Center for Information Technology Services
Cyber Security Tips (For Non-Technical Users)
ST05-019: Preventing and Responding to Identity Theft
Original release date: September 17, 2008 | Last revised: February 06, 2013
Identity theft, or identity fraud, is a crime that can have substantial financial and emotional consequences. Take precautions with personal information; and if you become a victim, act immediately to minimize the damage.
Is identity theft just a problem for people who submit information online?
You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.
The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.
How are victims of online identity theft chosen?
Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.
Are there ways to avoid being a victim?
Unfortunately, there is no way to guarantee that you will not be a victim of online identity theft. However, there are ways to minimize your risk:
- Do business with reputable companies - Before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information (see Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information).
- Take advantage of security features - Passwords and other security features add layers of protection if used appropriately (see Choosing and Protecting Passwords and Supplementing Passwords for more information).
- Check privacy policies - Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information (see Protecting Your Privacy and How Anonymous Are You? for more information). Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.
- Be careful what information you publicize - Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums (see Guidelines for Publishing Information Online for more information).
- Use and maintain anti-virus software and a firewall - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date.
- Be aware of your account activity - Pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months (see AnnualCreditReport.com for more information).
How do you know if your identity has been stolen?
Companies have different policies for notifying customers when they discover that someone has accessed a customer database. However, you should be aware of changes in your normal account activity. The following are examples of changes that could indicate that someone has accessed your information:
- unusual or unexplainable charges on your bills
- phone calls or bills for accounts, products, or services that you do not have
- failure to receive regular bills or mail
- new, strange accounts appearing on your credit report
- unexpected denial of your credit card
What can you do if you think, or know, that your identity has been stolen?
Recovering from identity theft can be a long, stressful, and potentially costly process. Many credit card companies have adopted policies that try to minimize the amount of money you are liable for, but the implications can extend beyond your existing accounts. To minimize the extent of the damage, take action as soon as possible:
- Contact companies, including banks, where you have accounts - Inform the companies where you have accounts that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. In addition to calling the company, send a letter so there is a record of the problem.
- Contact the main credit reporting companies (Equifax, Experian, TransUnion) - Check your credit report to see if there has been unexpected or unauthorized activity. Have a fraud alerts placed on your credit reports to prevent new accounts being opened without verification.
- File a report - File a report with the local police so there is an official record of the incident. You can also file a complaint with the Federal Trade Commission.
- Consider other information that may be at risk - Depending what information was stolen, you may need to contact other agencies; for example, if a thief has access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver's license or car registration have been stolen.
The following sites offer additional information and guidance for recovering from identity theft:
- Federal Trade Commission - http://www.ftc.gov/bcp/edu/microsites/idtheft/
- United States Department of Justice - http://www.usdoj.gov/criminal/fraud/websites/idtheft.html
- Social Security Administration - http://www.ssa.gov/pubs/idtheft.htm
Author: Mindi McDowell
ST04-016: Recognizing and Avoiding Spyware
Original release date: November 19, 2009 | Last revised: February 06, 2013
Because of its popularity, the internet has become an ideal target for advertising. As a result, spyware, or adware, has become increasingly prevalent. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge.
What is spyware?
Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.
Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:
- What information is being gathered?
- Who is receiving it?
- How is it being used?
How do you know if there is spyware on your computer?
The following symptoms may indicate that spyware is installed on your computer:
- you are subjected to endless pop-up windows
- you are redirected to web sites other than the one you typed into your browser
- new, unexpected toolbars appear in your web browser
- new, unexpected icons appear in the task tray at the bottom of your screen
- your browser's home page suddenly changed
- the search engine your browser opens when you click "search" has been changed
- certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)
- random Windows error messages begin to appear
- your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)
How can you prevent spyware from installing on your computer?
To avoid unintentionally installing it yourself, follow these good security practices:
- Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window.
- Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar.
- Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
- Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.
As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:
- Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting (see Browsing Safely: Understanding Active Content and Cookies and Evaluating Your Web Browser's Security Settings for more information).
How do you remove spyware?
- Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically (see Understanding Anti-Virus Software for more information).
- Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy.
- Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems (see Coordinating Virus and Spyware Defense for more information).
Authors: Mindi McDowell and Matt Lytle
ST05-006: Recovering from Viruses, Worms, and Trojan Horses
Original release date: March 19, 2008 | Last revised: February 06, 2013
Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover.
How do you know your computer is infected?
Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.
What can you do if you are infected?
- Minimize the damage - If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.
- Remove the malicious code - If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store (see Understanding Anti-Virus Software for more information). If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities (see Understanding Patches for more information).
