Whether you are a student, teacher, or any other faculty member, we all have different goals and aspirations in our everyday lives at UMBC. What we all have in common in this community is making sure our personal information stays secure. One issue you must be aware of is the phishing that many accounts have encountered.
Phishing is the use of deception to acquire sensitive information from a person. One strategy of this is where hackers create fake emails to connect to a number of users. This strategy is very common, and surprisingly many users fall into this trap simply for lack of knowledge. Phishing is very threatening because when it is successful, cybercriminals may gain access to your personal information and potentially stealing money. This could result in financial loss.
DoIT has recently been notified by several users that they have received what appear to be phishing attempts. These messages may demand the user to pay a ransom to prevent the release of potentially damaging information (a process known as sexploitation, from sexual exploitation), purchase illegitimate computer software to ensure system stability, or ask if the user is available to purchase gift cards. These messages are coming from fake email accounts pretending to be supervisors, admins, staff members, or other well-known people. If you receive an email that is from a high-profile or an authoritative person at UMBC, please be alert and make sure the email is from an authentic source.
If you receive an email that is not from a umbc.edu account, please be aware that this email can potentially be a phishing attempt. You can verify whether or not the message is authentic by checking the email address. Some of the phishing emails that have been reported came from “my.com” and “umbc.edu@gmail.com” accounts. Another strategy is seeing what they are asking for. Phishing messages tend to demand for money in unusual circumstances. Also, it is valuable to analyze the “from,” “to,” “date,” and “subject” line of the email. If some or all of these components seem to be illogical, you can send a message to security@umbc.edu and they will assist you to finalize the emails legitimacy.
DoIT is currently working on this issue and has notified the site owner whenever a phishing email has been reported. If you see an email that does not seem to be authentic, take a step back, slow down, stay focused, and think before you go any further with the suspicious email and respond accordingly.
What is Backup?
Backup is for recovery from hardware failure or recent data corruption or loss.
Why Backup is needed?
A Backup is copy of your data that is made in order to protect against loss of that data. Typically, backups are made on a regular basis to a time schedule or when the original data should be updated. Usually original data is not deleted, but older backups are often deleted in favor of newer ones.
There are various ways to backing up data
1.Keep it in the cloud
2. Save it to an external Hard Drive
3.Burn it at a CD, DVD, or Blue- ray Disc
4. Put it on a USB Flash Drive
Usually Desktop computers, VMs, and mobile devices are all commonly backed up. Backups can include data, OS and application files, or a combination of these according to the backup methodology and purpose.
The goal of a backup is to make a copy of anything in current use that can’t afford to be lost. A backup of a desktop or mobile device might include just the user data so that a previous version of a data can be recovered if necessary.
In the case of a ransomware attack, a solid backup strategy can mean the difference between being able to restore a compromised system and having to pay a ransom in the vague hopes of getting a decryption key to obtain access to files that are no longer available because they were encrypted by the attacker.
Backups can have additional uses. A user might go to a backup to retrieve an earlier version of a file because it contains something no longer in the current file, or, as is possible with some backup services such as Backblaze Backup, to share a file with a colleague or other person.
In my opinion, Cloud storage is considered as most convenient and flexible data backup.
There are some versions of cloud storage: iCloud, Google Drive, One Drive and Dropbox.
]]>Public Wi Fi is famous with its easily availability and free access. Any person with their computer or other devices can access Public Wi -Fi. Public Wi -Fi could be found in convenient places such as universities, libraries, airports, coffee shops and hotels. In the case when you connect to Public Wi -Fi there is a threat that someone might access the data you are sending to your colleague or boss.
To protect your data while we are using Public Wi-Fi, send your information to only to sites that are trusted and fully encrypted, and avoid using mobile apps that require personal and financial information.
Regardless what we are doing connecting to Public Wi -Fi considered incredibly dangerous. There are some suggestions while you are connected to Public Wi – Fi.
·
Be aware
Public Wi-Fi is inherently insecure — so be cautious.
·
Remember —
any device could be at risk
Laptops, smartphones and
tablets are all susceptible to the wireless security risks.
·
Treat all
Wi-Fi links with suspicion
Don’t just assume that the Wi-Fi link is legitimate. It could
be a bogus link that has been set
up by a cybercriminal that’s trying to capture valuable,
personal information from unsuspecting users. Question everything — and
don’t connect to an unknown or unrecognised wireless access
point.
