“Be Cyber Wiser”, New Web Site for Identity Theft

June 2nd, 2015

The US Federal Trade Commission has setup a new web site at https://www.identitytheft.gov/ with great resources to help you if you feel your identity has been stolen.  This new Web Site lists critical first steps to take if your identity has been stolen.

News about data breaches at banks, stores, and agencies is an everyday occurrence now. But if your private information has been compromised, it doesn’t feel commonplace to you.

The sooner you find out, and begin damage control, the better off you’ll be. IdentityTheft.gov, a new website, offers step-by-step checklists of what to do right away, and what to do next, depending on the information that’s been stolen or exposed. It lists warning signs indicating your identity was stolen, and gives websites and phone numbers for organizations you’ll need to reach. And, it has sample letters for disputing fraudulent charges, correcting information in your credit reports, and getting business records relating to the theft.

Check out IdentityTheft.gov, bookmark it, and print out the checklists, as your first line of defense against identity theft.

“Be Cyber Wiser” : Protect Yourself during Summer Vacation

May 1st, 2015

The summer vacation season is fast approaching and for many of us that means lounging on sunny beaches, reading a book under a shade tree or hitting the road for a new adventure.  It can also mean identity theft and other crimes if we aren’t careful about our online activities and protecting our information. Cyber-crime does not take a summer vacation; we need to remain vigilant. Fortunately, by following some best practices, we can minimize the risk of becoming the next statistic.

Save the Social Media Vacation Posts until You Get Back Home

It may be tempting to post details of where and when you’ll be traveling, but don’t. By revealing such specifics, you are providing information that could be used by criminals to target your home while you’re gone. Another common scam involves compromising email accounts to contact your friends or family with requests for help, claiming that you were robbed while on vacation and need money. Sending private posts and photos during your vacation to family and friends is ok, but if you post them publicly, you increase the risk of someone using that information for malicious activities. Also, make sure your children understand what, and when, they should post regarding your vacation plans.


Do Not Use Public Computers and Public Wireless Access for Sensitive Transactions

Whether you’re entertaining the kids by streaming a video on a tablet, downloading new travel apps on your smartphone or even taking your tablet poolside, there are precautions you should take to make sure your personal information is safe.

Wi-Fi spots in airports, hotels, train stations, coffee shops, and other public places can be convenient, but they’re often not secure, and can leave you at risk. If you’re online through an unsecured network, you should be aware that individuals with malicious intent may have established a Wi-Fi network with the intent to eavesdrop on your connection. This could allow them to steal your credentials, financial information, or other sensitive and personal information. It’s also possible that they could infect your system with malware. Any free Wi-Fi should be considered to be “unsecure.” Therefore, “Be Cyber Wiser” and be cautious about the sites you visit and the information you release.

Consider turning off features on your computer or mobile devices that allow you to automatically connect to Wi-Fi. Also consider using a cellular network (3G/4G) connection, which is generally safer than a Wi-Fi connection.

Protect Your Smartphone, Laptop, or Other Portable Devices While Traveling

Don’t let your devices out of your sight. Just as your wallet contains lots of important and personal information that you wouldn’t want to lose, so too do your portable devices. Never store your laptop as checked luggage. If there is a room safe available at your hotel, use it to securely store your devices.

Make sure your smart phone, laptop and other mobile devices have the latest software installed. Your device manufacturer should notify you whenever an update is available.

Use of security software is a mustMany of these programs can also locate a missing or stolen phone, tablet or other similar device. These programs will back up your data and can even remotely wipe all data from the phone if it is reported stolen. Make sure you have strong passwords, and encryption where possible, on these devices in case they are lost or stolen.

“Be Cyber Wiser”: Be Careful of Tax Season Scams

February 10th, 2015

“Be Cyber Wiser”: Be Careful of Tax Season Scams

FAU Students, Faculty and Staff who have already filed their taxes this season can still be vulnerable to tax-related scams.  Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that you previously filed.

