Security Tips & Info

  2015| 2016 | 2017


2017


2016


2015


The Price of Free Software

August 2017

Has your computer been acting strange lately? Maybe your default search engine or other browser settings changed, or you’re getting suspicious warnings about your computer’s performance. Are you seeing ads that don’t seem to belong – like ones that cover up parts of the webpage or are on a site that doesn’t usually show ads? If so, you may have unwanted software on your computer. Your next step: get rid of any malware.

But how does unwanted software get on your computer in the first place? If you installed some free software, you may have accidentally downloaded it at the same time. Extra software – and sometimes malware – can get bundled together with popular free software downloads, and you might not realize what you’re getting. To avoid this problem:

Be on the lookout when installing free software. Read each screen during the installation process. Choose the “custom” install option instead of the “express” option. Then, if you see software you don’t want in the bundle, decline the additional program or just exit the installation process.

If you want a particular download, go straight to that company’s site – or another source you trust. Sites that offer lots of popular software – for free – are more likely to bundle it with extra software. 

Talk to your kids. If you let your kids download software, help them recognize reputable sources.

Don’t click on popups or banner ads. Clicking on popups or banner ads about your computer’s performance might start a download of unwanted software. 

Keep your security software up to date. Up-to-date security software can catch malicious software and protect your computer. 

By Amanda Koulousias, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission

Back to top


Don't Overshare on Social Networking Sites

July 2017

If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites. 

(Federal Trade Commission, How to Keep Your Personal Information Secure)

Back to top


Phone Scams

June 2017

Every year, thousands of people lose money to telephone scams — from a few dollars to their life savings. Scammers will say anything to cheat people out of money. Some seem very friendly — calling you by your first name, making small talk, and asking about your family. They may claim to work for a company you trust, or they may send mail or place ads to convince you to call them.

If you get a call from someone you don’t know who is trying to sell you something you hadn’t planned to buy, say "No thanks." And, if they pressure you about giving up personal information — like your credit card or Social Security number — it’s likely a scam. Hang up and report it to the Federal Trade Commission.

For more information on “Signs of a Scam”, “How They Hook You”, “Why They’re Calling You”, “How to Handle an Unexpected Sales Call", and “What to Do About Pre-Recorded Calls” visit the Federal Trade Commission website at https://www.consumer.ftc.gov/articles/0076-phone-scams for the complete article.

Back to top


Going Mobile: How to be Safer When Using a Smartphone or Tablet

May 2017

Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. "Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer." 

Here are some basic steps you can take to secure your mobile devices.

Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.

Keep your device's operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. "Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play," said Robert Brown, a senior ombudsman specialist at the FDIC.

Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.

Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet. 

Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.

Have the ability to remotely remove data from your device if it is lost or stolen. A "remote wipe" protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.

To learn more about safely using smartphones and tablets, see the Federal Trade Commission's Computer Security Web page. (FDIC Consumer News-Winter 2016)

Back to top

10 Things You Can Do to Avoid Fraud

April 2017

Crooks use clever schemes to defraud millions of people every year. They often combine new technology with old tricks to get people to send money or give out personal information. Here are some practical tips to help you stay a step ahead.

https://www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud

1.  Spot imposters-scammers often pretend to be someone you trust.

2.  Do online searches-type a company or product name into a search engine with words like review, complaint, or scam.

3.  Don’t believe your caller ID-technology makes it easy for scammers to fake caller ID info.

4.  Don’t pay upfront for a promise-you may be asked to pay in advance for a job, a prize or debt relief.

5.  Consider how you pay-credit cards have significant fraud protection, but some payment methods don’t, such as wire transfer.

6.  Talk to someone you trust-before you give up your money or personal information.

7.  Hang up on robocalls-if you answer the phone and hear a recorded sales pitch hang up.

8.  Be skeptical about free trial offers-some companies use free trials to sign you up for products and then bill you.

9.  Don’t deposit a check and wire money-if a check you deposit turns out to be a fake, you are responsible for repaying the bank.

