How Do You Like Your Phish?

Phishing remains an ever popular way to get computer users to install malicious code or visit sites that they didn’t choose.  Many of the phishing attempts here at Swarthmore seem to fall into one of two categories: –          Email account and/or password related –          Government related (i.e., IRS, Federal Reserve, ACH, etc.) It should be pretty easy to recognize the first category since Swarthmore ITS will never ask for your password in an email and will never disable your email account while actively enrolled at or employed by the college. As for emails that appear to come from the U.S. … Continue reading How Do You Like Your Phish?

Reading Your Email the Plain Ol’ (Safer!) Way

Many of us receive our email in what’s known as HTML format.  In other words, when you receive an email, it can display multiple fonts, colors, pictures, etc.  It’s nice to look at.  Unfortunately, the technology that allows your email to be formatted in an aesthetically pleasing way also provides holes for malicious attackers to abuse. So, to make your email safer to read, it needs to be uglier!  This is simply accomplished by reading your email in plain text format.  Below is an example of an email (supposedly from Facebook) in HTML format followed by the same exact email … Continue reading Reading Your Email the Plain Ol’ (Safer!) Way

Would You Put Sensitive Information on a Postcard?

Probably not… When you send someone a postcard (remember “snail mail”?), whatever you wrote is visible to anyone who handles it from where it was mailed all the way to the final recipient.  So, of course, you wouldn’t want to put sensitive or personal information on a postcard. Very similar to a postcard, email can generally be read by anyone along the path from where it was sent to its final destination.  In fact, multiple copies of the same email might be stored by mail servers transferring the message along the way. In general, just like a postcard, sensitive and … Continue reading Would You Put Sensitive Information on a Postcard?

Tips for Avoiding Malware Infections

Below are some recommendations for reducing the risk of malware infections to your PC or Mac.  Many of these were discussed in the recent Staff Development Week presentation on “Immunizing Your Computer in Today’s Online World“. General Keep Patches Up to Date Operating system –AND- applications e.g., Adobe Reader & Flash, QuickTime, Java, etc. Use latest browsers with patches up to date – Currently (1/12/11):  Internet Explorer 9, Firefox 9.0.1, Safari 5.1.2 – Don’t run Safari on Windows Use Anti-virus  -AND-  Anti-spyware Keep signatures up to date Run scans regularly Macs Too!!  (Sophos.com has free A/V for Macs under “Free … Continue reading Tips for Avoiding Malware Infections

Holiday Email Greeting Cards Bring Infections as Gifts

During this month of holidays, you can be sure that you’ll be receiving greeting cards from malicious entities.  The Swarthmore community has already been receiving emails, like the one below, containing links to retrieve a holiday greeting card that someone so thoughtfully sent (note the spelling errors): Unfortunately, the sender is someone intent on breaking into your system. Clicking on the links above will download a program that subsequently infects your system allowing remote control and access to your (and the College’s) personal data. As a general rule, NEVER click on attachments that you’re not expecting -or- URL links to … Continue reading Holiday Email Greeting Cards Bring Infections as Gifts

Phishing Examples

Phishing is a common experience for email users these days. Swarthmore email users often receive requests for their network/email passwords, user IDs, and other private data. Some of these emails can be very convincing and appear to be from Swarthmore ITS Staff. However, you should know that ITS will never, ever request your password!? Emails requesting your password or other personal data should simply be deleted upon receipt. Below are some different types of phishing emails received here at Swarthmore: <!–more–> Subject: Dear swarthmore.edu Email Account Owner From: Admin Help Desk Date: November 28, 2008 6:41:35 AM EST To: xxx@swarthmore.edu … Continue reading Phishing Examples