Security Awareness
What is Spam
- Unsolicited Commercial Email (UCE) which usually advertises a product or service.
- Chain letters and pyramid schemes.
- Messages sent to a recipient who had agreed to receive mail but has subsequently opted-out.
- Any email without an Opt-out facility.
- Any email that does not have a valid address in the reply to line.
Spam Concerns
- Fraudulent Offers… Some SPAM offers are fraudulent; it is safest to not do business with spammers.
- Careful clicking on links in SPAM email… Some of these links are designed to capture personal information or download malicious software to your computer without you knowing it.
- Opt’ing Out… By selecting the opt-out option on an email you may be confirming your email address is valid leading to spammers sending you even more SPAM email.
What should I do with SPAM?
- Never respond to SPAM messages.
- Forward SPAM messages to the FTC (spam@uce.gov) and your ISP, do not open them if possible and delete these messages after forwarding them.
- Decide if you want to use two email addresses, one for personal messages and one for newsgroups, chat rooms, etc.
- Avoid listing your primary email address in public places like newsgroups, chat rooms, websites, or membership directories.
Password Protection
In a marketing stunt intended to highlight sloppy security habits, a computer-security firm recently offered “survey takers” a $3 food coupon in exchange for their computer passwords.
The results were shocking: in the experiment, conducted in tech-savvy San Francisco, two-thirds of the 272 people approached provided their passwords. Granted, some respondents may have given out bogus passwords. But in an effort to minimize that problem, answers were disregarded if respondents blatantly said they would give a phony answer.
There’s even worse news, too: of those who refused to divulge their passwords, 70% dropped hints, saying their password was their “spouse’s name” or “kids’ birth dates.”
Protect Yourself
We don’t have free food to pass out, but we do offer free password advice that could prevent unauthorized access to personal or company information:
Create strong passwords – (The following tips will help significantly increase password strength)
- Passwords should be at least eight characters whenever possible (eg. iluvhockey)
- Add a number within your password (eg. bigbird29)
- Use symbols or add upper and lower case characters (eg. $even53 ($=S) or Seven53)
- Combine easy to remember words (eg. Black21dog)
- Do not increment passwords each month (eg. 1st month = Black21dog, 2nd month = Black22dog, etc.)
Using these techniques will increase your password strength exponentially and help ensure that hackers can’t use a “dictionary attack” to guess your password.
- Don’t base your password on easily guessed personal data such as children’s or pets’ names, important dates, or hobbies.
- Never, ever write down a password.
- Don’t provide your computer password over the phone, even to someone claiming to be from the bank.
- Don’t share your password with co-workers.
- Never, ever divulge your password to a stranger on the street – even if they promise you a free burger.
What is Phishing
(phishing) (n.) The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the receiver to visit a fraudulent website where they are requested to update or enter personal information, such as passwords and credit card, social security, and bank account numbers.
Is phishing a major problem?
The American Bankers Association (ABA) says “Phishers are criminals, just like other bank robbers. And as long as financial institutions are where the money is housed, robbers will continue to go after banks. The Anti-Phishing Working Group (APWG) announced there were over 15,000 phishing attempts reported in June of 2005. This number only includes those attempts reported. 91% of these phishing attempts were directed at financial institutions!
Ok, phishing is a problem but how do I identify phishing attempts?
Be wary of any email with an urgent request for personal financial information. Phishers try to entice victims through false and enticing statements.
Be wary of emails that are not personalized. Phishers will use greetings like “Dear Bank Customer”, this is done because the Phisher does not yet have your personal information.
Be wary of emails that have some personal information. Phishers are becoming more sophisticated and may include some stolen personal information in an attempt to gain your trust.
How can I avoid being a victim of phishing or identity theft attempts?
Do not use URL links in an email to access a financial institution’s Web page. Instead go directly to that institution’s web site by typing the URL in your browser. Never respond to an email requesting personal information.
Only communicate information, such as credit card numbers or account information via a secure web site or through a phone call you initiate. Type the institution’s web site URL into your browser instead of clicking on a URL in an email or pop-up message. Ensure that the site has a Https:// in the URL when passing sensitive information, and look for a lock/key symbol in the lower right hand corner of your browser window.
Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure all transactions are legitimate. Early detection is critical in reducing fraud, an advantage of online banking is the ease of regularly checking your account activity.
When in doubt contact your financial institution or vendor directly.
Avoid providing personal information to anyone you have not initiated the communication with.
How do I report phishing attempts?
If you receive a phishing attempt through your home computer you should contact the FTC at spam@uce.gov. The FTC also has great information on their web site at www.ftc.com if you suspect you have been a victim of identity theft.
Phishing Information Sources –
http://www.ftc.gov
http://www.aba.com
http://www.antiphishing.org