Online shopping

March - Mobile Device Madness

Mobile Device Madness

Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. We all carry them everywhere we go, every day at all times. From using Facebook to checking our bank accounts or saving our schedules in their agendas, we use mobile devices for all kinds of tasks, which is basically what makes them so useful, as both a work and entertainment tool. However, something we hardly ever realize is that they are not always designed with security in mind and therefore, they are not always as secure as most computers, and with the significant growth of smartphone usage, the issues surrounding mobile security have also grown. 

Similarly, there are many different ways in which your mobile device can be a threat to your personal information security: if it is stolen from you or you lose it and it falls into the wrong hands; if your service provider is attacked or there is a breach in your software (whether because you had it jailbreaked or because it is not updated), if someone hijacks it through an open wireless network, etc. All of these reasons are enough for you to be very careful in protecting the device as much as you can, but also in being selective with the information you store in it.

However there are many things you can do to keep your device as secure as possible so that although it will not guarantee 100% security, at least it will make it a lot harder for cybercriminals to access any of your personal/confidential information. We recommend you to follow the next tips:

Understand your device

  • Configure mobile devices securely by enabling auto-lock and choosing a complex/secured password for protection, and avoid using auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately and enable remote wipe options whenever possible. 
  • Disable Bluetooth (when not needed). If you can access it, so can others.
  • Ensure that sensitive websites use https in your browser URL on both your computer and mobile device.
  • Know your mobile vendor's policies on lost or stolen devices and report the loss to your carrier ASAP so they can deactivate the device.

Use added features

  • Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  • Install an anti-virus/security program (if available) and configure automatic updates if possible. Find out about protective mobile device software.
  • Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.

General tips          

  • Never leave your mobile device unattended.
  • Report lost or stolen devices and change any passwords (such as RIT WPA2) immediately.
  • Include contact information with the device: on the lock screen, engraved on the device, and/or inserted into the case.
  • For improved performance and security, register your device and connect to the RIT WPA2 network where available.
  • Whenever possible, we recommend that Private Information is not accessed from or stored on mobile devices.
  • To ensure that RIT information will remain secure, you should use only devices that provide encryption while information is in transit and at rest. 
  • Security requirements for handling RIT Private, Confidential, and other information may be found in the Information Access and Protection Standard.
  • When downloading apps, make sure you do it from a trusted app store like Google Play. Read more about avoiding questionable mobile apps.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

February - Phebruary Phishing

Phebruary Phishing

It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.

However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:

  • Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.
  • Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.
  • Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.
  • Look for signs in e-mails like grammar mistakes.
  • Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.
  • Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

You can also find more tips and information by going to Best Practices>Phishing (http://www.rit.edu/security/content/phishing).

Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:

  • Beware of any unauthorized charges to any of your accounts
  • If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.
  • Consider reporting it to the local police department, the Federal Trade Commission (https://www.ftccomplaintassistant.gov/#crnt&panel1-1) or the FBI’s Internet Crime Complaint Center (http://www.ic3.gov/default.aspx).

We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing spam@rit.edu.  You can forward phishing attempts to this email.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

 

December – Scams & Hoaxes

December – Scams & Hoaxes

The last month of 2014 has arrived. December is full of joy because the holidays’ spirit is around all month. There is a long break from classes and its Christmas time! Unfortunately, this is also the reason why it’s become scamming season as well. The generous nature of these holidays makes all of us the perfect target of scams and hoax.

From emails to ads and websites, there all kinds of scams and hoaxes infesting the Internet’s waters. Falling for any of them is as easy as one click away. The only way to stay safe is by being cautious whenever we navigate the Internet and by keeping updated about all the new scams and hoaxes that emerge. Scammers like to take advantage of the generous spirit of this giving season to trick us into clicking into malware, identity or personal information theft, fake gift cards, and all sorts of scams. 

Helping you stay safe online is RIT Information Security Office´s responsibility, it’s a full-time job that we take very seriously, which is why during this whole month, including the break, we will be giving away information and security tips about scams and hoaxes through all of our social media gadgets. We encourage you to be extra cautious during this season, so that your joyful mood is not ruined for Christmas!

