Cyber-Bullying and Cyber-Harassment

by in , , , , , , , , , , , 0


Continuing our blog series targeted at protecting yourself against cyber threats, today's blog topic covers Cyber Bullying.


Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.


What is “CyberBullying”? The Journal of School Violence defines it as, “Repeated, intentional and often anonymous act done to harm another person through e-mail, cell phone text messages, social networking websites, chat rooms, and instant messaging. It can be perpetrated by one person or a group of people.”

Types of Cyberbullying:
  • Denigrating: Putting someone down by posting or sending cruel and embarrassing material (text, photos, etc.) about the individual to others.
  • Flaming & Trolling: Posting angry, rude or mean-spirited comments and provoking others to do the same.
  • Harassing: Sending repeated, unwanted messages to another person.
  • Outing: Posting or sending out private information about someone without that person’s permission and with the intent of embarrassing or harming that person.
  • Excluding: Leaving someone out of an online group for malicious reasons.
  • Masquerading: Sending or posting messages, or creating Facebook, Twitter, or other social media profiles as someone else in attempt to damage the victim’s reputation or relationships.
  • Mobbing: Recruiting friends and allies to send hundreds of text messages to the victim’s cell phone or mobile device.
  • Stalking: Threatening harm or intimidating someone else by constantly monitoring their actions and locations. Stalking is a serious issue. Thousands of college students are stalked every year.


What to do if you are Harassed:
  • Decide whether to respond: If you know the person, respond to the first message, telling them to stop. If the first message is anonymous, don’t respond. Don’t respond to any additional messages and block or delete/unfriend/unfollow the person.
  • Document. Document. Document: Take screen shots. Save all communications for evidence. Do not alter them in any way. Keep electronic copies, not just print-outs. Having forms of proof such as the actual text messages, emails, and voicemail makes it easier to build a case for harassment and pursue charges.
  • Report It: Report abusive posts or messages to the service provider—Facebook, Twitter, the harassers’ cell phone provider, or their internet service provider. You can also report the abuse to your Residential Advisor.

How to Help Someone Being Harassed:

  1. Refuse to pass on the harasser’s messages.
  2. Tell Friends to stop the harassment or bullying.
  3. Offer the victim support without blame.
  4. Report abusive posts to the proper authorities.
  5. Block communication with those who are posting or sending abusive messages.

Derived from equity.missouri.edu

Avoiding Online Tax Scams

by in , , , , , , , , , , , , , 0

It’s tax season again, which means it’s also time for tax scams. Some tax scams occur when fraudulent tax returns are filed in the victim’s name while other variants occur when the malicious actors call the victim and pretend to be Internal Revenue Service (IRS) agents. In addition, there are malicious actors who use the tax season to spread malware and phishing emails.

Tax scams where the malicious actor files the return in the victim’s name include both identity theft and identity fraud, as well as tax fraud. This scenario occurs when the malicious actor finds or receives information about the tax filer, including the filer’s name, address, date of birth, and Social Security Number. The malicious actor then uses this information to file a malicious tax return, citing as many deductions as possible, in order to create as large a tax return as possible.

The other variant of tax scams occur when the malicious actor contacts the victim and tries to convince the victim to do something, such as immediately paying a fine or providing their financial information so a refund can be issued. In these instances the malicious actor uses what they know about the victim, often information gained for a data breach or social networking website, to convince the victim that the caller has access to the victim’s tax information. Frequently during these calls the caller will pretend to be an IRS agent.

In the third type of tax scam, malicious actors use tax related spam, phishing emails, and fraudulent websites to trick victims into providing login names, passwords, or additional information, which can be used in further fraud. Other emails or websites may download malware onto the victim’s computer.


What to Watch Out For

  • Watch for “spoofed” websites that look like the official website but are not. 
  • Don’t be fooled by unsolicited calls. The IRS will never call to demand an immediate payment or require you to use a specific payment method such as pre-loaded debit or credit cards, or wire transfers. They will never claim anything is “urgent” or due immediately, nor will they request payment over the phone. 
  • The IRS will not be hostile, insulting, or threatening, nor will they threaten to involve law enforcement in order to have you arrested or deported. 
  • Sometimes malicious actors change their Caller ID to say they are the IRS. If you’re not sure, ask for the agent’s name, hang up, and call the IRS (or your state tax agency) back using a phone number from their official website. 


Recommendations

If you believe you are the victim of identity theft or identity fraud, there are a couple of steps you should take:

  1. File a report with your local law enforcement agency. 
  2. File a report with the Federal Trade Commission (FTC) at www.identitytheft.gov
  3. File a report with the three major credit bureaus and request a “fraud alert” for your account (Equifax – www.equifax.com, Experian – www.experian.com, TransUnion – www.transunion.com
If you receive spam or a phishing email about your taxes, do not click on the links or open any attachments, instead forward the email to phishing@irs.gov. Other tax scams or frauds can be reported according to the directions on this page: https://www.irs.gov/Individuals/How-Do-You-Report-Suspected-Tax-Fraud-Activity%3F.
 

Further Information



Protect Yourself Against Cyber Threats - Mobile Devices

by in , , , , , , , , , , , , , , , , , 0

Continuing our blog series targeted at protecting yourself against cyber threats, today's blog topic covers Mobile Devices.

Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.


What is a “Mobile Device”? 

The term “Mobile Device” gets thrown around for anything from a smartphone to a tablet, and while that classification is true, mobile devices encompass items such as Laptops, Chromebooks, “smart watches” (Apple Watch), “smart appliances” (refrigerators, washing machines), and even “smart thermostats” (Nest). Thanks largely in part to technology that allows computer processors, graphics processing, and memory to be the size of a quarter, powerful computing capabilities can be found almost anywhere and in the most mundane of places.

