CSC86RNewsletter

First page Previous page 4-5 Next page Last page

Understanding Computer Security

Understanding Computer Security

Help Protect the Capitol Network from Cyber Criminals

Phishing: Don’t Get Reeled In!

The following preventative strategies are intended to help users proactively recognize emails attempting to deceive users into “clicking the link” or opening attachments to seemingly real websites: • Never click on links in emails. If you do think the email is legitimate, whether from a third-party retailer, bank, or trusted sender, go to the site and log on directly. If it is actually valid, whatever notification or service offering was referenced in the email will be available via regular logon. • Be extremely careful when opening email attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them. • Do not give out personal information over the phone or in an email unless you are completely sure it is safe to. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you with their name and a call-back number. Just because they may have some of your information does not mean they are legitimate! Ask your IT Support Center if you have any doubts. They will refer your question to the Security Support Team. Other practical tips to protect yourself from cyberattacks: • Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

Phishing is when hackers send malicious emails in order to steal your personal details (e.g., your computer or banking passwords).

Watch out for these common email phishing red flags and don’t get caught!

• Forceful or faked urgency to get you to respond before you have time to think about it.

• Offer a prize or reward to tempt you to click on a link or attachment.

• Ask you to provide your password or other confidential data for security purposes.

• Request that you click on a link to change your password.

• Website addresses that are similar to, but not the same as the real thing (e.g., amazonn.com vs amazon.com OR twiter.com vs twitter.com).

• Use masked links that look like a trusted website address but take you somewhere else when you click on them.

• Use a password manager, which will assist you in securing strong passwords in a safe place. KeePass is a free and open-source password manager ( https://keepass.info/ ). Their software has been audited and is safe to use.

TIP! Hovering your mouse cursor over the link should display the actual underlying address.

• Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

• Emails that appear to come from a management, accounting, or human resources employee at your organization.

• Pay close attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (e.g., .com instead of .net) to deceive unsuspecting computer users.

• Poor spelling or unusual grammar.

• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

IMPORTANT: If you suspect you’ve been sent a phishing email, please preserve it and contact the IT Support Center immediately. They will forward it to the Security Support Group for analysis. Please do not hesitate to report these types of emails. They provide the Security Support Group with valuable information that assists them in defending the Capitol network from hackers.

• Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or “crack” them.

Although intentionally misspelling a word (e.g., “daytt” instead of “date”) may offer some protection, an even better method is to rely on a series of words and memory techniques, or mnemonics, to help you decode it. EXAMPLE: Instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and uppercase letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and upper case letters. Change the same example we used above to “Il!2pBb.” and see how much more complicated it has become just by adding numbers and special characters.

4

5

CSC 86(R) Newsletter

CSC 86(R) Newsletter

Made with FlippingBook flipbook maker