from www.staysafeonline.org

Email has become a critical way to communicate with friends and families and conduct business – it’s quick, convenient, and effective. Many email messages contain attachments, such as documents, photos, or links to Web sites that senders think might be of interest.

However, cyber criminals often use email to trick people into opening attachments and visiting Web sites that collect personal information (phishing) or download malicious software (spyware). They overload our email inboxes with messages we didn’t ask for and don’t want (spam).

Criminals will continue to evolve their practices, but you can keep ahead of them by staying alert for suspicious email and using technology to filter unwanted messages.

• Spam
• Phishing

Spam
Left unchecked, any email account will quickly become overloaded with junk, some of which will contain viruses and scams. The good news is that most email programs contain options for filtering out what you don’t want. Learn how to use those tools properly to make your email experience faster, safer and simpler.

The first thing to do is to enable a junk email or spam filter. Most email programs and online services come with one of these installed. In many cases, these are set to “on” by default, but if they’re not, you can easily activate by finding your filtering preferences tab, or using your program’s “help” tool.

Some junk mail filters, like the one that comes with Microsoft Outlook, have multiple junk mail settings. At the highest level, these will filter out virtually everything you don’t want. Just be aware that at the highest settings, spam filters can sometimes trap emails you want to receive. If you have high junk mail settings, make sure to take an occasional peek at your junk mail folder.

The next level of email filtering is to block all email from specific addresses.  This works differently in different programs. In Microsoft Outlook, for instance, you just select the message from the sender you wish to block, select “block sender” from the “message” pull-down window, then click “yes” and “ok.”

IMPORTANT NOTE: No email filter is perfect, so you still want to treat every message you get — even the ones that appear to come from companies you do business with — with a certain degree of caution.
Top of page.

Phishing 
Phishing attacks use email or malicious Web sites to collect personal and financial information. Attackers may send urgent emails that request account information, seemingly from a reputable credit card company or financial institution. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?

• Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a Web site’s security.
• Pay attention to the URL of a web site. Malicious Web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
• Install and maintain anti-virus software, firewalls, and email filters to reduce spam.

What do you do if you think you are a victim?

• Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
• Watch for any unauthorized charges to your account.
• Consider reporting the attack to the police, and file a report with the Federal Trade Commission or the FBI’s Internet Crime Complaint Center.

More information about Phishing 
For more information on phishing, visit:

• Anti Phishing Working Group
• United States Computer Emergency Readiness Team (US-CERT), a partnership between the U.S. Department of Homeland Security and the public and private sectors.

Information provided by US-CERT. 

from US News & World Report

With more shoppers than ever turning to mobile devices and computers for holiday shopping, many are inadvertently leaving themselves vulnerable to online fraud and scams. Here are 10 ways to avoid becoming a victim this holiday season:

Stay away from fishy-looking sites. You can’t always tell when a website isn’t legitimate, but red flags include poor design, a strange or nonsensical web address, and multiple pop-up windows that you can’t close. If you notice any of these suspicious signs, stop shopping and close your browser windows.

Avoid clicking on hyperlinks embedded in emails. TheBetter Business Bureau warns that legitimate businesses don’t send emails asking for follow-up financial information. If an email, even one that claims to be from a familiar retailer, asks you to visit an outside site, don’t do it–it could be redirecting you to a scam site. Instead of clicking on a hyperlink, type in the web address that you want to visit into your browser.

This year, BBB warns consumers about emails coming from the “National Automated Clearing House Association” that ask recipients to click on a link or open an attachment. In reality, the email is from scammers, not NACHA, which does not send emails regarding individual transactions. Clicking on the link or opening the attachment can result in stolen bank information.

Shop on secure websites only–including on smartphones. Adam Levin, founder of Credit.com and Identity Theft 911, suggests looking for “https” instead of just “http” in the address bar. Also, make sure your computer’s anti-virus software is up to date, he says, since you can come across some unwanted viruses when surfing online for deals and good buys.

In addition, be wary when shopping from mobile devices, since they often lack anti-virus software. Security firm BitDefender reports that shopping with mobile devices–as 6 in 10 shoppers plan to do–can come with a new set of security challenges, since shortened URLs can more easily trick shoppers into visiting harmful sites. Also, public Wi-Fi access is convenient, but it can also leave your personal information accessible to hackers. Avoid entering passwords and credit card numbers while in public hotspots.

Never, ever give your Social Security number to anyone online. If a site asks for it during the checkout process, it’s probably a scam site, says Levin.

Take advantage of the automatic identity theft protection that comes with many credit cards. That’s one reason to use your credit card instead of debit card or cash for holiday shopping. If you see erroneous charges on your statement, call your credit card company, which should investigate on your behalf.

The Better Business Bureau points out that credit card companies are required to allow shoppers to dispute charges, and many companies cover charges made on stolen cards. Don’t forget to check your credit card statements frequently (don’t just wait until you get your monthly bill) because many card companies have time limits on when customers can dispute charges.

Change up your passwords. Consumers are asked to remember dozens of passwords for various retailers, banks, and accounts, and it’s almost impossible to remember them all–especially since they often include mixes of numbers and letters. Either keep careful track of your passwords in a secure document, rely on mnemonic devices to boost your memory, or come up with some other clever strategy. But don’t stick with simple passwords that are easy for strangers to guess.

Review your rights. The Better Business Bureau reminds shoppers that if products aren’t shipping on time, consumers have the right to cancel the order and get a refund. They can also reject merchandise they deem defective or misrepresented.

Avoid strangers on social media. This rule is especially important around the holidays, when many retailers use social media to drum up business. Fraudsters also send malicious messages through social networks. BitDefender recommends treating messages from strangers as spam–just ignore them.

Don’t click on fake holiday e-cards. Festive e-greetings are ubiquitous this time of year, but security firm AppRiver says fake cards can spread viruses. At the risk of being Scrooge, the firm recommends that consumers just delete cards that come from unknown addresses.

Review your statements after the holidays. Unfamiliar charges on credit card and bank statements are often the first sign of identity theft. If you find an unauthorized charge on your statement, contact your bank or credit card company immediately. Your bank might be able to provide other protective steps as well, such as issuing a new card.

From www.fcc.gov

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats. Read the rest of this entry »

Wireless networks can provide an unintended open door to your network. Unless a valid business reason exists for wireless network use, it is recommended that all wireless networks be disabled. If a wireless network is to be used for legitimate business purposes, it is recommended that wireless networks be secured as follows:

•Change the wireless network hardware (router /access point) administrative password from the factory default to a complex password. Save the password in a secure location as it will be needed to make future changes to the device.

•Disable remote administration of the wireless network hardware (router / access point).

•If possible, disable broadcasting the network SSID.

•If your device offers WPA encryption, secure your wireless network by enabling WPA encryption of the wireless network. If your device does not support WPA encryption, enable WEP encryption.

•If only known computers will access the wireless network, consider enabling MAC filtering on the network hardware. Every computer network card is assigned a unique MAC address. MAC filtering will only allow computers with permitted MAC addresses access to the wireless network.