Keep a Clean Mobile Machine: 
Mobile devices are computers at their core with software that needs to be kept up-to-date (just like your desktop PC). Security protections are built in and updated on a regular basis. (Tip: Take time to make sure all the mobile devices in your home have the latest protections).

Suspect Links and Texts: 
Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be, as some links are designed to gather your personal information.

Be Careful What You Download: 
Download only trusted applications from reputable sources or marketplaces, as some apps may install harmful code onto your device (malware).

  • Secure Your Phone: Use a strong passcode and lock your phone. 
  • Think Before you App: Review the privacy policy and understand what data (location, access to your social networks) the app can access on your device before you download. 

Protect Your Personal Information: 
Phones can contain tremendous amounts of personal information. Lost or stolen devices can be used to gather information about you, and potentially, others. Protect your phone like you would your computer. (Tip: Only give your mobile number out to people you know and trust and never give anyone else’s number out without their permission).

Connect with Care: 
Use common sense when you connect. If you’re online through an unsecured or unprotected network, be cautious about the sites you visit and the information you release.

  • Get Savvy about Wi-Fi Hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your phone.
  • Protect your $: When banking or shopping, check to be sure the site is security enabled. (Tip: Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. 
  • When in Doubt, Don’t Respond: Fraudulent texting, calling and voicemails are on the rise. Just like email, requests for personal information or for immediate action are almost always a scam. 

Derived from NICCS and StaySafe Online

Breach Security Note for Registered Users of RateMyProfessors.com

by in , , , , , , , , , , 0

On December 24, 2015, RateMyProfessors.com observed suspicious activity on one of its backend systems and promptly investigated. As a result of that investigation, RateMyProfessors.com believes that on or about November 26, 2015, hackers gained access to one of the backend systems of RateMyProfessors.com through a decommissioned version of the RateMyProfessors.com website. These hackers acquired email addresses and passwords for some registered users of the active RateMyProfessors.com website (“Site”). We have not seen indications that the compromised information has been used without authorization or that ratings submitted to the Site were implicated in the incident.

It is important to note that, if you used RateMyProfessors.com only as a non-registered user, no information about you and no ratings you submitted were implicated in the incident.

Additional information may be found on the RateMyProfessor site at http://www.ratemyprofessors.com/securityFAQs.

Protect Yourself Against Cyber Threats - Social Networks

by in , , , , , , , , , , , , 0

Continuing our blog series targeted at protecting yourself against cyber threats, today's blog topic covers Social Networks

Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.

Think before you post:  Limit the amount of personal information you post publicly. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine.  If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.

Once posted, always posted:  Protect your reputation on social networks.  What you post online stays online.  Think twice before posting pictures you wouldn't want your parents or future employers to see.  (Tip: Recent research found that 70% of job recruiters rejected candidates based on information they found online).

Get smart and use privacy settings:  Take advantage of privacy and security settings.  The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit crimes such as stalking.  Use site settings to limit the information you share with the general public.

Be honest if you're uncomfortable:  If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know.  Likewise, stay open-minded if a friend approaches you because something you've posted makes him or her uncomfortable. (Tip: People have different tolerances for how much the world knows about them; respect those differences).

Know when to take action:  If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator. (Tip: It may also be appropriate to report it to school officials who may have separate policies for dealing with activity involving students).

Derived from NICCS and StaySafe Online

Protect Yourself Against Cyber Threats - Setting up Proper Controls

by in , , , , , , , , , , 0

We are starting a new series of blogs targeted at protecting yourself against cyber threats.  This series will run over the next few months and cover varying subject matter related to cyber threat protection.

Today's guest blog contributor is Eric Varela. Eric is a student here at CSU Channel Islands majoring in Information Technology with a minor in Security Systems Engineering.

Connect securely wherever you are: Only connect to the Internet over secure, password-protected networks. Free public WI-FI, from popular patronage sites such as Starbucks, McDonalds, Subway, etc. - provide convenience over security. If you must use public WI-FI, use it for browsing purposes only and not for private transactions such as banking or emails.

Think before you click: Do not click on links or pop-ups, open attachments, or respond to emails from strangers. Even if an email message has a sender address of someone you know, be sure the email attachments or links were requested from the source. It is possible for sender addresses to be spoofed or taken over. When it doubt, throw it out. A link or attachment could contain malware, and a single click is all it takes to get infected.

Respond only to trusted messages: Do not respond to online requests for personal information such as your date of birth or your credit card numbers; most organizations-banks, universities, companies, etc.-do not ask for your personal information over the internet. (Tip: CSUCI will never ask for your password or login information via email.)

Use passwords properly: Select strong passwords, with a minimum of eight characters and a mix of upper and lowercase letters, numbers and symbols, and change them frequently. Password protect all devices that connect to the internet and user accounts.

You should also remember to:
  • Not share your password with others.
  • Make your password is unique to your life and not something that is easily guessed.
  • Have a different password for each online account.
  • Write down your password and store it in a safe place away from your computer.
  • Change your password several times a year. (Tip: At the beginning and end of each semester.) 


Stay aware: Routinely monitor bank and credit card accounts for unauthorized charges and unauthorized accounts that have been opened under your name. Annually, you are entitled to a free credit report by the three big credit reporting agencies by federal law. Take advantage of these free reports and stay current on your credit score and history.

Google Releases Security Update for Chrome

by in , , , , , , , , , 0

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.