10.  Sign up for free scam alerts from the FTC at ftc.gov/scams for the latest tips and advice about scams.

Back to top


Stopping Unsolicited Mail, Phone Calls, and Email

March 2017

Tired of having your mailbox crammed with unsolicited mail, including preapproved credit card applications? Fed up with getting telemarketing calls just as you're sitting down to dinner? Fuming that your email inbox is chock-full of unsolicited advertising? The good news is that you can cut down on the number of unsolicited mailings, calls, and emails you receive by learning where to go to "just say no." www.consumer.ftc.gov

Telemarketing

The federal government's National Do Not Call Registry is a free, easy way to reduce the telemarketing calls you get at home. To register your phone number or to get information about the registry, visit www.donotcall.gov, or call 1-888-382-1222 from the phone number you want to register. You will get fewer telemarketing calls within 31 days of registering your number. Telephone numbers on the registry will only be removed when they are disconnected and reassigned, or when you choose to remove a number from the registry.

Mail

The Direct Marketing Association's (DMA) Mail Preference Service (MPS) lets you opt out of receiving unsolicited commercial mail from many national companies for five years. When you register with this service, your name will be put on a "delete" file and made available to direct-mail marketers and organizations. This will reduce most of your unsolicited mail. However, your registration will not stop mailings from organizations that do not use the DMA's Mail Preference Service. To register with DMA's Mail Preference Service, go to www.dmachoice.org, or mail your request with a $1 processing fee to: DMAchoice, Direct Marketing Assoc, PO Box 643, Carmel NY 10512.

Email

The DMA also has an Email Preference Service (eMPS) to help you reduce unsolicited commercial emails. To opt out of receiving unsolicited commercial email from DMA members, visit www.dmachoice.org. Registration is free and good for six years.

Back to top


Passphrases

February 2017

The challenge we all face is that cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at it. This means they can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. The more characters your password has, the stronger it is and the harder it is for an attacker to guess. However, long, complex passwords can be difficult to remember. So instead, we recommend you use passphrases. These are simple phrases or sentences that are easy to remember, but hard to hack, such as “What time is coffee?”

Be sure to use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube or Twitter. This way, if one of your accounts is hacked, the other accounts are still safe. (SANS Security Awareness)

Back to top

5 Digital to Does to Help You and Your Family Stay Safer and More Secure in 2017

January 2017

The New Year offers a chance to reflect and consider what's ahead. Just as you promise to keep a keen eye on your finances and/or improve your health and fitness in the coming year, do the same with your personal information. Information about you and your family has value – just like money. Be thoughtful about who gets that information and how it's collected by apps and websites. To better manage your privacy in 2017 follow the tried and true tips found at

https://staysafeonline.org/about-us/news/the-national-cyber-security-alliance-recommends-five-digital-to-dos-for-2017

Back to top


Why is Cyber Security a Problem?

December 2016

What is cyber security?

It seems that everything relies on computers and the internet now — communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?

Cyber security involves protecting that information by preventing, detecting, and responding to attacks.

What are the risks?

There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What can you do?

Keep software, particularly your web browser, up to date;
- Use strong passwords;
- Use and maintain anti-virus software;
- Be suspicious of unsolicited email messages; and
- Pay attention to the URL of a website

For more information on cybersecurity visit www.us-cert.gov
Back to top


Backup and Recovery

November 2016

Sooner or later, you most likely will have something go wrong and lose your personal files, documents or photos. Examples include accidently deleting the wrong files, hardware failure, losing your laptop or infecting your computer. At times like these, backups are often the only way you can rebuild your digital life. 

If you do not already have backup procedures in place you are encouraged to do so. You will need to determine what you want to backup, whether it is specific data that is important to you; or everything, including your operating system. 

Your next decision will be deciding how frequently to back up your data (hourly, daily, weekly, etc.). You will need to determine whether you are going to back up your data to physical media, such as an external hard drive or to a cloud-based storage. Where you choose to backup your data will then determine the solution or process used.

Once your data has been backed up it is then recommended that you recover a file and validate its contents.

For complete details visit https://securingthehuman.sans.org and search for Backup and Recovery.

Back to top


Surf Safe on the Internet

October 2016

It's important to verify the sites you visit on the Internet. A certain amount of information (such as your IP address and domain name) is automatically sent when you connect. Web sites can also track the pages you visit, determine the version of your browser and operating system, and even compromise files and passwords. Below are a few helpful tips on how to keep safe on the Internet: 

•Keep your operating system updated and patched.

