The Information Security Corner With Bob Shaffer
I’m not trying to be a Grinch, but not everyone’s singing “It’s the most wonderful time of the year.” According to CNN, someone in the U.S. is a victim of identity theft every two seconds. Identity theft can happen when your personally identifiable information (e.g., name, SSN, credit card number, etc.) is exposed and accessed by unauthorized individuals whose intent is to use it for financial gain or other types of illegal activities.
Let’s face it, identity theft is not going away anytime soon. It was ushered in with the boom of the online age and will be here for the foreseeable future. While it’s impossible for us to completely prevent identity theft from happening, we can take some simple steps that will significantly reduce our chances of becoming a victim.
Beware of Phishing
This is one of our biggest headaches at UTMB. A phishing attempt is someone masquerading as someone they’re not, in order to get information or to encourage a user to do something that they normally wouldn’t.
Email phishing – No reputable organization will ever ask you for personal information over email. If they do, refuse to give it to them. Emails with links that are asking you to “Click Here” to update personal information must be scrutinized. Is that link really taking you the place that it says, or has it been forged and is taking you to a place to steal your password? It doesn’t take much to validate the authenticity of an email. Know the red flags. One red flag is not necessarily an indicator of a phishing attempt. However, it’s you that’s making the judgment call. If it looks suspicious, get a second opinion, or sent it to firstname.lastname@example.org; we’ll validate it for you.
Let’s say it’s a well-crafted phishing email and you clicked on the link; it’s not the end of the world. It’s going to take you to a webpage that will ask you for information. Again, think about the red flags.
Phishing phone calls – We’ve had several reports of folks receiving phone calls from “technicians” claiming to be with Microsoft. The call usually starts off by informing you that your PC has been identified as being infected with a virus or something to that effect. The goal is to take control of your computer and install malicious software that could capture sensitive data, such as online banking information, usernames and passwords. To make matters worse, they’ll try and charge you for the software installation. If you receive one of these calls, simply say “no thanks” and hang-up.
Computer hijacking and ransomware
We’ve had several people fall victim to this scam. This is a process of locking you out of your computer, with demands to pay $300 using Bitcoin or a prepaid cash voucher for an unlock code.
Some of these are recoverable by simply using a virus scanner. Others, such as Crytolocker actually encrypt the contents of your hard-drive and are very difficult to recover from. The majority of PCs infected with Crytolocker are reformatted, meaning that all your stored files are deleted and lost forever.
How do you defend against these types of threats?
Always run an up-to-date antivirus (http://windows.microsoft.com/en-us/windows/security-essentials-download) on your computer and be very careful when opening email attachments. The Cryptolocker virus is initiated by opening an attachment with a “zip” extension.
Not to pick on FedEx, UPS or the U.S. postal Service, but most Cryptolocker incidents are from emails that appear to come from one of these organizations. Typically the subject line is “You’ve Missed a Delivery” or “Your Package is Available for Pickup.” Unless you are expecting a package, be very leery of these types of emails.
Bloomberg reports that 44 percent of all holiday shopping will be done online this year. To me this makes sense; I personally find online shopping to be less stressful and sometimes cheaper than the brick and mortar stores. While there are benefits, the risk of falling victim to fraud and ID theft are greater than shopping at a traditional store. Following these simple tips will minimize your chances of becoming a statistic:
I’m not going to guarantee that if you know the red flags and you follow these tips, you won’t fall victim to identity theft or some other type of an account compromise. However, I will guarantee that if you do, your chances of becoming a statistic will be greatly reduced.
Happy holidays, and be careful out there.
Robert V. Shaffer Jr.