If you haven’t file yet then please read the IRS and CERT recently released Caution Users on Scams for 2015, https://www.us-cert.gov/ncas/tips/ST15-001, which highlights common scam tactics, including those that occur online as PHISHING and offline, such as criminals who impersonate legitimate charities or agencies and place phone calls to victims to solicit money.  Do not give out Personal Information to callers who are asking you to verify personal or sensitive information over the phone.

Vigilance about the security of your online activities is required every day, but is even more important during this time of year.  Tax season can be stressful for a lot of people, and cyber criminals exploit this through targeted phishing attacks that try to scare you or entice you into clicking on a link or opening an attachment.

Here are some basic precautions that will minimize risk include the following:

1.         Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.

2.         Do not send personal or sensitive information in an email. Criminals may intercept the information.

3.         Do not open any attachments or click on links contained in suspicious emails. Common scams push tax rebates, offer you a great deal on tax preparation or offer a free tax calculator tool.   If you did not solicit the information, it’s likely a scam.

4.         Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or on an advertisement.  The website you land on may look just like the real site, but it may be a well-crafted fake.

5.         Be wise about Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the Internet and are not necessarily secure against eavesdropping by hackers.

6.         Secure your computer. Make sure your computer has the proper security controls, including up-to-date anti-virus and anti-spyware software, and a firewall.

7.         If your identity has been stolen follow steps given by the FTC at http://www.consumer.ftc.gov/features/feature-0014-identity-theft

“Be Cyber Wiser” and “Think before you Click”.  For more Cyber Security blogs go to http://wordpress.fau.edu/security or visit our Cyber Security Awareness web site at http://www.fau.edu/security 

“Be Cyber Wiser”, Protect Your Mobile Devices

January 8th, 2015

Many of you have received new mobile Phones and Tablets over the past holidays. We need to ensure that we take our mobile devices security just as seriously as we take our desktop security.  First we need to lock the devices with a security code or password as a first line of defense.  Also, enable multifactor authentication like the Fingerprint scanner on some of the latest devices.   Next, never ever “jail break” your mobile devices.  Jail breaking is when you circumvent the manufacturer’s setup and its installed operating system (OS).   Don’t share your mobile device or its password with others.

Some common ways that mobile devices get infected with Malware is from the download of applications.  You can easily install an infected application without knowing it.   The Google Play and Apple stores aren’t perfect but at least some vetting takes place before apps are placed in these stores.  Here are some other measures you can take to help protect your mobile devices:

  • Back up your data by syncing your device with a computer.
  • Password protect your mobile devices.  Use PIN code or passwords.
  • Update and patch the OS and applications on your devices regularly to reduce vulnerability.
  • Enable encryption if possible to slow down the cyber thieves.
  • Turn off Bluetooth and Wi-Fi when you don’t need it.
  • Don’t store sensitive work-related information on your private mobile devices.
  • Stick with the conventional Apps from legitimate stores like Google Play and Apple Store.
  • Pay attention to what you install.
  • Avoid opening links from sources that you don’t recognize or that appear suspicious.
  • Use WI-FI networks that are encrypted like WPA2 encryption.
  • Reduce app clutter; if you don’t use it delete it!
  • If you lose your device report it immediately to your Carrier.

“Be Cyber Wiser” and keep your mobile devices safe.

“Be Cyber Wiser”: Stay Safe Online During the Holidays

November 26th, 2014

“Be Cyber Wiser”: Stay Safe Online During the Holidays

During this Holiday season it is the busiest time for Cyber Criminals pushing Malware, Phishing and Spam.  Be careful of online offers that sound too good to be true.  If it sounds too good to be true it may be a scam or phishing attack to steal your money or personal information.  When it comes to avoiding malware, spam and Phishing attacks, there are a few tips to help you to be safe and smart online:

1.      Tune up your defenses.

Before you shop online, make sure you have your systems security (firewall, anti-virus and anti-spyware) installed and updated with the most current updates.  Also, keep your operating system and web browser up-to-date with the latest versions and updates.

