Safeguard Your Holiday Season
By Gabe Marshall, CITC Information Security Analyst
The holiday season is currently in full swing and it's likely that information security is one of the last things on your mind. If you still have last minute shopping to do and are planning to make purchases online, please take a minute and read our article from last year entitled Stay Secure During the Holidays. The only addition to last year's article is to remember you should never send your financial information through email to make your purchases. Sending confidential data via email greatly increases your exposure to being the victim of an identity theft crime.
The New Year Brings Continued Threats
The saying "The future is made of the same stuff as the present" relates perfectly to the information security industry. The threats we're seeing now are very likely to remain similar but only become worse as time goes on. A very dangerous attack that is frequently seen across the Internet is referred to as a "drive-by attack". Drive-by attacks are executed when a user visits a website that is either intentionally malicious, has been hacked and therefore contains malicious code, or a website that allows individuals to post their own materials (such as a blog that allows comments, a forum, etc).
These drive-by attacks target vulnerabilities found in programs that enable special functionality in websites, for instance those that use Java or Flash technology. Both are required in many websites for legitimate reasons (Ex: Java is required to use the UNT Blackboard system). The key to remember is to always keep your software up to date, and simply be careful of the websites you visit. During the holidays, Hackers frequently send out spam containing links to malicious flash based e-cards, occasionally even pretending to be a relative or friend. If you do receive an e-card from what looks to be a friend or relative, make sure it is coming from a well known website such as Hallmark or BlueMountain and that your Flash is up to date. If you are unsure about the legitimacy of a URL you receive in an email, try typing it into google or siteadvisor.com before you click the link. SiteAdvisor will notify you if they have discovered the website to be malicious, while Google will likely show reports or complaints from other users who have visited the website before.
When in doubt ...
There is still another bit of advice to keep in mind to ensure your safety during the holidays and throughout the year. Use your best judgment. If you're unsure about a URL or anything of the sort, then most likely there is reason behind your intuition. Please do not hesitate to contact us if you're concerned about the security of your data or your workstation at UNT.
Last but not least, Happy Holidays!
CITC Information Assurance can be contacted by either emailing email@example.com or dialing 369-7800,