How to Keep Your Personal and Financial Information Safe Online Cheryl Helget Mark Griffin

How does identity theft occur? Oh please, let me count the ways! 1) Keystroke logging software or hardware 2) Phishing scams via 3) Unsecure web sites 4) Social engineering 5) Dumpster diving 6) Random flash drives 7) Other

So, how can I protect myself?

Use good passwords and pins, and protect them! 1) Make password at least 7 characters long! 2) Use random letters, numbers and symbols (both upper & lower case) 3) DO NOT USE birthdays, addresses, anniversaries, or other personal information 4) DO NOT USE correct answers to challenge questions that can be answered through combing genealogy sites. For example, mother’s maiden name, father’s middle name, paternal grandfather’s first name can be easily learned through ancestry.com. 5) DO NOT SHARE passwords or pin numbers! 6) DO NOT WRITE DOWN passwords or pin numbers 7) Change your password at least every 6 months, and don’t reuse passwords 8) Develop a security mindset

Password Examples: 1234, 6666, sparky, password, , fhsu: BAD PASSWORDS B3tt3r1!, pr3TTyg00d, &00d3n0u&h: BETTER PASSWORDS IKJ0n Hi12ESr98gbtmal, 987weDF6743$khF98!: BEST PASSWORDS Time Magazine’s worst passwords for 2012: of-2012/ of-2012/ 1. password abc qwerty 6. monkey 7. letmein 8. dragon baseball 11. iloveyou 12. trustno sunshine 15. master welcome 18. shadow 19. ashley 20. football 21. jesus 22. michael 23. ninja 24. mustang 25. password1

What’s a Phishing scam? And, what do I do about them? Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Attackers try to get you (the fish) to hand over your information or money. They hook you with an message, IM, or some other form of communication (the bait) that looks as if it came from a legitimate source such as a bank or an online shopping site.passwords electronic communication The primary thing that you want to do with phishing s, instant messages, or texts, is DELETE THEM! Do not respond to a phishing scam, or click on any links in the message. Do Not provide ANY personal information. If you do anything with the message, simply report it to your administrator.

How will I know if it’s a scam, or if it might be a legitimate ? Phishing scams/ s tend to have one or more of these characteristics  Website links sound legitimate, but are not the real organizations link (eg. instead of  Website link says one thing, but the actual click through goes somewhere else!  Message will say it is from a local person, department, or entity, but reply goes to a totally different address  Messages will often be poorly worded or have misspelled words  Subject of message often makes it sound like it is an important notice  If you want to investigate, consider googling what might be the major content of the message to see if it has been flagged as a phishing attempt on any of the anti-phishing/anti-malware sites.  Bottom line, if you aren’t comfortable with the content or the subject, delete the message.

Phishing examples To: “Mark Griffin" From: Juanita Limas Date: 01/05/ :03AM Subject: From System Administrator Dear Webmail User, Your mailbox has exceeded the allocated storage limit as set by the administrator, you may not be able to send or receive new mail until you upgrade your allocated quota. To upgrade your quota, Please clickhere Thank you for your anticipated cooperation. System Administrator For Webmail Support Team.

Phishing examples cont. To: From: Fort Hays State University Sent: Saturday, June 09, :59 AM Subject: Emergency Verification Dear Fort Hays State University subscriber, We hereby announce to you that your account has exceeded its storage limit. You will be unable to send and receive mails and your account will be deleted from our server. To avoid this problem, you are advised to verify your account by clicking on the link below. Thank you. The Fort Hays State University IT Management Team.

Social Media Security Tips Watch for fake s that appear to come from Facebook If it seems unusual for a friend to write on your wall and post a link, that friend may have gotten phished Do Not enter your password through a link Do not use the same password for Facebook that you use elsewhere on the web Don’t share your password with anyone (Repeat!) Do not use your cellphone number to verify the results of a facebook game or survey without reading terms and conditions

What other stuff should I do, or be aware of online? Keep your computer operating system, anti-virus, and firewall software up to date. Free 3 rd party firewalls: ZoneAlarm or Comodo Firewall Free PC World’s top security picks of 2012: G Data InternetSecurity 2012 Norton Internet Security 2012 Bitdefender Internet Security 2012 Detected and removed the most baddies but slow Do Not access on-line accounts using public computers When shopping online, whenever possible use a secure online payment service (eg. Paypal or WorldPay) Use credit cards instead of debit cards! Credit cards are insured against fraudulent merchants, debit cards are not. Do not keep personal or financial information (including passwords) in a plain text file on your computer. Encrypt the documents (KeePass is a nice password storage utility and it is free) When submitting information online, make sure there is a “lock” icon on the browser’s status bar. Also make sure website begins https (the “s” means a secure, encrypted (SSL) connection.

The lock sign shows that there is an encrypted connection between your browser and the website you are visiting, allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery. It is possible for every piece of data to be seen by others unless it is encrypted with the https communication rule that is signified by the lock sign.

What other stuff should I do, or be aware of online? Continued Do not give out personal or financial information to vendors over the phone, through the mail or , or anywhere online, unless you are ABSOLUTELY CERTAIN that your contact is legitimate. If you have a home wireless network, be sure to password protect it. When you are setting up the wireless router, it will ask you whether you want to use WEP, WPA, or WPA-2 encryption. Select WPA-2 for the best security. Also change your wireless router’s adminstrator’s default password. Keep a record of your transactions, and check your accounts online periodically to watch for suspicious activity. When traveling, do not keep all of your credit cards in one place, such as a wallet in your pocket. Split up your resources. If traveling with someone else you trust, perhaps have them carry at least one of your cards, or some of your cash. Keep a list of all your credit card numbers in a safe place (encrypted, if stored electronically), along with expiration dates and customer service phone numbers. Review your credit report periodically. You can obtain a free credit report annually at Shred any paper documents that contain personal or financial information, do not just throw this information in the trash

Twitter Dooz’n’Donts Don’t be too specific Say it, don’t spray it Call the police, don’t tweet about it Don’t tweet about changing passwords, or anything else that might compromise your security Never use your password on suspicious 3 rd party sites Do choose a strong password (Repeat!) Do use direct messages when appropriate, not everything is meant to said in the wild Consider having a private account separate from work

Removing your name from lists: Mail – Phone – Stop preapproved credit card offers: or OPTOUT To hold your mail: