News

Beware of Good Ole Scammer Claus!

Beware of Good Ole Scammer Claus! 

As we head towards holiday shopping season, remember that there are many scammers trying to trick you into revealing credit card numbers and other Private information--information that can be used for Identity Theft. As part of their attempts, we're seeing an increase in phishing attempts--many disguised as free gift cards or delivery confirmations.

Follow these guidelines to help ensure your Private information (and your money) stays secure on the Internet.

Use a Secure Computer

Use Strong Passwords

  • DO NOT use your RIT password. (We recommend not using your RIT email as well.)

  • Use a strong, unique password or passphrase where allowed. See our How to Create a Strong Password brochure for tips on choosing strong passwords.

  • Take advantage of any additional security features offered by your bank.

 Be Alert for Phishing and Scams

  • Never respond to an e-mail requesting that you reply with your login information. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.

  • Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Research the Company and Website

  • Investigate any  retailer you are considering using. How trustworthy are they?

  • Check the company's privacy policy. 

  • Check for negative reviews using a search engine. 

  • If you're shopping at an auction site, check out the seller's feedback.

Make Sure the Website Uses Encryption

  • The address bar should begin with https (not just "http") and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Monitor Your Accounts

  • Keep track of all your purchases and account history from start to finish and beyond.

  • Save copies of your orders and receipts, as well as e-mail confirmations and product descriptions.

  • Follow up on your purchases by monitoring your bank account and credit card statements for any unauthorized transactions.

  • You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Problems and Complaints

Identity Theft

Online Shopping Complaints

Additional Links

 Have a good (safe) holiday!

No-Click November

No-Click November

It’s November again. Cyber Security Awareness month (October) just passed but that doesn’t mean that we don’t have to keep practicing all the online safety tips we learned; quite the opposite actually, now that we have gotten more informed about online security, we must implement those tips daily and share our knowledge with everyone that surrounds us.

This year is coming to an end, yet new security exploits show up every day to attack the cyberspace. Holidays are coming, and NOW is as good a time as ever to learn/review security tips regarding where we “click”. Even the most security savvy are prompt to distractedly click here or there and fall for a scam before even realizing it. During this month, we will be sharing tips through all of our social media gadgets, to properly prepare you to enter the Internet battlefield, a place full of web links, attachments, and tricky “click-here’s”.

The amount of people who go online everyday only gets bigger and bigger, and so does the time they stay online. Phishing attacks and identity theft attempts are a threat to us most of the time we are navigating through the cyberspace, which is why we should stay protected always, and since the internet is a shared resource, our duty is also to create awareness and make sure others stay secure as well.

From malicious links send through email, to suspicious attachments and even “x” (cancel) buttons in ads and popups, the possibility to fall for an attack is just one click away. And the best way to protect yourself is being vigilant where you navigate, and take every precaution possible.

This month we also have Computer Security Day (Nov. 30th). This is a great month to remind you to keep your computer and information safe. Learn how in our Securing Your Computer section.

Tips to help you identify when not to click:

  • Don’t simply trust information from sources you don’t know. If you have to click a link, cut and paste the information into the browser to make sure it’s a legit site.
  • Make sure you know where short links are taking you to. A good way to find out is by copying and pasting them into a "link expander" such as KnowURL.com or LongURL.org
  • Before clicking on links on emails, especially if you don’t know the source, rest your mouse (without clicking) on the link and make sure the address is the same one typed in the email.
  • Try to always investigate the source of a link before clicking it. Don’t trust what comes to you from strangers.
  • Beware of scammers in popular websites. In some sites like Pinterest, you might click on someone’s board and realize that it takes you to a complete different address than what the pin was about. Be cautious when clicking on other people’s content.
  • Be careful with websites that demand you to download a video codec or software to view something. It will most likely lead you to download malware.
  • Read before you click. If you don’t find the terms and conditions worth reading, then don’t put your security at risk agreeing with them.
  • We recommend you enable site checking and add an anti-phishing toolbar to your browser. These last ones help detect and may block known phishing sites.
  • Just because a friend posts or "likes" a shared link it doesn’t mean that it is safe to access, hackers often disguise links as interesting content to get to you, but this malware will likely affect your computer or mobile device in many of harmful ways.
  • We often ignore pop ups reminding us to update our computer security software. In this case, DO click, as soon as you can. An important part of staying safe is keeping them up to date.

 

The online shopping boom aroused by Black Friday also makes this month appropriate to share security tips so you can protect yourself from false special sales and ads that try to trick you into believing that they are leading you to get a great deal. If it sounds too good to be true, it probably is. Listen to your instincts! 

Check our Online Shopping tips and follow us on all of our social media gadgets for daily tips and information.

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      Using LinkedIn’s New Two-Factor Authentication

      Using LinkedIn’s New Two-Factor Authentication

      The growing trend in sites adding two-factor authentication to their log in process has many feeling more secure in their social media and other online interactions.