•Use anti-virus and anti-spyware software and keep them updated.

•Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

•Keep your applications (programs) updated and patched, particularly if they work with your browser such as multi-media programs used for viewing videos.

•Block pop-up windows, some of which may be malicious and hide attacks. This may block malicious software from being downloaded to your computer. (Center for Internet Security, October 10, 2016)

For more information, please visit:

US-CERT Newsletter on "Understanding Your Computer: Web Browsers" 

US-CERT Newsletter on Evaluating Your Web Browser's Security Settings 

Back to top


Email Privacy

September 2016

Traditional email has few privacy protections; your email can be read by anyone who gains access to it. Think of email as being similar to a postcard. In addition, once you send an email you no longer have control over it; you can never take it back. Your email can easily be forwarded to others, posted on public forums, released due to a court order, or distributed after a server was hacked. If you have something truly private to communicate, pick up the phone. It is also important to remember that in many countries, email can be used as evidence in a court of law. Finally, if you are using your work computer for sending email, remember that your employer most likely has the right to monitor and perhaps even read your email when using work resources. Check with your supervisor if you have questions about email privacy at work.

SANS Security Awareness Newsletter September 2016

Back to top


Don't Fall for Ransomware

August 2016

Scammers keep developing new tricks to try to snag money from users; the newer forms of tricks involve the use of ransomware. The scammers will infect vulnerable machines through the use of a computer virus, which will lock your computer and files and demand a payment for its release. These forms of viruses will also try to coerce users into paying a false fine by mimicking local police or security services. Follow these steps to help stop those scammers!

Identify the Scam. No legitimate law enforcement agency will inform users of illicit activities through a pop-up window and demand a payment over the Internet. Regularly back up your computer. This will give you the ability restore your computer without losing all your valuable information.

Use anti-virus tools or bring your computer to a computer specialist to remove the virus.

Do not make any payments. There's no guarantee that the cyber criminals will actually unlock your computer.

Report the complaint to the Internet Crime Complaint Center (IC3) at www.ic3.gov

For more information, please visit: US-CERT Cyber Security Tips -- Safeguarding Your Data

Back to top


FBI Fraud Alert

July 2016

If you can answer “yes” to any of the following questions, you could be a victim of fraud or about to be scammed!

1. Are you trying to cash or deposit a check from an item you sold on the Internet, such as a car, boat, jewelry, etc?

2. Is the amount of the check more than the item’s selling price?

3. Did you receive the check via an overnight delivery service?

4. Is the check connected to communicating with someone by email?

5. Is the check drawn on a business or individual account that is different from the person buying your item or product?

6. Have you been informed that you were the winner of a lottery such as Canadian, Australian, El Gordo, or El Mundo, that you did not enter?

7. Have you been instructed to either “WIRE”, “SEND”, OR “SHIP” MONEY, as soon as possible, to a large U.S. city or to another country, such as Canada, England, or Nigeria?

8. Have you been asked to pay money to receive a deposit from another country such as Canada, England, or Nigeria?

9. Are you receiving pay or a commission for facilitating money transfers through your account?

10. Did you respond to an email requesting you to CONFIRM, UPDATE, OR PROVIDE your account information?

For more information, please visit : http://www.fbi.gov/majcases/fraud/fraudschemes.htm

Back to top


Protect Your Portable Devices

June 2016

It is important to make sure you secure your portable devices to protect both the device and the information contained on the device. 

The following outlines steps you can take to protect your mobile communication device. Some of the steps are dependent upon the functionality of your device.

Use a password to access your device. If the device is used for work purposes, you should follow the password policy issued by your organization. 

If the Bluetooth functionality is not used, check to be sure this setting is disabled. Some devices have Bluetooth-enabled by default. If the Bluetooth functionality is used, be sure to change the default password for connecting to a Bluetooth enabled device. 

Do not open attachments from untrusted sources. Similar to the risk when using your desktop, you risk being exposed to malware when opening unexpected attachments. 

Do not follow links to untrusted sources, especially from unsolicited email or text messages. Again, as with your desktop, you risk being infected with malware. 

If your device is lost, report it immediately to your carrier or organization. Some devices allow the data to be erased remotely. 

