Posts Tagged ‘id theft’

Techie Tip of the Week: It’s Cyber Awareness Month – Be Safe Online!

Friday, October 19th, 2012

In honor of national cyber security awareness month, this week we’d like to point out some of things you can do to make your online experience safer!

From the National Cyber Security Alliance, here are the top 31 security tips. One for each day of the month!

Techie Tip of the Week: Beware of Phishing!

Friday, March 16th, 2012

Spammers, hackers, and other online “evil-doers” often try to convince you to give up private, important info — like your bank account, credit card, password, or other secret information.

To help avoid getting caught in a so-called phishing attempt, pay attention to these tips from Stanford’s Secrure Computing site (

Vigilance is the only defense against social engineering. Look for these markers to know you’re getting ready to divulge too much:

  • “Here’s your big chance to play the new fantastic version of the [xxx] game!” The link, of course, goes somewhere where they will extract some private information (real name? a password that might work somewhere else? your birthdate in order to prove you are ‘old enough’ to play, etc.). This really is the #1 rule: Avoid clicking links people send you instead of using a search engine to find the proper link.
  • Anything that sounds too good to be true probably is. It is unlikely that you have won the Irish Sweepstakes, even if you elect to send in a $1,000 security payment.
  • Any time you get a solicitation in email that you did not request – even from a trusted friend – should be discarded immediately. No reputable company works this way.
  • Email with misspelled, mispunctuated, or bizarrely formatted text is almost surely a scam.
  • If something feels like it requires action, confirm via telephone with someone you know (or at least can verify, e.g., by calling the corporate headquarters) before you send money. A recent scam asks for money because your best friend (or aunt or grandmother or …) is caught in Europe (or some faraway place) and can’t return until they pay bail, or a fee, or some other money-requirement. You, the trustworthy friend or relative can help them! Call them at home to make sure they’re not there before sending money.
  • Any time you are getting ready to feel good about giving away some money or information, think twice: Why am I really doing this? Do I know who is on the other end of my bequest? “Hey, John, please remind me of the combination to get into the machine room.” Who is really asking?
  • “Please come back to FaceBook!” The link, of course, goes to a FaceBook look-alike which presumably reaps your name and password. Avoid clicking links people send you instead of using a search engine to find the proper link.
  • “Please call this number to verify [xxx].” You’ll get a recording asking you to leave all sorts of useful information. Don’t even think of calling telephone numbers you can’t verify (perhaps by checking a phone book or institutional phone list) sent to you unsolicited in email.
    Keywords to avoid: verify, account, won, lottery, respond [now, quickly], or you will suffer [some horrible thing] See these? Click delete.
  • Vishing: These same pitches and scams work in airports, for panhandlers, and all sorts of non-computer scammers, too, by the way. They even work when people call you on the phone! “Hey, Jill, this is Ralph over in accounting. I’ve forgotten [xxx], can you help me out?” Look up their number and call them back.
  • SMSiShing: Same idea for text messages are you phone. Don’t believe a bank will text you; call them on an independently verified number.

Techie Tip of the Week — Packet Sniffers

Friday, May 20th, 2011

Last week we talked about TCP/IP and how when data travels across the Internet, that it “hops” from node to node in little pieces called packets.

Be aware! When you do things on the Internet, if the method of transport is insecure (for example, if you are looking at a web page using http instead of https, or if you are sending email to an address that is outside of your local network), the packets that are sent may be intercepted along the route by a hacker. Your email, web page, or, perhaps more importantly, web cookie (complete with your credentials intact) may get intercepted by a maleficent user!

Special computer programs, known as Packet Sniffers or Packet Analyzers, are used to do just that. As the data flows across the network, the sniffer tool captures each packet and decodes the packet’s raw data, showing the values of various fields in the packet.

You’re particularly vulnerable to having your data intercepted if you use a wireless device over an unsecured wireless network.  WiFi networks have a range of about 100 yards; anyone within a football field of your wireless device could be reading your email or log into your Facebook, Yahoo! Mail, or other account by stealing the unencrypted cookie with your login credentials.

So, what can you do?

