Showing posts with label Spam. Show all posts
Showing posts with label Spam. Show all posts

March 22, 2010

Computer Security and Social Media Etiquette

When you're a driver on the road, you must be alert.  You are aware of your vehicle, the signs and signals on the road, where you are going, and even the other drivers and what they might try to do.  This awareness protects you every other driver and passenger on the road.

When you use a computer, the same awareness of the controls, signs and signals, where you are going, and the intentions of others is essential for securing your information and as well as that of every other person you know.

Consider that the following are not just computer security issues, they are etiquette issues; when you make a decision (or fail to make one) that affects the personal information of others:
  • Don't sign up for spam.  Free offers seldom are.  You could be signing up for a company's newsletters—or worse, turned over to a whole horde of marketers!  If you have to supply the personal addresses, phone numbers, or emails of friends and family, make sure they are comfortable with receiving the amounts of email that may be generated from this action.
  • Think carefully about sharing any part of a birthdate online.  Become fully aware of the privacy policies of online greeting card companies and calendaring companies.  Consider opting out of special birthday offers entirely.  If you have included information about the year you graduated in an online resume, and your birthday somewhere else on the Internet, someone doing a thorough search can figure out your full birthdate.  If your friends have not made theirs birthdate available on Facebook, perhaps they are not comfortable with having that information shared.  Wish them happy birthday over the telephone instead.
  • Ask before posting.  Before posting information that includes the name of someone else, consider talking to the person before including any identifying information.  Before posting an image that includes people other than yourself, check with them about their comfort levels with having an image online.  Are they comfortable with how they are being identified?  Can the post or image be publicly visible? Can search engines index it?  Are there minor children in the image and are they identified?  (See Protecting Reputations Online in Plain English for more information.)
  • Think carefully about revealing your location.  Geotagging allows you to tag your posts with your precise location.  While geotagging has its benefits, the site Please Rob Me! illustrates one of the many ways sharing your location could be unsafe. Be wary of posting your location, especially if you are away for an extended period of time or are revealing the location of someone who wishes to remain private.  (See Web Posts May Make You Vulnerable to Crime for more information.)

  • Remember that social networks share information.  Secure what you don't want to share, and make sure you are not sharing information about your friends and family that they would not want public.  (See 10 New Privacy Settings Every Facebook User Should Know for more information.)
0 comments
Labels: , , ,

March 8, 2010

Don't Get Phished In

A phishing scam is an attempt to fish for personal information and access to accounts by posing as a trusted source, like a bank, an IT department, a government official, or even a friend.  To learn more about how to avoid getting "phished in", read on...


1. Avoid giving your passwords to third-party sites.

Don't offer up your password to anyone or anywhere but to the site to which it belongs.  If there is an issue with your account, a real IT professional won't need to ask you for your password; he or she can reset it. 

If you want an application to work with your Facebook, your Twitter, or other account, there should be APIs (or application programming interfaces) that allow it to do so without you sharing your password.  Many Twitter and Facebook accounts have been hacked by people sharing their passwords with malevolent applications.  These applications then message their friends with spam, phishing scams, or other security threats.  Which brings us to...

2. Always verify links and attachments before clicking on them.

If you have ever worked on a Web page, you know how easy it is code a hyperlink (legitimate website).  You could get a link that looks like it's from you bank, but link to someone's fake site.  You could get a link that looks like a funny video from a friend, but it was a virus or malware from a friends hacked account.

Attachments can contain malware, or software that runs without your consent (viruses, worms, spyware, etc.)  Many other file types, including Microsoft Office files, can contain malicious code.  (If you've ever opened an Office file and gotten a security warning about macros, this because viruses can be sent through the marcos in any office file.)

Before you click, try the following:
  1. Make sure the sender is legitimate and he or she intended to send it. .  Call the sender on the phone if you weren’t expecting an attachment.  (If you are sending an attachment, let recipients know in person or via phone to expect it.)
  2. Hover over the hyperlinks to check URLS before clicking on them.  (Does the URL match the text of the link?  Do you recognize the URL where you are being sent?  Be suspicious of URLs that are a few letters off from legitimate sites or substitute .gov with .com, etc.)
  3. Weigh the risks with the benefits. 

3. Know what you are downloading and/or installing.

Don't treat downloading and installing like an impulse buy.  Make sure people you know and trust have heard of the application.  Ask I-Tech if they know of any compatibility issues it may have.

Just like coding a hyperlink to say anything, buttons can be coded to do anything as well.  If you ever get prompted to install software that you don't want and you are suspicious of it, don't just close or cancel:
  1. Press CTRL+ALT+DEL.
  2. In Task Manager click on the Applications tab.
  3. Select the program or browser asking you to install and click the End Task button.

