Security Awareness – Page 30

Identify Online Shopping Scams

By Rajat Shetty During the holiday season, Cybercriminals’ potential victims are often caught up in the frenzy of shopping, finding the best deals, and acting quickly to take advantage of limited offers. Email and social networks are clogged with sales and offers, both legitimate and fraudulent. Sometimes haste causes shoppers to miss the warning signs of a fraudulent website.

Avoid Suspicious Websites

Make sure you cross check the contact info before submitting your payment details. In many cases, fake websites put up incorrect contact info like a wrong phone number or an incorrect address. A few other warning signs of suspicious websites are lots of broken links, grammatical mistakes, and spelling errors. If in doubt, don’t check out!

Verify the Web Address (or URL)

Before you type in any credit-card numbers at check out, check the Web address, or uniform resource locator (URL), of the payment page and make sure it’s using a secure connection. You should be seeing either the character string “https://” before the website URL, or a small icon of a green padlock. Also, make sure the URL address is correct, and not a slight misspelling of the real address or a random URL.

For example, check the snapshots below for the official website of Beats headphones. The first one is the original website, whereas the second website is a fraudulent one having the exact layout and font style as the original website. The difference is, when you pay through credit card or debit card on the 2^nd website you are not going to receive any headphones (Not even a fake one!)

Use Caution when Shopping by Phone

Although it can be convenient, use extra care when shopping with your smartphone. Phones are more susceptible to malwares as most do not have an anti-virus. Also, it’s highly unsafe to store your credit card or debit card information on your phone. Only buy from trusted and familiar websites when you shop through your smartphone, and use a password protected internet connection. Never shop over unsecured public Wi-fi. Remember, it’s always better to check twice before clicking the ok button. People loose thousands of dollars in a haste to snag online deals. Protect yourself from becoming a victim to fraudulent websites by exercising caution before giving out your credit/debit card details.

Security Training

This October as a part of Information Security Awareness Month we are offering an online training for SMU Faculty and Staff. The training only lasts about 30 minutes; however, it is filled with valuable information that can help protect you and the University. Below are some of the topics covered in the training. You are our best defense. Are you prepared?

Social Engineering– Many of today’s most common cyber-attacks are based on social engineering. As such, we explain what social engineering is, how attackers fool people and what to look out for. We show how you can detect these attacks and respond to them.

Email and IM- One of the primary means of attacks and exploitation is through email in both simple or large scale attacks and targeted spear phishing attacks. We explain how these attacks work, including recent examples of phishing, spear phishing, malicious attachments and links, and scams. This video shows how to detect these attacks, respond to them, and use both email and IM securely.

Social Networking- Sites such as Facebook, Twitter and LinkedIn have exploded in popularity, with employees and managers sharing all sorts of private information, not only about themselves but about their work. Cyber attackers know this and use this information for identity theft, spreading malware, scams and even targeted attacks. We discuss these risks and the steps you can take to protect yourself and SMU.

Mobile Devices- Today’s mobile devices are extremely powerful, including tablets and smartphones. In most cases these devices have the same functionality, complexity and risks of a computer, but with the additional risk of being highly mobile and easy to lose. We cover how to use mobile devices safely and how to protect the data on them.

Wi-Fi Security– This section discusses the risks of public Wi-Fi and steps that you can take to protect yourself. In addition we cover that only authorized Wi-Fi access points with prior management approval can be deployed within SMU.

Telecommuting Working Away from Home- Many SMU employees are no longer working at the office, they work from home or on the road while traveling. There are unique risks for the telecommuter. This module focuses on how these employees can protect themselves and SMU, including laptop security and creating a secure, mobile working environment.

Physical Security- While physical attacks against your data are less likely to happen, when such incidents do occur they can have a greater impact on your organization. In this module we explain how attackers will attempt to trick and fool their way into restricted areas. We also discuss how you can protect the physical security of your facilities, including enforcing use of SMU-issued identification badges.

Hacked- No matter how effective a security team and their processes are, there will be incidents. This module focuses on how you can help by identifying and reporting an incident. We cover things to look for, such as suspicious activity or virus alerts and whom to report an incident to.

Faculty and staff can login to courses.smu.edu with their SMU credentials to access the training.

Last Week of Information Security Awareness Month

This is the last week of Information Security Awareness month. All training content is posted within Blackboard to simplify the process. It requires about 30 minutes to complete the course. However, you do not have to complete all the videos in one sitting. Most of the videos are just a few minutes long. The training will remain available after the end of this month; however, we encourage you to take the training as soon as possible, especially if you use sensitive information like credit cards or social security numbers in your day to day activities.

To complete the training:

1. Visit https://courses.smu.edu.
2. Login with your SMU ID and password.
3. Locate the Security Awareness 2013 course in the My Courses section.
4. Click on the tutorial you wish to preview. Blackboard will remember which ones you have completed and which still remain.
5. Complete the 3 question quiz at the end of each tutorial.

Later this fall, the training will be uploaded to your training transcript in Access.SMU.

Mind Reader tells Bank Account Numbers

It’s alarming what information anyone can find online if they have the right tools. Be cautious of what you share online. Watch this video to see what this “mind reader” knew about his clients.

For more information about Information Security and training opportunities, visit smu.edu/infosec.

Physical Security

by George Finney

Physical Security – Technology can only help us so much when it comes to protecting University owned assets. People are always our first line of defense. This means not leaving your laptop unattended at a coffee shop or in your car overnight. It also means locking your filing cabinets at night or putting sensitive files back into a locked cabinet when they are no longer needed.

Online Training is available for SMU faculty and staff in Courses.SMU.

For more information about Information Security and Security Awareness Training, visit smu.edu/infosec.