2.    Check sellers out.

Conduct independent research before you buy online from a seller you have never done business with. Some attackers try to trick you by creating malicious Web sites that appear legitimate, so you should verify the site before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. Search for merchant reviews.  Never, ever give out personal or credit card information on web sites you are not sure of.  Think before you “Click”

3.   Make sure the site is legitimate.

Before you enter your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock on your Web browser’s address bar or a URL address that begins with shttp or https.  This indicates that the purchase site is encrypted or secured.  Never use unsecured wireless networks like the ones in hotels, airports, cyber cafes, etc. to make an online purchase.  Think before you “Click”.

4.   Use Good Passwords.

Don’t use the same passwords for email, social networking and online accounts.    Use special Passwords for Online banking and other financial transactions.  Never, ever give out your ID and Password to anyone.  Create passwords that are at least 8 Characters long (the longer the better) that are made up of Upper and lower characters, numbers and special characters.  Don’t use any dictionary words for passwords.  Finally change your password at a minimum every 180 days.

NCSAM 2014 Quiz

October 23rd, 2014

NCSAM 2014 Quiz

Please test your knowledge by taking the quiz below:

  1. 1.      A message pops up on your screen flashing “Warning! Your system requires an immediate antivirus scan” It offers a free scan.  What should you do?
    1. Click “No Thanks” on the pop up screen.
    2. Click “OK” to run the free scan.
    3. On the PC Hold down CTL-ALT-DEL and start Task Manager to End the Task.


  1. 2.      The Telephone Rings and a voice comes on and says “This is a Microsoft Certified Engineer, Your machine may be infected.  We offer a free service to scan your machine for viruses for you.”  What should you do?
    1.  Say “OK” let’s do the free scan
    2. Hang UP
    3. Go Online to the website provided and download the scan software.


  1. 3.      Your wallet is lost or stolen.  Should you file a police report?
    1. No.  The police are useless and are unlikely to have time to investigate your report.
    2. Yes, this is important to help clear up any Identity Theft Claims.
    3. Yes, But contact the bank and credit card companies first before filing the Police Report.


  1. 4.      After filing your tax return, you get an email from the IRS asking for more personal information.  There is a Link in the email to go to the web and provide the information.
    1. Click on the link in the email and provide the information.
    2. Provide the requested information by doing a reply to the email.
    3. Ignore the email and Delete it!


  1. c, Clicking anywhere on the screen can get your computer infected with Malware.
  2. b, This is a scam and they want you to download the software to infect your machine with a real virus.
  3. c,  Always call the Bank and Credit Card companies first to report the theft or lost.  They can stop suspicious activity on your accounts.
  4. c,  The IRS will never ask for information from you in an email.

“Be Cyber Wiser”, Secure File Sharing

September 22nd, 2014

What File sharing or Cloud Drive applications do you use?  Regardless of whether you use a Tablet, Mac or a PC, FAU uses a Web based application that is used to securely share files across campus and externally.  Filelocker is a secure area used for exchanging files.  Email exchange of files is not secure and has inherent limitations to the file size that can be sent attached to the email.   Don’t use email file sharing.  File Locker is secure and it gives you the ability to share Large Files.  With Filelocker your files are stored up to 30 days and the files are all encrypted.  To login to the Filelocker application here at FAU point your browser to https://filelocker.fau.edu

“Be Cyber Wiser”, Change Your Password Frequently

August 11th, 2014

You all have probably seen recent news of once again a major cyber-security breach of ID’s and Passwords by Russian Cyber Criminals.   Now may be a good time to change your Passwords.

Your password is more than just a key to your computer or online account. It is a gateway to all of your important information. If your password falls into the wrong hands, a cybercriminal can impersonate you online, access your bank or credit card accounts, sign your name to online service agreements or contracts, engage in financial transactions, or change your account information.

Unfortunately, many users are still not taking the necessary steps to protect their accounts by using strong passwords. Far too often, passwords with simple combinations such as 123456, password, QWERTY, or abc123 are being used. In other cases, people simply use their pet’s name or their birth date — information that can be easily found online, such as on a Facebook or genealogy page.

