Mobile “vishing” Rivals E-mail “phishing” as Growing Cyber Threat

First there were online “phishing” scams through fraudulent e-mail.  Now there’s “vishing,” or voice phishing, which seeks to fool users into giving up personal information through their mobile phones.  Some attackers purport to sell extended car warranties, others pretend to be from your credit union or credit card company.  You’ll notice that the caller ID number will look legitimate.

Recently, I received a call where a recorded voice stated that this important call from my credit card company concerned lowering my interest rate, and I needed to immediately call a toll-free number.  After ending the call, I realized that I’d been “vished.”

According to a CNET news article from May 19 of this year, criminals mask their true phone number with ID spoofing while using social engineering tricks to obtain account information or to sell consumers bogus products.  Many times this call includes making the recipient feel there’s a problem with his/her account or offering a fantastic deal on expensive merchandise, much the same as a phishing e-mail does.

Protect Yourself Through Awareness

Whether it’s through e-mail or your mobile phone, phishing/vishing scams are a growing threat.  However, awareness is one way we protect ourselves from cyber threats, identity theft and the other pesky pitfalls of our digital life.

Remember, if you receive a phone call or an e-mail requesting personal information or offering a fantastic deal that seems too good to be true, the easiest thing you can do to protect yourself is to:

Press the “End” button on your phone or delete the e-mail
WITHOUT RESPONDING.

Are You at Risk?

Want to know if you’re at risk?  Take the Fraud Risk Test from, LooksTooGoodToBeTrue.com, a consumer fraud education site jointly funded by the US Postal Inspection Service and the FBI.  Here you can learn about the latest threats, types of fraud and victim stories.

What Can I Do to Stay Safe?

According to the anti-phishing group, Antiphishing.org, the number of unique phishing Web sites detected in June 2009 rose to 49,084—the second highest number recorded since APWG began reporting this measurement.

During the month of October, ECU is conducting a phishing scam education campaign to celebrate National Cyber Security Awareness Month.

So, first ask yourself, “What can I do to stay safe on the Internet?”

Next, make sure you follow these very simple steps:

1.  NEVER reveal your passphrase to anyone.
2.  Legitimate businesses NEVER request personal information through e-mail.
3.  If an e-mail asks for personal information, DELETE that e-mail.
4.  If you’re unsure call the business directly, do not call the phone number in the e-mail.
5.  E-mail alerts from ECU always originate from ITCS Notifications and are listed on the ITCS Help Desk home page.
6.  If you have provided account information, change your password immediately at http://pirateid.ecu.edu/.
7.  Never click the links in an e-mail.
8.  Symantec SAV software for your home computer is available at http://download.ecu.edu.
9.  Keep your operating system and other software up to date.

For more information on phishing scams and other security-related topics, visit http://www.staysafeonline.org/.

Secure Your Home Windows PC

Be it a virus, worm, Trojan horse or worse, there’s nothing more pesky than a computer infected with malware. You trust that appropriate security is enabled on campus computers—no worries there—but what about your home system? How do you know what you need?

According to Robert Vamosi, former senior editor at CNET.com, current security, risk and fraud analyst and staff writer for the Windows Secrets online newsletter, Windows users should consider four components for minimum computer security: a firewall, security software, a software update service and a secure browser.

Use a Firewall

A firewall is a gate between your computer and the Internet which denies or permits traffic based on a set of rules you configure. If you use a router at home, there is probably a firewall included with this device. A software firewall is included with Windows XP and Vista (see the Security Center in the control panel). To learn more about using a firewall, read this article at the Microsoft Security site, How to choose a firewall.

Use Security Software

Security software protects your PC from viruses, Trojans, spam and other malware. If you use your home computer to access the ECU network for class assignments or work, Symantec’s Endpoint security suite is available to you through the ECU/Symantec campus agreement.  To download, visit download.ecu.edu and sign in with your Piratemail account/passphrase.  Click Virus and Security Applications.

