“Be Cyber Wiser”: Top 5 Holiday Scams

November 17th, 2015

Here are the top 5 Holiday Scams reported by KnowBe4 a security firm with tips on how to not BITE on theses scams.

1. Black Friday/Cyber Monday Specials

This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a “special offer” is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.

2. Complimentary Vouchers or Gift Cards

A popular holiday scam is big discounts on gift cards. Don’t fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and “Think Before You Click” on offers or attachments with any gift cards or vouchers!

3. Bogus Shipping Notices From UPS and FedEx

You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all your files hostage until you pay 500 dollars in ransom.

4. Holiday Refund Scams 

These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there’s a “wrong transaction” and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? if the debit card gets compromised, the bad guys can empty your bank account quickly.

5. Phishing on the Dark Side

A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!

BONUS TIP: Never use an insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home.

(If you are a KnowBe4 customer, we suggest you send the ready-made “Star Wars Tickets” template to all your users to inoculate them against this particular attack, it’s available in the Current Events campaign).

“Be Cyber Wiser”: Stay Safe Online During the Holidays

November 16th, 2015

During this Holiday season it is the busiest time for Cyber Criminals pushing Malware, Phishing and Spam.  Be careful of online offers that sound too good to be true.  If it sounds too good to be true it may be a scam or phishing attack to steal your money or personal information.  When it comes to avoiding malware, spam and Phishing attacks, there are a few tips to help you to be safe and smart online:

1.      Tune up your defenses.

Before you shop online, make sure you have your systems security (firewall, anti-virus and anti-spyware) installed and updated with the most current updates.  Also, keep your operating system and web browser up-to-date with the latest versions and updates.

2.    Check sellers out.

Conduct independent research before you buy online from a seller you have never done business with. Some attackers try to trick you by creating malicious Web sites that appear legitimate, so you should verify the site before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. Search for merchant reviews.  Never, ever give out personal or credit card information on web sites you are not sure of.  Think before you “Click”

3.   Make sure the site is legitimate.

Before you enter your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock on your Web browser’s address bar or a URL address that begins with shttp or https.  This indicates that the purchase site is encrypted or secured.  Never use unsecured wireless networks like the ones in hotels, airports, cyber cafes, etc. to make an online purchase.  Think before you “Click”.

4.   Use Good Passwords.

Don’t use the same passwords for email, social networking and online accounts.    Use special Passwords for Online banking and other financial Transactions.  Never, ever give out your ID and Password to anyone.  Create passwords that are at least 8 Characters long (the longer the better) that are made up of Upper and lower characters, numbers and special characters.  Don’t use names or any dictionary words for passwords.  Finally change your password at a minimum every 180 days.

For more Cyber Security Blogs point your browser to http://wordpress.fau.edu/security or visit our web site at http://www.fau.edu/security for the latest security news and alerts.

“Be Cyber Wiser”, Staying Protected While Always Connected

October 16th, 2015


In honor of National Cyber Security Awareness Month (NCSAM), these tips from the Department of Homeland Security (DHS) encourages you to take these simple steps when using your mobile device to protect yourself:

  • Use strong passwords. Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords.
  • Keep software up to date. Install updates for apps and your device’s operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities.
  • Disable remote connectivity. Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use.
  • Guard your mobile device. To prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it is not in use.
  • Be careful what you post and when. Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.

To READ MORE of Cybersecurity blogs go to http://wordpress.fau.edu/security  For more Cybersecurity information please go to our web site at www.fau.edu/security or contact Larry Thomas, lthomas@fau.edu, 561-297-3259

National Cyber Security Awareness Month 2015 Has Begun

October 5th, 2015

October 1 marks the first day of the 12th annual National Cyber Security Awareness Month (NCSAM) — a collaborative effort among government organizations, businesses of all sizes, educational institutions, nonprofits, and consumers to ensure everyone has the resources they need to be safe online. Under leadership from the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), NCSAM focuses on “Our Shared Responsibility” to promote a safer, more secure, and more trusted Internet.

Each week throughout October NCSA will focus on a different cybersecurity issue or theme. We encourage individuals, communities, and organizations to engage with the themes most relevant to them and join the global effort to spread cybersecurity and online safety awareness.