Review the security setting on your device to ensure appropriate protection. Be sure to encrypt data transmissions whenever possible. MS-ISAC Security Tip of the Day

Back to top


Drive-By Download

May 2016

A drive-by download is the infection of a computer with malware when a user visits a malicious website.

Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. Malware exploits vulnerabilities in a user’s browser (and browser plugins) in order to infect their computer.

Hackers continually attack legitimate websites in order to compromise them, injecting malicious code into their pages. Then, when a user browses that legitimate (but compromised) site, the injected code is loaded by his/her browser, which initiates the drive-by attack. In this manner, the hacker can infect users without having to trick them into browsing a specific site.

To defend against drive-by downloads, you should use an updated browser, coupled with endpoint security software that incorporates web security filtering.  MS-ISAC Multi-State Information Sharing & Analysis Center.

Back to top


I'M Hacked, Now What?

April 2016

We know you care about protecting your computer and mobile devices and take steps to secure them. However, no matter how securely you use technology, you may eventually be hacked or “compromised.” In this newsletter, you will learn how to determine if your computer or mobile device has been hacked and, if so, what you can do about it. Ultimately, the quicker you detect something is wrong and the faster you respond, the more likely you can reduce the harm a cyber attacker can cause. Click here for the complete article

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf

Back to top


Don't Login on Untrusted Computers

March 2016

A password is only as secure as the computer or network it is used on. As such, never log in to a sensitive account from a public computer, such as computers in a cyber cafe, hotel lobby or conference hall. Bad guys target public computers such as these and infect them on purpose. The moment you type your password on an infected computer, these cyber criminals can harvest your passwords. If you have no choice but to use a public computer, change your password at the next available opportunity you have access to a trusted computer. SANS Security Awareness Tip of the Day

Back to top


Security Awareness for Taxpayers

February 2016

The IRS, the states and the tax industry are committed to protecting you from identity theft. We’ve strengthened our partnership to fight a common enemy – the criminals – and to devote ourselves to a common goal – serving you. Working together, we’ve made many changes to combat identity theft, and we are making progress. However, cybercriminals are constantly evolving, and so must we. The IRS is working hand-in-hand with your state revenue officials, your tax software provider and your tax preparer. But, we need your help. We need you to join with us. By taking a few simple steps, you can better protect your personal and financial data online and at home.

Please consider these steps to protect yourselves from identity thieves: keep your computer secure; avoid phishing and malware; protect personal information.

Avoid IRS Impersonators. The IRS will not call you with threats of jail or lawsuits. The IRS will not send you an unsolicited email suggesting you have a refund or that you need to update your account. The IRS will not request any sensitive information online. These are all scams, and they are persistent. Don’t fall for them. Forward IRS-related scam emails to phishing@irs.gov. Report IRS-impersonation telephone calls at www.tigta.gov.

For the complete article visit https://www.irs.gov/pub/irs-pdf/p4524.pdf

Back to top


Securing Your New Tablet

January 2016

This technology is a powerful and convenient way to communicate with others, shop online, watch movies, play games and perform a myriad of other activities. Since your tablet will most likely become an important part of your life, even perhaps replacing your computer, there are some key steps you should take to keep your tablet and your information safe and secure. Click on the following link for further info.

https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201601_en.pdf 

Back to top


Disposing of Your Mobile Device

December 2015

Mobile devices, such as smartphones and tablets, continue to advance and innovate at an astonishing rate. As a result, many of us frequently replace our mobile device and then simply dispose of the older device with little thought as to how much personal data the device has accumulated.

Mobile devices store far more sensitive data than you may realize, most likely even more than your computer does. Typical information stored by a mobile device can include:

- Where you live, work and places you frequently visit

-The contact details for everyone in your address book, including family, friends and coworkers

- Call history, including inbound, outbound and missed calls

- Text and voice messages

- Chat sessions within applications like games and social media

- Location history based on GPS coordinates or cell tower history

- Web browsing history, cookies and cached pages

- Personal photos, videos, audio recordings and email

- Stored passwords and access to personal accounts, such as your online bank or email

- Access to photos, files or information stored in the Cloud

- Any health-related information, including your heart rate, blood pressure or diet

Regardless of how you dispose of your mobile device, such as donating it, giving it to another family member, reselling it or even throwing it out, you need to be sure that you first erase/wipe all of your sensitive information. The process of erasing/wiping actually overwrites the information, ensuring it cannot be recovered. Once the device is erased you will not be able to recover any of your data from it.