Use a Software Update Service

Most users rely on Microsoft Update to keep their Windows operating system and Office programs up to date.  But the security conscious understand that it’s also necessary to keep non-Windows programs current as well. Vamosi’s Security Baseline article includes other update services to try, but for most PC users, Windows Update is a good start.

Vamosi’s article also recommends that users set Windows Update to “Notify me but don’t automatically download and install.”  This way, users choose which updates to install, which can be important.  For example, Microsoft is urging users to download Internet Explorer 8, but ECU has not yet finished testing IE 8’s compatibility with other online systems like Banner.

Use a Secure Browser

No matter which browser you use—Internet Explorer, Firefox, Google Chrome or others—make sure to use the latest version.  While browser updates can include a fun, new feature, more often than not the update patches a security hole, so never delay updating your browser!

And a word of caution: Several browsers offer a feature that “remembers” passwords and other login information for sites you often visit.  However, according to the ITCS Security team, NEVER allow your browser to remember usernames or passwords! If a hacker accesses your system, he/she will have access to this information as well.  For more information on this topic, see our Web page at http://www.ecu.edu/itsecurity/Web-Browsers.cfm.

Yep, it’s a jungle out there.  But awareness of even a few security considerations goes a long way toward making your Internet excursions safer with fewer hassles.

Campus PCs Upgrade to Symantec Endpoint Protection

On Thursday, July 23, 2009, ITCS upgraded the Symantec AntiVirus software on all INTRA Domain (campus) PC systems to Symantec Endpoint Protection (SEP) version 11.0.4202.75.

With a new look and improved features, SEP integrates antivirus, antispyware, firewall and intrusion prevention protection into one product.  Now you can feel safe from malware such as viruses, worms, Trojans, spyware, adware, ‘bots and more, all with one product!  There’s no longer a need to download three or four different freeware programs in addition to having Symantec AntiVirus to protect your campus Windows system.

The software should have installed automatically and comes pre-configured for regular Live Updates, but you can check out other features by double-clicking the program icon in the notification area of your computer’s desktop (lower right of the screen).

When you open the program, notice the green status bar that lets you know SEP is working and your system is protected. There are also links on the left to scan your system, change the settings or view the quarantine area.

To learn how to use Symantec Endpoint’s features, such as deleting quarantined items or scanning your system, visit http://www.ecu.edu/cs-itcs/endpoint.cfm . If you suspect the program is not installed on your campus PC or you have any questions, call the IT Help Desk at 328-9866.

Malicious E-mails Increase After Major Events

When a major news event happens, be sure to watch out for an increased number of phishing and malicious e-mails with a subject line related to that event.  These e-mails usually include an attachment containing malware to infect your computer or links to a spoofed Web site.

For example, the United States Computer Emergency Readiness Team within the Department of Homeland Security reported an increase in phishing, spam and malicious code related to the deaths of singer Michael Jackson and actor Farrah Fawcett.

Staying safe online is a combination of tools and behavior. Keep these tips in mind:

Keep your operating system up to date

Install Symantec Endpoint Protection and configure all auto-protect features (Endpoint protects against Trojan horses, worms, viruses and keyloggers)

Configure Live Update to run automatically

Delete e-mails that ask for your account information

Remember that if an offer sounds too good to be true, it probably is!

For more information about email safety, please visit http://www.ecu.edu/cs-itcs/itsecurity/Email.cfm.

Next Page →

• Categories

  • E-Mail
  • General
  • Green
  • Hardware
  • How-To
  • News
  • Projects
  • Security
  • Software
  • Web

• Pages

  • About
  • RSS How To Subscribe

• Archives

  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
• Search for:

• ITCS Blogs

  • CommonSpot
  • Mobile – Susan's Lookout
  • Perseus
  • SharePoint (PirateID required)
  • TechTips
  • WordPress

• Links

  • ECU RSS Page
  • ITCS Learning Center