2015 Themes

October 1–2

Five Years of STOP. THINK. CONNECT.: Best Practices for All Digital Citizens

NCSAM will launch with a focus on making STOP. THINK. CONNECT. a guiding principle to help us have safer, more secure digital lives.

October 5–9

Creating a Culture of Cybersecurity at Work

All businesses face cybersecurity challenges. This week we will encourage businesses to proactively establish cultures of cybersecurity through employee education, risk management, planning, and tools.

October 12–16

Connected Communities and Families: Staying Protected While We Are Always Connected

Cybersecurity means staying protected in all of the ways we connect. This week we will share ways you can protect yourself and your family and what to do if you are a victim of a breach or cybercrime.

October 19–23

Your Evolving Digital Life

We are transitioning from an Internet of individuals connecting to technology to an Internet in which everything is connected. Securing this emerging Internet of countless devices is a challenge. This week will highlight how you can protect your evolving digital life.

October 26–30

Building the Next Generation of Cyber Professionals

One of the greatest risks to cybersecurity is a shortage of professionals to protect the networks we create. This week we will provide information about cybersecurity careers and showcase the need for ongoing Internet safety and security education to promote cyber literacy for digital citizens.

“Be Cyber Wiser”, Stay Safe Online

September 2nd, 2015

The Cyber bad guys are out there to get you!  The new School year has started so we should be very, very careful of Cyber Criminals pushing out Malware, PHISHING and Spam here at FAU.  Be careful of online offers that sound too good to be true.  If it sounds to good to be true it may be a scam or PHISHING attack to steal your personal information.   Also be careful of emails that appear to be from FedEx, UPS or USPS with attachments.  The attachments could be malware to infect your systems.   Here are a few more tips to help you to be safe and smart online:

1.      Update your systems defenses.

Make sure you have your systems security software installed and updated with the most current updates.  Also, keep your operating system and web browser up-to-date with the latest versions and security updates.

2.    Never give out Personal Information in Emails.

If you receive an email asking for personal information it is probably a Scam or PHISHING attack.  PHISHING emails sometimes look like they come from a legitimate source like the Bank, Credit Card Company, IRS, etc.  Don’t trust them.  Legitimate companies will never ask you to verify information like your ID or passwords through email.   Also, never, ever give out personal or credit card information on web sites you are not sure of.  ”Be Cyber Wiser” Think before you “Click”.

3.   Make sure the site is legitimate.

Before you enter your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock on your Web browser’s address bar or a URL address that begins with shttp or https.  This indicates that the purchase site is encrypted or secured.

Finally, Never ever use unsecured wireless networks like the ones in hotels, airports, cyber cafes, etc.  to make an online purchase or do any kind of  financial transactions. “Be Cyber Wiser” Think before you “Click“.

4.   Use Good Passwords.

Don’t use the same passwords for email, social networking and online accounts.  Have a Special Password dedicated to each.  Also, always use a special Password for Online banking and other financial transactions.   Never, ever give out your ID and Password to anyone.   Create passwords that are at least 10 Characters long or more (the longer the better) that are made up of Upper and lower characters, numbers and special characters.  Use repeating Special Characters to help mitigate brute force password attacks.  Please don’t use any dictionary words or person or pet names for passwords.  Finally change your password as often as you can or at a minimum of every 180 days.  ”Be Cyber Wiser” and use Good Passwords.

5.   Be Careful of Unsolicited Emails.

Finally, don’t trust emails from unsolicited users or sources.  FAU is constantly under attack from PHISHING and other attacks. These PHISHING emails may have links or attachments designed to steal your personal information or infect your system with Malware.  When in doubt don’t click.  ”Be Cyber Wiser” Think before you click.

“Be Cyber Wiser”: Passwords and Authentication

July 9th, 2015

Recently we have heard a lot of talk about authentication and multi-factor authentication.  Well, we usually login to systems by entering a USER-ID and a Password. This is called authentication. You are identified to the systems by your USER-ID, which remains the same, and by a Password, which you should change on a regular basis. The password that you create is associated with your USER-ID.  Your password should be complex and use upper and lowercase alpha characters, numbers, and any special characters your system allows. I make it a policy to change my password at least every 90 days. I have a calendar entry in Outlook that reminds me to change my password every 90 days.

