Are you planning a summer trip overseas for work or pleasure? Are you crossing the border to visit America’s neighbors? If so, you should read these helpful tips to help make your trip a success.
Don’t end up like these unsuspecting victims:
“My bag did not fit in the overhead compartment and I was forced to gate check it. When I retrieved my bag after the flight I noticed that both my iPad and medications were gone.”
“When I returned home my cell phone bill was full of international charges I did not make”
- US Border crossings
- Prevent unwanted cell phone charges
- Be wary of free Wi-Fi
- Protect your laptop from dangerous networks
- And more…
Read here: International Travel Safety and Security Tips
Image Credit: Kristen Taylor/Flickr
This phishing email is circulating the Northeastern community. If you receive this email please do NOT click on the link and delete it from your inbox.
Northeastern will NEVER ask you to validate your email account to increase your mailbox quota. Additionally, you can tell this email is a fake because the URL in the message points to a NON Northeastern website.
Date: Mon, May 13, 2013 at 1:50 PM
Your Mailbox Has Increase Your Quota.
Failure To Click This Link hxxp://northeasternuniversity.webs.com/ And
Validate Your Quota May Result to Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.
Thanks For Co-operating with Us.
Provost and Senior Vice President for Academic Affairs
360 Huntington Ave., Boston, Massachusetts © 2013 Northeastern University
Click here for copy of the email
This phishing example was sent to us in the form of a Amazon Kindle order confirmation email. This email has all the hallmarks of a phishing scam.
1.) The user did not order anything from Amazon
2.) The billing address does not belong to the user
3.) When your mouse hovers over the book title link the URL that is displayed goes to hxxp://homesport.co.nz/… Not Amazon
When you receive this type of email and are not sure if it is real, do the following:
1.) Do not click on any links in the email. Instead manually log into the website. In this case, the user would type in www.Amazon.com into their web browser and log directly into their account
2.) Hover over any links in the email to reveal the true URL of link. The link may say Amazon.com but the URL is for a phishing site.
3.) Delete the email and end the threat. Do not forward it along.
There is not much you can do to stop phishing emails. The best course of action is to identify them when they arrive and delete them from your inbox.
If you have any questions about identifying phishing emails you have received please contact the Service Desk at help @ neu.edu or 617-373-4357.
More examples of Phishing Emails
This month Ouch!, The Monthly Security Awareness Newsletter, is focusing on Passwords
Download the Newsletter
It is a good time to brush up on password security. Creating strong passwords and securely using passwords is the first line of defense in protecting your online accounts. The newsletter this month explains how to create a good password and explains the reasoning behind the following password security tips:
- Be sure to use different passwords for different accounts
- Never share your password with anyone else, including co-workers.
- Do not use public computer, such as those at hotels or libraries, to log into a work or bank account
- Be careful of websites that require you to answer personal questions
- Use two-factor, or two-step verification to log into website when possible
- When creating a PIN for your mobile device, the longer the better
- Close or delete your account when no longer in use
Download the Newsletter
Securing IT systems is a difficult task on an average day. There is a never ending list of threats and vulnerabilities that need attention, research, and remediation. New projects and technologies require vetting and users have questions that need to be answered. Unfortunately sometimes decisions are made, either in haste or hubris that can open up an organization to a wide range of problems and security vulnerabilities.
The blog TalkTechToMe by GFI lists the 41 Dumbest Security Decisions that an organization can make.
Here are some of the decisions to avoid:
- Deploy security through obscurity
- Use dictionary words for passwords
- Using the same password everywhere
- Not salting your hashes
- Thinking the number of boxes ticked is directly related to how secure you are
Read the rest and keep this list in mind to avoid some of the common pitfalls that could harm your organization and the people it serves.
Yesterday we reported scammers had registered over 125 domain names within hours of the Boston bombings. Today security researchers have reported that once again criminals are taking advantage of the public’s curiosity and generosity to spread malware and computer viruses.
TrendLabs reports that spam messages with subjects such as “2 Explosions at Boston Marathon” and “Aftermath to explosion at Boston Marathon” link to websites that use the Blackhole Exploit Kit to try and install malware.
SecureList reports that some of the emails link to websites with video of the explosions. In order to play the videos the user must install a “video player.” The player is really malware in disguise.
Sophos NakedSecurity reports that the malware installs connection software to allow the criminals to remotely control your computer.
To Stay Safe:
- Do not click on links or open attachments from unsolicited email.
- Do not install video or any other software from non mainstream websites
- Do not forward spam messages to prevent spreading the damage to others
- Make sure you have the latest anti-virus software installed and updated
In the hours following yesterday’s explosions over 125 domain names have been registered that could potentially be used to disseminate false information, solicit fake fundraisers, and fake requests for donations. These domains contain words related to the tragedy such as, “boston”,”marathon”, “bombings”, “charity”, “fund”, “lawsuit”, “massacre”, “attack”, “news”, “info”, “victims”, etc..
Examples include: “bostonmarathonrelief.com” and “bostonmarathonvictimfund.com”
Historically, following a disaster criminals set up fake domain names and websites to trick users into giving donations though the money will never reach the victims. Other websites may try to trick users into giving up their personal information that the scammer will use to steal the users identity.
In addition, scammers will target social media to spread false information and requests for money. Shortly after the explosions the Twitter account @_BostonMarathon tweeted that it would donate $1 dollar for every re-tweet. This account has been disabled by Twitter but many others have risen to take its place.
Tips to stay safe:
- Only give money to reputable organizations such as the American Red Cross.
- When searching for updated news stay away from rumor sites and stick to trusted news sources.
- Be wary when asked for personal information through unsolicited communication.
Spam Facebook Posts
IT Security was mailed this phishing letter disguised as a free airline ticket giveaway.
Read up on this offline attempt to steal our personal information and protect yourself from free offer scams.
More Information: American Airways Free Ticket Scam