Tag Archives: Security Awareness

Tip #22 Cyberbullying: How to Get Help

Screen Shot 2015-10-26 at 4.14.40 PM

 

Cyberbullying doesn’t end at high school graduation. It can continue in college, too. You’d think that people who bully would grow out of this behavior, but college is a high-stress place. Tiffs between ex-boyfriends and ex-girlfriends can spiral out of control. Rifts among roommates or between athletic teams and individual players at other schools can escalate to the virtual world.

One common arena for cyberbullying is social media. Facebook, Twitter, Instagram, and other services provide easy opportunities for students to spread negativity and put personal vengeances into action. Cyberbullying can also happen via email, text messages, and embarrassing images and videos posted online.

Negative emotions and fear grow and take on a life of their own through manifestation on the Internet, as seen most tragically with the cyberbullying situation that involved Rutgers student Tyler Clementi in fall 2010. Mental and emotional-based cyberbullying acts may set the stage for other acts of aggression, such as physical bullying or even school shootings.

If you are a witness of cyberbullying, speak out for the victim and try to put an end to it. If you don’t feel comfortable doing that, or if you are the victim and don’t feel safe speaking up, contact a trusted authority, such as a parent or school official, who can help put an end to the bullying. For more signs and prevention of cyberbullying, see this government website on cyberbullying.

At Fordham University, we maintain an office that specifically handles complaints about discrimination, which may involve acts of cyberbullying. Other supports include the University’s Integrity Hotline. Fill out a report about cyberbullying, and it will be directed to the appropriate office–be it the University Information Security Office, the Office of Public Safety, or somewhere else–for addressing your situation.

Finally, if you have engaged in cyberbullying, it can be helpful to talk to a counselor or trusted adult to help you sort out the reasons behind this behavior. Fordham has resources for that, too.

By Nicole Kagan, Fordham IT News Editor.

Tip #21 So There’s No Fault: Default to No Automatic Downloads

Image: "Beautiful Polaroid Camera Sculpted in Lego," Wired. The original Polaroid Land Camera processed a photograph instantly, producing one paper copy only per image.

Image: “Beautiful Polaroid Camera Sculpted in Lego,” by Arvo. Wired. The original Polaroid Land Camera processed a photograph instantly, producing one paper copy only per image.

That cute picture attached to your email might be a virus in disguise. Many email clients, including Gmail and Outlook, are configured by default to block automatic picture downloads from the Internet. It’s best to keep the default settings because they can help you:

  • Avoid viewing potentially offensive material (when external content is linked to the message).
  • Keep malicious code from damaging the data on your computer.
  • Decide whether a particular image warrants the time and bandwidth required for downloading it, if you are on a low-bandwidth connection.

For more information read Block or unblock automatic picture downloads in email messages.

Tip #20 Public WiFi: Use Sparingly and Safely

Miami Beach

Image: Vintage postcard.

It sounds like a great plan: Finish your history paper on the plane and email your paper from Miami Beach. As soon as you click “send,” you can slap on the suntan oil and vacation will begin!

You’re expecting to the pay the hotel for the privilege of using their WiFi connection. But as you’re about to connect to the hotel network, you notice a network called Free WiFi.

Don’t join that network! Even if you have to pay, it’s much safer to use the hotel’s network with your computer’s settings adjusted for using a public network.

Hooking up to a free network or hot spot, supported by an unknown source, may cause you to become a victim of a common WiFi scam. Hackers make available an Internet connection that looks legitimate. In reality, you’re connecting to their computer and they’re watching every move you make. All your traffic goes through their computer, allowing them to gather personal information like emails, usernames, passwords, and credit card numbers. They can even lodge a virus in your computer. And you won’t know a thing about it, until it’s too late.

The history paper might have been sent for free, but ultimately it will cost much more than the hotel’s WiFi connection.

When you’re tempted to join a free WiFi connection, think twice! Limit your risk when you connect to ANY public network, free or paid, by following these security tips:

  • First and foremost, do not connect to unfamiliar networks.
  • Never join a network identified as computer-to-computer.
  • Verify that your computer is not set up to automatically connect to networks.
  • Turn off file sharing while traveling.
  • Use antivirus software and keep it updated. Fordham has free antivirus protection for students, faculty and staff.
  • Install security patches.
  • Use a firewall.
  • Use your browser’s security settings.
  • Avoid opening email attachments.
  • Treat Instant Messaging suspiciously.