How can you reduce the risk of another infection?
Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:
- use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current (see Understanding Anti-Virus Software for more information).
- change your passwords - Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess (see Choosing and Protecting Passwords for more information).
- keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
- install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
- use anti-spyware tools - Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware (see Recognizing and Avoiding Spyware for more information).
- follow good security practices - Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).
As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.
- Recovering from a Trojan Horse or Virus
- Before You Connect a New Computer to the Internet
- Securing Your Web Browser
Author: Mindi McDowell
ST04-015: Understanding Denial-of-Service Attacks
Original release date: November 04, 2009 | Last revised: February 06, 2013
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
- Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
- Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).
- Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:
- unusually slow network performance (opening files or accessing websites)
- unavailability of a particular website
- inability to access any website
- dramatic increase in the amount of spam you receive in your account
What do you do if you think you are experiencing an attack?
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance.
- If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked.
- If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.
Author: Mindi McDowell
ST06-006: Understanding Hidden Threats: Corrupted Software Files
Original release date: March 09, 2011 | Last revised: February 06, 2013
Malicious code is not always hidden in web page scripts or unusual file formats. Attackers may corrupt types of files that you would recognize and typically consider safe, so you should take precautions when opening files from other people.
What types of files can attackers corrupt?
An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a website. Depending on the type of malicious code, you may infect your computer by just opening the file.
When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files (such as a particular piece of software running on a particular operating system) or only affects certain versions of a software program.
What problems can malicious files cause?
There are various types of malicious code, including viruses, worms, and Trojan horses (see Why is Cyber Security a Problem? for more information). However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including
- interfering with your computer's ability to process information by consuming memory or bandwidth (causing your computer to become significantly slower or even "freeze")
- installing, altering, or deleting files on your computer
- giving the attacker access to your computer
- using your computer to attack other computers (see Understanding Denial-of-Service Attacks for more information)
How can you protect yourself?
- Use and maintain anti-virus software - Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.
- Use caution with email attachments - Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first (see Using Caution with Email Attachments for more information). Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads and opens attachments, check your settings to see if you can disable this feature.
- Be wary of downloadable files on websites - Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a website certificate (see Understanding Web Site Certificates for more information). If you do download a file from a website, consider saving it to your computer and manually scanning it for viruses before opening it.
- Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
- Take advantage of security settings - Check the security settings of your email client and your web browser (see Evaluating Your Web Browser's Security Settings for more information). Apply the highest level of security available that still gives you the functionality you need.
Author: Mindi McDowell
ST06-001: Understanding Hidden Threats: Rootkits and Botnets
Original release date: August 24, 2011 | Last revised: February 06, 2013
Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it.
What are rootkits and botnets?
A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it (see Avoiding Social Engineering and Phishing Attacks for more information). Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.
Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks (see Understanding Denial-of-Service Attacks for more information).
Why are they considered threats?
The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.
Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms.
What can you do to protect yourself?
If you practice good security habits, you may reduce the risk that your computer will be compromised:
- Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.
- Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
- Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
- Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
- Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).
Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator.
As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system.
Author: Mindi McDowell
ST10-001: Recognizing Fake Antiviruses
Original release date: October 11, 2010 | Last revised: February 06, 2013
Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. It's important to protect your computer from fake antivirus infection and to be able to recognize when an infection has occurred.
What is fake antivirus?
Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user.
How can my computer become infected with fake antivirus?
Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware. They leverage advanced social engineering methodologies and popular technologies to maximize number of infected computers.
How will I know if I am infected?
The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.
What can I do to protect myself?
- Be cautious when visiting web links or opening attachments from unknown senders. See Using Caution with Email Attachments for more information.
- Keep software patched and updated. See Understanding Patches for more information on the importance of software patching.
- To purchase or renew software subscriptions, visit the vendor sites directly.
- Monitor your credit cards for unauthorized activity.
- To report Internet crime or fraud, contact the Internet Crime Complaint Center (http://www.ic3.gov).
Author: Mindi McDowell
ST06-004: Avoiding the Pitfalls of Online Trading
Original release date: April 07, 2011 | Last revised: February 06, 2013
Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim.
What is online trading?
Online trading allows you to conduct investment transactions over the internet. The accessibility of the internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions.
What are the risks?
Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage's database makes it valuable; this information can be traded or sold for personal profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code (see Why is Cyber Security a Problem? for more information).
Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks (see Avoiding Social Engineering and Phishing Attacks for more information). With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk (see Preventing and Responding to Identity Theft for more information).
How can you protect yourself?
