Lynda.com Licenses

In order to offer continuing technical support, we’d like to announce that we’ve recently purchased a limited number of licenses from LYNDA.COM, a recognized provider of online training. These licenses are available on a first come first served basis, and will provide you with full access to LYNDA.COM’s library of online training material for a one-month period free of charge. At the end of that time, your license will expire. You may, however, request another license anytime thereafter.

In order to request a license to access to LYNDA.COM, please email Ben Jezierski, IT Training Coordinator at bjeziers@sju.edu.

You will receive instructions for accessing the online training material shortly after submitting your request.

Please refer to the School Services Tab on MySJU for a list of IT Training workshops we’re currently offering. We welcome your comments and look forward to providing you with additional opportunities for training in the future.  Additional information on this topic can be found on our Facebook page http://www.facebook.com/SJUTSC.

Taking a Closer Look at Spyware

Microsoft© defines spyware as a general term used to describe software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:

  • Advertising
  • Collecting personal information
  • Changing the configuration of your computer

 Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.” (Microsoft©)

Spyware and related adware are often downloaded from a web page, by following a link in an email, or are installed with freeware or shareware without a user’s knowledge.

Spyware is used to track your Internet activity, redirect your browser to certain web sites, or monitor the sites that you visit. Spyware may also record your passwords and personal information to send to a malicious web site.

In an article on Venturebeat.com, one-time hacker Gary Pejski describes in detail how he and his team created spyware that could “change the home page of the computer, modify the search provider, initiate pop-up ads, and install new programs.” (Takahashi, 2007)

The spyware created by Pejski and his crew launched a pop-up screen advertising a browser enhancementThe key was to trick users into initiating the installation process for the spyware. “Users saw a page that looked like a pitch for free software. If they clicked on the “X” before they unchecked a question box, the software would install anyway. If they unchecked the question box, and then clicked on the X, the software would install. It was only if the user clicked on the left side of the box and unchecked the question box would it fail to install. Every time the pop-up appeared, it pretty much led to the installation of the software.” (Takahashi, 2007)

Be on the Look-out:

So how can you tell if spyware’s been installed on your computer?  According to ArticleWorld.net, “If you do have spyware on your PC you can usually recognize the signs without the “help” of a rogue anti-spyware program. For instance, too much spyware will bog down your system and cause your computer to run slowly. You will probably be overrun by an excess of pop-ups and fake alert messages. In addition, your homepage and list of favorites might suddenly change and reappear even after restoring the default. Other things to look out for:

  • A new browser toolbar emerges without your consent, which is impossible to remove
  • Every time you conduct an online search the results are redirected to an unfamiliar search engine
  • Unexplained calls to 900 numbers begin appearing on your phone bill
  • Any anti-spyware or security programs you do have installed stop working
  • Your modems send and receive lights blink continually even when you are not doing anything online (Mitrou, 2006)

 Avoid Being Seen:

Now that you know a little more about spyware and how it might affect your computer, here are some things you can do to prevent it from taking control of your machine in the first place:

  • “Read the freeware and shareware license agreement to see if adware or spyware is mentioned before installing the software.
  • Choose to “Close” any pop-up windows by clicking on the “X.”
  • Do not respond to any dialogue boxes that appear unexpectedly; click on “X”. Clicking on “No” or “Cancel” sometimes installs spyware.
  • Beware of visiting web pages which are untrusted.” (State of New Jersey)

 If you feel that spyware may have been installed on your computer, please contact the SJU Technology Service Center (TSC) at x2920  or by email at techhelp@sju.edu.

Remember: The TSC will NEVER ask you for your password or Social Security number.

Sources:

Microsoft. PC Security. Microsoft Safety and Security Center. [Online] http://www.microsoft.com/security/pc-security/spyware-whatis.aspx

Mitrou, Katherina. 2006. How to Spot Spyware Without Your Glasses. ArticleWorld.net. [Online] April 1, 2006. http://www.articleworld.net/articles/6464/1/How-to-spot-Spyware-Without-your-Glasses.

State of New Jersey. New Jersey Info Secure Best Practices. State of New Jersey. [Online] http://www.state.nj.us/njinfosecure/practices/best_practices.html.

Takahashi, Dean. 2007. VB/NEWS. Venturebeat.com. [Online] August 1, 2007. http://venturebeat.com/2010/08/01/reformed-hacker-reveals-my-life-as-a-spyware-developer/

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month (NCSAM). Sponsored by the National Cyber Security Division within the Department of Homeland Security and the National Cyber Security Alliance, NCSAM has, since its inception in 2004, promoted educating the public about cyber security threats, how to recognize and prevent them, and how to remain safe while online.

In a series of articles presented over the next few weeks on the Technology Service Center blog, we’ll address some of the most pressing cyber security issues and how they affect the average online user. These articles will cover such topics as identity theft and how to prevent it, and scams, phishing, hoaxes, and other tricks of the cyber theft trade. You’ll find these, and other pertinent IT Information at:  http://sites.sju.edu/oit/

In addition, we’re also gearing up for a presentation in October entitled Cyber Security: Protecting Your Data – Protecting Yourself. Keep an eye out for these and other upcoming events and announcements.

If you have any questions, please contact  the SJU Technology Service Center at techhelp@sju.edu  or Ben Jezierski, IT Training Coordinator at bjeziers@sju.edu.

Gone Phishing

According to the website New Jersey Info Secure, phishing is defined as “… a scam in which an email message directs the email recipient to click on a link that takes them to a web site where they are prompted for personal information such as a pin number, social security number, bank account number or credit card number.” (State of New Jersey, 2008).