Fordham University’s own network is secure because it requires you to log in with your AccessIT ID and password.

By Nicole Kagan, Fordham IT News Editor

Tip #19 Deal of the Century! (Too bad it’s a scam!)

Image: Wallace Brown Greeting Cards, Boys' Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Image: Wallace Brown Greeting Cards, Boys’ Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Scroll through some of the previous posts on the Fordham IT Security News blog, and you’ll find all sorts of scams. No doubt you’ve received a few yourself. 

Be on the alert. If it’s too good to be true, especially if you have to give away information about yourself or pay money, it’s probably a scam. 

Job Scams Cyber criminals post their advertisements on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.

These sites might charge fees for services that real companies would never render. After you submit your resume and personal information, they might ask you for a $50-$100 fee. Normally, after a few days the thieves close the scam and disappear.

Donation Scams Natural disasters, political campaigns, and global health issues are often the emphasis of donation phishing scams. For instance, recently, cyber criminals have used earthquakes and tsunamis to create illegal “charity” businesses to help the survivors of these events.

Many of these scams begin with an email or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a given link, you are taken to a phony website devised to trick you into providing your personal financial information.

Fake E-cards E-cards are made the same way that websites are: they’re built on the Internet, just like this web page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.

This means an e-card you receive could actually be a phishing scam spam or a spyware installer, or a computer virus.

Read Microsoft’s helpful pages about more best practices on how to avoid these kinds of scams.

By Nicole Kagan, Fordham IT News Editor

Tip #18 Are You SURE You Want to Download that App?

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p.64.

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p. 64.

A Snapchat notification twinkles out at you from the phone. It’s midterms week and you’re craving a break from studying. Before you can open up the (probably very funny) “snap” your best friend sent you, an ad for something called SnapNSave pops up. “Save and view snaps as many times as you like,” reads the app’s description. You think to yourself, What a great idea!

But little do you know, the Snapchat you’re about to save will be hacked and exploited like the other 500Mb of photos that were just stolen by this app.

Legitimate third-party applications can offer entertainment or functionality. But use caution when you decide to enable any application on a device. Avoid applications that seem too good to be true, or significantly change the operation of a trusted app. Also, adjust your settings to limit the amount of information an application can access.

Read more about third-party app risks in this article from FireEye.

By Nicole Kagan, Fordham IT News Editor

Tip #13 Is that a Fish on Sale or a Phish?

Image: Phishing. adampop, Flickr.

Image: Phishing. adampop, Flickr.

Would an Ebay representative threaten to close your account lest you submit $150? Would Amazon normally offer you $100 free store credit? Would your favorite clothing store usually give you 80% off on fall clothes purchases? Chances are, if an offer seems too good to be true, it probably is!

If you’re surfing the web and you encounter something feels “phishy” or suspicious, take note! If an offer seems too good to be true, forget it! Some of the most common phishing scams target Internet users that blindly click and submit personal information, so make sure to be mindful of the way design and information are presented — before you click.

Phishing sites often try to replicate the “look and feel” of an existing site. They attempt to lure people into using phony websites that look just like the authentic sites of larger companies, organizations, or agencies that they are impersonating. Because we conduct meaningful transactions online every day, ranging from making simple purchases, to paying bills, to even paying taxes, it’s important that we’re alert to subtle changes on websites that we normally use. These deviations might be link names, header titles, text, or layout of a site.

So, take note and be careful when perusing the web. Unfortunately, a growing strategy for attackers is playing on the innocence and ignorance of Internet users.

Tip #11 Cell Phone Theft

Cell Phone Theft

Image: “Numbers of stolen cell phones growing fast around the country,” The Droid Guy

 

 

Thousands of cell phones are stolen and infiltrated every month. Even some Fordham students have been victims of this crime. Once a cell phone is hacked, the thief has access to a huge amount of personal information. So take heed! Follow these practical measures to avoid becoming a target.

