Information Technology Services

Conmen have been tricking people out of their money for thousands of years, and impersonating someone else is nothing new. E-mail, websites, and chat programs just make it easier to trick people out of their money. Identity theft is the fastest growing crime in America.

DO NOT RESPOND to these messages!

These messages are fake. They are being sent by hackers trying to trick you into giving them your password so they can take over your e-mail or steal your identity and drain your bank account!

This technique is called "phishing." They are phishing (fishing) for victims. See the example below.

 Dear Outlook Account User,

This message is from Outlook user care messaging center to all employee and student, to all Outlook account owners. We are currently upgrading our data base servers and e-mail account center. We are deleting all compromised account during the last academic break.

You will have to Authenticate your Outlook Account to prevent a permanent closure of this email address/web-mail account.

To Authentication CLICK HERE<http://microsoftportalwebaccess.weebly.com/>

Successfully authenticated addresses will be automatically notified via inbox.

Warning!!! Account owners who do not authenticate their account after receiving this update will have his or her account terminated. We are committed to protecting your privacy. Your sensitive details will not be shared with any third party.

MICROSOFT CARE CENTER HELP DESK
© 2014 Microsoft Corporation. All rights reserved.

If you receive one of these messages, or any message that asks you to provide private or confidential information (password, SSN, DOB, etc.), you should simply delete the message.

• Do NOT reply to the message.
• Do NOT click on any links in the message.
• Do NOT open any file attachments in the message.
• Do NOT call any phone numbers in the message.
• DO delete the message.

IMPORTANT: If you have already provided your password in response to one of these messages, please contact the ITS Helpdesk immediately at 303-352-7548 or support.msudenver.edu.

There are thousands of different scam techniques. You should always be on your guard and you MUST always be very protective of your confidential information.

Online conmen use e-mail, websites, and chat programs to trick people into providing them with private and confidential information (such as credit card information, date of birth, etc.). They can use this information to make unauthorized charges to your credit cards, or use your identity to take out loans in your name. Such "phishing" scams often come as an official looking e-mail that appears to have come from your bank, credit card company, online storefronts like Amazon or eBay, online payment systems like PayPal, etc. The e-mail usually says there is something wrong with your account or that they need to verify your information. These messages have been forged and are fraudulent. These organizations will never contact you by e-mail to verify your information, or to inform you of a problem with your account. You should just delete these messages; never reply to them and never follow their instructions. If you need to contact your bank or credit card company, call the phone number that is printed on your monthly statement. If you need to contact an online storefront or other online service, don't use any phone numbers or links provided from the malicious e-mail; visit their website, either with the direct address or via a web search, and use the contact information provided there.

• Anti-Phishing Working Group

• Federal Trade Commission - Identity Theft

• CIAC Internet Hoax and Chain Letter pages

When a computer connects to a network, it will listen for any connection using ports. A port is a special integer that acts like a door to your device. A connection needs two things, the computer IP address and the port number. When a connection is received by a computer, the connection will be made to a program that is listening on a specific port number like 1234. If the computer has a program that is listening on port 1234, the computer will accept that connection without questioning it. So when a computer has no firewall enabled, anyone can connect to your computer and access data if there's programs serving such data. The program may have a login, but it may have a security hole that allows any connection to be made.

A firewall is software or special hardware. A firewall protects your computer by disabling ports that are not in used. A firewall can also be set so that only programs on your computer, that you have authorized, are able to talk to the internet. This is the basic function of firewalls. They can do more to help secure computers, but this is just a quick overview of firewalls.

Every computer should have a good quality anti-virus program installed and running on it. Windows computers are not the only computers that get infected by computer worms and viruses. Even Mac and UNIX computers can be infected by viruses, worms and trojan horse programs.

One of the most important things you can do to help keep you and your computer safe while online is to run a good quality anti-virus program. Computer worms and viruses continue to cause a great deal of damage to computer systems; many of them are created to steal confidential information off of infected computers.

You can buy a good quality anti-virus program at any well stocked computer store. Look for one that also has a personal firewall built into it. Be sure to keep your anti-virus program up to date. Most suppliers of anti-virus software provide an automatic update service to help keep your anti-virus software updated.

All computers provided by the Division of Information Technology have Kaspersky Security 10 software installed and running on them. It is configured to automatically check for updates daily. All e-mail that passes through the University's e-mail service is also scanned for viruses by the Email server.

Additionally, Kaspersky Anti-Virus product licenses are available to MSU Denver faculty and staff for personal computers (PC or Mac). Use the following link to download the software:

• Kaspersky portal for home license

• Kaspersky Security - http://www.msudenver.edu/antivirus/

• Avast free antivirus - http://www.avast.com/en-us/free-antivirus-download

• Comodo Antivirus - http://antivirus.comodo.com/antivirus.php

• Microsoft Security Essentials - http://windows.microsoft.com/en-US/windows/products/security-essentials

• Panda Cloud Antivirus - http://www.cloudantivirus.com/en/

• Ad-Aware free antivirus - www.lavasoft.com

Everyone who uses email eventually has to deal with unwanted email or junk email (oftentimes called spam). Email isn't the only target of spam. Spam is sent to fax machines, text pagers, via instant messaging, and posted on websites. But spam email is the most common form of spamming.

Spammers send junk email because it is effective at tricking people to do things and run malware on their systems. Spam is used by various people that commit financial fraud, identity theft, and to spread malicious programs.

Use a second email address from a free email service when signing up on websites, answering online surveys, or posting to news groups or blogs. You can abandon the second account when it becomes deluged with spam. Many Internet providers give you the option to create an "email alias" for such a purpose.

Currently, it's not possible to eliminate all junk email. Spam email is going to stay with us for some time to come. There are a few simple precautions you can take to help protect your email address and your computer from spam.

• Be cautious when giving out your email address. Know who you are giving your email address to, why they need it and what it will be used for.
• Ask companies about their privacy policy and opt-out policy.
• Ask your Internet provider if they offer a spam filtering service.
• Many newer email programs such as MS Outlook and Thunderbird have simple spam filtering capabilities built into them which can be enabled. Some web-based email services also have basic spam filtering features that can be enabled.
• Set your email program to not display images (pictures) when they are embedded inside email messages.
• Disable JavaScript and ActiveX in email messages.
• Enable "view email as plain text only" mode, re-enable when needed.
• Always be very cautious of e-mail attachments. Generally you should not open an email attachment unless all of the following are true:
  • You know the sender and have received legitimate email from them in the past.
  • The subject line makes sense to you.
  • The text of the message makes sense to you.
  • You were expecting the sender to send you a file attachment.
  • You know what the file attachment contains and why it was sent to you.
  • You have a good quality, up to date anti-virus scanner installed and running on your computer.
• Never reply to junk email. Never click on any links in junk email. And never call any phone numbers found in junk email.
• Train yourself to recognize junk email in your Inbox and delete it without opening it. Spam email should just be deleted.
• See our security awareness program SANS Securing The Human.
• Forward any suspicious emails to spam@msudenver.edu.

There have been several high-profile computer security incidents that did not involve hackers or viruses - they were caused by burglars stealing the computer. In one case, the burglars didn't steal the computer, they stole the hard drive out of the computer! In all of the cases, the computers had extremely confidential data saved on the hard drive.

Be careful about what private or confidential data you save on your computer hard drive (or USB drive). Before saving confidential information on your computer, ask yourself what the consequences would be if your computer was stolen or the data was copied off of your computer by a Trojan horse program? Is your computer the safest place for the data? Should the data be encrypted?

Routinely backup important data and store it in a secure place away from the computer. Periodically review the files you have saved on your computer and use a secure erase utility to remove old files, particularly if they contain sensitive information. University policy prohibits saving SSN or credit card data on any portable computing device or portable storage media.

Because many laptop computers are used when traveling and get connected to many different networks, it is very important for laptop computers to be kept up-to-date with the latest security patches, run a good up to date anti-virus scanning program, and have a personal firewall. Laptops that are owned by the University can be brought to the IT help desk in AD475 for maintenance.

Take all of the necessary precautions to keep your computer from being stolen. Never leave a laptop computer or PDA unattended - not even for one minute. When not in use, be sure that your laptops, PDA's, USB drives and CD's are secured and out of sight. Portable computing devices should be configured to require some kind of "boot up" password before the device can be booted up. It should also require a "logon" Username/password (or biometric authentication) before the desktop and data can be accessed. Sensitive or confidential data should be encrypted. Windows laptop computers deployed to individuals by Information Technology Services has been encrypted with whole drive encryption. Other security devices may prove useful; however the quality of these devices varies greatly, so shop and compare.

• Laptop Security, Part One: Preventing Laptop Theft

• Laptop Security, Part Two: Protecting Information on a Stolen Laptop

• Protecting Road Warriors: Managing Security for Mobile Users (Part One)

• Protecting Road Warriors: Managing Security for Mobile Users (Part Two)

• Eraser for Windows

• 12Ghosts Shredder

• The GNU Privacy Guard

• True Crypt

• WinZIP with AES encryption

Passwords are one of our first lines of defense for us when we use the Internet. Unfortunately, oftentimes the passwords we choose are also our weakest defense. To make it easier for us, we often choose a password that is too easy to remember. These easy to remember passwords are usually easy for others to guess or break.

A strong password should:

• Be ten or more characters in length.
• Not be a name or a word from the dictionary.
• Have one or more upper-case letters.
• Have one or more lower-case letters.
• Have one or more digits (numbers).
• Have one or more other printable characters or symbols (~!@#$%^&*).

Never give your password to anyone else and, never let anyone else use your computer account. Consider changing your password at least once a semester.

There are tricks you can use to come up with a strong password that is still easy to remember. For example, think of a favorite line from a movie or poem then, pick the first letter from each word, and capitalize every other letter. You could also combine two short words together and capitalize one word but not the other. Be sure to include some digits (numbers) and other special characters in your password.

Consider using a password manager to help manage all of your passwords and create secure passwords for you. You only have to remember one master password to unlock all of your passwords. However, please note that not all managers are created equal. The best passwords managers are the ones that work locally.

Password Managers

• LastPass - A good online password manager. You can access your passwords anywhere.
• KeePass - KeePass is a free, open-source password manager, which helps you to manage your passwords in a secure way. You can put all of your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.