Security Tip

Scam of the Week: Holiday Coupon Alert

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode, and starting with Black Friday and Cyber Monday (the busiest online shopping days), they are out to get rich with your money until the holidays are over. Bryant Bradburd, City of Seattle Chief Technology Officer, passes on this advice:

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t open any attachments and don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware. Again, don’t open any attachments and don’t enter anything.

So, especially now, be constantly alert and willing to fight back by using common sense. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off.”

If you think you might have been scammed, stay calm and call your credit card company, have that card disabled and get a new one. Happy Holidays!

Erasing your computer

As we head into the holiday season, there are a lot of ads for new computers at reasonable prices.  However, before selling or discarding an old computer, or throwing away a CD or DVD, you will want to make sure that you’ve copied all of the files you need. You’ve probably also attempted to delete your personal files so that other people aren’t able to access them.  Unless you have taken the proper steps to make sure the hard drive, CD, or DVD is properly erased, people may still be able to resurrect those files.

Published by US-Cert.gov, is a security tip for Effectively Erasing Files, by Mindi McDowell and Matt Lytle, provides this tip in a way that is easy to understand.  Visit this site to read the full article, which includes information about where deleted files go, what the risks are for not erasing them completely, information about reformatting and advice for ensuring that all your information is completely erased.

Kids and online safety from Microsoft

With the start of the school year comes the increased use of computers and the Internet at home, school and on the go.  At Microsoft’s Safety and Security Center, you can find resources in their Family Safety Center on setting rules of online safety, online bullying, social media use, playing games online and using tech on the go.  Each topic area provides tips, resources and tools you can use to help your kids stay safe online.  This information is also available in eleven languages, including Chinese, Korean, Russian and Spanish.

Online safety for college-bound kids

Previous generations didn’t need to have “the digital talk” but in a world where what goes online stays online, it’s essential.  Here are eight tips for the college-bound from our City of Seattle Office of Information Security:

1. The Internet is forever – Think about future employers, including those coveted summer internships. Don’t post anything online, including inappropriate photos, which would make a future employer think twice about hiring you. Good judgment is something employers look for, show that you have it.

2. Don’t add your address to your Facebook profile – Keep your address private. Anyone who needs your address can get it from you directly.

3. Don’t broadcast your location – Go ahead and check-in at your favorite coffee place and post photos of you and friends at a concert. Just do it sparingly. People don’t need to know where you are all the time or when your dorm room or apartment might be empty.

4. Don’t “friend” people you don’t know – Be choosy when it comes to friending people on social media. Just because someone sends you a friend request doesn’t mean you have to accept it—especially if you have no idea who they are.

5. Guard your social security number – Your social security number is a winning lottery ticket to a fraudster. It is the key to stealing your identity and taking over your accounts. Keep your social security card locked away in a safe place. Memorize the number so you can minimize using the card itself. Question anyone who asks for your social security card. Employers, banks, credit card companies and the department of motor vehicles are some of the few legitimate entities who may need your social security number. Never give it out online or in email.

6. Don’t use the same password everywhere – All your accounts need a password, but not the same one. Consider using an all-in-one password manager. If you choose this option make sure that you log out of the service when not in use. Get in the habit of locking your computer and shutting it off at night.

7. Beware of emails phishing for personal information – Be very wary of any email with a link that asks you to disclose your credit card details, username, password or social security number. These emails can look official but no bank, or other legitimate business, should email asking for this information.

8. Be Wi-Fi savvy and safe – Free Wi-Fi at coffee shops, libraries and restaurants make these great places to hang out and study. However, free comes at the cost of security. Unsecured networks create the risk of identity theft and other personal information being stolen. Make sure sites you visit use encryption software (website addresses start with https:// and usually display a lock in the browser address bar) to block identity thieves when using public Wi-Fi. Additionally, be careful to avoid using mobile apps that require credit card data or personal information on public Wi-Fi as there is no visible indicator of whether the app uses encryption. In general it’s best to conduct sensitive transactions on a secured private network or through your phone’s data network rather than public Wi-Fi.

 

Should your organization consider The Cloud?

Once upon a time, all software had to be directly installed onto computers—but more and more, vendors are hosting software that users access via the Cloud. Maybe you use Google Drive or Dropbox, Office 365, or a Cloud-based database. Maybe you’re interested in what such hosted services offer, but are worried about the security risks. Moving to the Cloud is not for everyone–how do you know if it’s right for your organization? The answer is simple: by evaluating it against your own particular needs.

Idealware.org, a nonprofit organization helping nonprofits make smart software decisions, has created a free new workbook, Should Your Organization Consider The Cloud, to help you to make decisions about using cloud software.

Read the full article here and receive your free copy of  help to get you started.

Have a scam free vacation

Heading out of town? Make sure you come back with a nice post-vacation glow and not a case of identity theft. Here are some things you can do to lessen the chances you’ll be a victim.

Limit what you carry. Take only the ID, credit cards, and debit cards you need. Leave your Social Security card at home. If you’ve got a Medicare card, make a copy to carry and blot out all but the last four digits on it.