  • Use your phone’s security lock code to create a unique pass code.
  • Disable bluetooth on your phone if not in use.
  • Make sure to only unlock the phone when you need to use it.
  • Do not lend your mobile phone to strangers on the pretext of an emergency situation. They may slip away with it before you know it.
  • Immediately report a lost or stolen phone to your service provider and to the police, and insist on an acknowledgment.
  • If you are a member of the Fordham community, report your theft to IT Customer Care at 718-817-3999 or HelpIT@fordham.edu
  • When not in use, keep your phone out of sight—in your pocket, backpack, or handbag.
  • Do not, by any means, leave your cell phone unattended.
  • Avoid disclosing the relationship between you and the people in your contact list. Avoid using names like “Home,” “Honey,”Hubby,” “Mom,” or “Dad.” Criminals might attempt to contact these individuals to extract more of your personal information.

Make sure your phone is secure. And if you get some weird-sounding texts from a friend or family member, get in touch with them in some other way before you respond.

For more information about cell phone theft, read “How to Deter Smartphone Thefts and Protect Your Data” from CTIA, the Wireless Association.

 

Tip #10 Geotagging and Location Sharing–Just Don’t!

1937 Map of the Bronx

1937 Map of the Bronx

When you got back from vacation, your friends looked at you with amazement and admiration: You went to the Louvre in Paris, the Forum in Rome, AND you ran the Great Wall Marathon in China. They know this because every time you stopped for a croissant, a dish of pasta, an egg roll, or to tie your sneakers, you geotagged your location on all your social networks.

Location tagging or geotagging yourself on social networks is never safe. While it might look cool that you’re visiting iconic places or doing incredible feats (or just mundane things), at the same time, you risk cluing in a stalker about exactly where to find you, or telling a thief that you’re not home.

Whenever you geotag, you’re not only talking to a small group of friends. You may potentially be talking to anyone on the Internet. In general, location tagging is not a safe feature to activate, so do your best to avoid it.

Read more about geotagging on The Daily Beast.

Tip #9 Think Twice (Or Thrice) Before You Post

Image: Charles Clegg, Flickr

Image: Charles Clegg, Flickr

Always remember: there is no permanent “delete” button on the Internet. Once you’ve posted information about what you’re doing or where you’ve just been, it’s easy for attackers to seize your personal information and take advantage of you. Even if you’ve deleted your post, chances are someone saw your information, and that it’s circling somewhere on the web.

Search engines like Google and Bing make a copy of every single webpage, for example, which they then index and essentially freeze those pages in time, unless they’re refreshed by your browser. Archival services like the Internet Wayback Machine take snapshots of as many sites as they can for research purposes, and the Library of Congress receives regular archival copies of the entire public Twitter universe. Every single Tweet!

Be wary that once you post, people might be able to target you, even if you’ve deleted something from a social media site. Thieves could know that you’re out of town and rob your empty house, or they might choose to snag information off the boarding pass photo you just posted and deleted on Instagram.

So long story short, think twice before publishing sensitive information on the web. Make sure that what you’re posting won’t allow someone to take advantage of you.

Resource: The Internet Doesn’t Have a Delete Key.

 

Tip #8 Identity Theft: Signs and Solutions

Everyone has unique fingerprints. The image above is work of by Cheryl Sorg, an artist who creates portraits of people's thumbprints.

Everyone has unique fingerprints. The images above shows work by Cheryl Sorg, an artist who creates portraits of people’s thumbprints.

Identity theft happens when someone accesses your personal information and uses it without your permission and for their personal gain. Information that can be stolen and used includes bank account numbers, credit card numbers, utility bills, and health insurance policies. Someone with your personally identifiable information (PII) can even file a tax refund in your name and get your refund. There’s even been cases where a thief gives another person’s name during an arrest.

To protect yourself against identity theft, be vigilant about sharing your personal information. Guard your passwords like you do your wallet and any sensitive information.

If your identity is stolen, having a good plan to address the situation will help minimize the effects. Identitytheft.gov outlines a plan, which is summarized below. Also, contact Fordham’s IT Customer Care. They’re prepared to help you figure out what your next steps should be.

First
Step 1: Call the companies where you know fraud occurred.
Step 2: Place a fraud alert and get your credit report.
Step 3: Report identity theft to the FTC.
Step 4: File a report with your local police department.

Next
Step 1: Close new accounts opened in your name.
Step 2: Remove bogus charges from your accounts.
Step 3: Correct your credit report.
Step 4: Consider adding an extended fraud alert or credit freeze.

Identitytheft.gov lists other steps for specific situations, as well, such as tax-related identity theft, resolving child identity theft, and replacing government-issued issues.