Before you begin wiping your data, you will need to do a backup all of your data, including photos, videos, or any other information. Also note that simply deleting files, photos or data is not enough. Data that has been deleted can be easily recovered using free tools found on the Internet.

The easiest way to erase/wipe your data is to use your device’s “factory reset” function. This will return it to the condition it was in when you first bought it. The factory reset function varies among devices; listed below are the steps for the three most popular devices: 

Apple iOS Devices: Settings | General | Reset | Erase All Content and Settings 

Android Devices: Settings | Personal | Backup & reset 

Windows Phones: Settings | About | Reset Your Phone 

Information taken from the SANS article “Disposing of Your Mobile Device”

Back to top


'Tis the Season to Be Cautious

November 2015

The holiday season is close upon us and soon millions of people around the world will be looking to buy the perfect gifts. Many of us will choose to shop online in search of a great deal and avoid long lines and impatient crowds. Unfortunately, this is also a criminal’s favorite time of the year to commit online or financial fraud. 

 The dangers of shopping online and ways you can protect yourself can be found by going to http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201511_en.pdf.

Back to top 


Creating a Cyber Secure Home

October 2015

1. Securing Yourself-Cyber attackers have learned that the easiest way to get something is to simply ask for it. Examples are phishing emails which are designed to fool you into opening an infected attachment or clicking on a malicious link. Someone calls you pretending to be Microsoft tech support.

2. Securing Your Home Network-Your Wi-FI router (also called a Wi-FI Access Point) is a physical device that controls who can connect to your wireless network at home. Change the default admin password on your Wi-FI router. Configure your Wi-FI network to require a password if someone wants to join it. Be aware of all devices connected to your home network, including, baby monitors, gaming consoles, TVs or perhaps even your car.

3. Securing Your Computers/Devices-Ensure all devices are protected by a strong PIN or passcode and always running the latest version of their software. If possible, have two computers at home, one for parents and one for kids. Computers should have a firewall and anti-virus installed, enabled and running on the latest version. Wipe personal information from computers and mobile devices prior to disposing of them. 

4. Securing Your Accounts/Passwords-You most likely have a tremendous number of accounts online and on your devices and computers. Always use strong passwords. Use a different password for each of your accounts and devices. Use two-step verification whenever possible. On social media sites, post only what you want the public to see.

5. What To Do When Hacked-No matter how secure you are, sooner or later, you may be hacked. Create regular backups so that you can recover personal information. Change passwords for online accounts. Monitor your credit cards.

To view poster on Creating a Cyber Secure Home visit

https://www.securingthehuman.org/media/resources/STH-Poster-CyberSecureHome-Print.pdf

Back to top 


Malware

September 2015

Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don't use adequate security software. To reduce your risk of downloading unwanted malware and spyware:
-Keep your security software updated.
-Instead of clicking on a link in an email, type the URL of the site you want directly into your browser.
-Don’t open attachments in emails unless you know who sent it and what it is.
-Download and install software only from websites you know and trust.
-Minimize “drive-by” downloads.
-Use a pop-up blocker and don’t click on any links with-in pop-ups.
-Resist buying software in response to unexpected pop-up messages or emails.
-Talk about safe computing with children.
-Back up your data regularly.

For more information on avoiding, detecting, getting rid of, and reporting of malware visit http://www.onguardonline.gov/articles/0011-malware#avoid.

Back to top 


Social Engineering Through the Internet

August 2015

Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information or taking an action, such as downloading a file. Sometimes a social engineer is able to rely solely on information posted online or will sometimes interact with the victim to persuade the victim to share details or perform an action. 

To view entire article click here.

Back to top 


Sun, Sand and Cyber Security

July 2015

Every summer, vacationers put their house lights on timers and their mail on hold when they travel away from home. It’s just as important when taking a vacation to take similar precautions with good cyber habits. Many cyber criminals specifically target travelers. 

Social media posts with pictures of tourist attractions may update your friends and family, but they also tell criminals that you’re on vacation and your house is empty. Other older posts may contain personal details or pictures of your home, telling thieves what items of value are in the house or how to circumvent security systems.

