Thursday, 5 February 2015


Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.

The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or another matter.

If you are unsure whether an email request is legitimate, try to verify it with these steps: 

  • Contact the company directly. 
  • Contact the company using information provided on an account statement or back of a credit card. 
  • Search for the company online – but not with information provided in the email. 


Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email.

Here are ways to reduce spam: 

Enable filters on your email programs: Most ISPs (Internet Service Providers) and email providers offer spam filters. However, depending on the level you set, you may wind up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly. 

Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.

Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information.


Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear Phishing

Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.

For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam & Phishing on Social Networks

Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.

Here are ways to report spam and phishing on social networks: 

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. 

Before sending sensitive information over the Internet, check the security of the website.
Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). 

If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group. Report phishing to the Anti-Phishing Working Group (APWG)
Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

What to Do if You Think You are a Victim? 

Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity. 

If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s). 

Watch for any unauthorized charges to your account. 

Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

Additional Resources: 

Anti-Phishing Working Group
United States Computer Emergency Readiness Team (US-CERT)
On Guard Online

Protect Yourself with these STOP. THINK. CONNECT. Tips:

When in doubt, throw it out:
Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk email. 

Think before you act:
Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information

Secure your accounts:
Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site. 

Make passwords long and strong:

Combine capital and lowercase letters with numbers and symbols to create a more secure password. 

Unique account, unique password:

Separate passwords for every account helps to thwart cybercriminals

By: Binyamin Mughal

A lot has been written in the last couple of days about the Consumer Reports study on Facebook (Facebook is an NCSA Board Member company) users use of privacy settings. According to the report 13 million of Facebook’s 150 million U.S. users don’t use or aren’t aware of Facebook’s privacy settings and some people also engage in other risky behavior, such as posting about their current location, which could provide information to others, say a burglar, that might want to do them harm. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends.

As part of NCSA’s STOP. THINK. CONNECT. campaign (co-led by the APWG), we have simple advice for those using social networks and sharing information on the web.

Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit who you share information with.

Responsible use of the Internet involves personal responsibility. Computer users hold much of the power over what they share. The power is not just what they share about themselves but also vigilance about sharing information about family and friends. The 28% of you out there who are sharing far and wide might want to give that some thought.

In the digital age, we cannot expect any web service, software or hardware to be able to protect us without our active engagement. When we drive our cars, the only default setting is that you need are a key and most likely for your car to be in park before you can start the engine. Adjusting the seat and mirrors, fastening the seat belt and having proper tire pressure are all in the driver’s hands to be double-checked before pulling into traffic.

At NCSA, we also conduct surveys about the kinds of risky behaviors or other security vulnerabilities. So we take a slightly different look at Consumer Reports numbers. We actually read them in reverse and see that more 90% of users use or are aware of Facebook’s privacy settings. This is actually a much higher of adoption of security practices then we see in other areas, such as the 77% of small businesses that don’t have formal Internet security policies for their employees.

We should of course try and close all security and safety gaps. So we encourage all Facebook users, especially the 10% who haven’t, to regularly double check security and privacy settings to be sure they are comfortable with the level they are sharing and to STOP. THINK. CONNECT. before they share any information about themselves and others.

Binyamin Mughal


By: Binyamin Mughal

There are many resources on the Internet, lots of ways to connect with friends and social contacts, and every day there seems to be something new online to explore. Unfortunately, the criminals have also discovered the value of the online world. They directly target those who do not take a few very simple steps to protect their privacy. Here are 10 ways to safeguard your information from the most common threats and vulnerabilities that put you, your family and your office at risk:

Your Computer

1. Keep up-to-date your operating system, any programs you have installed and, most importantly, your antivirus software. Turn on the auto‐update feature, and let your computer update itself automatically. Be sure to reboot if it asks you to.

2. Uninstall any software you do not use. Outdated programs often have security problems, and if you are not going to use an application anymore, why not free up the space on your hard drive while at the same time making your computer more secure?

3. Make sure your screen‐saver requires a password to reactivate. Too often (particularly in shared environments with roommates or officemates) a creative friend might send embarrassing emails from your computer or accidentally download malicious software.

4. If you have a laptop, be sure the built‐in disk encryption feature is running. This will protect your laptop if it is lost or stolen. Also, invest in a cable lock so that your laptop is physically secured while you are on a break or temporarily away from the computer. Laptops can be stolen in just a few seconds.

Your Websites

5. Be careful with what you post on social networking sites about yourself, your friends, family and colleagues and your job. Remember: Once on the Internet, always on the Internet, especially photographs.

6. Use website passwords that are complex but easy for you to remember. If possible, use a “passphrase” rather than a “password.” Data thieves know what the commonly used passwords are, so stay away from easy ones like “123456” or “Password1.” In addition, use different user IDs and passwords for different websites. That way if the bad guys compromise a password for one website, your other accounts will not be not compromised as well.

7. Pay close attention to where you are online. Many phishing sites appear to be legitimate, but if you look closely at the address bar you will see that you are not really at your bank or site that you thought you were going to. Think twice before entering any personal information at a new website. Does this company really need to know the things it is asking for?

Your Information

8. Be careful with peer‐to‐peer or file‐sharing programs. They should never be used on office computers, and if you have them at home, pay close attention to which parts of your hard drive are sharing with others. Under no circumstances should you put work information on your personal computer, especially if you use P2P software at home to share files with your friends.

9. When you “reply to all” in emails, check each of the email addresses to make sure you know where your email is going. Also, BE VERY CAREFUL if you reply to a posting from a listserver or online group. Your reply may go to the entire group rather than just the person you thought you were responding to.

10. Know whom to call or contact if you think you have become a victim of online crime. Events happen fast online, and you often do not have much time to call for help before it is too late. In addition, keep a backup copy of all personal information (passwords, credit card numbers, bank account information, emergency phone numbers, etc.) on a physical piece of paper that is locked in a fireproof container.

About the Author

Mr. Binyamin Mughal is a student of Mass Communication Studies and a core Journalist of the emerging IT age. He is expert in weblogs as well as online journalism.