Security Tip of the Week
From the desk of Christian Payton Hinton
Office of Information Security Student Assistant
The information contained in this website is for general information purposes only. The information and articles provided by CSU Office of Information Security and while we endeavor to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on this website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
"Free" Computer Scans
Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a "free security scan," especially when faced with a pop-up, an email, or an ad that claims "malicious software" has already been found on your machine. Unfortunately, it's likely that the scary message is a come-on for a rip-off.
The free scan claims to find a host of problems, and within seconds, you're getting urgent pop-ups to buy security software. After you agree to spend $40 or more on the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what's worse, the program now installed on your computer could be harmful.
Criminals use undetectable "Shimmers" in new credit card scam
Shimmers are thin skimmers that fit inside where you swipe your Credit Card. These devices scan your Credit Cards chip and stores its data
Remember these tips to try and avoid them
- Use the contactless tap-and-go feature on your credit or debit card in stead of swiping or inserting your card.
- Use contactless mobile services such as Apple Pay or
- Samsung Pay to tap and pay.
- If you're withdrawing cash at a bank, go inside to a teller.
- Use ATMs in banks rather than a more vulnerable standalone machine.
- Cover the keypad with your hand when entering your PIN.
- Don't proceed with a transaction if your card encounters resistance when it is inserted.
- Contact the bank, merchant and your card issuer is you suspect your card has been compromised.
References: Fox19 , Themerkle, WTVM, CBS
Cyber Security Tips While on Vacation
When you travel, there probably are a few must-haves in your suitcase: your toothbrush, deodorant,
socks, shoes – you get the idea. But one travel must-have we don't always think about is security.
An identity thief stole my phone!
Identity theft can happen to anyone. A fraud investigator will tell you about their identity theft.
Knowing how to respond will help you if you ever have to recover your identity. Read more about the identity thief.
Source: Federal Trade Commission - Consumer Information
Student loan scam gets an F from the FTC
The costs of student loans and fees can be overwhelming. You might see online ads that promise to help lower your payments or get your loans forgiven. But be wary of companies that make those promises, and never pay an upfront fee. Read more about the scam.
How fast will identity thieves use stolen info?
If you've been affected by a data breach, or otherwise had your information hacked or stolen, you've probably asked yourself, "What happens when my stolen information is made public?" At the FTC's Identity Theft workshop on May 24, 2017, the FTC Office of Technology staff reported on research they did to find out.
First, they created a database of information about 100 fake consumers. To make the information realistic, they used popular names based on Census data, addresses from across the country, email addresses that used common email address naming conventions, phone numbers that corresponded to the addresses, and one of three types of payment information (an online payment service, a bitcoin wallet or a credit card).
They then posted the data on two different occasions on a website that hackers and others use to make stolen credentials public. The criminals were quick to pounce. After the second posting, it took only nine minutes before crooks tried to access the information.
In total, there were over 1,200 attempts to access the email, payment and credit card accounts. The identity thieves tried to use our fake consumers' credit cards to pay for all sorts of things, including clothing, games, online dating memberships and pizza.
The research shows that Identity thieves are actively looking for any consumer credentials they can find: if your account data becomes public, they will use it.
So what can you do to limit your risk? Well, in this study, two-factor authentication prevented thieves from gaining access to the accounts. Two-factor authentication is a process that requires both your password and an additional piece of information (such as a code sent to your phone). Because these thieves did not have access to the second factor, they were unable to access the accounts. It's not a cure-all, but it can help.
Tech Support Scams
Last week, the FTC announced a bunch of cases against tech support scammers: the people who act like there's a problem with your computer and then try to convince you to fork over money to fix – ahem – "fix" it. Except there never was a problem, and they weren't really from tech support.
If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don't click on any links, don't give control of your computer and don't send any money. Learn more about spotting tech scams and what you can do if you get a call or pop-up.
Google Spam Email
If you have clicked on the email shown below, more information and recommendations can be found at Phishing Alert - Google Docs Campaign.
How to defend against ransomware
Here are some tips to protect your devices from ransomware, and what to do if you're a victim :
1. Update your software. Use anti-virus software and keep it up-to-date. And set your operating system, web browser, and security software to update automatically on your computer. On mobile devices, you may have to do it manually. If your software is out-of-date, it's easier for criminals to sneak bad stuff onto your device.
2. Think twice before clicking on links or downloading attachments and apps. According to one panelist, 91% of ransomware is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.
3. Back up your important files. From tax forms to family photos, make it part of your routine to back up files on your computers and mobile devices often. When you're done, log out of the cloud and unplug external hard drives so hackers can't encrypt and lock your back-ups, too.
What if I'm a victim of ransomware?
- Contain the attack. Disconnect infected devices from your network to keep ransomware from spreading.
- Restore your computer. If you've backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
- Contact law enforcement. Report ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Include any contact information (like the criminals' email address) or payment information (like a Bitcoin wallet number). This may help with investigations.
Law enforcement doesn't recommend paying the ransom, although it's up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back. If you pay the ransom, there's no guarantee you'll get your files back. In fact, agreeing to pay signals to criminals that you haven't backed up your files. Knowing this, they may increase the ransom price — and may delete or deny access to your files anyway. Even if you do get your files back, they may be corrupted. And you might be a target for other scams.
Source: Federal Trade Commission - Consumer Information
Free movies, costly malware
"Something for nothing" sounds appealing, but often there's a hidden cost. If the something is a site or app offering free downloads or streams of well-known movies, popular TV shows, big-league sports, and absorbing games, the hidden cost is probably malware. Sites offering free content often hide malware that can bombard you with ads, take over your computer, or steal your personal information.
We recently downloaded movies from five sites that offered them for free. In all five cases, we ended up with malware on our computer. Generally, it served up a slew of unwanted ads.
And if that's not enough to make you pause, downloading pirated content is illegal.
Finally, some free download sites ask for a credit card to process your registration. It's not a good idea to give your credit card number to a site offering illegally downloaded content. They're run by "pirates," not legit business people, and you can't trust them with your financial information.