How to Create Secure Passwords:

Cyber criminals have developed programs that automate the ability to guess your passwords. To protect yourself, passwords must be difficult for others to guess but at the same time easy for you to remember. Here are some recommendations:

  • Passwords should have at least eight characters and include upper case (capital letters) and lowercase letters, numbers and symbols.
  • Avoid words and proper names, regardless of language. Hackers use programs that try every word in a dictionary.
  • Don’t use personal information — name, children’s name, birthdates, etc. that someone might already know or easily obtain.
  • Change passwords regularly — at least every 90 days. The University Maximum is 365 days after that the system will automatically force you to change your password.  If you believe your FAU or one of your personal  or an online account you access, has been compromised change your passwords immediately.
  • Use different passwords for each account you have.
  • Make sure your FAU passwords are different from your personal passwords.


Protecting Your Passwords:

  • DO NOT write down your passwords. If you need to remember your passwords, write down a hint to a password, but never the password itself. Store the hint in a safe place away from your computer.
  • Do not share your password with anyone – attackers may try to trick you via phone calls or email messages into sharing your password
  • Do not reveal your password on surveys, questionnaires or security forms.
  • Decline the “Remember Password” feature in browsers.
  • Always remember to logout when using a public computer.

“Be Cyber Wiser”, Data in the Cloud

July 29th, 2014

Many of FAU Students and Faculty/Staff are now using Cloud Storage for Personal use.   However, some of these Cloud storage provider’s terms of service actually do not comply with legal requirements in place by the University.  Currently, here at FAU Google Drive (as part of our Google Apps for Education) can be used  as we have a valid agreement with Google.  For more information on which Cloud Storage providers can be used at FAU please contact the OIT Information Security Office.

What is Cloud Storage all about?  Well, Cloud Storage is a service provider offering called DaaS - Data as a Service.  The Service provider will give you access to your files from an Application or Web Browser and you can move the files from/to the Cloud via the Internet.   Current popular free Cloud Storage providers are:

Microsoft OneDrive (formerly SkyDrive) - 7GB free cloud storage and integrated with all Outlook.com users

Google Drive  -  5GB free cloud storage and integrated with FAU Owl Apps and other Google Users

Apple iCloud  -  5GB free cloud storage and integrated with Apple iPod, iPhone, iPad, etc. users

Dropbox  -  2GB free cloud storage and integrated with apps for the MS Windows desktop, iOS and android devices

Personally, I would never put anything personal or private in the Cloud without encrypting it first.  I suggest that you protect your Personal Identifiable Information (PII) and don’t post it or any other sensitive information in these Cloud Storage environments.  Cloud Storage services are great for sharing pictures, music and normal documents but I would never store anything in the Cloud that could be used by the cyber criminals.

For more Cyber Security Blogs go to http://wordpress.fau.edu/security or visit our Cybersecurity site at http://www.fau.edu/security for more information.

“Be Cyber Wiser”, Lock Your Mobile Devices

June 25th, 2014

Are iOS devices more secure than Android devices?  Recent studies suggest that iOS may not be as safe given some of the Lock-Screen vulnerabilities that have been discovered in iOS.  However, all mobile devices can be compromised if the cyber attacker gets your password to unlock the device.  We need to make sure that we take our mobile device security just as seriously as our desktop security

Here are some common measures you can take to help protect your mobile devices:

  • Password protect your mobile devices.  Use PIN code or passwords or fingerprint reader if available.
  • Enable Remote locks and “Find my Phone” capabilities on your Mobile Device
  • Update the iOS and Android devices as soon as security patches come out to reduce vulnerability.
  • Don’t store sensitive work-related information on your private mobile devices.
  • Stick with acquiring conventional Apps from legitimate stores like Apple Store, Google Play and Microsoft Store.
  • Delete Mobile Applications you don’t use; if you don’t use it delete it!