The following tips will help you prevent falling for cyber-traps:

  • Be very suspicious of emails from people or businesses you don't know, especially those that promise money, good health or a solution to your problems.
  • Remember that while banks never ask for confidential information via email, scam and hoax emails are intended to trick you into disclosing personal information such as bank account details, passwords or credit card numbers.
  • Scammers put a lot of time and effort into making emails and websites look real. Be skeptical always and pay attention to anything that looks suspicious.
  • Unless you applied for a “lottery” or are participating in any contest, -and even if you have-, it’s VERY unlikely that you won. Be careful with scams emails that claim you have been selected as a “WINNER”.
  • Beware of shipping notification emails that contain attachments or links; it could be a scam, especially if you didn’t order anything.
  • Never reply to an email or pop-up message that requests your personal or financial information, don’t click on the links in the message either, or paste them into your Web browser. Simply ignore and erase those messages.
  • If you get a notice from an “official” from a foreign agency or government with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money, it is probably a scam.
  • Scams don’t just appear in online forms, you must also be careful with bogus security products. Never let someone who calls you, mess with your computer. 
  • Some scammers send Online Extortions threatening the recipient to kill them if they don’t pay a large sum of money to the sender, who claims to be a hired assassin. The FBI advises against replying and recommends just deleting the email.
  • Research any charities before donating to make sure it’s actually going where it says it is.
  • There are many fake mystery shopping opportunities out there. A legitimate one will not ask you to pay an application fee or to deposit a check or wire money to someone else.
  • There are some legitimate free e-book offers like Amazon’s free Kindle books, but there are also many free e-books out there filled with spam links and malware designed to catch your credit card information. Stick with e-book sellers and authors you already know, advises the Better Business Bureau (BBB).
  • During this giving season you will probably be doing a lot of online shopping. Check out our tips for safe online shopping and banking.
  • Keep updated with the latest Internet scams and email hoaxes so you don’t become a victem: http://www.hoax-slayer.com/latest-information.html
  • Check McAfee’s 12 scams of the holidays http://blogs.mcafee.com/consumer/12-scams-of-holidays

 

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

No-Click November

No-Click November

It’s November again. Cyber Security Awareness month (October) just passed but that doesn’t mean that we don’t have to keep practicing all the online safety tips we learned; quite the opposite actually, now that we have gotten more informed about online security, we must implement those tips daily and share our knowledge with everyone that surrounds us.

This year is coming to an end, yet new security exploits show up every day to attack the cyberspace. Holidays are coming, and NOW is as good a time as ever to learn/review security tips regarding where we “click”. Even the most security savvy are prompt to distractedly click here or there and fall for a scam before even realizing it. During this month, we will be sharing tips through all of our social media gadgets, to properly prepare you to enter the Internet battlefield, a place full of web links, attachments, and tricky “click-here’s”.

The amount of people who go online everyday only gets bigger and bigger, and so does the time they stay online. Phishing attacks and identity theft attempts are a threat to us most of the time we are navigating through the cyberspace, which is why we should stay protected always, and since the internet is a shared resource, our duty is also to create awareness and make sure others stay secure as well.

From malicious links send through email, to suspicious attachments and even “x” (cancel) buttons in ads and popups, the possibility to fall for an attack is just one click away. And the best way to protect yourself is being vigilant where you navigate, and take every precaution possible.

This month we also have Computer Security Day (Nov. 30th). This is a great month to remind you to keep your computer and information safe. Learn how in our Securing Your Computer section.

Tips to help you identify when not to click:

  • Don’t simply trust information from sources you don’t know. If you have to click a link, cut and paste the information into the browser to make sure it’s a legit site.
  • Make sure you know where short links are taking you to. A good way to find out is by copying and pasting them into a "link expander" such as KnowURL.com or LongURL.org
  • Before clicking on links on emails, especially if you don’t know the source, rest your mouse (without clicking) on the link and make sure the address is the same one typed in the email.
  • Try to always investigate the source of a link before clicking it. Don’t trust what comes to you from strangers.
  • Beware of scammers in popular websites. In some sites like Pinterest, you might click on someone’s board and realize that it takes you to a complete different address than what the pin was about. Be cautious when clicking on other people’s content.
  • Be careful with websites that demand you to download a video codec or software to view something. It will most likely lead you to download malware.
  • Read before you click. If you don’t find the terms and conditions worth reading, then don’t put your security at risk agreeing with them.
  • We recommend you enable site checking and add an anti-phishing toolbar to your browser. These last ones help detect and may block known phishing sites.
  • Just because a friend posts or "likes" a shared link it doesn’t mean that it is safe to access, hackers often disguise links as interesting content to get to you, but this malware will likely affect your computer or mobile device in many of harmful ways.
  • We often ignore pop ups reminding us to update our computer security software. In this case, DO click, as soon as you can. An important part of staying safe is keeping them up to date.