- Research your investment opportunities - Take advantage of resources such as the U.S. Securities and Exchange Commission's EDGAR database and your state's securities commission (found through the North American Securities Administrators Association) to investigate companies.
- Be wary of online information - Anyone can publish information on the internet, so try to verify any online research through other methods before investing any money. Also be cautious of "hot" investment opportunities advertised online or in email.
- Conduct transactions on devices you control - Avoid conducting transactions on public resources such as internet kiosks, computers in places like libraries, and other shared computers and devices. Other users may introduce security risks.
- Make sure that your transactions are encrypted - When information is sent over the internet, attackers may be able to intercept it. Encryption prevents the attackers from being able to view the information.
- Verify that the website is legitimate - Attackers may redirect you to a malicious website that looks identical to a legitimate one. They then convince you to submit your personal and financial information, which they use for their own gain. Check the website's certificate to make sure it is legitimate (see Understanding Web Site Certificates for more information).
- Monitor your investments - Regularly check your accounts for any unusual activity. Report unauthorized transactions immediately.
- Use strong passwords - Protect your computer, mobile devices, and accounts with passwords that cannot easily be guessed (see Choosing and Protecting Passwords for more information). Use different passwords for each account.
- Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, because attackers are continually writing new viruses, it is important to keep your virus definitions current (see Understanding Anti-Virus Software for more information).
- Use anti-spyware tools - Spyware is a common source of viruses, and attackers may use it to access information on your computer. You can minimize the number of infections by using a legitimate program that identifies and removes spyware (see Recognizing and Avoiding Spyware for more information).
- Keep software up to date - Install software updates so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Enable automatic updates if the option is available.
- Evaluate your security settings - By adjusting the security settings in your browser, you may limit your risk of certain attacks (see Evaluating Your Web Browser's Security Settings for more information).
The following sites offer additional information and guidance:
- U.S. Securities and Exchange Commission - http://www.sec.gov/investor/pubs/cyberfraud.htm
- National Consumers League - http://www.fraud.org/tips/internet/investment.htm
Author: Mindi McDowell
ST04-014: Avoiding Social Engineering and Phishing Attacks
Original release date: October 22, 2009 | Last revised: February 06, 2013
Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as
- natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
- epidemics and health scares (e.g., H1N1)
- economic concerns (e.g., IRS scams)
- major political elections
How do you avoid being a victim?
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don't send sensitive information over the Internet before checking a website's security (see Protecting Your Privacy for more information).
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).
- Take advantage of any anti-phishing features offered by your email client and web browser.
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
Author: Mindi McDowell
ST06-005: Dealing with Cyberbullies
Original release date: June 01, 2011 | Last revised: February 06, 2013
Bullies are taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult, but there are steps you can take.
What is cyberbullying?
Cyberbullying refers to practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are current tools that are being used to conduct an old practice.
Forms of cyberbullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyberbullying is a growing problem in schools.
Why has cyberbullying become such a problem?
The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims.
Cyberbullying may also indicate a tendency toward more serious behavior. While bullying has always been an unfortunate reality, most bullies grow out of it. Cyberbullying has not existed long enough to have solid research, but there is evidence that it may be an early warning for more violent behavior.
How can you protect yourself or your children?
- Teach your children good online habits - Explain the risks of technology, and teach children how to be responsible online (see Keeping Children Safe Online for more information). Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.).
- Keep lines of communication open - Regularly talk to your children about their online activities so that they feel comfortable telling you if they are being victimized.
- Watch for warning signs - If you notice changes in your child's behavior, try to identify the cause as soon as possible. If cyberbullying is involved, acting early can limit the damage.
- Limit availability of personal information - Limiting the number of people who have access to contact information or details about interests, habits, or employment reduces exposure to bullies that you or your child do not know. This may limit the risk of becoming a victim and may make it easier to identify the bully if you or your child are victimized.
- Avoid escalating the situation - Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, you may be able to block the messages on social networking sites or stop unwanted emails by changing the email address. If you continue to get messages at the new email address, you may have a stronger case for legal action.
- Document the activity - Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy.
- Report cyberbullying to the appropriate authorities - If you or your child are being harassed or threatened, report the activity. Many schools have instituted bullying programs, so school officials may have established policies for dealing with activity that involves students. If necessary, contact your local law enforcement. Law enforcement agencies have different policies, but your local police department or FBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors.
The following organizations offer additional information about this topic:
- National Crime Prevention Council - http://www.ncpc.org/cyberbullying
- StopBullying.gov - http://www.stopbullying.gov/
Author: Mindi McDowell