4. Keep yourself up-to-date.

Threats are out there.  Just as we get smarter and the software to prevent attacks gets better, the criminals are getting smarter and creating better ways to compromise your machine.  You need to treat security as an ongoing process:
  1. Clean up old files so backups and scans run faster.  (See https://intranet.libraries.psu.edu/home/itech/training/tutorials/cleaup.html)
  2. Make sure your regular backup is running and set properly so that it includes the files you need.  (See https://wikispaces.psu.edu/display/training/Backup+Checkup)
  3. Keep virus definitions updated.
  4. Run regular virus scans.
    0 comments
    Labels: , , , ,

    January 6, 2010

    Refining Your X-PSU-Spam Filters

    1. Follow the ITS Knowledge Base instructions for your email client:

    2. Before saving your filter, add a second condition:
      • In Eudora:
        1. In the unlabeled dropdown menu, select and.
        2. From the Header dropdown menu, select <>.
        3. Select contains from the next unlabeled dropdown menu.
        4. Enter email.psu.edu into the text box.

      • In Thunderbird:
        1. Under For incoming messages that, click the Match all of the following option and click the plus sign ( + ).
        2. In the first dropdown menu, select To or cc.
        3. In the second dropdown menu, select contains.
        4. Enter email.psu.edu into the textbox.


    3. Save your filter as the instructions for your client instruct you to do. Your filter will filter only PSU-flagged spam coming to an invalid address.

    		Note: You can also use these instructions to create refined filters on other problem addresses. For example, create two more new filters, follow these instructions and susbsitituting email.psu.edu with:
    • mail.psu.edu
    • psulias.psu.edu
    With these filters running, you will catch spam flagged coming from all of these addresses!


    		Warning: For this filter to work, please make sure you are giving out your correct Penn State email address, so that legitimate mail may be distinguished from spam. (See http://alerts.its.psu.edu/alert-1102)


    Special thanks to Susan Ware, Vairo Library, Brandywine, and David Hutchinson, MTSS, for suggesting this tip!
    0 comments
    Labels: , , ,

    April 8, 2008

    SPAMALOT: Everything You Ever Wanted to Know About Your SPAM Filter...

    What is the Spam Filter?

    If you are using your psulias email account, your email is being filtered by the PreciseMail Anti-Spam Gateway (PMAS). PMAS checks each message coming into your @psulias.psu.edu address and gives it a score based on the likelihood of it being spam. (Note: Some messages--like those sent from "trusted" libraries machines--may skip the scanning process.)


    How does PMAS know what to do with a message?

    PMAS will either allow, quarantine, or block a message based on your personal settings. (Note: PMAS can also discard messages, but this feature is disabled for all PSUL users.)

    • A message that has been allowed will skip the spam filtering process and go straight to your inbox.
    • A message that has been quarantined will be placed in the PMAS Quarantine. You will not see it in your inbox unless you go to the PMAS Quarantine and release it.
    • A message that has been blocked will never reach your inbox or your quarantine. It is gone!

    You should check your PMAS Quarantine and Settings regularly by going to: https://psulias.psu.edu/spamhunter/pmas/quarantine and logging in using your access account.

    You will see the following:


    How Do I Release Messages from Quarantine?

    1. Place a checkmark beside each message you wish to release.
    2. Press the Release button.
    3. You will get a prompt like the one on the right.
      • To allow just this message through, click Close Window.
      • To allow this and any future messages from the sender, place a check on the left checkbox.
      • To allow everything from the sender's domain (e.g. "@psu.edu", "@gmail.com"), use the checkbox on the right (not recommended--domains can be spoofed).
    4. Click Add Checked Items to Allow List.

    How Do I Check/Adjust My Settings?

    1. Click on the Preferences button. You will see a table summarizing the default settings for all PSUL users. You can Enable/Disable these settings as well as modify the Threshold by adjusting them in the sections just below the table.
      • If Tagging Subjects is Enabled, all spam scored above the Threshold will be tagged as spam in the subject line for you.
      • If Quarantining Messages is Enabled, all spam scored above the Threshold will be placed in the PMAS Quarantine.
      • We currently do not enable Discarding Messages. You do not need to do anything here.
      • Save Preferences when you finish.
    2. Click on the Allowlist. Make sure addresses you want allowed or "whitelisted" are on this list.
      • You will see a section for adding email addresses or domains (New Address or Domain, Optional Description and Add button) before they fall into your quarantine.
      • You can also Edit or Delete addresses and domains already on your Allowlist.
      • Save Changes when you finish.
    3. Click on the Blocklist button. Make sure addresses you want blocked or "blacklisted" are on this list. (The steps are similar to the Allowlist.) Remember, that you will never have the chance to release these messages. Once blocked; they are gone!
    For more on Spam and Filtering, find the detailed document in the I-Tech training archives.
    0 comments
    Labels: ,
    Subscribe to: Posts (Atom)