Most systems require authentication by USER-ID and password.  However, on newer and improved systems we can use Multi-factor authentication if it is available by providing three ways of authentication: First, by supplying information we Know, such as a password or personal identification number, Next, by using something that we Have with us (smartphone, a security token or smart card), or by giving the system something we Are,  something unique to Us (What we are) like a physical part of us (our voice, our eyes, or our fingerprint).

With the release of the newer smart Phones we have the ability to do multi-factor authentication using the bio-metric Touch ID fingerprint sensor built into the smart phone home button. This used in addition to USER-ID and Password is called Multi-Factor Authentication.

Finally, lets strengthen the passwords we use for authentication.  Right now let us all  just change our passwords on a regular basis and make them as complex as possible.  Make Your password at least ten (10) characters, the longer the better, Your password should be complex and use upper and lower case alpha characters, numbers, and any special characters your system allows.Here is an example of a good password:


Notice the repeating special characters at the end.  The length is 15 Characters and all combined this can really enhance your password from being hacked.  Remember, the longer, the better, and the more complex, the better. “Be cyber wiser” and change your password(s) as frequently as possible..

“Be Cyber Wiser”, New Web Site for Identity Theft

June 2nd, 2015

The US Federal Trade Commission has setup a new web site at https://www.identitytheft.gov/ with great resources to help you if you feel your identity has been stolen.  This new Web Site lists critical first steps to take if your identity has been stolen.

News about data breaches at banks, stores, and agencies is an everyday occurrence now. But if your private information has been compromised, it doesn’t feel commonplace to you.

The sooner you find out, and begin damage control, the better off you’ll be. IdentityTheft.gov, a new website, offers step-by-step checklists of what to do right away, and what to do next, depending on the information that’s been stolen or exposed. It lists warning signs indicating your identity was stolen, and gives websites and phone numbers for organizations you’ll need to reach. And, it has sample letters for disputing fraudulent charges, correcting information in your credit reports, and getting business records relating to the theft.

Check out IdentityTheft.gov, bookmark it, and print out the checklists, as your first line of defense against identity theft.

“Be Cyber Wiser” : Protect Yourself during Summer Vacation

May 1st, 2015

The summer vacation season is fast approaching and for many of us that means lounging on sunny beaches, reading a book under a shade tree or hitting the road for a new adventure.  It can also mean identity theft and other crimes if we aren’t careful about our online activities and protecting our information. Cyber-crime does not take a summer vacation; we need to remain vigilant. Fortunately, by following some best practices, we can minimize the risk of becoming the next statistic.

Save the Social Media Vacation Posts until You Get Back Home

It may be tempting to post details of where and when you’ll be traveling, but don’t. By revealing such specifics, you are providing information that could be used by criminals to target your home while you’re gone. Another common scam involves compromising email accounts to contact your friends or family with requests for help, claiming that you were robbed while on vacation and need money. Sending private posts and photos during your vacation to family and friends is ok, but if you post them publicly, you increase the risk of someone using that information for malicious activities. Also, make sure your children understand what, and when, they should post regarding your vacation plans.


Do Not Use Public Computers and Public Wireless Access for Sensitive Transactions

Whether you’re entertaining the kids by streaming a video on a tablet, downloading new travel apps on your smartphone or even taking your tablet poolside, there are precautions you should take to make sure your personal information is safe.

Wi-Fi spots in airports, hotels, train stations, coffee shops, and other public places can be convenient, but they’re often not secure, and can leave you at risk. If you’re online through an unsecured network, you should be aware that individuals with malicious intent may have established a Wi-Fi network with the intent to eavesdrop on your connection. This could allow them to steal your credentials, financial information, or other sensitive and personal information. It’s also possible that they could infect your system with malware. Any free Wi-Fi should be considered to be “unsecure.” Therefore, “Be Cyber Wiser” and be cautious about the sites you visit and the information you release.

Consider turning off features on your computer or mobile devices that allow you to automatically connect to Wi-Fi. Also consider using a cellular network (3G/4G) connection, which is generally safer than a Wi-Fi connection.

