Archive for April 2013

Check for encryption or secure sites when providing confidential information online.

by in , , , , , 0

Credit card and online banking sites are convenient and easy ways to purchase and handle your financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers may also have an icon representing a lock at the lower right of the browser window. 


For more information about phishing, please visit http://www.onguardonline.gov/phishing.html

New Social Networking Security Awareness Video Now Available

by in , , , , , , , 0

new video released by SANS.org is available this month to help you learn some of the most common risks of online social networking and the steps you can take to protect yourself and your family.

April 2013 - secureCI Monthly Newsletter

by in , , , , , 0


secureCI presents Ouch!

The SANS Monthly Information Security Bulletin at Channel Islands


Social Networking Safely
In This Issue…
  • Overview
  • Privacy
  • Security
GUEST EDITOR
Ted Demopolos is the guest editor for this issue. He is a longtime security consultant and has been teaching SANS courses for a decade, including SEC401/501 and MGT 414/512. Learn more about Ted at http://demop.com.

OVERVIEW
Social networking sites such as Facebook, Twitter, Google+, Pinterest and LinkedIn are powerful, allowing you to meet, interact and share with people around the world. However, with all these capabilities come risks; not to just you, but your family, friends and employer. In this newsletter we will discuss what these dangers are and how to use these sites more safely.

PRIVACY
A common concern about social networking sites is privacy protecting your personal information and the sensitive information of others. Potential dangers include:

Impacting Your Future: Many organizations search social networking sites as part of background checks. Embarrassing or incriminating posts, no matter how old, can prevent you from getting hired or promoted. In addition, many universities conduct similar checks for new student applications. Privacy options may not protect you, as these organizations can ask you to “Like” or join their pages prior to the application process.

Attacks Against You: Cyber criminals can harvest your personal information and use it for attacks against you. For example, they can use your information to guess the answers to your “secret questions” to reset your online passwords, create targeted email attacks called spear phishing or apply for a credit card using your name. In addition these attacks can spill into the physical world, such as identifying where you work or live.

Harming Your Employer: Criminals or competitors can use any sensitive information you post about your organization against your employer. In addition, your posts can potentially cause reputational harm for your organization. Be sure to check with your organization’s policies before posting anything about your employer.

The best protection is to limit the information you post. Yes, privacy options can provide some protection; however, keep in mind that privacy options are often confusing and can change frequently without you knowing. What you thought was private could become public for a variety of reasons. In addition, the privacy of your information is only as secure as the people you share it with. The more friends or contacts you share private information with, the more likely that information will become public. Ultimately, the best way to protect your privacy is to follow this rule: if you do not want your mother or boss to see your post, you most likely should not post it. Also be aware of what information friends are posting about you. It can be just as damaging If they post private information or embarrassing photos of you. Make sure your friends understand what they can or cannot post about you. If they post something you are not comfortable with, ask them to take it down. At the same time, be respectful of what you post about others.

SECURITY
In addition to privacy concerns, social networking sites can be used by cyber criminals to attack you or your devices. Here are some steps to protect yourself:

Login: Protect your social networking account with a strong password and do not share this password with
anyone or re-use it for other sites. In addition, some social networking sites support stronger authentication,
such as two-step verification. Enable stronger authentication methods whenever possible.

Encryption: Many social networking sites allow you to use encryption called HTTPS to secure your connection to the site. Some sites like Twitter and Google+ have this enabled by default, while other sites require you to manually enabled HTTPS via account settings. Whenever possible use HTTPS.

Email: Be suspicious of emails that claim to come from a social networking site; these can easily be spoofed attacks sent by cyber criminals. The safest way to reply to such messages is to log in to the website directly, perhaps from a saved bookmark, and check any messages or notifications using the website.

Malicious Links/Scams: Be cautious of suspicious links or potential scams posted on social networking sites. Cyber criminals can post malicious links and if you click on them, they take you to websites that attempt to infect your computer. In addition, just because a message is posted by a friend does not mean it is from them, as their account may have been compromised. If a family member or friend has posted an odd message you cannot verify (such as they have been robbed and need you to send money), call them to confirm the message.

Apps: Some social networking sites give you the ability to add or install third-party applications, such as games. Keep in mind there is little or no quality control or review of these applications; they may have full access to your account and private information. Only install apps that you need, that are from well-known, trusted sites and remove them when you no longer need them.

Social networking sites are a powerful and fun way to communicate with the world. If you follow the tips outlined here, you should be able to enjoy a much safer online experience. For more information on how to use social networking sites safely or report unauthorized activity, be sure to review the security pages of the sites you are using.

RESOURCES
Some of the links have been shortened for greater readability using the TinyURL service. To mitigate security issues, OUCH! always uses TinyURL’s preview feature, which shows you the ultimate destination of the link and asks your permission before proceeding to it.

11 Security Tips for Online Social Networking:
http://preview.tinyurl.com/b28a525

FB Security:
https://www.facebook.com/safety

Your FB Security Settings:
https://www.facebook.com/settings?tab=security

Common Security Terms:
http://preview.tinyurl.com/6wkpae5

SANS Security Tip of the Day:
http://preview.tinyurl.com/6s2wrkp

LEARN MORE
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting http://www.securingthehuman.org. OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license.

Don't Get Caught by an IRS Phishing Scam!

by in , , , , , , 0

As we near "Tax Day 2013", many spamming and phishing groups are increasing their attempts to try and get at your personal information.  Please be sure to execute caution before responding to any email claiming to be from the IRS or any other government group and think before clicking that link.

Wireless Hotspots... Limit activity to web surfing only!

by in , , , , , , 0

A wireless hotspot is an wireless network that is made available (open) to everyone. A good example of an open wireless hotspot would be the wireless network offered at your favorite coffee shop. These wireless networks hook computers into the public Internet — very handy, but dangerous. Because wireless hotspots are for open use, they don't provide much security protection for your data while on them. Some tips to keep in mind before you start using a wireless hotspot include:

  1. Try to limit your activity to web surfing only. 
  2. You should disable peer-to-peer networking, file sharing, and remote access on your computer. 
  3. You should always use a good personal firewall.
  4. You should make sure all your software including your operating system is up to date and patched. 
  5. You should never use hotspots for online banking, bill paying, or for any transaction that would require you to give out confidential information such as a credit card number.

IRS Releases the Dirty Dozen Tax Scams for 2013

by in , , , , , , , 0

The Internal Revenue Service today issued its annual “Dirty Dozen” list of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.

The Dirty Dozen listing, compiled by the IRS each year, lists a variety of common scams taxpayers can encounter at any point during the year. But many of these schemes peak during filing season as people prepare their tax returns.

"This tax season, the IRS has stepped up its efforts to protect taxpayers from a wide range of schemes, including moving aggressively to combat identity theft and refund fraud," said IRS Acting Commissioner Steven T. Miller. "The Dirty Dozen list shows that scams come in many forms during filing season. Don't let a scam artist steal from you or talk you into doing something you will regret later."

Illegal scams can lead to significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice (DOJ) to shutdown scams and prosecute the criminals behind them.