Once obtained, this information can be sold to various marketing agencies for profit, or used by cyber criminals to commit identity theft in order to empty bank accounts  or to facilitate fraudulent purchases.

In January of 2010, TechAdvisory.org presented the following figures related to phishing scams and their effects on the Banking industry:

  • Each phishing attack involves a very small percentage of customers (0.000564%), but due to the large number of phishing attacks, the aggregated number is significant
  • 45% of bank customers redirected to a phishing site divulge their personal credentials
  • 0.47% of bank customers fall victim to phishing attacks each year, translating to $2.4M-$9.4M in annual fraud losses per one million clients
  • Each financial institution was targeted, on average, by 16 phishing websites per week, translating to 832 phishing attacks per year per bank brand (Tailwind Interactive,Ltd., 2010)

Don’t Take the Bait

Knowing that devistating financial losses can occur to victims of phishing scams, it’s important to be able to spot these emails before responding to to them.

PhishTank provides the following clues for identifying fraudulant phishing emails (examples are my own):

  • Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out  and send emails one-by-one. If you don’t see your name, be suspicious.

“Hello Dear,

My name is Miss Aminata Bangali, resident in Ghana, Africa: The main reason I have decided to contact you today is i seek your assistance to helping me transfer my INHERITED MONEY DEPOSITED IN A SECURITY AND FINANCE COMPANY in MADRID SPAIN to your country for investment.

  • Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.

“In order to verify your correct account information and ensure that your account remains open, please visit: http://www.ebayusergroup/accounts-updatemyinfo.com”

  • Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.

“And also 10% had been mapped out for you for the expense you will make in this transaciton and 50% is for me. I need your informations so that Iwill send you the application form.

YOUR FULL INFORMATIONS
Your Name………
Your Home Addresses.. ….
City.. ……
Country.. ……
Home Telephone.. …..
Private Telephone.. ……”

  • Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim. (PhishTank)

“I am asking for your partnership in re-profiling funds ($18.350.000 Million) i am contacting you because you live outside Hong Kong. Finally, note that this must be concluded within two weeks. Kindly write back and i look forward to hear from you so i can give you more information about myself and the nature of the funds.”

As seen in the above examples, misspelled words and incorrect punctuation are also indicators of fraudulant emails.  Phishing scams are bulk e-mails, so their perpetraitors don’t have a lot of time to focus on the details.

Don’t Get Caught

The Federal Trade Commission offers the following tips to avoid becoming the victim of a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply.  And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email.
  • Area codes can mislead. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business      with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information.
  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your      knowledge.
  •  Don’t email personal or financial information. Email is not a secure method of transmitting personal      information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have      forged security icons.
  • Review credit card and bank account  statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of  days, call your credit card company or bank to confirm your billing address and account balances.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of  who sent them. These files can contain viruses or other software that can weaken your computer’s security.
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
  • If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft. (Federal Trade Commission, 2006)

If you feel that you may have responded to a phishing attempt, If you’re unsure, please contact the SJU Technology Service Center (TSC) at x2920  or by email at techhelp@sju.edu. Remember: The TSC will NEVER ask you for your password or Social Security number.

Sources:

Federal Trade Commission. 2006. FTC Consumer Alert. Federal Trade Commission. [Online] October 2006.

PhishTank. What is phishing? PhishTank. [Online] http://www.phishtank.com/what_is_phishing.php.

State of New Jersey. 2008. State of New Jersey. New Jersey Info Secure. [Online] October 2008. http://www.state.nj.us/njinfosecure/newsletters/approved/200810.html .

Tailwind Interactive,Ltd. 2010. New Study Reveals Extent of Losses Due to Phishing Attacks. TechAdvisory.org. [Online] January 1st, 2010. http://www.techadvisory.org/2010/01/new-study-reveals-extent-of-losses-due-to-phishing-attacks/.

 

 

 

 

 

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month (NCSAM).  Sponsored by the National Cyber Security Division within the Department of Homeland Security and the National Cyber Security Alliance, NCSAM has, since its inception in 2004, promoted educating the public about cyber security threats, how to recognize and prevent them, and how to remain safe while online.

According to the July 26, 2011 edition of the eMarketer Blog, an estimated 148 million US consumers purchased something online.  Internet Retailer estimates that retail sales reached $44.1 billion by the end of 2010.  Each of these online transactions required some form of sensitive information like Credit Card numbers, Checking Account numbers, or PayPal Account information.

Looking at the figures, it’s pretty easy to see why cyber security has become an ever-increasing area of concern.

In a series of blogs presented over the next several weeks, I’ll be exploring some of the most pressing cyber security issues and how they affect the average online user.  These blogs will cover such topics as identity theft and how to prevent it, and scams, phishing, hoaxes, and other tricks of the cyber theft trade.

In addition, we’ll be gearing up for a presentation in October entitled Cyber Security:  Protecting Your Data – Protecting Yourself.  Keep an eye out for these and other upcoming events and announcements.

I should also mention that the new IT Training Room is almost finished. I’ve received several e-mails asking about when training classes will resume.  Our plan is to begin offering classes again during the first week of September.  Aside from the standard intro courses, we’ll be offering a complete menu of custom courses, Master Courses offering certificates of completion, and for the first time, we’ll also be featuring a few courses during free period specifically developed for students.

If you have any questions, please contact Ben Jezierski, IT Training Coordinator at Ext. 3386, or by e-mail at bjeziers@sju.edu.