 

The online shopping boom aroused by Black Friday also makes this month appropriate to share security tips so you can protect yourself from false special sales and ads that try to trick you into believing that they are leading you to get a great deal. If it sounds too good to be true, it probably is. Listen to your instincts! 

Check our Online Shopping tips and follow us on all of our social media gadgets for daily tips and information.

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

Watch out for Good Ol’ Scammer Claus: Practice safe shopping online this holiday season

Watch out for Good Ol’ Scammer Claus: Practice safe shopping online this holiday season

(revised from an article written in the RIT University Magazine by Ben Woelk)



Consumers spent more than $46 billion shopping online last holiday season and will spend even more this year. According to Internet Retailer, this year’s online spending is estimated at $54 billion, and, “This holiday season will mark the fourth consecutive year of e-commerce spending growth.” To cyber criminals, more spending and the busy-ness of the season means more opportunity for identity theft and fraud.

As you begin your shopping, follow these guidelines to help ensure that you don’t become a victim.

  1. Make sure you’ve protected your computer. According to a survey by the National Cyber Safety Alliance, most home computers aren’t as well protected as their users believe. We recommend that you make sure your home computer meets the requirements of the RIT Desktop & Portable Computer Standard, especially updated anti-virus, before going online.

     
  2. Know from where you’re buying. Plug the website name into a search engine. What kinds of consumer reviews are returned?
  • Understand the seller’s return/exchange policy before buying.
  • Check the seller’s privacy policy to understand how they will protect your information.
  • If you’re shopping on an auction site, check the seller’s feedback to see what kind of experience others have had.

     
  1. Know what you’re buying. Don’t fall for a deal that looks too good to be true. Extremely low prices could be an indication that the item is a counterfeit. The website may also harbor malware that could attack your computer.

If you’re making several purchases, try to combine them in the same order if possible. It saves the amount of transactions you have to make and may also save you money on shipping costs.

  1. Only send your private information using secure web forms. Make sure the address bar begins with either shttp or https.
  • Look for a padlock or an unbroken key on your web browser to confirm that the site is secure. The padlock will be located at the left end of the address bar or in the bottom right part of the browser window.
  • Don’t respond to requests for private information. No legitimate retailer will ask you to submit private information by e-mail. Never give out bank account numbers or Social Security numbers online or in response to an e-mail.

     
  1. Use a secure payment method. Find out if your financial institution offers one-time use “virtual credit cards” or “temporary account numbers.” These use different numbers than your regular account and expire after a set time period. Credit cards offer the most protection. Federal law limits your fraud liability to $50 for unauthorized transactions. MasterCard and Visa offer zero liability for most debit transactions as well. If you’re not using a credit or debit card, don’t use cash or wire transfers. Use a money order or cashier’s check instead, since these methods are much easier to trace if something goes wrong.

     
  2. Keep a paper trail. Print copies of all of your orders and receipts as well as e-mail correspondence and product descriptions. Monitor your bank account and credit card statement after your transactions for any suspicious activity.

     
  3. If you suspect something is wrong: Contact the seller and inform them of the problem. Contact your financial institution or credit card issuer immediately to freeze your account(s). If necessary, file a complaint or identity theft report with the proper authorities:

 

For more information on safe online shopping, visit our Safe Online Shopping and Banking page and the following Web sites:

  1. NYS Attorney General’s Office: http://www.dhses.ny.gov/ocs/
  2. FTC: http://www.onguardonline.gov/articles/0020-shopping-online
  3. Staysafeonline.org: http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping
  4. Safeshopping.org: www.safeshopping.org/

 

Subscribe to RSS - Online shopping