  1. Always use https any time you log into an account.
  2. Don’t use a service that uses https during the login part but then switches back to http after logging you in. By default, Facebook and Yahoo! Mail do this. With Facebook, you can change your settings so it will always use https (Account>Account Settings>Account Security>Secure Browsing). With Yahoo! Mail, your username and password are protected, but once you log in, it switches you back to http. Anyone with sniffer software installed could read your email as it’s being sent.
  3. Be careful when using unsecured wireless networks. Don’t log into accounts that only use http. Don’t send important emails. When using  one of the free wireless hotspots at a fast food restaurant, hotel, coffee shop, airport, or school (including Stanford), most likely it will be on an insecure wireless network. Anyone within a football field running a packet sniffer could easily steal your credentials and access your account.

Techie Tip of the Week: Help Avoid Identity Theft

Friday, March 4th, 2011

In today’s Tech Briefing, we spoke about steps you can take to help avoid becoming victim to Identity Theft.

While there’s no way to absolutely prevent  thieves from stealing your identity, here are some tips you can do to protect yourself:
(tips taken from the Stanford University Department of Public Safety —

  1. Destroy private records and statements. Destroy credit card statements, solicitations and other documents that contain any private information. Shred this paperwork using a “cross-cut” shredder so thieves can’t find your data when they rummage through your garbage. Also, don’t leave a paper trail – never leave ATM, credit card or gas station receipts behind.
  2. Secure your mail. Empty your mailbox quickly, lock it or get a P.O. box so criminals don’t have a chance to steal credit card offers. Never mail outgoing bill payments and checks from an unsecured mailbox, especially at home. They can be stolen from your mailbox and the payee’s name erased with solvents. Mail them from the post office or another secure location.
  3. Safeguard your Social Security number. Never carry your card with you, or any other card that may have your number, like a health insurance card or school issued ID. Don’t put your number on your checks; your SSN is the primary target for identity thieves because it gives them access to your credit report and bank accounts. There are very few entities that can actually demand your SSN – the Department of Motor Vehicles, for example. Also, SSNs are required for transactions involving taxes, so that means banks, brokerages, employers, and the like also have a legitimate need for your SSN.
  4. Safeguard your computer. Protect your computer from viruses and spies. Use complicated passwords; frequently update antivirus software and spyware. Surf the Web cautiously. Shop only at trustworthy web sites and be wary of obscure sites or any site you’ve never used before.
  5. Know who you’re dealing with. Whenever you are contacted, either by phone or email, by individuals identifying themselves as banks, credit card or e-commerce companies and asked for private identity or financial information, do not respond. Legitimate companies do not contact you and ask you to provide personal data such as PINs, user names and passwords or bank account information over the phone or Internet. If you think the request is legitimate, contact the company yourself by calling customer service using the number on your account statement or in the telephone book and confirm what you were told before revealing any of your personal data.
  6. Take your name off marketers’ hit lists. In addition to the national Do Not Call Registry (1-888-382-1222 or, you also can reduce credit card solicitations for five years by contacting an opt-out service run by the three major credit bureaus: (888) 5-OPT OUT or You’ll need to provide your Social Security number as an identifier.
  7. Be more defensive with personal information. Ask questions whenever anyone asks you for personal data. How will the information be used? Why must I provide this data? Ask anyone who does require your Social Security number — for instance, cell phone providers — what their privacy policy is and whether you can arrange for the organization not to share your information with anyone else.
  8. Monitor your credit report. Each year, obtain and thoroughly review your credit report from the three major credit bureaus, Equifax, Experian and TransUnion (now available annually for free by calling 877-322-8228 or at to look for suspicious activity. If you spot something, alert your card company or the creditor immediately.
  9. Review your bank and credit card statements carefully. Look for unauthorized charges or withdrawals and report them immediately. Make sure you recognize the merchants, locations and purchases listed before paying the bill. If you don’t need or use department-store or bank-issued credit cards, consider closing the accounts.
  10. Be aware of how ID thieves can get your information. They get information:
    • From businesses or other institutions by stealing records, bribing employees with access to records, hacking into computers, or rummaging through trash.
    • By posing as a landlord, employer, or someone else who may have a legal right to the information.
    • By stealing credit and debit card numbers as your card is processed by using a special information storage device in a practice known as “skimming.”
    • By stealing wallets and purses containing identification and credit or bank cards.
    • By stealing mail, including bank and credit card statements, pre-approved credit offers, new checks, or tax information.
    • By completing a “change of address form” to divert your mail to another location.