Transcript Slide 1
Staying Safe in
Cyberspace
What do YOU do online?
Send and receive e-mail
Shop
Research
Instant messaging/chat
Social networking/blogging
What are the dangers?
Malicious attachments
Malicious websites
Phishing/fraudulent e-mails
Merchants with weak security
Search results (yes, really!)
Now what?
Does all this bad stuff mean you
should give up on the web?
NO WAY!
Get online!
Stay connected with family
Communicate with friends
Keep up on current events
Plan vacations
What else?
E-mail security:
Phishing
Phishing/vishing messages
– Use scare tactics/threats
– May “borrow” graphics to look more real
– May use poor English
– Ask for info the business already has
– May be multi-pronged
E-mail security:
419 Scams
“I am a descendant of royalty…”
– Most common is “fund transfer” scam
– Request bank account numbers
– May also request fees to cover
transaction
– Never, EVER respond!
E-mail security:
Malicious attachments
Bad guys use e-mail to spread
malware
– Beware of unsolicited attachments
– Use an e-mail provider that scans
attachments
– Keep your antivirus software up to date
E-mail security:
Malicious links
Bad guys know we’re getting wise to
attachments–they entice you to click
links instead
– Adult content
– Breaking news
– Shocking video
E-mail security:
Malicious links
Instant messaging
Do you use chat?
– Only accept chat requests from people
you know
– Don’t click unsolicited links
– Don’t accept unsolicited file transfers
Social Networking and
Blogging
Facebook, MySpace, LinkedIn, etc…
– Understand and use privacy settings
– Only “friend” people you know
– Information posted here makes you a
more public person!
What can I do?
Want to know a secret?
– You don’t need to be a geek to stay safe
online!
What can I do?
Be skeptical and ask questions!
– Did I really win a foreign lottery?
– Does my bank need to be reminded of
my account number?
– Will the software in that ad really make
my computer faster if I click “OK?”
My favorite things…
(Just like Oprah, but without the flattering lighting!)
Surf Safer—use
Firefox!
– Consider moving
away from Internet
Explorer
Surf Safer
Use a phishing filter!
– McAfee SiteAdvisor (free)
– Rates search results
– Prevents you from visiting known-bad
websites
Shop Safer
When using a credit
card online, always
look for:
– https://
– Closed padlock
Your CC# is
encrypted in transit
E-mail Safer
Choose a good e-mail provider!
– Is your e-mail scanned for viruses?
– Will it attempt to alert you about
phishing?
Ask around—what e-mail providers do
trusted friends use?
– Are they generally happy?
– Do they get a lot of spam?
E-mail safer
No e-mail provider is perfect!
– Unfortunately, they all get spam
E-mail safer
Cast a wary eye upon e-mail messages
– Don’t be afraid to call your bank, ISP, or
other businesses about phishing
messages
Handling phishing
messages
Don’t:
– Call any provided number
– Reply to them via e-mail
– Click any links or fill out any forms
Handling phishing
messages
Do…
– Call your bank on a known-good number
Known-good: from the back of your card or
bank statement
– Report the message to your e-mail
provider
– Report the message to the FTC
Forward to [email protected]
Other types of fraud…
Many types of fraud started offline but
found new life on the Internet
– Phone scams
– Check scams
– Text message scams
Phone scams—”vishing”
Register with the National Do Not Call
registry
– https://www.donotcall.gov/
– Scammers will not honor this list!
– Remain on guard, report scam calls to the
FTC: 1-888-FTC-HELP
Check scams
Arrive in “snail mail,” and may include:
– Foreign business offers
– Rental schemes
– Overpayments
– Sudden riches
Get more info on check scams at
http://www.fakechecks.org
Text message scams
Do you have a mobile phone?
Do you use it for text messaging?
– Even if you don’t, scammers can still send
messages to your phone
– Disable text service if you don’t use it
– NEVER respond to an unsolicited text
message
In conclusion…
It’s not possible or necessary to know
about every threat
Remain skeptical
Continue learning
Ask questions!
More information
Be SeKUre blog
– http://www.besekure.ku.edu
Security workshops
– http://www2.ku.edu/~workshops
Be SeKUre on Twitter
– http://twitter.com/beseKUre
Contact me!
Julie C. Fugett, CISSP, CCE
Information Security Analyst
The University of Kansas
[email protected]