|Everyone wants to exercise best practices and stay safe while online, though doing so is often easier said than done. For most, convenience outweighs security and as a result, we put ourselves and others at risk for identity theft and other cyber threats. In keeping with the shared responsibility theme for National Cyber Security Awareness Month, we wanted to bring you an opportunity to not only hear about the typical dangers and pitfalls that come with being online, but more importantly, for you to know which ones (as an individual), you are most susceptible to.
One of the National Cyber Security Alliances’ partners (EMC2/RSA) has kindly provided an “Online Identity Risk Calculator” quiz, to help you find out your personal identity risk score and based on that – they will provide practical tips on how you can keep your online identity protected.Just answer 10 questions and discover how your online activities – from banking and shopping to the types of social networking sites you visit – may potentially make you more vulnerable to identity theft and fraud. Click HERE to play! – IDENTITY RISK GAME
Are you unwittingly putting ECU at risk?…Now that we have looked at our personal habits and the potential consequences of such, we wanted to give everyone a chance to take a similar evaluation to determine if and how their behavior differs while at work.
Just answer 12 questions to calculate your workplace security risk score. Discover how behaviors like sharing passwords, or using your work computer to check personal emails or download music could make the university vulnerable to hacking, malware and other attacks. Click HERE to play! – WORKPLACE SECURITY GAME
Did your online risk score(s) surprise you? Did you think that you were being more careful than you really are? Are you practicing safer habits at home than you are at work or vice-versa? – If so, why?
We would love to hear feedback from staff and faculty across campus to help us understand and target the areas of concern. Please post to this blog, our Technology Digest blog or our ITCS Facebook page with your results and/or comments!
ITCS on Facebook: https://www.facebook.com/ITCSatECU
ECU Technology Digest blog: http://blog.ecu.edu/sites/techdigest
Social networking sites are powerful tools that allow you to communicate with friends and family around the world. However, be careful what you share, how you share it, and with whom.
Social networking sites are one of the most exciting and powerful technologies on the Internet. These are virtual, online communities allowing people to connect to each other from around the world. On these sites, you create an account, post information about yourself, and share information with your friends, family and fellow co-workers. You can also track others to learn what they are currently doing. Different sites are used for different purposes. Sites such as LinkedIn are used for professional or work-related activities, while sites like Facebook are used for personal activities.
Each of these sites is set up differently, but they are all designed to allow you to decide what information you want to share, how often, and with whom. Some people update their sites daily or even hourly, posting what they are doing, where they work, their hobbies, and their favorite music. What makes these sites so powerful is how easy it is to share with others and to watch and learn what others are doing. However, with these amazing capabilities come many risks you need to be aware of.
1. Sharing Your Information
Social websites allow you to post and share a tremendous amount of information. Not only can you publish basic personal data, but also favorite songs and movies and personal photos
and events in your life. The concern is, if you’re not careful, sharing all this information can harm you.
Criminals and attackers look for highly personal information. Based on details of your life you’ve shared, they may be able to guess your passwords, impersonate you online, or even steal your identity. You should never post personal details such as your birth date, home address, or identification numbers. In addition, organizations hiring new employees or universities reviewing new students often do background checks on popular social networking sites such as Facebook. To protect your future, do not post any embarrassing information or photos of yourself. If it is something you would not want your boss or family to see, you should not post it.
2. Others Posting Information About You
Even more challenging to control is information others publish about you. You can control what is published on your page and who has access to it, but other people can publish information about you on their own sites. Photographs, videos, or online chat sessions can easily be shared. Always inform your friends what information they can and cannot share about you. If they are not sure, have them ask before posting. It is also wise to review their sites to see what they have posted about you. Some social network sites will even notify you if others have posted information about you. In addition, many social networking sites have an abuse contact. If someone will not take down personal information about you, then contact the website’s abuse center.
3. Third Party Apps and Games
Some social websites have additional third-party programs, such as games you can install. These programs are usually not developed or reviewed by the social networking website. Instead, they are developed independently by other individuals or organizations. Always be careful when using third-party programs, as they can potentially infect your computer or access your private information.
