September: Access Control - Rudy Bar the Door

Access Control: Rudy Bar the Door

The derivation of the expression “Katie, bar the door” is uncertain, but the meaning is clear - take precautions before trouble arrives on your doorstep. This archaic admonition is apt for defending our many digital doors, too. Shady characters can come calling in our email, texts or phone via phishing, SMSishing or vishing (a veritable Dr. Seuss book of nefariously-named knocks).

Complicated hacking cartoonCartoon explaining hacking is as simple as a phone call

What are these unwelcome visitors after? Data. Information they can turn into cash directly (like login credentials to access financial accounts or credit card numbers) or indirectly (like details used for subterfuge convincing us to hand over money).

Can we really “bar the door” to our personal and confidential data? Aren’t those hackers super-powered cyber-criminals, able to crack the toughest of locks? Actually, no. Like most casual criminals, hackers prefer the easy route. They’re looking for the house with the garage door up, the unlocked car, the unchained bike.

Here are some easy ways to bar the door to opportunistic hackers:

  • Is 2FA offered for a service you use? Use it! We can’t emphasize this one enough. 2FA is the deadbolt to your front door. If your key/password gets swiped, 2FA provides that extra, uncrackable defense for your account. This website categorizes popular services that offer 2FA - take a look!
  • Are there privacy setting you haven’t reviewed in awhile? Update them! Especially with social media, publicly-viewable content could provide fodder for scam artists trying to convince you they’re legit. If it doesn’t need to be public, lock it down. UT provides this resource for managing your social media privacy settings.
  • Is your home wi-fi password-protected? Check it! Remember, the default passwords for wi-fi devices (and all those gadgets that hook to it) are readily available online, so make sure you’ve changed them to something unique.

Internet of ransomware things

Phish Commish Says: Would You Know if Your Email Was Hacked?

We’re getting pretty good at scenting the signs of a phishy email. But, if one stinky click landed you in a scammer’s phish-bowl, how would you know?

This summer, the cybersecurity company Impervia explored that very question by maintaining almost a hundred fake accounts and leaking the passwords online for hackers to encounter. Their experiment showed criminals “first and foremost are looking for sensitive information, such as passwords and credit cards numbers”. No surprise there, right?

Helpful for all us with real accounts, though, the Impervia team identified “Three Telltale Signs a Hacker Has Been in Your Account” (because, as it turns out, over 80% of those lazy hackers don’t bother covering their tracks).

Telltale Signs Your Email Has Been Hacked:

  1. Suspicious sign-in email alerts in your inbox or trash
  2. Messages marked as read that you didn’t read
  3. Sent items you didn’t send
  4. Delivery failure notification messages

If you see a sign (and are we the only ones who hear this when we read that?), change your password immediately and keep an eye on your other online accounts for potential cross-compromise.

That's not a good sign image

Scam of the Month: Potential Hurricane Harvey Scams

Whenever disaster strikes, there will be unscrupulous people looking to capitalize on it. The recent flooding in Texas is, unfortunately, no exception. Both and the Department of Homeland Security caution against phishing scams that may play on our sympathy for the victims of Hurricane Harvey.

The DHS recommends the following precautions:

  • Review the Federal Trade Commission's information on Wise Giving in the Wake of Hurricane Harvey.
  • Do not follow unsolicited web links in email messages or social media posts.
  • Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Pop Quiz!

Why is phishing spelled with a “ph”?
  1. Wayne B. Hacker, a professor of criminology at Trout College in Wisconsin, coined the term in 1995, referring to phone scam fishing techniques being used in emails. He borrowed the “ph” from phone just for phun.
  2. The “ph” in phishing comes from the word phony. Fraudsters who prey on email users with bait and switch scams became known as phishers.
  3. Some of the earliest phone hackers were known as phreaks. The “ph” spelling was used to associate phishing scams with underground communities of phreaks and hackers.

Reply with the correct answer and you’ll win (you guessed it!) something orange, emblazoned with a “Becoming Cyber-Mindful” logo.

Descartes' pop quiz cartoon

Reading Room

A quick heads-up - As we approach the last few months of 2017 (already?!), we’re looking for ways to provide optional safe computing info after our campaign (and calendar) comes to a close. Stay tuned for news about staying in the cyber-mindful loop come 2018!


Information Technologies (UDit)

300 College Park
Dayton, Ohio 45469