There are many different Internet security risks that the average user should be aware of and take precautions against. While these threats can be intimidating, the good news is that by taking just a few minutes to become educated, it's relatively easy to protect your identity and your data.
This wiki page will introduce you to the most common Internet threats and the steps you can take to protect yourself and your computer.
This page includes the following sections:
Malware (Viruses, Worms, Trojans, Spyware)
Malware is short for malicious software. Viruses, worms, and spyware all fall under this type of Internet security threat. Hackers and Internet criminals try to install malware on your computer or mobile device without your consent to steal your identity, commit fraud, and send unauthorized spam.
Please see the short video below from the U.S. Government's OnGuardOnline.gov Internet Safety and Security site for more information on what Malware is and how to protect your computer from it:
Some general tips for avoiding malware include:
- Install security software and keep it up to date.
- Don’t open unexpected attachments.
- Avoid dangerous websites and be careful where you click.
- Keep all of your software up to date.
- Malware is commonly transmitted through peer to peer networks and torrents.
- If you’re not sure, don’t install it – check the software for nasty surprises using a search engine before installing.
- If it’s being advertised to you in a pop-up window, you should usually avoid it.
- Uninstall or disable unnecessary software with elevated privileges (see W&J Kb Article on How to Disable Java)
You can find additional information about Malware including ways and tools to avoid, detect, and remove Malware infections from the following websites:
Avoiding Internet Scams (Including Phishing Attacks)
Google identifies online Phishing as a type of online fraud where someone tries to trick the victim into revealing sensitive details such as a username, password or credit card details, by masquerading as a trustworthy entity in an electronic communication. This is the most common type of Internet fraud where Internet criminals impersonate a business or assume a different identity to trick you into giving out your personal information. According to a white paper from Cisco, phishing costs brands, businesses, and corporations more than $98 Billion a year (see http://www.smartmoney.com/spend/technology/spearphishing-fraud-hooks-more-victims-1344216685145/#tabs). According to a report by Gartner, more than 3 million U.S. adults fell victim to phishing schemes during 2007 and lost over $3 Billion as a result of these schemes (http://www.gartner.com/it/page.jsp?id=565125).
Below is a short video titled Phishing in Plain English that will teach you how to identify and avoid Internet scams.
Some general good practices to avoid falling victim to a phishing scam are:
- Legitimate emails will identify you by name (real name or account name).
- An email from a legitimate vendor or financial institution will not ask for passwords, personal information, or account information through emails.
- Don't provide User IDs or passwords in e-mail.
- Don't respond to e-mails that ask you to enter personal information directly into the e-mail.
- Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
- Don't click financial or e-commerce based links in emails; type the web address in the browser address bar for the financial institution or call the institution if you are concerned.
- Keep your Anti-virus, Anti-Spyware, and Firewall up to date.
- Install and use the most recent available version of a modern browser such as IE, Mozilla Firefox, Safari, or Google Chrome with anti-phishing features built in.
W&J's ITS department will never ask you to provide your password by email or on a webform that is not part of our domain (meaning it ends in something other than washjeff.edu). Legitimate emails originating from businesses and financial institutions will not ask you to do this either. If you mistakenly provide your W&J account username and password in response to a phishing scam, please change your password immediately. See this wiki page for instructions on how to change your W&J password.
For more information on detecting and protecting yourself against Internet scams, please see the below sites:
- U.S. Government's OnGuardOnline.gov's Internet Scam page
- Google's Stay Safe Online Anti-Phishing Page
Please contact the W&J ITS Helpdesk at 724-223-6022 or firstname.lastname@example.org if you have any questions about Internet security.
James Lyne: Everyday cybercrime - and what you can do about it. Feb 2013 TEDTalk - From TEDTalks: How do you pick up a malicious online virus, the kind of malware that snoops on your data and taps your bank account? Often, it's through simple things you do each day without thinking twice. James Lyne reminds us that it's not only the NSA that's watching us, but ever-more-sophisticated cybercriminals, who exploit both weak code and trusting human nature.