Sensitive data, such as login names and passwords, are especially valuable to criminals. One way criminals obtain such data is by installing a “keylogger” on hotel public computers. The keylogger records every keystroke typed on the computer and then transmits that information to the criminal.

Easy Tips to Protect Yourself: Use discretion when posting personal information on social media. Set email away messages to only respond to known contacts in your address book. Disable geolocational features, such as automatic status updates and friend finder functionalities. Remind friends and family members to exercise the same caution. 

Info provided by MS-ISAC

Back to top 


Don't Click to Agree without Reading the Small Print

June 2015

Some free software passes your information on to advertisers, changes your PC or downloads other software without asking you. Some suppliers will claim that this is OK because you agreed to this. How? People often click on the "agree" button to accept 20 pages of difficult legal jargon they don't understand. But buried in the middle can be a sentence allowing the software to do whatever it likes. You can argue in court that the terms aren't reasonable, but then it will be too late — the damage has been done and your PC is broken. Learn from other people's pain: if terms and conditions are hard to understand, it is probably deliberate. If it isn't worth the trouble to read the conditions, don't risk using the software.  (SANS Security Awareness Tip of the Day.)

Back to top 

Why You Should Care About Personal Information Found Online

May 2015

Personal information available online may be used by businesses and recruiters to gauge your stability when applying for a job. Criminals may use data about you to target you for phishing scams, identity theft, and other miscellaneous crimes.

Information posted on social sites like Facebook and Twitter and that gathered by businesses, governments and other organizations is searchable and often permanent. Once data is published online, it is there forever and depending on a company's privacy policy it may be seen by anyone using the Internet. 

Your personal information becomes available through the Internet when you setup an online account, make an online purchase, take part in a survey, download free software, surf the web, or place a post on a social media site.

For more info visit http://www.microsoft.com/security/online-privacy/information.aspx

Back to top 


Make Sure Your Personal Information is Protected When You do Business Online

April 2015

Always read the privacy statement before you fill in the blanks. You should also verify that the site is using encryption before you submit any information — look for https in the web address and for a padlock or key in the lower right corner of your browser. Don't send your personal information (social security number, credit card number, etc.) in an email or through instant messaging. (SANS Security Awareness Tip of the Day.)

Back to top 


How to Avoid Becoming a Tax-Scam Victim

March 2015

It’s tax season, which means it’s also time for tax scams, with numerous online scams that attempt to steal people’s tax refunds, bank accounts, or identities. To avoid becoming a tax-scam victim:

  • Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media to request personal or financial information.
  • Do not respond to unsolicited emails and do not provide sensitive information via email.
  • Carefully select the tax sites you visit. Use caution when searching online for tax forms, advice on deductibles, tax prepares, and other similar topics.
  • Secure your computer. Make sure your computer has all operating system and application software updates.

Info provided by MS-ISAC

Back to top 


New Variants of Tech Support Call Scams Expected in 2015

February 2015

In a tech support call scam, malicious actors call victims and claim to work for well-known companies, informing the victim that their computer is either infected or attacking another computer and that only they can remediate the problem. The hacker will prompt the victim to take certain actions in order to successfully carry out the attack. In most cases, the main motive for these types of scams is monetary gain, which could be achieved by requesting payment for services or products, such as an antivirus, or by installing malware on your system without your knowledge in order to collect sensitive information. In 2014, CIS observed several new variations of the tech support call scam, which will likely become more popular throughout 2015, as cyber criminals continue to seek different ways to dupe end users. If you receive an unsolicited tech support call, you should hang up and report the incident to your local police department, IT department, and/or the Internet Crime Complaint Center at www.ic3.gov. 

For more information visit http://msisac.cisecurity.org

Back to top 

Safe Mobile Banking Tips

January 2015

Using a smartphone, "tablet" computer or other mobile device to manage your finances can be convenient and help you monitor your money from practically anywhere. At the same time, it's important to take steps to protect your account information. The following are tips for protecting yourself:

  • Be proactive in securing the mobile device itself.
  • Be careful about where and how you conduct transactions.
  • Take additional precautions in case your device is lost or stolen.
  • Research any application ("app") before downloading it.
  • Be on guard against unsolicited e-mails or text messages appearing to link to a financial institution's web site.

For more information on this and other consumer information visit fdic.gov, Consumer News.

Back to top