Skip To Content

 

 

Cyber Awareness Month

Technology is everywhere nowadays - smart devices, smart phones, laptops, tablets, smart TV’s, just to name a few. Understanding how technology can be exploited is critical in ensuring your devices remain secure, your data is safe, and most importantly, your identity is protected. 

 

Baker College takes cyber security seriously and has dedicated this page to help raise technology awareness by providing useful tools, tips on best security practices, and information on current cyber threats. A dedicated Cyber Awareness team monitors events and will update this page on a regular basis. Information and awareness are key to using technology safely so please visit often.


In addition to two upcoming October contests to celebrate Cyber Awareness month, we wanted to shine a light on phishing awareness and identity security. Recently, Chegg.com suffered a data breach and over 40 million user accounts had their account information compromised. It is important to never use the same username and password at multiple sites. Passwords should be unique and secure at each site you visit, and further best practices can be found here as well as the Archive section available on this page. Further, phishing will remain an ongoing threat to identity theft and organizational security. Understanding what to look for, and who to contact in the event of a phishing attempt (please contact your local IT staff), is critical in ensuring your identity remains protected.

A Man in My Browser?

What is MITB?

 

No, you do not have a little man living in your browser, but you could have a type of malware called a Trojan Horse, which is also known as “man-in-the-browser” (MITB). This type of malware infects the Internet browser and sniffs, captures, and modifies information as it travels between the user interface of the infected browser and the Internet.

MITB malware infects endpoints through malicious email attachments and links, or when a user visits an infected website. These attacks are constantly evolving and are becoming more sophisticated and difficult to detect even by experienced cybersecurity experts.

MITB attacks are typically used to target financial (banking) transactions. The malware will be able to do fraudulent money transfers or payments, and the banking application will not be able to detect any fraudulent activity as the correct credentials have been entered.

Whenever the user of the MITB malware-infected system visits a banking website, the Trojan sniffs or modifies the transactions as they are typed in the Internet browser. This malware can view everything that the end-user sees, and can also do everything that the end-user can do with a browser. Login credentials and other sensitive information are captured directly from the browser memory. The original URL and SSL protections are retained.

 

Additionally, the MITB malware can also inject additional authentic-looking fields in the login forms which would convince the targeted victim to share other sensitive information. As the “https://” of the website is retained, the victim does not suspect the webpage. 

Apart from using an up-to-date OS and good updated security software, the only protection at the moment is just common sense. You have to be careful on the Internet. You do not provide credit card or social security information to anyone easily in real life so why should you do that in an online world? If something does not “add up,” quit and inform webmasters. You can also close the browser and start a new session to see if the same fields appear again. In the end, being well informed is one of the best ways to stay ahead of the bad guys - the more you know, the safer you’ll be!

 

 

Backups 101

All of your documents, movies, music, and photos are gone in a flash. With the threat of ransomware and hardware failures, this is an all too real situation that will occur at the least opportune time. What do you do? Well that is simple, restore your data from a backup. This is the common remediation in this situation, but all too often there are no backups to restore from. That is why it is important to start backing up your data now.

Making a backup is simple and there are several ways to start. The simplest way is to copy your data manually to a backup location, like a removable hard drive or to a Cloud storage provider. This can be time consuming, and can run the risk of missing data. 

Another option is to use a scheduled task. Depending on the device being used (computer or smartphone), and the operating system, the steps may be different. 

Android devices usually set up a backup onto Google Drive, but you have to manually configure what to save.  iPhones also offer storage in the form of iCloud, and are just as simple to configure. The caveat for this is that the storage space is limited, and you will need to setup a paid subscription if you begin to store too much data.

On a PC, you can setup a scheduled task to backup folders to a removable hard drive or to the OneDrive. You can set it to daily, weekly, or even monthly. Windows computers have a backup feature under the Settings widget. Macs have the Time Machine and the iCloud. Just like smartphones, cloud storage is not unlimited in these cases, so be aware that a paid subscription may be advertised as you fill up space.

It is advised to have a backup closeby, but it is also a good idea to have an offsite backup. This is where you store a copy of a backup in a trusted location away from your computer. This can be a safety deposit box, a Cloud Storage or Backup provider, or even a trusted friend of family member. This will safeguard your data in case something were to happen like a fire or flood. Remember to backup important data regularly.

For being a part of Baker, we offer unlimited storage on Google Drive. This can be used to backup documents or even photos, to offer an extra layer of peace of mind.  

 

With this information in mind, you are now a graduate of Backups 101!

 

 

Scam Calls

“Your car’s warranty is expiring and we… *click*”  “Thanks for using Visa, Discover, Mastercard… *click*” “This is the US Internal Revenue Service… *click*” “Hello I am calling from Microsoft to inform you of a refund… *click*” For most of us, that is about all we get to hear of the phone calls before we hang up. For others, it is much worse. These scam calls have one goal - to trick you into giving them money or information. Here are a few do’s and don’ts to help you from falling victim to these calls.

DO

Do hang up on them. Don’t engage with them at all, just simply hang up. It saves you time and prevents you from accidentally falling prey to their schemes.

Do block and report. Some phones and carriers have enabled a feature to block and report spam calls with a simple button. This will allow them to notify other potential callers with a caller ID warning “Potential Scam Call” as well as lead to the crackdown of the perpetrators. If your phone doesn’t have the report feature, you can report them to https://ftccomplaintassistant.gov . This form will request some basic info like the phone number used and which company they stated they were from. Some carriers also have a text reporting system that you can text the number that called or texted.

