Internet Security Threats - September 09
There are currently several types of Internet and personal computer threats circulating right now. In most cases, a careful cautious user can avoid becoming a victim of these problems.
The first threat is our old friend the phishing scam. A phishing scam is an attempt by some nefarious entity to obtain your personal information (login usernames, passwords, credit card numbers, etc.) through social engineering. They will attempt to fool you, threaten you, intimidate you, or bribe you all in hopes of getting this information. There are often statements indicating that your account will be closed or that some resource you use will be lost.
The current fake email circulating on campus currently includes the following text:
"Dear ulm.edu Owner,
We are currently carrying-out a maintenance process to your
ulm.edu account, to complete this process you must reply to this email
immediately,and enter your User Name here (******) And Password
here(*****)if you are the rightful owner of this account."
To restate the position of the University Computing Center - We have no need for you to verify your login information. We do not need it or want it. We never ask for it using email. Email is inherently insecure and not useful for transmission of personal information. If you see a message supposedly from the University Computing Center or some likeness, be wary. If there is some question about the legitimacy of some email asking, do not immediately react - wait, investigate, and ask around. It will become quickly apparent that the email is not from us.
The second threat is a category of threats now being called "Scareware." Scareware is a name given to the windows that pop up onscreen informing the user about a large number of viruses or security threats on their system. Along with this information is an offer to remove the infections or remedy the problem. A user that agrees to install the program becomes infected with a virus they did not have before. At some point, this newly installed application will start causing problems on the system until the user sends money to "register" it.
The University uses and installs specific antivirus products. Users should not install other products even if the promise is more security. Many legitimate antivirus products do not work well with other antivirus products. Even more supposed security applications are Scareware and not actual antivirus products at all. Be safe and do not install extra security software. This website details a wide array of these scareware products:
Another step that can be taken to reduce chances for infection is to use Mozilla Firefox rather than Internet Explorer. Many security issues use Internet Explorer as a conduit for entry. These same security threats cannot enter the system through Firefox. Many users plagued with spyware, adware, and viruses find themselves not as susceptible after moving away from Internet Explorer.
In both of these scenarios, the mechanism used to compromise security is to fool the user. Making users believe something bad will happen is a nice incentive to get a rash reaction. Just because some message says there is a problem or threat does not necessarily mean it is the truth. If presented with these questions, it is best to "just say no " - no response to inquiries for personal information; no response to offers about installing security software. In this way you can improve your chances or remaining safe and uncompromized.