November: Online Shopping - Don’t Let it Cost You

Online Shopping - Don’t Let it Cost You

The holiday gifting season soon begins in earnest. You may (not) be surprised to hear 2016 was the first year more purchases were made online than in stores (shopping theorists may find Pew Research Center’s report on our e-commerce behaviors a scintillating read). If only all that stuff was delivered down the chimney, wrapped, on Christmas Eve. . .

But we can’t let the tryptophan food-coma lure us into a false sense of security while gobbling up online deals; we must keep our wits about us! The National Cyber Security Alliance has some suggestions:

  • Keep clean machines. Before searching for that perfect gift, be sure that all web-connected devices—PCs, smartphones and tablets—are free from malware and infections by updating to the most current versions of software and apps.
  • Shop reliable websites online. Use the sites of retailers you trust and watch out for fake shopping sites (more on that in SANS Institute’s latest OUCH! Newsletter: Shopping Online Securely)
  • Conduct research. When using a new website for your holiday purchases, read reviews and see if other customers have had a positive or negative experience with the site. Particularly if a deal or price sounds too good to be true.
  • Watch the Wi-Fi. If you’re out and about, limit the type of business you conduct over open public wi-fi connections; save banking and shopping for a secure connection.
  • Check the address bar. Look for the green lock icon and https:// in the URL before using your credit card online.
  • Lock down your login. Fortify your online accounts by enabling the strongest authentication tools available (like 2FA). Passwords aren’t enough to protect key accounts like email, banking, and shopping sites (especially sites where you save your credit card info)
  • Keep an eye on your credit card statements for unusual activity. Especially in light of all that Equifax nonsense this fall.

Hey, thing I just searched online . . . are you following me?
Ever notice stuff you searched showing up in online ads? You put some Flyers gear in an online shopping cart and—like magic—that sweatshirt’s highlighted on the side of every page you visit?

I'll just buy this one item online...Aaaaand now its ads are everywhere

You’re not crazy; things really *are* following you (and the rest of us) around. Browsers track what we click and send that data to third-party advertising networks that personalize ads and ship them back to your browser.

This model for data collection allows us to use services like Google, which costs billions of dollars to maintain, free of charge, but it’s still creepy. If it bugs you, there are a few things you can do:

And if Santa shops online from your home computer, make sure The Internet doesn’t ruin Christmas for the kids by dropping hints about what’s been purchased (seriously, The Internet?!)

Happy Birthday, 2FA

UD’s 2FA requirement is one-year-old this month! Over 11,000 faculty, staff and student employee accounts are protected by Duo (a slew of other universities and businesses are, too)

Join our celebration by enrolling a backup device - it’s easy. Plus you’ll sleep better! And now, the gravy: helpful new features are coming to Duo in the next few weeks.

  1. DUO Restore lets you quickly get rolling with 2FA if you get a new device. Once it’s turned on, you should see this prompt to set it up:
    DUO restore image
  2. DUO Security Checkup lets you know if your 2FA device (e.g. your phone) is updated and secure. That will look something like this:

    DUO security checkup image

Scams of the Month

Printer Toner Phone Scam

While not a cyber-scam, strictly speaking, a few folks at UD have received calls from scammers (this is “vishing” - voice phishing) trying to sell printer supplies. These particular crooks make money by selling low quality supplies at extremely inflated rates. A few things to remember if you get unsolicited sales calls:

  • Don’t provide your copier’s serial number, make or model over the phone
  • Don’t provide the name of the person responsible for purchasing office supplies over the phone
  • Don’t provide detailed information about the organization – including names, equipment details, financials, etc. – in surveys or over the phone in general
  • Ask for everything – sales pitches, requests, advertising, etc. – in writing
  • Don’t commit to anything over the phone, especially from unknown sellers
    Your scam is bad...And you should feel bad

An Extra Helping
We thought we’d offer seconds on the scam stuffing. This one’s about an email phish bad guys are sending saying your Netflix account has been suspended. These look like real Netflix emails, but they’re trying to get your login information and credit card data.

Don't fall for this. If you want to check the settings of your subscription service, type the name of the service in your browser or use a bookmark that you’ve already set to get to the real deal. Whatever email about Netflix you see in the coming weeks . . . think before you click.

Giving Thanks

Kid asking for grilled cheese on ThanksgivingFinally, thanks to those who took our end-of-year survey; your feedback is so helpful. Sweatshirt blankets have been delivered to our ten lucky winners. There’s still swag in our office stash that needs a good home before the new year; it could be yours! Reply with your pie vote: pumpkin or pecan?

We’re thankful for all of you in our community here at UD. We appreciate the time you spend with us and the helpful tips and great questions you send us. Changes are afoot for 2018. We’ll have more info on that next month - stay tuned!

Until then, we hope you enjoy some cyber-mindful (and turkey-mindful) time with family and friends. Be well!

CONTACT

Information Technologies (UDit)

Anderson
300 College Park
Dayton, Ohio 45469
937-229-3888
Email