you are comfortable with and can remember.  Mixing up the alpha and numeric characters, along with capitalization can help keep your accounts safe.

  • Use two factor authentication whenever possible.
  • Some sites offer this additional protection which will require you enter and additional piece of information or have access to another piece of equipment.

For more insight and stats visit https://xkcd.com/936/

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Guard Yourself Against Identity Theft

Protecting your identity while online is one of the biggest steps you can take to prevent yourself from being a target of a cyber-attack or identity theft.  While many of us may think it won’t happen to me, or why would anyone want to steal my identity? Hackers are equal opportunity and will search for vulnerable users to exploit. Here are a few simple tips to lower your risks.

  • Don’t over share.
    • Things such as your date of birth, children’s, or pet’s names can be used to try to determine your password.
    • Vary your user names, while it may be hard to remember them all for different sites it will ensure if one account is compromised they won’t all be.
    • Try to avoid user names that give up too much information as well. Avoid using your email handle as your user name, while it may help you keep track, again if the account is compromised now your email address may be compromised as well.
    • Consider having two separate email addresses. One you use strictly for banking and other financial needs, the other for social media and shopping.
      • This could help identify a phishing email, if say you get a message about your bank or credit card account, and it’s linked to a different email address.
  • Be selective with who you add on your social media sites.
    • If you aren’t personally familiar with the person sending the request you may wish to ignore or deny that request.
      • Many hackers/scammers use social media to try to either scam users into sending them money or to hack their account to get the users contact info, as well as the contact for their friends.
  • Use different passwords for each site.
    • Having different user name and password combinations will help keep your accounts protected.
      • This would be especially helpful for your online banking accounts or credit card accounts.

Detailed information regarding Identity Theft scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Dont Fall for Scare Tactics!

(Photo from – http://www.telugunow.com/news-headlines/ransomware-effect-companies-hyderabad-320479.html)

Hackers hope their victims are uninformed and easily persuaded, because that’s the perfect recipe for success in their business. If users don’t know what to look out for, they can easily be baited into downloading malware, or giving up confidential information.

  • Don’t feel forced to into immediate action.
  • If you receive a suspicious email that is threating and requiring immediate action, take a moment to decide what your next step should be.
  • Is this an email about your banking or credit card account?
  • Then you should contact that institution directly, by phone whenever possible.
  • Is this a message saying that you have a virus on your system?
  • Perhaps you should run your antivirus software scan.
  • Taking a few moments to assess the situation and make your own decision can really make a difference and keep your accounts safe.
  • Many times your account or device hasn’t been compromised, and the hacker is leading you to a link that will compromise your account/device.
  • Remember that hovering over a link will show you its true destination. This is a good way to verify website.
  • Do not download any attachments included in any suspicious emails or use links provided within the body of the email to visit a suggested website.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.