Protect Your Smartphone, Laptop, or Other Portable Devices While Traveling

Don’t let your devices out of your sight. Just as your wallet contains lots of important and personal information that you wouldn’t want to lose, so too do your portable devices. Never store your laptop as checked luggage. If there is a room safe available at your hotel, use it to securely store your devices.

Make sure your smart phone, laptop and other mobile devices have the latest software installed. Your device manufacturer should notify you whenever an update is available.

Use of security software is a mustMany of these programs can also locate a missing or stolen phone, tablet or other similar device. These programs will back up your data and can even remotely wipe all data from the phone if it is reported stolen. Make sure you have strong passwords, and encryption where possible, on these devices in case they are lost or stolen.

“Be Cyber Wiser”: Be Careful of Tax Season Scams

February 10th, 2015

“Be Cyber Wiser”: Be Careful of Tax Season Scams

FAU Students, Faculty and Staff who have already filed their taxes this season can still be vulnerable to tax-related scams.  Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that you previously filed.

If you haven’t file yet then please read the IRS and CERT recently released Caution Users on Scams for 2015, https://www.us-cert.gov/ncas/tips/ST15-001, which highlights common scam tactics, including those that occur online as PHISHING and offline, such as criminals who impersonate legitimate charities or agencies and place phone calls to victims to solicit money.  Do not give out Personal Information to callers who are asking you to verify personal or sensitive information over the phone.

Vigilance about the security of your online activities is required every day, but is even more important during this time of year.  Tax season can be stressful for a lot of people, and cyber criminals exploit this through targeted phishing attacks that try to scare you or entice you into clicking on a link or opening an attachment.

Here are some basic precautions that will minimize risk include the following:

1.         Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.

2.         Do not send personal or sensitive information in an email. Criminals may intercept the information.

3.         Do not open any attachments or click on links contained in suspicious emails. Common scams push tax rebates, offer you a great deal on tax preparation or offer a free tax calculator tool.   If you did not solicit the information, it’s likely a scam.

4.         Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or on an advertisement.  The website you land on may look just like the real site, but it may be a well-crafted fake.

5.         Be wise about Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the Internet and are not necessarily secure against eavesdropping by hackers.

6.         Secure your computer. Make sure your computer has the proper security controls, including up-to-date anti-virus and anti-spyware software, and a firewall.

7.         If your identity has been stolen follow steps given by the FTC at http://www.consumer.ftc.gov/features/feature-0014-identity-theft

“Be Cyber Wiser” and “Think before you Click”.  For more Cyber Security blogs go to http://wordpress.fau.edu/security or visit our Cyber Security Awareness web site at http://www.fau.edu/security 

“Be Cyber Wiser”, Protect Your Mobile Devices

January 8th, 2015

Many of you have received new mobile Phones and Tablets over the past holidays. We need to ensure that we take our mobile devices security just as seriously as we take our desktop security.  First we need to lock the devices with a security code or password as a first line of defense.  Also, enable multifactor authentication like the Fingerprint scanner on some of the latest devices.   Next, never ever “jail break” your mobile devices.  Jail breaking is when you circumvent the manufacturer’s setup and its installed operating system (OS).   Don’t share your mobile device or its password with others.

Some common ways that mobile devices get infected with Malware is from the download of applications.  You can easily install an infected application without knowing it.   The Google Play and Apple stores aren’t perfect but at least some vetting takes place before apps are placed in these stores.  Here are some other measures you can take to help protect your mobile devices:

  • Back up your data by syncing your device with a computer.
  • Password protect your mobile devices.  Use PIN code or passwords.
  • Update and patch the OS and applications on your devices regularly to reduce vulnerability.
  • Enable encryption if possible to slow down the cyber thieves.
  • Turn off Bluetooth and Wi-Fi when you don’t need it.
  • Don’t store sensitive work-related information on your private mobile devices.
  • Stick with the conventional Apps from legitimate stores like Google Play and Apple Store.
  • Pay attention to what you install.
  • Avoid opening links from sources that you don’t recognize or that appear suspicious.
  • Use WI-FI networks that are encrypted like WPA2 encryption.
  • Reduce app clutter; if you don’t use it delete it!
  • If you lose your device report it immediately to your Carrier.

“Be Cyber Wiser” and keep your mobile devices safe.