DO YOU KNOW HOW TO SPOT A PHISH?
Phishing is a method of identity theft which requests confidential information such as usernames, account numbers, passwords, etc. by masquerading as a legitimate, trusted company. This term typically refers to attempts through email. However, this same type of attack can occur in person (social engineering) or over the phone (pharming).
Phishing emails have become very sophisticated. It used to be that they were so poorly written that you could simply rely on really bad grammar or spelling errors to determine their legitimacy. That is no longer the case. The emails can appear to come from trusted addresses and are cleverly designed with graphics, disclaimers etc. So how can you determine if an email is legitimate?
- SMU and other companies will NEVER ask you to verify your information or provide your account details. If you receive an email indicating your account will be terminated, or verification is needed, simply delete the email.
- If the message is unexpected, think twice before responding. Several phishing attempts indicate that a recent purchase was made on your account. The email includes a link for you to login and view the order etc. Don’t be fooled! The link will simply take you to a bogus website where they capture your credentials when you login!
- Double check the URL links before you click. If you hover the mouse over the hyperlink, the exact path should be displayed. Review that link closely. If the address does not match the legitimate company’s URL (such as smu.edu), then do not respond.
- When in doubt, ask. If you receive an email and aren’t sure if it is legitimate, don’t hesitate to ask! The Help Desk can certainly review the email to determine if it is a phish or if it is legitimate. If the message appears to come from a financial institution, you can call them to verify. Be sure to use the phone number listed on their website and not any included in the email!
If you happen to provide your account information before realizing it was a phishing attempt, you must react quickly.
- Change your password immediately.
- If you provided a login or account details for a financial institution, call them immediately.
DID YOU KNOW?
During the month of August, there were 14,633,869 emails received by our email servers. Of those, 75% were captured by the spam filters!
As more applications are run from the internet, rather than installed locally on a device, each of us needs to become more cognizant of browser security settings and internet safety practices. The following are a few key tips for internet safety.
1. ONLY USE TRUSTED NETWORK CONNECTIONS
Wi-Fi offered by many businesses and hotels are insecure. Any data sent while connected on this network can be subject to interception or snooping.
A. If you must use an insecure network, be sure to then connect to the SMU VPN service before browsing to any banking sites or accessing University information.
B. Do not connect to Wi-Fi networks if you don’t know who is providing the network.
C. Finally, ensure that your own home wireless network is secured with a password to prevent unauthorized individuals from joining your network.
2. KEEP YOUR BROWSERS UPDATED AND SECURED
Internet browsers, such as Internet Explorer, Firefox, and Chrome, have a number of security features built-in to help protect your online activity which you can easily disable.
A. Apply browser updates when they are available.
B. Refrain from installing extra tool bars and add in programs as these can compromise the security of the browser.
C. Enable pop-up blockers and manage exceptions carefully.
D. If accessing websites where confidential information will be entered (online stores or sites which require a username and password), double check the web address. Ensure that the path starts with https (not just http) and the security lock icon is displayed.
3. USE STRONG PASSWORDS FOR ALL ACCOUNTS
Even if the website does not require a complex password, be sure to use a combination of letters, numbers and symbols for your password. Refrain from using common words or easily guessed passwords. Do not use the same password for all of your accounts. Doing so makes it very easy for a hacker to move quickly through all of your accounts if they are able to compromise the password. Finally, never share your password with anyone.
4. BE CAREFUL WHERE YOU GO ONLINE
Only visit sites that you know are reputable sites. When searching for information, be careful of the websites you visit and trust your instincts. If something doesn’t seem right or if the website requires extra programs to be installed, think twice.
DID YOU KNOW
A new internet security feature has been enabled at SMU. Similar to a spam filter, this service provides a list of known malicious websites. These include websites that have been hacked as well as sites designed to install malware. If you are on the SMU network and you attempt to visit one of these websites, you will automatically be redirected to a webpage indicating that the site has been blocked. The new service should help decrease the number of malware infections and better protect our computing environment.
Social Networking and Your Personal Information
Most social networking sites have options for you to define your own security or privacy settings. At times, they may be changed or upgraded in a way that affects how your personal information is made available on the internet. To be sure you are aware of what information is being shared and how, it is important to review security settings periodically.
Social networking sites make their money from advertisers, not users. Advertisers use the information that you post to get their message out to as many people as possible. The more information they can gather about you from your profile and posts, the better they can target their message to you. The same is true for spammers or identity thieves. They use a variety of techniques such as fun surveys and apps to lure you into providing your data. What you thought was just a fun game to name a star after your kids was actually a way to gather your child’s name and birthdate---information often used in passwords or for account security questions! They can also craft targeted email messages including personal details gathered from your posts to help trick you into providing additional information.
Each application presents its own unique security configurations and challenges. To protect your information, review any privacy settings or account settings that are available with each application. You might also want to look closely at the information that is being tracked with each application—particularly from mobile devices. Whenever possible, limit the audience of your information to individuals you know and trust.
The following are a few reminders for Facebook and Twitter:
- Facebook encourages extensive public sharing of your activity, from what you’ve watched on Netflix, to what you’ve listened to on Spotify. You no longer have to “Like” something to share it - in many cases that will happen automatically. If you allow, many apps and web services will now have permission to post to your profile or timeline automatically. Read the sharing terms carefully before installing new apps.
- Make your posts available to Friends-Only: In your privacy settings--- select "limit the audience for past posts".
- Limit the posts by others on your Timeline: This limits visibility to comments posted to your wall by your friends. Go to the privacy settings page-- select Edit Settings (next to How you connect)--select the drop down menu next to "who can see posts by others on your timeline" and choose Custom. Enter the name of the people or the lists that you want to exclude from viewing posts on your wall by others.
- Edit every post manually: although this is quite time consuming, you may want to control which posts appear on your timeline.
- Another security concern with Twitter is with the practice of shortened URLs. Because of the text length limitation, individuals frequently use shortened URLs to direct you to pictures or videos. However, the shortened URL gives you no indication of what the true site is. Hackers can create a shortened URL to direct you to an authentication page or registration form. If you click on a shortened URL in a Tweet and are directed to any type of authentication or registration page, do not provide the requested information.