Do screen call. Just like the above, some phones have the feature to screen calls for you. It provides a simple script to the caller to ask who they are, and gives you a text display of what the caller is saying. If it turns out that the unknown number is really someone you need to talk to, you can pick right up. Otherwise, it gives you the option to cancel the call.

DON’T

Don’t call them back. These are some of the craftier calls. They make a quick phone call that simply says “Call me back” or is dead air. The goal for this is to make you call them on a long-distance line, racking up a sizeable bill. Another situation is that these numbers are sometimes spoofed - faked using software prior to the phone call. The number you call back may not be them, but rather an unsuspecting person who’s number was borrowed.

 

Don’t give them info. Don’t provide them with anything. Little bits of information here and there can be stored and linked up later, or lead to more targeted phone calls. If they think that they have someone that will gradually give them all that they want, they’ll continue to call and harass you. These scammers will play the long game.

Don’t buy gift cards to pay for official organizations. If you have been unfortunate enough to be on the call to this point and they are requesting payment in the form of gift cards, then you have a red flag that this was a scam all along. The IRS will never have you pay off an outstanding tax balance using gift cards. Microsoft won’t ask you to pay for their services using Apple gift cards. If something sounds “off,” trust your gut and hang up. 

Armed with these quick and easy steps, you can help safeguard your information and thwart these crafty scammers.

 

 

Digital Footprints

 Have you ever noticed that when you buy something online (a pair of shoes, for example), all of a sudden you start seeing shoe advertisements on other web pages that you visit?  Sometimes for the exact item that you just bought? Most of us are familiar with the term "cookies" (which are little bits of information stored on your computer), but they are also part of a bigger picture out there called your "digital footprint."

Everything you do when you're on the Internet, whether it's just looking at a few web pages, downloading a great recipe for oven-baked mac & cheese, or watching videos, leaves a little trace of your information that can be associated with you.  Things that you post or react to on social media sites (Facebook, Instagram, Twitter, etc.) are huge contributing factors to your footprint and how it is used. Many companies pay for the data gathered by these hosting sites and in turn use it to market additional products or services directly back to you.  This is done in the hopes that they can generate more data, more purchases, more posts, so the cycle continues on and on.

Shopping sites often track your Internet usage so they can target specific products to you based on where you've been and what you've seen on other web pages.  Social media sites are notorious for using private data for marketing and other business opportunities. Even mainstream sites such as your local news channel, city web page, or library page can keep track of your movements online.  Make no mistake - while you're online, everything you do and everywhere you go can be tracked, monitored, and used!

A good experiment to try is to look yourself up on a few different search engines such as Google, Bing, or DuckDuckGo (there are many out there).  Chances are you won't be the only "John Smith" that shows up, but after reviewing a few of the results you should be able to narrow things down to you specifically.  How do the results look? Did you get any results? No results?

Whether you're happy or unhappy with your results, there are ways to help reduce your footprint out there.  Be careful with your posts on social media, maintain strong passwords, and limit your email subscriptions as necessary.  Make sure you review your privacy settings on any account that allows you to change them. Sometimes you're asked to provide birth dates, addresses, phone numbers - unless it's a mandatory field that needs to be filled in, just leave it blank.

In today's world, an online presence and social media are a way of life.  Being careful about where you go, what you say, and what you do, can go a long way to keeping your private data in your control instead of being used against you.  Be careful!

 

 

I'll take you "Phishing"

To Fish or not to Phish, that is the question?  So, when you hear the term phishing from the technology world, what do you think of?  Well, I think of going out to my favorite lake and bringing my bag of tools to help me catch a real nice fish.  I’ll bring my rods, reels, various types of hooks, and most importantly, very tempting fish bait for the type of fish I want to catch.   In the end this isn’t far from the true meaning of phishing. 

Did you know phishing continues to be one of the most effective ways to catch (or “steal”) personal and corporate information.  In this short explanation we will look at the areas of phishing much like the lakes and we will discuss some of the tools used. 

Phishing Lakes 

I like to think of a lake as the area the phishing takes place.  This could be, emails you received (“phishing”), social media sites you visit, your personal phone text (“smishing”) or phone call (“vishing”).  These are all legitimate areas to catch valuable information from you.

Phishing Tools

Tools are the craft to trick you into giving your information up freely without you knowing it.  Remember, phishing has been around for years - the only difference now is the tools used to catch the fish (phish).  Back in the day it was all sleight of hand or fast talking that lured you to reveal precious information. Today they use crafty emails, intriguing text, or pressuring phone calls to accomplish the same thing.  Their hope is to lure you in, steal some (if not all) of your information and gain access to your cash!

Don't Byte Like a Phish

So what can you do to stop this phishing leak of information?  Ask yourself a couple of primary questions:  

Is this something I am expecting to see or should see?

Do I feel comfortable giving this information away in this manner?

If you have answered “NO” to either question above DON’T give out any information.  If need be, look up the correct number for your bank, your loved ones, family members, etc., and call them directly and ask, “Did you send me this and can I answer your questions over this phone call?” Remember, being cautious is not rude, it’s being technology SMART and above all - don’t bite like a fish!  Sorry, phish!

 

 


Baker College's Cyber Awareness Committee has assembled this informative PDF document to help raise awareness of Cyber Security among Faculty, Staff, and Students.

Passwords

Security questions are specifically intended to provide an alternative means of authentication when a password fails. For more information Click Here

S1