- Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail.
- Always go to an official website rather than from a link sent to you via e-mail.
- Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
- Contact your personnel department [or the department in question] if you receive suspicious e-mail.
- Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many [but not all] of the scammers who send these messages are not native English speakers.
If you're like most people, you've probably received at least one hoax or chain letter in your inbox. What should you do with the next one you receive? Delete it! Why you ask? Because chain letters and hoaxes have the potential to cause problems (lots of network traffic or just filling up someone's inbox) and they can also be very annoying. Visit the following sites to find out more about hoaxes and chain letters.
Screen names that hint at personal interests, hobbies, or favorite sports, combined with other clues in your profile will give enough information for someone to figure out who you are and where they can find you.
To secure your data and reduce SPAM sent to your business as well as to your private email account, get a dedicated address for internet postings. Never use your business email address for posting guestbook entries, votes, or questions and answers in forums and surveys. It's good to be reachable in these situations, but best to be anonymous.
- Be suspicious of unsolicited phone calls or email messages from individuals asking about information. If an unknown individual claims to be from a legitimate organization, try to verify his/her identity directly with the company.
- Do not provide personal information or information about you unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in uninvited email and do not respond to emails requesting this information
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. DO NOT use contact information provided on a linked website connected to the request.
To protect your home network, make sure you have a secured wireless network, you are using OpenDNS or a similar service and all the devices on your home network are updated and current.
- Install apps only from trusted sources
- Make sure your apps are updated
- Verify the permissions.
- Obtain anti-virus software for your computer only from known, trusted sources and vendors. It is a common ploy of cyber attackers to distribute fake anti-virus programs that are really malware.
- Make sure you have the latest version of your anti-virus software installed on your computer, that your annual subscription is paid for and active and that your anti-virus is configured to update automatically. If your computer has been offline or powered off for a while, your anti-virus software will need to update itself when you turn it back on or reconnect it to the Internet. Do not postpone these updates.
While anti-virus is an important part of your computer security, it cannot detect or stop all attacks. Ultimately, you are the best defense, not just technology.
When you delete a file, depending on your operating system and your settings, the file may be transferred to your trash or recycle bin. This "holding area" essentially protects you from yourself—if you accidentally delete a file, you can easily restore it. An unauthorized person will also be able to retrieve it. Does your recycle bin include credit card information, passwords, medical, or other personal data? Empty the trash or recycle bin on a regular basis to ensure that deleted information stays deleted.
Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window. For more information about phishing, please visit www.consumer.ftc.gov/articles/0003-phishing
If you can't remember hard passwords no matter how hard you try, put your password in parenthesis. baseball38 is a weak password. (baseball38) is much better.
When you change your password, you should always change at least half of it and when you do, change the parentheses as well. Change the parentheses to asterisks, exclamation points or dollar signs. *sallyandbob39* is better than sallyandbob39, and !jimandbetty93! is better than jimandbetty93.
Not all web sites are safe. Always ensure that the source you are downloading from is legitimate. Use extreme caution if you are referred to a site by an email message. If you're uncertain, don't download.
Your most important files can be protected with a password. For example, in Microsoft Word, you can create a password to open and a password to modify a file. Just go to Tools | Options and click the Security tab. Remember the password so you don't lock yourself out!
Locking your computer before leaving it unattended prevents anyone else from accessing it while you are away. This is especially important when there are other people in your home, school or office. Leaving your computer unlocked can expose your private data to a third party. Even when there is no one around, data could be exposed if your computer screen faces an outside window, especially on the ground floor of your house, school or place of business.
Cybercafés and hotels offer convenient ways to use a networked computer when you are away from home or office. But be careful. It's impossible for an ordinary user to tell what the state of their security might be. Since anyone can use them for anything, they have probably been exposed to viruses, worms, Trojans, key loggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email (which may contain personal information); to any secure system (like the network or server at your office), bank or credit union; or for shopping online (using your Identification, credit card or bank account numbers).
One type of Phishing (fake emails to trick you into sharing your private financial details) is to send a note claiming to want to send you a sum of money but not being able to because they have been told you are deceased. The idea is for you to prove you are not dead by giving up your financial information. As always, if it sounds too good to be true, it is probably not true. If someone wants to contact you in order to give you a large sum of money, they will almost certainly do it by certified mail, not by email.
Microsoft never sends out patches or updates by email. There are no exceptions. Keep that in mind and you won't be a victim of a Microsoft patch hoax handily supplied as an attachment. Every 18 months or so, someone tries this hoax again by crafting and sending out a phony email complete with a Microsoft look-alike logo, spoofed return address, links, etc., and some text assuring you that this is all the real thing. It isn't.
Social engineering is the act of manipulating people (you) into performing actions or revealing confidential information.
Examples of Social Engineering are:
- Impersonation - Never give out your password to anyone, even if they claim to be someone trying to help you “fix” your computer.
- Shoulder surfing – The ability to gain information by simply watching what you are typing or seeing what is on your computer screen.
- Baiting - Asking a variety of questions designed to “catch” the right answers. Be careful of what you say to whom.
- Surveys - Surveys might be for legitimate purposes or might be a scam. Be aware of disclosing information that may be used inappropriately.
- Dumpster diving - Searching through your trash is a method used to get sensitive information. Be sure to shred or properly destroy personal information before throwing it away.
- Are at least eight characters or longer
- Do not contain your name, date of birth, or personal identifier (found easily on Facebook)
- Do not contain a complete word or any word found in any dictionary
- Are very different from passwords used before
- Include character(s)/symbol(s), upper case letter(s), lower case letter(s) and number(s)
Many of our smartphones and the applications we download collect information about how we use our phones.
Read the contracts, conditions, and what permissions you are allowing to any applications before you agree to download or add anything to your smartphone or mobile devices.
Additional reminder - to avoid loss of personal information due to stolen or lost mobile devices, always password protect!