Stay Safe in a Dangerous Online World
Combatting Phishing Attempts, Malware and Virus Infections
We have noticed an increase in the number of SHSU employees and students that are falling prey to one of these attacks (virus, malware, or phishing). In May Microsoft’s IEBlog announced that 1 in 14 downloads contain malicious code. Now is the perfect time to learn more about how to keep safe online.
First we should define the three different terms. Computer security blogger, "The Older Geek," describes them in her post titled How to Avoid Computer Viruses and Phishing Hacks as follows:
A virus is a program that infects a computer and reproduces itself to spread throughout the computer or to other computers. Viruses are spread through executable code, which means it must be activated to affect a system and spread. Viruses can sit dormant in computer system until they are activated, either remotely or with a countdown in the code itself.
Malware is short for malicious software. A trojan is a type of malware (pictured above sneaking its way into Troy instead of your computer) that is downloaded along with other software; trojans steal information and “phone home” that information. Other malware might include spyware or adware, which track the user’s computing habits, history, or online shopping, browsing and buying. Spyware is intended to keep a record of the activity, while adware is intended to blast the user with targeted ads based on web browsing and online habits.
Phishing (as defined by wikipedia.com) is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.
Understanding that dangerous software is out there helps but it is only half the battle. In order to stay safe online you will need understand how to adjust your habits. A great introduction to staying safe online can be found in these two videos from Common Craft:
Phishing Scams in Plain English and Computer Viruses and Threats Explained.
Step 1: For computers that are not part of the SHSU network, use your firewall and make sure you have an updated and running antivirus program. More information can be found in this article by The Older Geek about firewalls, anti-virus programs, spyware and malware detectors. (This is for computers that are not part of the SHSU network as all SHSU networked machines have firewalls and antivirus already installed and maintained by IT@Sam.)
Step 2: Never sign in to a website from an e-mail link. This is still one of the easiest ways for criminals to get your username and password. They dress up e-mails to look like they are from reputable companies such PayPal and eBay. They will also create login pages that look as close to the real sites as possible. Common versions of this will say they need you to login to verify your account, or login to change your password before it expires.
IT@Sam will never ask you for your username and password in an e-mail under any circumstances and neither will most companies. If you think the e-mail might really be from the company then go to their website on your own in a browser and see if there is a way to contact them or verify that they are sending out the e-mail that you received.
Step 3: Don’t open attachments from people that you don’t know, or even if you do know them but weren’t expecting an attachment. If you have a friend that is always sending on e-mail chains for you to read you might think about asking them to remove you from their list as these e-mail forwards are another way for attackers to get access to your system.
Step 4: Use your browser’s pop-up blocker. Viruses and malware can be installed in the code of pop-up windows. Never click on any part of a pop-up message including the “Red X” in the corner that you would use to close a program. To close a pop-up window please load the Task Manager (easily accessed by using CTRL+ Shift+ ESC) and close the window from the task manager so that you are not interacting with the pop-up window at all.
Step 5: Set all of the programs that you install to update automatically. This way as soon as a fix is available your computer will download it. We recommend setting your programs to auto-update because your computer is vulnerable while it is waiting for you to approve the updates to programs.