4. Trusting Others
One of the exciting features about social networking is the ability to quickly and easily interact with others. The issue is these websites make it easy for attackers to impersonate people you trust. Only accept friends or contacts you know. If you blindly accept any request to join your network, then you have no privacy protection. Another common attack occurs when criminals hack an account on a social networking site and pretend to be the victim. The criminal posts messages to all of the victim’s friends, pretending to be the victim and tricking their friends to visit a website or install a program. When people visit the websites or install the program, their accounts or computers are often hacked. Criminals are using your trust of others to attack you. So be careful. If a friend’s request seems odd, confirm it is your friend and not a criminal or virus that has taken over their account. When in doubt, call your friend to verbally confirm the request.
5. Work Information
Never post any organization-related information on social networking sites unless you have prior permission. In addition, be sure you are using different passwords for your personal and work social networking accounts.
Print this newsletter: Module05-SocialNetworking-Newsletter
© The SANS Institute 2013 / Used with permission from The SANS Institute.
Hacking Your Mind
Cyber criminals have learned that the easiest way to take control of your computer or
steal your information is to simply ask. Use common sense. If a person or a message
seems suspicious or too good to be true, it may be an attack.
Today, much of your interaction with other people is done virtually; you no longer need to be in physical contact to communicate. You talk to people on the phone, chat with them via instant messaging, send SMS messages on your smartphone or communicate with email. These technologies have made it much easier to communicate and work with people from
around the world. However, these technologies also make it much easier for cyber criminals to launch one of their most effective attacks against you: social engineering.
Social engineering is not a technical attack, meaning it does not exploit vulnerabilities in your computer. Instead, it is a psychological attack that exploits vulnerabilities in you. Cyber criminals build trust by pretending to be a person or organization you know. They then exploit this trust to obtain whatever they want, such as access to your computer, your money or your information. Cyber criminals have learned that often the easiest way to steal something is to
simply ask for it. Social engineering attacks use the same tools you use every day, including email, smartphones and the web.
Social engineering attacks are the hardest to protect against because technology alone cannot solve the problem. You are the best defense. Understand that you are a target and that cyber criminals will use any technique they can to fool or trick you. The simplest way to protect yourself is to use common sense. If an email, message on Facebook or phone call seems suspicious or sounds too good to be true, it is most likely an attack. Below are several common social engineering attacks.
You receive an email from your bank saying that your account has been locked for security reasons. You must log into your account and reset it right away or you will be permanently locked out. The email then provides a link for you to click on. If you click on the link you are taken to a website that looks just like your bank. However, in reality this is a fake website controlled by the hackers, whose goal is to harvest your username and password when you log in. In some cases, instead of sending you to a website to steal your username and password, they send you to a website that will automatically hack into and infect your computer. The best way to protect yourself is not to click on any links in emails you were not expecting. If you are concerned that the email may be legitimate, open your browser, type in the URL to your bank yourself and then log in instead of clicking on the link. That way you know for sure you are connected to your real bank.
You receive a text message on your smartphone announcing you have won the lottery. To collect your lottery winnings you must contact a person and provide them your banking information. When you contact the person they explain that to receive your lottery winnings you must first pay a transaction fee or taxes. Once you provide your information and pay the fees, the cyber criminals disappear with your money and information, never to be seen again. The simplest way to protect yourself is simply ignore and delete the email.
Your friend posts on her Facebook page that she is on vacation in London and has just been mugged. She needs someone to send her money right away so she can get back home. However, this is a lie; your friend is not really on vacation, nor has she been mugged. Instead a cyber criminal has hacked into her Facebook account, then posted this fake message in an attempt to scam money from her friends, such as you. In this case, the best way to protect yourself would be to call your friend on the phone and confirm if she needs help.
Tech Support Scam
You receive a phone call from someone claiming to be from a computer support company. They believe your computer is infected and have been tasked to investigate and help you secure your computer. They then ask you if there are specific files on your computer and tell you how to find them. When you locate the files on your computer the caller confirms your computer is infected. In reality this is all a lie, your computer is not infected, these files are standard files that every computer has.
Once they have you fooled into believing your computer is infected they will then pressure you into buying their security software. However, this software is really a virus that gives them total control of your computer. In the end, not only has the caller tricked you into infecting your computer for them, but you just paid them to do it.
Print this newsletter: Module02-SocialEngineering-Newsletter
© The SANS Institute 2013 / Used with permission from The SANS Institute.