Security Tips & Alerts
Technology Topic of the Month
Email Phishing Attacks
Email is one of the primary ways we communicate. We not only use it every day for work, but also to stay in touch with our friends and family. In addition, email is how companies provide many products or services, such as confirmation of an online purchase or availability of your online bank statements. Since so many people around the world depend on email, email attacks have become one of the primary attack methods used by cyber criminals.
Phishing was a term originally used to describe email attacks that were designed to steal your online banking username and password. However, the term has evolved and now refers to almost any email-based attack. Phishing uses social engineering, a technique where cyber attackers attempt to fool you into taking an action. These attacks often begin with a cyber criminal sending you an email pretending to be from someone or something you know or trust, such as a friend, your bank or your favorite online store. These emails then entice you into taking an action, such as clicking on a link, opening an attachment or responding to a message. Cyber criminals craft these emails to look convincing, sending them out to literally millions of people around the world. The criminals do not have a specific target in mind, nor do they know exactly who will fall victim. They simply know that the more emails they send out, the more people they may be able to fool. Phishing attacks work one of four ways:
Harvesting Information: The cyber attacker's goal is to fool you into clicking on a link and taking you to a website that asks for your login and password, or perhaps your credit card or ATM number. These websites look legitimate, with exactly the same look, imagery and feel of your online bank or store, but they are fake websites designed by the cyber attacker to steal your information.
Infecting your computer with malicious links: These are phishing emails that have malicious attachments, such as infected PDF files or Microsoft Office documents. If you open these attachments they attack your computer and, if successful, give the attacker complete control.
Scams: These are attempts by criminals to defraud you. Classic examples include notices that you've won the lottery, charities requesting donations after a recent disaster or a dignitary that needs to transfer millions of dollars into your country and would like to pay you to help them with the transfer. Don't be fooled, these are scams created by criminals who are after your money.
In most cases, simply opening an email is safe. For most attacks to work you have to do something after reading the email (such as opening the attachment, clicking on the link or responding to the request for information). Here are some indications if an email is an attack:
Be suspicious of any email that requires "immediate action" or creates a sense of urgency. This is a common technique used by criminals to rush people into making a mistake.
Be suspicious of emails addressed to "Dear Customer" or some other generic salutation. If it is your bank they will know your name.
Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them.
Do not click on links. Instead, copy the URL from the email and paste it into your browser. Even better is to simply type the destination name into your browser.
Hover your mouse over the link. This will show you the true destination where you would go if you actually clicked on it. If the true destination of the link is different than what is shown in the email, this may be an indication of fraud.
Be suspicious of attachments and only open those that you were expecting.
Just because you go an email from your friend does not mean they sent it. Your friend's computer may have been infected or their account may have been compromised, and malware is sending the email to all of your friend's contacts. If you get a suspicious email from a trusted friend or colleague, call them to confirm that they sent it. Always use a telephone number that you already know or can independently verify, not one that was included in the message.
If after reading an email you think it is a phishing attack or scam, simply delete the email. Ultimately, using email safely is all about common sense. If something seems suspicious or too good to be true, it is most likely an attack. Simply delete the email.
Securing your New Tablet
Your New Tablet
Congratulations on your new tablet. This technology is a powerful and convenient way to communicate with others, shop online, read, listen to music, game and perform a myriad of other activities. Since this new tool may become an important part of your daily life, we strongly encourage you to take some simple steps to help keep it safe and secure.
Securing Your Tablet
The first step is to set a passcode or some other screen locking mechanism. Tablets are east to take wherever you go, which also means they are easy to lose or have stolen. To help prevent your information from falling into the wrong hands, be sure you lock your tablet screen with some type of hard-to-guess PIN, passcode or swiping motions. In newer devices, there may be some type of biometric authentication, such as a fingerprint reader. Use the strongest method your tablet supports, and be sure to set your tablet so that it locks automatically after a short idle time.
Next, update your tablet so it has the latest version of its operating system. Bad guys are constantly finding new weaknesses in software, and vendors are constantly releasing new updates and patches to fix them. By running the latest operating system, you make it harder for anyone to hack your tablet.
Pay attention when configuring your tablet for the first time. The most important configuration choices will be your privacy and Cloud options. Privacy is about protecting your personal information. One of your tablet's biggest privacy issues is its ability to know and track your location. We recommend that you go into the privacy features and disable location tracking for everything, then enable it on an app-by-app basis. For some apps, it is important to be able to track your location (such as mapping software or finding a local restaurant near you), but the majority of apps do not need real-time information.
The other important option is Cloud storage. Cloud services such as Apple's iCloud, Microsoft's skydrive, Dropbox or Google Drive allow you to store your data on servers through the Internet. Most tablets have built-in options for automatically storing just about anything in the Cloud, including documents, pictures and videos. Think about the sensitivity of your data and decide whether it is appropriate to store it in the Cloud. make sure you understand how your data will be protected (such as by a password) and how you can control who will have access to it. The last think you want is for the private pictures you just took to be posted on the Internet without your knowledge, complete with their geo-location information embedded.
Be aware that tablets are increasingly synchronizing your apps with other devices, like your smartphone or laptop. This is common with many applications (including Google's Chrome), is pervasive in Windows 8 and is one of the m most widely used features in iCloud. Device synchronization can be a wonderful feature, but if you have it enabled, don't be surprised to see the sites you visited or the tabs you created on your tablet's browser appear in your browser at work.
Keeping Your Tablet Secure
Once you have your tablet secured, you want to be sure it stays that way. Here are some simple steps for you to consider as you continue to use your tablet:
Keep your tablet operating system and apps current and running their latest version. Many tablets now automatically update your apps, a feature we encourage you to enable.
Do not jailbreak or hack your own tablet. this will bypass and render a tremendous number of security controls useless, making your tablet far more vulnerable to attacks.
Only download apps you need, and only download them from trusted sources. For iPads, this is simple as only downloading apps from iTunes. These apps are screened by Apple before they are made available. For Google, we recommend you limit your apps to those found on Google Play. While you can download apps from other sites, they are usually not vetted and could be created with malicious intent. Finally, regardless of where you got your app, we recommend you remove it from your tablet once you no longer need or actively use it.
When installing a new app, make sure you review and set the privacy options, just like you did when initially configuring your new tablet. Be careful of what information you allow the app to access, or what you allow the app to do with that information. For example, does the app you just downloaded really need access to all of your contacts?
Be sure to install or configure software that allows you to remotely track, lock or erase your tablet in case it is ever lost or stolen.