      With passwords being easy to compromise with phishing attacks, many users have been hoping for something more secure.  Two-factor authentication gives a double protection on your account, requiring you to know something (your password), and have something in your possession (a token).  The token can be any number of devices, cards or other physical items, often generating unique codes as proof you have the object.  Think of ATMs.  You need to have the ATM card (the token) and know your PIN in order to access your account and do any transactions at the ATM.  One without the other and you can’t get in.

      LinkedIn is using a single-use code sent via SMS to whatever mobile number is listed on the account.  Your mobile device serves as your token.  This code is entered into the site after you enter your password to complete the two-factor authentication.  The idea behind this is if your password happens to be cracked or phished, as long as you don’t lose or compromise your phone, you are still safe from attackers logging into your account (though you should change your passwords and do a virus scan to be safe if your password gets compromised!).  

      Want to enable this security feature for your own LinkedIn account? LinkedIn provides some instructions here:  
      http://www.slideshare.net/linkedin/two-step-verification-on-linked-in.  

      Many other sites have similar security features so check out your account settings and give yourself an extra layer of protection.

      SECURITY NOTES:

      As with any security chain, there are ways this could possibly be compromised.  The easy way is if an attacker knows your password and stole your phone.  A more sophisticated way is if you get phished for both your password and the code just sent to you, and the attacker users both before the code expires.  How likely could these happen?  Well that’s up to your security prowess.  Read more on our website about creating secure passwords (https://www.rit.edu/security/content/password), avoiding phishing attempts (https://www.rit.edu/security/content/phishing) and best practices when it comes to mobile device security (https://www.rit.edu/security/content/mobile-devices). 

      Data Privacy Month--Private Information Disposal

      Data Privacy Month--Private Information Disposal

      This article was also published in the Quaestor newsletter of RIT's Institute Audit, Compliance, and Advisement.

      Did you know that January is Data Privacy Month? 

      For the last two years, we’ve focused on remediation and disposal of Private Information resident on RIT computers and we’ve made great progress. Have you thought about disposing of Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) that’s not on your computer? We encourage you to review paper filed, disks, CD/DVDs, video tapes, and any other type of storage media containing Private Information and dispose of those containing unnecessary Private Information appropriately.  Don’t forget that retention of RIT information is also governed by the Records Management Policy (C22.0).

      Paper files containing Private Information pose a risk both to RIT and to the individuals whose information if in the materials. For example, on April 14th, 2011, Central Ohio Technical College found that course information had been left in a filing cabinet at an off campus storage facility, compromising the Social Security Numbers of over 600 registered students. RIT used a similar system with Social Security numbers until June 2006, when University IDs became the main means of registration and identification on campus. DataLoss DB (http://datalossdb.org/statistics) indicates that almost 25% of breaches have been due to the inadvertent loss of private information, in both paper and digital formats. Disposing of unnecessary Private Information (e.g. Social Security Number, Bank Account Number, Credit Card Number or Drivers License) will help ensure RIT complies with Private information laws, policies, and procedures. 

       New York State defines private information (PI) as:

      any personal information concerning a natural person combined with one or more of the following data elements: Social Security number (SSN), driver's license number, account number, or credit or debit card number in combination with any required security code. These combinations of information are often used in identity theft.

      The New York State Information Security Breach and Notification Act requires that RIT notify affected consumers if their Private information is compromised.

      If you’re not sure of whether or not to dispose of Private Information on your computer,  check with your manager or consult the Private Information Decision Tree here https://www.rit.edu/security/content/private-information-decision-tree

      For more information about the Private Information Management Initiative, check out our PIMI FAQ page
      https://www.rit.edu/security/content/private-information-management-initiative-pimi-faq and our Document Destruction page https://www.rit.edu/security/content/document-destruction

      Data Privacy Month: Are You Smarter Than Your Phone?

      Data Privacy Month: Are You Smarter Than Your Phone?

       

      Did you know, “Smartphones can predict a user's gender with 71% accuracy, & can distinguish between ‘tall’ and ‘short’ people and ‘heavy’ and ‘light’ people, with about 80% accuracy?” Take a look at this recorded webinar from the January 9 EDUCAUSE Live! Data Privacy Month kickoff event with special guest, Rebecca Herold (the Privacy Professor) to find out just exactly how smart your Smartphone is.

      Nearly everyone on a college campus today has a mobile phone, capable of accomplishing amazing tasks while on the go. But, how SHOULD you make use of your smartphone? You are smarter than your phone if you know that you need to make careful choices about using your geo-location feature. You might post a picture to Facebook while on your European trip if there are other people still living at your address back home. But, if your house is empty while you travel, you would be smarter to wait to post until you get home. Do you really want everyone to know you are out alone at midnight by "checking in" at your local donut shop? You are smarter than your phone if you use sound judgment about revealing your location. You’re smarter than your phone if you know you need to think critically about the sensitivity of the data you put on or access through your phone. Do you use your phone for banking, without password protecting the device? Your phone is happy to do it. But you are smarter than your phone if you protect it with a password. If you’re not thinking critically about what you do with your phone, we’ll help you think again!

