Scams

February - Phebruary Phishing

Phebruary Phishing

It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.

However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:

  • Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Do not open attachments in unexpected or suspicious e-mails or instant messages.
  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.
  • Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.
  • Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.
  • Look for signs in e-mails like grammar mistakes.
  • Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.
  • Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.
  • Enable site checking on your browser.
  • Add an anti-phishing toolbar to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

You can also find more tips and information by going to Best Practices>Phishing (http://www.rit.edu/security/content/phishing).

Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:

  • Beware of any unauthorized charges to any of your accounts
  • If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.
  • Consider reporting it to the local police department, the Federal Trade Commission (https://www.ftccomplaintassistant.gov/#crnt&panel1-1) or the FBI’s Internet Crime Complaint Center (http://www.ic3.gov/default.aspx).

We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing spam@rit.edu.  You can forward phishing attempts to this email.

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec

 

December – Scams & Hoaxes

December – Scams & Hoaxes

The last month of 2014 has arrived. December is full of joy because the holidays’ spirit is around all month. There is a long break from classes and its Christmas time! Unfortunately, this is also the reason why it’s become scamming season as well. The generous nature of these holidays makes all of us the perfect target of scams and hoax.

From emails to ads and websites, there all kinds of scams and hoaxes infesting the Internet’s waters. Falling for any of them is as easy as one click away. The only way to stay safe is by being cautious whenever we navigate the Internet and by keeping updated about all the new scams and hoaxes that emerge. Scammers like to take advantage of the generous spirit of this giving season to trick us into clicking into malware, identity or personal information theft, fake gift cards, and all sorts of scams. 

Helping you stay safe online is RIT Information Security Office´s responsibility, it’s a full-time job that we take very seriously, which is why during this whole month, including the break, we will be giving away information and security tips about scams and hoaxes through all of our social media gadgets. We encourage you to be extra cautious during this season, so that your joyful mood is not ruined for Christmas!

The following tips will help you prevent falling for cyber-traps:

  • Be very suspicious of emails from people or businesses you don't know, especially those that promise money, good health or a solution to your problems.
  • Remember that while banks never ask for confidential information via email, scam and hoax emails are intended to trick you into disclosing personal information such as bank account details, passwords or credit card numbers.
  • Scammers put a lot of time and effort into making emails and websites look real. Be skeptical always and pay attention to anything that looks suspicious.
  • Unless you applied for a “lottery” or are participating in any contest, -and even if you have-, it’s VERY unlikely that you won. Be careful with scams emails that claim you have been selected as a “WINNER”.
  • Beware of shipping notification emails that contain attachments or links; it could be a scam, especially if you didn’t order anything.
  • Never reply to an email or pop-up message that requests your personal or financial information, don’t click on the links in the message either, or paste them into your Web browser. Simply ignore and erase those messages.
  • If you get a notice from an “official” from a foreign agency or government with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money, it is probably a scam.
  • Scams don’t just appear in online forms, you must also be careful with bogus security products. Never let someone who calls you, mess with your computer. 
  • Some scammers send Online Extortions threatening the recipient to kill them if they don’t pay a large sum of money to the sender, who claims to be a hired assassin. The FBI advises against replying and recommends just deleting the email.
  • Research any charities before donating to make sure it’s actually going where it says it is.
  • There are many fake mystery shopping opportunities out there. A legitimate one will not ask you to pay an application fee or to deposit a check or wire money to someone else.
  • There are some legitimate free e-book offers like Amazon’s free Kindle books, but there are also many free e-books out there filled with spam links and malware designed to catch your credit card information. Stick with e-book sellers and authors you already know, advises the Better Business Bureau (BBB).
  • During this giving season you will probably be doing a lot of online shopping. Check out our tips for safe online shopping and banking: http://www.rit.edu/security/content/safe-online-shopping-banking
  • Keep updated with the latest Internet scams and email hoaxes so you don’t become a victem: http://www.hoax-slayer.com/latest-information.html
  • Check McAfee’s 12 scams of the holidays http://blogs.mcafee.com/consumer/12-scams-of-holidays

 

Follow us on all of our social media accounts for more tips and information:

Facebook: RIT Information Security / Twitter: @RIT_InfoSec / Google+: RIT Information Security Pinterest: RIT InfoSec Instagram: @RIT_infosec 

Identity Theft

Identity Theft

Scams and malware are not the only way criminals can steal identities. There are many ways for identity thieves to victimize you, damage your credit, steal important documents or information.

Read our Avoiding Identity Theft Online brochure to learn how to spot basic online scams and how to protect yourself.

Although online scams and malware have reached epidemic proportions, they are not the only way criminals can steal identities. Discarded bank statements, receipts, bills, etc. are also great sources for identity thieves. The Federal Trade Commission's Identity Theft page provides more information on the different methods criminals use, and the precautions you should take.

Check out our Disposal Recommendations to find the best way to dispose of any media that might contain your personal information.

Students

The U.S. Department of Education has created their MISUSED website as a resource for college students and identity theft. You can learn about how scholastic identity theft occurs, how to reduce your risk, and what you should do if you discover you're a victim. They also offer several resources for identifying scholarship scams and finding legitimate financial aid.

The Sallie Mae college loan corporation also offers advice on how to guard against identity theft.

Victims

If you think you have been a victim of identity theft, take action immediately. Contact any credit card issuers and financial institutions with whom you have an account to temporarily freeze all transactions. Contact the major credit bureaus (Equifax, Experian, and TransUnion) to have them flag your file with a fraud alert. This will require any credit grantor to verify your permission before taking action in your name.

More on Identity Theft

 

Subscribe to RSS - Scams