Resources

• Stay Safe Online Organization - Tips Page 
• Show your commitment to Cyber Security: Take the Pledge! 
• Microsoft Safety & Security Center 

Articles & Cyber Safety Tips

The Yahoo Accounts Incident  

After breaking in hackers generally leave the password as is so that they can repeatedly use the account for sending spam and links to virus-laden websites. Unless the user is paying attention to the “last login” date, he or she really wouldn’t know until a friend or contact receives a risky email and complains. Sometimes the hackers are more aggressive and change the user’s password, pass phrase, and alternate email address –completely locking the owner out of their account. Unless reported, the original owner could be held responsible for damages. Yahoo issued a warning and asked everyone to change passwords.

If you have a Yahoo account it is imperative that you change your password if you can get in. If you can’t access an account, try resetting your password through the alternate address and/or pass phrase (if offered). This assumes you have set these in your account. If this does not work, you will need to notify the service provider that your account has been compromised and no longer have access.

This event highlights the importance of using strong passwords and changing them often for all your online accounts, including GothicNet. Your NJCU GothicNet account is the key to all of NJCU network services and your personal information, so it is essential that you keep it secure. You can test the strength of a password at The Password Meter or similar web service. Alternately, you can generate a secure password using a web service like PC Tools Secure Password Generator. Of course, it’s easier to remember a password if you think of it yourself instead of using a generator. The objective is to create a password that is difficult to crack but easy to remember. There are many resources (Google search, September 2012) that provide suggestions for this. You should also add a pass phrase if you haven’t already or change it if you have.

It is also highly advisable to use different passwords for different accounts. However, most users have many accounts. If you are in this situation, consider grouping them according to low, medium, and high security requirements, with accounts that contain highly confidential and credit card information being the high security accounts. Assign each group a password appropriate for the level of security needed. An alternate solution is to use a password manager, like Protecteer SignupShield ($$$) or Keepass (Free! Read a KeePass review at the Chronicle of Higher Education website). PC Magazine provided suggestions for six “great” password managers (March 2011 ) for many platforms.

Source: Thousands of Yahoo accounts compromised (ZDnet, July 2012)

Here are some more tools to help you manage passwords:

• Roboform Password Manager ($$$)
• 1Password ($$$, CNet Editors’ Choice award in 2009)

Reproduced with permission. www.SecurityCartoon.com 

iPhone theft on the rise 

Recently, there were a series of news stories circulating media outlets (newspapers, radio, and Internet) regarding the rise of iPhone and iPad thefts in NYC. Theft statistics for these devices rose 40% between January 1 and September 23 of this year. While the stats are for NYC and only included Apple products, the story highlights how easy it is to become a victim regardless of the mobile device and where you live, work, and play.

The Department of Public Safety has also seen an increase in the hacking and theft of mobile devices the past year. A hacked device is one in which someone gains physical or remote access to it and changes features or loads apps without the owner’s knowledge and permission. While hacking may seem like a harmless prank to some, many victims find it to be a violation of their personal privacy. In fact, mobile device hacking is a crime.

Source: iPhone, iPad thefts jump 40 percent in NYC (Cnet News, September 25, 2012)

How To articles 

• How to prevent phone and tablet theft (Cnet How To, September 11, 2012) 
• How to Be Aware of Cell Phone Spyware (eHow)
• How to Know If Someone Hacks Into Your Android Phone (eHow) 
• How to Report Cell Phone Hackers (eHow)
• Hacking Types and Tips to stay protected (Hacking Alert Blog)

iPhone/iPad Apps 

• Find My iPhone (cNet Downloads) 
  [From Apple] If you misplace your iPhone, iPad, iPod touch, or Mac, the Find My iPhone app will let you use another iOS device to find it and protect your data. Simply install this free app on another iOS device, open it, and sign in with your Apple ID.Find My iPhone will help you locate your missing device on a map, play a sound, display a message, remotely lock your device, or erase all the data on it… 
• Two apps keep your iPhone and iPad data private (Cnet How To, July 10, 2012)
  Discusses two third party apps, Secure Folder and Contacts Pro 

Apps for Android devices (at Google Play) 

• Where’s my Droid 
• Mobile Security Personal Ed.
  [Google Play review] Free antivirus and malware protection for Android smartphones and tablets this is one of PCWorld USA’s Top 100 products of 2011
• Droid Crypt
  [Google Play review] An intelligent and application-oriented file encryption tool. 

Fraud alert: Microsoft Services Agreement email scam 

On Oct 11, Microsoft issued a warning regarding an email purported to be from them regarding “Important Changes to Microsoft Services Agreement and Communication Preferences” The scam email message replaces legitimate links in the agreement with links that can compromise your computer when clicked. For more information read the original Microsoft notice and find more details at Hoax-Slayer.

So how can you identify such dangerous emails? Outlook and most browsers will show you the actual URL (the target link) that is “hidden” behind the link text or graphic in a pop up bubble when you hover your mouse pointer over it. Always inspect this bubble information before you click and compare it with the link text if this text is a URL. If they don’t match you are looking at a redirection scam. 

If the link text is not a URL or if you are hovering over a graphic, then verify that the link makes sense. For example, a link in an email purported to be from Microsoft should point to a page within the Microsoft domain (microsoft.com, technet.com, etc.). In the above case, the two links pointed to a page at “blsecotech.com”. Domain Tools Whois reported the site belongs to a plastics manufacturer in Delhi, India. Such discrepancies are a clear warning that the email or webpage is a scam. 

Please remember the following rules of email safety:

• Be wary of email that entices you to act now, provide deals that are too good to be true, or ask for personal information!
• Don’t open suspicious links in emails, tweets, posts, and ads.
• When in doubt, throw it out!

Why are Nigerian Email Scams so Obvious?
Doing so weeds out suspicious types who aren’t likely to cooperate. Read the details at the Techlicious blog.

Mobile threats top holiday scam list (ComputerWorld 2011) 
Your smart phone and tablet have become the new vectors for viruses and the holiday season gives hackers many opportunities to infect your mobile devices. Read what you can do to avoid being a victim. 

Six tips to help you stay safer online (Microsoft)
Microsoft provides these six tips on their Family Safety page. For more information visit their Safety & Security Center website. 

Self-help Videos

What is rogue software? (Microsoft Video)
The following is a 2 minute video explaining the concept of rogue software. Clicking the image will take you to the Microsoft website where you can play this video...

For more videos, visit the Microsoft Security, privacy, and online safety how-to videos page. 

Campaign Sponsors

• Department of Homeland Security (DHS) 
• National Cyber Security Alliance (NCSA --Also known as StaySafeOnline.org) 
• Multi-State Information Sharing and Analysis Center (MS-ISAC)