Know the deal with public Wi-Fi. Many cafés, hotels, airports, and other public places offer wireless networks — or Wi-Fi — you can use to get online. Two things to remember:

  • Wi-Fi hotspots often aren’t secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, the info might be accessed by someone it’s not meant for. If you use a public Wi-Fi network, send information only to sites that are fully encrypted (here’s how to tell), and avoid using apps that require personal or financial information. Researchers have found many mobile apps don’t encrypt information properly.
  • That Wi-Fi network might not belong to the hotel or airport. Scammers sometimes set up their own “free networks” with names similar to or the same as the real ones. Check to make sure you’re using the authorized network before you connect.

Protect your smartphone. Use a password or pin, and report a stolen smartphone — first to local law enforcement authorities, and then to your wireless provider. In coordination with the Federal Communications Commission (FCC), the major wireless service providers have a stolen phone database that lets them know a phone was stolen and allows remote “bricking” so the phone can’t be activated on a wireless network without your permission. Find tips specific to your operating system with the FCC Smartphone Security Checker at fcc.gov.

ATMs and gas stations — especially in tourist areas — may have skimming devices. Scammers use cameras, keypad overlays, and skimming devices — like a realistic-looking card reader placed over the factory-installed card reader on an ATM or gas pump — to capture the information from your card’s magnetic strip without your knowledge and get your PIN. The FBI offers tips to avoid being scammed by a skimmer.

Watch that laptop. If you travel with a laptop, keep a close eye on it — especially through the shuffle of airport security — and consider carrying it in something less obvious than a laptop case. A minor distraction in an airport or hotel is all it takes for a laptop to vanish. At the hotel, store your laptop in the safe in your room. If that’s not an option, keep your laptop attached to a security cable in your room and consider hanging the “do not disturb” sign on your door.

Still, despite your best efforts to protect it, your identity may be stolen while you’re traveling. Here’s what you can do.

http://www.consumer.ftc.gov/blog/scam-free-vacation

eBay Users Should Change Password due to Breach

All eBay users should change their passwords immediately.  Due to a security breach, customer account information for eBay’s millions of users has been compromised.  To reset your password, here is the eBay password-reset page link .

In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ”  You can read the rest of the blog here.

According to reports and the company, the breach did not affect PayPal systems.  However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password.  It is always best to use a unique password for every online account.

Users should be especially wary of “phishing” attacks.  Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails.  Don’t get tricked – never click links in emails.  Instead, type the website name into your browser for safety.

Read more City of Seattle Department of Information Security tips at TechTalk.seattle.gov

You’ve been hacked! Now what?

From the City of Seattle, Office of Information Security – Bryant Bradbury

Maybe you opened an e-mail attachment you shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Or perhaps you’re running an out-of-date, or unpatched, operating system software (such as Windows XP) and have started to see “antivirus warnings.”  Perhaps your bank called, informing you that there has been some unusual activity on your account. Your friends and family may start complaining about spam messages they are purportedly receiving from you. These are all signs that your computer may have been hacked.

If your computer system has indeed been compromised and infected with a virus or other malware, you need to take action to protect your data and prevent your computer from being used to attack others.

Secure Your Computer

Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions. Links are provided here for Windows users and Mac users.  (In addition, note that support for Windows XP ends effective April 8, 2014. The end of support for Windows XP means that Microsoft will no longer provide new security updates and will therefore become a significant security risk. It is recommended that anyone using Windows XP migrates to products that are supported, such as Windows Vista, Windows 7 or 8.)

Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.

Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.

Secure Your Accounts

You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts.  It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.

Use separate and unique ID/password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis.  If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.

Secure Your Mobile Device

Our increased reliance on smart devices–including mobile phones and tablets–for everyday activities has resulted in an increased number of hacking attempts against these devices. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.

For More Information

You’ve been hacked, now what?  http://www.net-security.org/article.php?id=1827

Your Email’s Been Hacked! Now What?  http://identitysafe.norton.com/blog/blog/2013/06/03/your-emails-been-hacked-now-what/

You Got Hacked! What Now?  http://www.pcmag.com/article2/0,2817,2403134,00.asp

Hacked: Now What?  http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201209_en.pdf

I’ve Been Hacked! Now What?  http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm

You’ve been hacked! Now What?  http://www.doit.wisc.edu/youve-been-hacked-now-what/

 

Free Security Newsletter

Sign up for Microsoft’s free, monthly email security newsletter that’s packed with valuable information to help you protect your home computer. This newsletter provides practical security tips for you and your family, useful resources and links, and a forum for you to provide feedback and ask security-related questions.

Available in text and HTML formats, the newsletter is a convenient way for you to stay up to date on the latest issues, insights, and events with:

  • How-to articles and security tips
  • Security bulletins and critical updates
  • Answers to frequently asked questions on security topics
  • Information about security trials and downloads
  • Articles on helping to keep kids safe online
  • Tips from our Security Community for Home Users

View the latest security newsletter.

Critical vulnerability in Apple iOS and OS X

The City of Seattle’s Office of Information Security is recommending Apple users immediately update their iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network, after Apple announced a major vulnerability allowing hackers to intercept and alter communications.

Apple has not released any patches yet for OS X, so Mac users should avoid using public networks, a step that can thwart many criminal eavesdroppers.

To patch your iOS device(s):

  • Run “Software Update“ from your device’s “settings” menu – OR -
  • Connect your device to your personal computer, open iTunes, select the device you just connected, and click the “Check for update” button.

Read more on our TechTalk blog: here.