Transcript Slide 1
Staying Safe in Cyberspace What do YOU do online? Send and receive e-mail Shop Research Instant messaging/chat Social networking/blogging What are the dangers? Malicious attachments Malicious websites Phishing/fraudulent e-mails Merchants with weak security Search results (yes, really!) Now what? Does all this bad stuff mean you should give up on the web? NO WAY! Get online! Stay connected with family Communicate with friends Keep up on current events Plan vacations What else? E-mail security: Phishing Phishing/vishing messages – Use scare tactics/threats – May “borrow” graphics to look more real – May use poor English – Ask for info the business already has – May be multi-pronged E-mail security: 419 Scams “I am a descendant of royalty…” – Most common is “fund transfer” scam – Request bank account numbers – May also request fees to cover transaction – Never, EVER respond! E-mail security: Malicious attachments Bad guys use e-mail to spread malware – Beware of unsolicited attachments – Use an e-mail provider that scans attachments – Keep your antivirus software up to date E-mail security: Malicious links Bad guys know we’re getting wise to attachments–they entice you to click links instead – Adult content – Breaking news – Shocking video E-mail security: Malicious links Instant messaging Do you use chat? – Only accept chat requests from people you know – Don’t click unsolicited links – Don’t accept unsolicited file transfers Social Networking and Blogging Facebook, MySpace, LinkedIn, etc… – Understand and use privacy settings – Only “friend” people you know – Information posted here makes you a more public person! What can I do? Want to know a secret? – You don’t need to be a geek to stay safe online! What can I do? Be skeptical and ask questions! – Did I really win a foreign lottery? – Does my bank need to be reminded of my account number? – Will the software in that ad really make my computer faster if I click “OK?” My favorite things… (Just like Oprah, but without the flattering lighting!) Surf Safer—use Firefox! – Consider moving away from Internet Explorer Surf Safer Use a phishing filter! – McAfee SiteAdvisor (free) – Rates search results – Prevents you from visiting known-bad websites Shop Safer When using a credit card online, always look for: – https:// – Closed padlock Your CC# is encrypted in transit E-mail Safer Choose a good e-mail provider! – Is your e-mail scanned for viruses? – Will it attempt to alert you about phishing? Ask around—what e-mail providers do trusted friends use? – Are they generally happy? – Do they get a lot of spam? E-mail safer No e-mail provider is perfect! – Unfortunately, they all get spam E-mail safer Cast a wary eye upon e-mail messages – Don’t be afraid to call your bank, ISP, or other businesses about phishing messages Handling phishing messages Don’t: – Call any provided number – Reply to them via e-mail – Click any links or fill out any forms Handling phishing messages Do… – Call your bank on a known-good number Known-good: from the back of your card or bank statement – Report the message to your e-mail provider – Report the message to the FTC Forward to [email protected] Other types of fraud… Many types of fraud started offline but found new life on the Internet – Phone scams – Check scams – Text message scams Phone scams—”vishing” Register with the National Do Not Call registry – https://www.donotcall.gov/ – Scammers will not honor this list! – Remain on guard, report scam calls to the FTC: 1-888-FTC-HELP Check scams Arrive in “snail mail,” and may include: – Foreign business offers – Rental schemes – Overpayments – Sudden riches Get more info on check scams at http://www.fakechecks.org Text message scams Do you have a mobile phone? Do you use it for text messaging? – Even if you don’t, scammers can still send messages to your phone – Disable text service if you don’t use it – NEVER respond to an unsolicited text message In conclusion… It’s not possible or necessary to know about every threat Remain skeptical Continue learning Ask questions! More information Be SeKUre blog – http://www.besekure.ku.edu Security workshops – http://www2.ku.edu/~workshops Be SeKUre on Twitter – http://twitter.com/beseKUre Contact me! Julie C. Fugett, CISSP, CCE Information Security Analyst The University of Kansas [email protected]