Secure IT

 

Stay Safe Shopping Online This Holiday Season

Online shopping can be a great solution, allowing you to find the perfect gift and saving time, but it can also end with identity theft, malware, and other cyber unpleasantness. Rather than letting it ruin your holiday season, you can take a few simple security precautions to help reduce the chances of being a cyber victim.

When purchasing online this holiday season - and all year long - keep these tips in mid to help minimize your risk:

 

1. Do not use public computers or public wireless Internet access for your online shopping. Public computers and wireless networks may contain viruses and other malware that steal your information, which can lead to identity theft and financial fraud.

2. Secure your computer and mobile devices. Be sure to keep the operating system, software, and/or apps updated/patched on all of your computers and mobile devices. Use up-to-date antivirus protection and make sure it is receiving updates.

3. Use strong passwords. The use of strong, unique passwords is one of the simplest and most important steps to take in securing your devices, computers, and online accounts. If you need to create an account with the merchant, be sure to use a strong, unique password. Always use more than ten characters, with numbers, special characters, and upper and lower case letters. Use a unique password for every unique site.

4. Know your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller's physical address, where available, and phone number in case you have questions or problems. Do not create an online account with a merchant you don’t trust.

5. Pay online with one credit card. A safer way to shop on the Internet is to pay with a credit card rather than debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was stolen or used improperly. By using one credit card, with a lower balance, for all your online shopping you also limit the potential for financial fraud to affect all of your accounts. Always check your statements regularly and carefully, though.

 

6. Look for "https" in the Internet address (URL) when making an online purchase.  The "s" in "https" stands for "secure" and indicates that communication with the webpage is encrypted. This helps to ensure your information is transmitted safely to the merchant and no one can spy on it. Alternatively, look for the lock symbol (it’s sometimes green) in the Internet address bar.

7. Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 on a Windows computer and Command + W on a Mac. These could be social engineering attempts designed to convince you to open malware or click on a malicious link.

8. Do not auto-save your personal information. When purchasing online, you may be given the option to save your personal information online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.

9. Use common sense to avoid scams. Don't give out your personal or financial information via email or text. Information on many current scams can be found on the website of the Internet Crime Complaint Center: http://www.ic3.gov/default.aspx and the Federal Trade Commission: http://www.consumer.ftc.gov/scam-alerts

10. Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.

 

What to do if you encounter problems with an online shopping site:

  • Contact the seller or the site operator directly to resolve any issues. You may also contact the following:
  • Your state’s Attorney General's Office or Consumer Protection Agency
  • The Better Business Bureau - www.bbb.org
  • The Federal Trade Commission - http://www.ftccomplaintassistant.gov

-------------------------------------------------------------

 

Phishing On The Rise At LMU

In Fall 2018, LMU has seen an increased number of fraudulent emails, or SPAM messages, designed to trick recipients into clicking links, opening attachments, or taking other actions. Specifically, we have seen a large number of Email Impersonation Scams targeting key individuals within the university. These attacks typically seem to come from personnel in positions of authority, and ask targets to perform money transfers, pay invoices, or send sensitive data. To learn more about how to recognize these phishing emails and protect yourself and our organization from getting hooked, read the following list of key phishing identifiers, or click here to see an example of a phishing email: Anatomy of a Phishing Email

 

 

1. Suspicious Email Addresses - If an email seems to be from a legitimate source by came from a nonofficial doman (i.e., @hotmail.com instead of @lmu.edu), it's probably fraudulent. Also check other recipients of the email - if it was sent to a lot of people, especially ones you don't know, you should be suspicious. 

2. Generic Salutations - You should be suspicious of any email that isn't addressed directly to you. Watch out for salutations like "Dear Madam" or "Valued Customer". 

3. Spelling Mistakes and Grammatical Errors- Everyone makes mistakes, but glaring and obvious errors such as "Loyola Mary Mount University" or a plethora of spelling mistakes and grammatical errors are reasons be wary. 

4. Immediate Action Required- Phishing emails frequently have an alarmist tone, to try to rush recipients into taking action and making mistakes. Legitimate organizations rarely ask for immediate action or personal information. 

 

5. Suspicious URLs - If you hover your cursor over a link, the destination will appear; phishing emails often use URL text in emails that seems legitimate, but directs to not-secure sites.

6. Attachments - As a general rule, don't open attachments you aren't expecting. If you get a strange attachment from someone you know, contact them before opening it. 

7. Too Good To Be True - If something seems too good to be true, it probably is, especially if you receive offers from companies or services you've never used, or get prizes from a contest you never entered. 

8. Weird Messages From Friends - Phishing emails may come from someone you know, if a friend's email has been hacked or if a hacker created a new email address using a friend's name to try to trick recipients. If you receive a suspicious email from a friend, call or text them about it before opening the message. 

 

 

LMU Information Security

The Information Security team is the primary point of contact for all information security issues on campus, including: computer hacking incidents, malware outbreaks, intrusion prevention, data loss prevention, vulnerability scanning, firewall auditing, guest and temporary access to resources, information security awareness training, privacy legislation compliance, PCI-DSS auditing and compliance, Digital Millennium Copyright Act (DMCA) notices, change control procedures and auditing, and much more. 

Below you'll find a list of important information on major security subjects, and links to subpages where you can learn more about each. At the bottom of the page, you'll find some helpful videos.

 

Password Security

The thing about passwords is, strong ones are far too complicated, annoying, and easy-to-forget. But a weak password can compromise personal information and sensitive data. Click through to learn some helpful tips in creating a strong, easy-to-remember password and watch a playful video on the subject. 

Phishing

While easily mistaken for an activity undertaken at a Phish concert, phishing is serious business. As per your standard definition, phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Learn all about this practice here.

Malware

Malware is seriously bad news. It can corrupt, ruin, or delete your data, or hackers can use it to take your data and hold it for ransom. To learn more about Malware and how to protect yourself from it, click through to this page.

Mobile Device Protection

Chances are, your mobile device contains a deluge of sensitive information and personal data. Watch the video we've embedded on this subpage to hints on how to protect your mobile device and the information stored thereon. 

Digital Shredding

Believe it or not, you can digitally "shred" documents to erase all trace of them. Doing this makes the documents impossible to recover. To find out more about this relatively simple process, click here.

Encryption

You can easily encrypt documents and emails containing sensitive information as an extra security measure. Learn how to do so here.

ITS Security and Support Policies

You'll find all the information you need on ITS security and support policies on this subpage, which contains a list of all such policies with links the appropriate documents and sections of the LMU website. 

Legislation Compliance

While this might not be something you spend a lot of time thinking about, LMU must comply with state and federal legislation governing the use of technology and data security. You can learn all about that legislation by clicking here.

LMU's InCommon Participant Operational Practices

As a participating member of the InCommon Federation, Loyola Marymount University provides information about its practices so others can decide whether to trust our systems based on these declarations.

Full Policies

Read LMU InCommon POP for LMU's full policies.

 

Don't Take the Bait!

 

Security Secrets Revealed: Ransomware