December: Careful Where You Click, Click, Click

Careful Where You Click, Click, Click


December’s a busy month. It’s possible our attention’s on cookies and caroling rather than cyber-mindful clicking <<brushing crumbs from the keyboard>>. We can be careful and cozy, though. Grab some cocoa and take 3 minutes to watch “5 Holiday Cybersecurity Safety Tips” from KnowBe4 (that’s the company that powers our campus phishing exercises, if you were curious).

This Headline Gave us Pause

“A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.” Last week, a helpful new tool popped up on the dark web for hackers, providing a searchable, alphabetical index of over a billion username/password records. It’s making our bad habit of reusing passwords and password variations across multiple sites very apparent.  

Same advice, though: use different passwords for different services (especially the important stuff like banking and email) and turn on 2-factor authentication wherever it’s offered. If you’re interested in the nitty-gritty (including the top 40 passwords revealed), you'll find Medium’s report here >>

For Your Edification, Education & Entertainment

Some interesting miscellany:

  • Been wondering how to tell a “good” URL from a “bad” URL when they all look like a bunch of gobbledygook? Us, too. The team at PhishLabs breaks it down in this 5-minute video >>
  • Two minutes explaining why you might want to take control of your smartphone app permissions.
  • Holiday Photo Advice from Hedger Humor.

Image showing photos of family members on legos to make a Christmas card photo

Scams of the Month: Facebook Questions, Support Scam 2.0

Just An Innocent Facebook Question . . . About Your Security Questions
One of our cyber-mindful UD faculty brought an interesting trend to our attention - Facebook posts like this:

Facebook post "name the firs car you ever owned, and the year"

    • What street did you grow up on?
    • What was your first telephone number?
    • Who was your first childhood friend?
    • What was the name of your elementary school
    • What is your favorite pizza topping?
    • Who was your first kiss/crush?
      These “reply with your answer” posts are all over some news feeds, posing questions like:
      Are you thinking what we’re thinking? Sounds an awful lot like the standard security/challenge questions many sites ask us to answer for password resets. And this fun little exercise is collecting and posting the answers from who-knows-how-many people.

    To be clear - Facebook isn’t doing this; these posts are generally from generic accounts. But either way, it’s a social media game you want to skip. Candy Crush might steal my soul, but at least it’s not collecting my personal info.

    Support Scam 2.0

  • We’ve talked before about phony tech support scare scams where a pop-up implores you to take IMMEDIATE ACTION to avoid CERTAIN DOOM and then directs you to a support line with phony techs ready to take your credit card number and fix the “problem”.

    Well, there’s an enhanced version on the loose. Some of those pop-up pages will now initiate a phone call, leaving you one click away from reaching out to the scammers (see below - it’s pretty slick). This Microsoft TechNet blog post explains more. Be very suspicious if you see this kind of thing show up on your computer or phone. 

  • Tech support scam
    And, to add to the fun, we’ve heard reports from some of you that these scams are coming in via recorded auto-calls, as well. If you’re worried about a tech support issue, give UD’s IT Service Center a call instead (937-229-3888).

Cyber-Mindful In The New Year

Becoming cyber-piefull

First, pie. We were overwhelmed by responses to last month’s poll. Who knew pumpkin/pecan was such a hot topic? Pumpkin pulled it out in the end, but not nearly as crushingly as we expected:

Pie chart of favorite pie votes

  • Safe Computing in 2018

    Next year, we’re changing things up a bit. Here’s what you can expect:

    • A Becoming Cyber-Mindful 2018 calendar arriving wherever you get your campus mail after the holiday break.
    • These e-newsletters every other month (roughly). Less frequent, less lengthy, but still chock full o' tips and swag opps.
    • Regular Porches announcements with Scam of the Month info, progress updates on our campus phish training program and event ads (like training/info sessions, free equipment disposal . . . that kind of thing).
    • Continued monthly phish exercises. As a campus, we’ve been getting better and better and identifying (and ignoring) potential scams (whoop!). You know what they say tho, “use it or lose it!”  So we’ll keep practicing in 2018.
    • Just-in-time email alerts if something crazy happens in the safe computing world that might affect you immediately.

So, that’s the plan. And if you catch wind of things that might be good for all of us to know about (like those weird Facebook posts above), please keep letting us know so we can get the word out as needed.

Thanks for joining us on this “becoming cyber-mindful” journey for another year. Have a blessed holiday!

  • Low tech gift examples

Information Technologies (UDit)

300 College Park
Dayton, Ohio 45469