Protect Against Information Theft
by Phillip Lyle
Information theft is a thriving business. Costing Americans over $1.5 billion in 2011, thieves have a strong incentive to manipulate your business and personal information into real dollars.
Let’s go phishing
Everyone has seen these messages. They appear to come from the IRS, Wells Fargo, or Microsoft, but in reality are sent from thieves. “Phishing” is an attempt by thieves to forge an official-looking website or email in order to obtain your credentials or financial information.
What’s common about most of these attempts?
1. They contain poor grammar or misspellings. These messages supposedly represent a business or organization. Would the IRS “criminally pursue and indicate” you?
2. Attempt to gather information well beyond what would be reasonable for the request. Does the IRS really need your ATM pin?
3. You weren’t expecting the message. Not expecting an email with a strange attachment or link? Give the person a call to validate.
The next level
Most phishing is broad and consumer-based, but recent attacks have been against specific public and private institutions. “Social Engineering” is a method by which a thief will take a small piece of personal information to establish a rapport with an employee, thereby obtaining further access to sensitive systems. Consider the following phone call:
Hey, this is Bob in the IT department. Phil told me before he left on his trip to Hawaii that the Dean of Admission’s PC needs a critical security patch. If you give me your username and password, I can have this done in 5 minutes!
Other targeted attacks include similar-sounding websites that mimic the target, hacking of IT systems, or actual on-site visits from the attacker.
Utilize these tips to help protect yourself and RSCCD:
RETURN TO PAGE 1 NEXT>>
Do not click links or respond to suspicious email messages. Instead, visit the organization’s website by typing the address manually into your browser. Use the “Contact Us” feature on the website to inquire about the issue presented in the email.
Never put sensitive information in an email message. Examples include SSN, credit cards, ATM PIN, and usernames/passwords (unless part of account setup or password resets). The ITS Help Desk will never ask you for your current password.
Limit personal information exposed to the general internet. Twitter, Out of Office, and Facebook (depending on how it is configured) can expose information to the public that can be utilized to steal electronic or physical assets.
When in doubt, verify. Forward suspicious messages to the ITS Support Help Desk. Receive an unexpected call from someone outside of the District? Get a phone number and call them back.