·
Try
to verify it’s a legitimate wireless connection
Some bogus links — that have been set up by malicious
users — will have a connection name that’s deliberately similar
to the coffee shop, hotel or venue that’s offering free Wi-Fi.
If you can speak with an employee at the location that’s providing
the public Wi-Fi connection, ask for information about their legitimate Wi-Fi
access point — such as the connection’s name and IP
address.
·
Use a VPN
(virtual private network)
By using a VPN when you connect to a public Wi-Fi network,
you’ll effectively be using a ‘private tunnel’ that encrypts all
of your data that passes through the network. This can help
to prevent cybercriminals — that are lurking on the
network — from intercepting your data.
·
Avoid using
specific types of website
It’s a good idea to avoid logging into websites where there’s
a chance that cybercriminals could capture your identity, passwords
or personal information — such as social networking sites,
online banking services or any websites that store your credit card
information.
·
Consider using
your mobile phone
If you need to access any websites that store or require the
input of any sensitive information — including social
networking, online shopping and
online banking sites — it may be worthwhile accessing them via
your mobile phone network, instead of the public Wi-Fi connection.
·
Protect your
device against cyberattacks
Make sure all of your devices are protected by a rigorous anti-malware and security solution — and ensure
that it’s updated as regularly as possible.
]]>
Definition of Social Engineering.
In social engineering, a cybercriminal is basically relying on social activities (and interactions) of human beings to collect information by tricking them. For example, asking people to open a phishing email (with attached malware) and thus breaking standard practice of an organization related to the best practices for minimizing risks. Social engineering often involves human socialization and interaction rather than hacking a network. The criminals are basically con artists. Criminals are interested in gaining “confidence” of a person so that he/she might share confidential information of a business for further exploitation or hacking activities in the future.
Types of Social engineering.
There are several types of social engineering attacks. Such as, baiting; phishing; pretexting; quid-pro-quo; spear phishing; and tailgating.
In baiting, criminals leave a malware infected device to be opened by an innocent person.
In phishing, criminals make fraudulent communication (appearing to be legitimate). Victims are tricked to opening an email with an appearance of a legitimate sender. Charity to help poor (but has malware).
In pretexting, criminals are scammers interested in victims to disclose confidential information.
In quid pro quo, criminals are offering a gift item to attract a victim for obtaining personal data.
In spear phishing, criminals are collecting data from social network (Facebook) and customizing this data to gain confidence of a victim in order to reveal personal information or trade secrets.
In tailgating, criminals actually follow victims to his office or home. Example asking a victim to hold a door open while criminal installs a bug (secretly) capable of transmitting data about victim’s activities.
Solution
How to avoid social engineering risks. It is best to educate people and remind them constantly about dangers. Constant reminder is a must. Otherwise, people forget and tend to overlook cyber risks.
]]>The topic is about pros and cons for leaving a digital device unattended, such as a cell phone, a laptop or a desktop computer. It does not matter whether devices are personally owned or business owned.
CONS:
1. This situation of leaving a device unattended is like leaving a car unlocked. The biggest risk is about the loss of a device itself (i.e. stolen). Thieves would be able to sell parts of a device if not an entire device. True, stolen devices could be tracked. But, only when a device is unassembled.
2. Loss of privacy. Intruders might be able to see (and read) confidential matters. Doesn’t matter whether the stored information is personal (e.g. family photos) or business (e.g. contracts). Thus, putting a business or an employer at a risk when sensitive information is left unguarded.
3. Spies could install malware on an unattended device and download stored information remotely at their convenience. (Sometime, government spies including manufacturers from China install malware devices on laptops sold to a country for monitoring daily activities).[1]
4. Waste of electric power or discharging battery if left unlocked and running (while a device is also left unattended). If left running 24/7 then internal parts of device would wear quickly (because every part has a limited life based on number of operating hours).
5. Children may visit unauthorized webpages in case a personal laptop or a cell phone is left unattended. Children might be exposed to inappropriate materials. Children may be targeted by predators. Children may post something on line (and it is difficult to delete almost anything once something is posted on line). Children may play for hours and hours and exposed to health risk (i.e. weight gain, watching games on a device left unattended). Children distracted from studies.
PROS:
Almost none. Except, a minor convenience of not turning ON. We see that in offices desktops are left running at night. Monitors get burned. Parts get worn (limited life). And, security guards are annoyed.