October is CyberSecurity Month
Posted: 2015-10-13 09:14:47 Expiration: 2015-10-31 11:09:56
Articles for Cyber Security Month
PHISHING ATTACKS ARTICLE
In observance of Cyber Security Awareness Month, Campus Technology Services would like to focus on the topic of phishing attacks.
What is a Phishing attack?
A phish is an email which is made to look as though it’s from a friend, a business or an organization. The email can come from a phony email address that may be only one or two characters different from the real account, or it can come from a real account that has already been compromised.
Among the many entities from which a phish pretends to originate, a phish can be made to look like an official email. In the case of our university, the attacker’s goal would likely be to steal your UW-P account and password. Regardless of the type of phishing email, all attacks will typically link to an outside website and ask you to provide your credentials.
Once attackers possess your credentials and your account is compromised, phishers can hide their activities through redirecting, deleting or forwarding emails that may catch your attention. In other words, you will not see any change to your account and will not know that there is someone else accessing your information.
What should I look for?
So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no single technique that works in every situation, but there are a number of things that you can look for.
1: Mismatched URLs
Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
2: Poor spelling and grammar
Bad spelling and grammar are telltale signs of phishing. If a message is filled with poor grammar or spelling mistakes, it probably didn't come from a reputable organization.
3: The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. A reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
4: Too good to be true
Remember the old saying, if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
5: I won the lottery!
If you get a message informing you that you have won a contest you did not enter, likely the message is a scam.
6: Asked to send money
Phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, likely it’s a scam.
7: Unrealistic threats
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam.
8: The message appears to be from a government agency
Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.
9: Something just doesn't seem right
This principle always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.
How can I protect myself?
The simplest way to protect yourself from a phishing attack is by securing your passwords and other personal information.
· Never give your password to anyone.
· Never click on links in emails unless you verify that the sender is who he or she claims to be and acknowledges sending the email.
· If you get a suspicious email and are worried that there may be a real problem with your account, open up a new browser window and go directly to the site and sign in there.
· Don’t panic. If you receive an email that urges you to take immediate action be cautious and try to first verify the source.
ATM SKIMMERS ARTICLE
In observance of Cyber Security Awareness Month, Campus Technology Services would like to make you aware of a regional threat involving ATM “skimmers” at multiple ATM locations in Milwaukee, Racine, and Kenosha counties.
How it works
Skimming devices are placed over or inside the actual ATM card scanners and allow thieves to retrieve account information. Thieves then obtain a cardholder’s personal identification number with a hidden camera pointed toward the keypad or a duplicate template placed over the numbers.
Thieves collect your card information and then encode hotel key cards or gift cards or blank credit cards. Then they’ll use these cards with a lost or stolen ID of someone else.
What can I do?
Consumers can foil the vast majority of skimming attacks merely by covering the PIN pad with their hand when entering their PIN. That way, even if thieves somehow skim your card, there is less chance that they will be able to snag your PIN as well.
There is still a chance that thieves could use a PIN-pad overlay device to capture your PIN, although these are far less common than hidden cameras and quite a bit more costly for thieves who aren’t making their own skimmers.
If you visit an ATM that looks strange, tampered with, or out of place, try to find another ATM. Use only machines in public, well-lit areas, and avoid ATMs in secluded spots. Also, if you have the choice between using a freestanding ATM and one that is located inside of or attached to a bank, the latter is usually a safer bet.
(ATM skimming graphic provided by fbi.gov)
-- UW Parkside: Cindy Sobczak