Information Security Bulletins
ITS posts bulletins to advise the campus about information security news. To have alerts about scams, viruses, spam, and system outages and maintenance, e-mailed to you, subscribe to ITS Alerts.
Caller ID Spoof
Can you always trust your caller ID display, or the voice on the phone? A recent story on the CBS Web site makes you think twice. New technology makes it easier than ever for anyone spoof a voice and caller IDs. Be cautious. Don’t give your personal information to unsolicited telephone callers. If you need to contact your bank, credit union, or credit card company, initiate the call yourself. Read more about spoofed caller IDs and voices at: http://www.cbsnews.com/stories/2006/03/01/tech/main1361561.shtml.
Computer Virus Exploits Virginia Tech Shootings
According to VNUNet.com, hackers have already begun to exploit the tragic shootings at Virginia Tech University. An e-mail message containing a virus that directs readers to a Brazilian Web site where camera-phone footage of the attack is posted. Clicking on the embedded link will start downloading a Trojan-horse program that “attempts to steal user names and passwords.” If you receive an e-mail message like this, immediately delete it -- do not open it and do not click on the link.
Credit Card Safety
The next time you use your credit card, check the receipt carefully. Does it display your full credit card number, expiration date, and your name? Now all a thief needs before using your information is your address and phone number. If you’re listed in a telephone or online directory, the thief can now get busy using your information to make purchases or pay for downloads on the Internet. So, the next time you make a purchase using your charge card, make sure the receipt does not contain too much of your information. Cross out all credit card numbers but the last four, and cross out the expiration date. Don’t leave your credit card or receipt on a table or counter – make sure only your server or cashier picks it up. Try to keep your card in sight so that no one can run your card through a portable card reader. These precautions may mean the difference between safe shopping and credit card theft.
CSULA Student a Security Video Contest Winner
Secure Yourself, by Yarmiar Rodas, a Cal State L.A. student, won Honorable Mention in the 2007 Computer Security Awareness Video Contest, “2 Minute or Less” program category. The contest, conducted by the EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and ResearchChannel, sought to heighten information security awareness at colleges and universities by focusing on actions students can take to protect their personal information and computers. See Secure Yourself and other winning entries online at http://www.researchchannel.org/securityvideo2007/.
Jury Duty Scam
A variation on an old scam has victims giving their personal information to identity thieves. This time the scammer says they are calling from court only to verify your information for upcoming jury duty. The caller wants your Social Security number, date of birth, address, mother’s maiden name, and other personal information. How can you tell if the call is legitimate? If the caller wants your personal information, it’s probably a scam. Courts do not make a practice of calling potential jurors by phone. Verification is done by mail or in person when a juror reports for jury duty. If you get a phone call asking for your personal information, the best course of action is to hang up. Never give your personal information to unsolicited callers.
Laptop Theft More Likely Near Hotspots
Where are thieves most likely to find laptops? Near wireless hotspots, of course. With wireless connections becoming more prevalent in cafes and other public areas, laptops are easy prey. Be aware and be cautious. Keep your laptop protected and secure at all times. Never leave your laptop unattended. Don’t ask strangers to watch it for you. And, position your laptop so that it would be difficult for someone to snatch it.
New RIAA Anti-Piracy Initiative Targets Colleges
February 18, 2007 — The Recording Industry Association of America (RIAA) announced that it launched a new anti-piracy initiative targeting college campuses nationwide. Despite previous successful efforts in deterring music piracy theft, illegal downloads by students remained “extensive and disproportionately problematic.” Under the new initiative, RIAA will give greater attention to illegal downloading Web sites and will give students an opportunity to settle piracy issues before lawsuits are filed against them. Today RIAA mailed 400 pre-litigation settlement letters to 13 universities. It plans to pursue enforcement of “hundreds” of similar cases on university campuses each month. More information on this initiative is posted on the RIAA Web site at: http://www.riaa.com/news/.
Sinking a Music Pirate
Article by Mickey Borchardt, a senior at the University of North Carolina at Charlotte. Reprinted with permission of the author.
When the FBI came calling, all those 'free' songs suddenly came with a big price tag. I thought that anything would be better than my early morning Spanish class, but I realized I was wrong on that day two years ago when a campus police officer pulled me out of class to inform me that an FBI agent was waiting for me at my dormitory room. (Read the full article.)
Spear Phishing
Campuses have been heavily hit by what is called “spear phishing” e-mail messages. Spear phishing differs from phishing in that it targets a specific department, division or college, seeking unauthorized access to protected information, and allegedly comes from IT support staff or other professionals in a position of authority from within that department, division or college. As with phishing, the email will attempt to trick users into divulging personal or financial information or credentials.
Information Technology Services does not send unsolicited email to users requesting users to give their UserID and Password or follow a web link to install software or change their password. When in doubt, users should confirm by reporting the receipt of an e-mail message to the ITS Help Desk.
If you have received such a message, do not respond. If you have received and responded to an unsolicited message, immediately contact the ITS Help Desk at 323-343-6170.
Spoofed Microsoft Security Advisory
Frank Washkuch Jr. posted an article in SC Magazine on Jun 11 2007 that warns of faked Microsoft security advisory e-mailed by scammers. Read the full story at: (http://www.scmagazine.com/us/news/article/663626/beware-fake-microsoft-security-advisories-say-researchers/) A link in the e-mail message supposedly points to a patch, but it actually points to “. . . Agent.avk, is a malware-downloader that can also spy on user activity.” The best protection: never click on links to patches in unsolicited e-mail messages. Even if the message appears to be forwarded to you by a friend, don’t click on the link. Go to the vendor’s official Web site to download patches and updates yourself.
What's in Your Automatic Out-of-Office Reply?
An automatic out-of-office reply lets anyone sending you e-mail messages – that includes spammers – that you’re away from the office, when you’ll be back, and any other information that you care to add to your response message. Remember, “automatic” means your reply goes to all senders. Think twice about saying you are out of town or on vacation. If your residence address is listed in a local telephone directory, it easily can be looked up by anyone who now knows the dates you’ll be gone. The same is true for your office location. The online Campus Directory lists your office room number and building. So, be sure your office and computer are secured before turning on your automatic out-of-office reply.