      The webinar covers fun facts as well as 16 ways to mitigate Smartphone security and privacy risks. Topics include tracking, info access, malware, breaches, loss, theft, ID theft, physical security, social media, and apps.

      Webinar recording, slides, and chat transcript are available here
      http://www.educause.edu/library/resources/data-privacy-month-are-you-smarter-your-phone

      Watch out for Good Ol’ Scammer Claus: Practice safe shopping online this holiday season

      Watch out for Good Ol’ Scammer Claus: Practice safe shopping online this holiday season

      (revised from an article written in the RIT University Magazine by Ben Woelk)



      Consumers spent more than $46 billion shopping online last holiday season and will spend even more this year. According to Internet Retailer, this year’s online spending is estimated at $54 billion, and, “This holiday season will mark the fourth consecutive year of e-commerce spending growth.” To cyber criminals, more spending and the busy-ness of the season means more opportunity for identity theft and fraud.

      As you begin your shopping, follow these guidelines to help ensure that you don’t become a victim.

      1. Make sure you’ve protected your computer. According to a survey by the National Cyber Safety Alliance, most home computers aren’t as well protected as their users believe. We recommend that you make sure your home computer meets the requirements of the RIT Desktop & Portable Computer Standard, especially updated anti-virus, before going online.

         
      2. Know from where you’re buying. Plug the website name into a search engine. What kinds of consumer reviews are returned?
      • Understand the seller’s return/exchange policy before buying.
      • Check the seller’s privacy policy to understand how they will protect your information.
      • If you’re shopping on an auction site, check the seller’s feedback to see what kind of experience others have had.

         
      1. Know what you’re buying. Don’t fall for a deal that looks too good to be true. Extremely low prices could be an indication that the item is a counterfeit. The website may also harbor malware that could attack your computer.

      If you’re making several purchases, try to combine them in the same order if possible. It saves the amount of transactions you have to make and may also save you money on shipping costs.

      1. Only send your private information using secure web forms. Make sure the address bar begins with either shttp or https.
      • Look for a padlock or an unbroken key on your web browser to confirm that the site is secure. The padlock will be located at the left end of the address bar or in the bottom right part of the browser window.
      • Don’t respond to requests for private information. No legitimate retailer will ask you to submit private information by e-mail. Never give out bank account numbers or Social Security numbers online or in response to an e-mail.

         
      1. Use a secure payment method. Find out if your financial institution offers one-time use “virtual credit cards” or “temporary account numbers.” These use different numbers than your regular account and expire after a set time period. Credit cards offer the most protection. Federal law limits your fraud liability to $50 for unauthorized transactions. MasterCard and Visa offer zero liability for most debit transactions as well. If you’re not using a credit or debit card, don’t use cash or wire transfers. Use a money order or cashier’s check instead, since these methods are much easier to trace if something goes wrong.

         
      2. Keep a paper trail. Print copies of all of your orders and receipts as well as e-mail correspondence and product descriptions. Monitor your bank account and credit card statement after your transactions for any suspicious activity.

         
      3. If you suspect something is wrong: Contact the seller and inform them of the problem. Contact your financial institution or credit card issuer immediately to freeze your account(s). If necessary, file a complaint or identity theft report with the proper authorities:

       

      For more information on safe online shopping, visit our Safe Online Shopping and Banking page and the following Web sites:

      1. NYS Attorney General’s Office: http://www.dhses.ny.gov/ocs/
      2. FTC: http://www.onguardonline.gov/articles/0020-shopping-online
      3. Staysafeonline.org: http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping
      4. Safeshopping.org: www.safeshopping.org/

       

      Barnes & Noble Gift Card Winner

      Barnes & Noble Gift Card Winner

      Congratulations to Alyssa Plow, winner of the $100 Barnes & Noble gift card! Thank you to all who participated, and keep an eye out for future contests by following us on Twitter and Facebook!

       

      Barnes & Noble - Gift Card                  

       

       

      Phishy Lures Crowds at Move-In 2012

      Phishy Lures Crowds at Move-In 2012

      PhishyPeople watching is always interesting at Move-In Day. You see a lot of interesting family dynamics: students with their families 20 feet behind them, students being embarrassed by their parents, parents collecting resource materials while the students walk right by the tables, etc. This year was a little more interesting as Phishy made an appearance to help incoming students become more aware of the dangers of phishing. Many students chose to have their photos taken with Phishy and their younger siblings were excited about another costumed character.

      Visit our Identity Theft and Phishing sections of this website for more information about how to protect yourselves online.

      AND--If you have a photo of yourself with Phishy, please post it to the RIT Information Security Facebook Page.