Archive for September, 2011

Protect Yourself Against Firesheep Attacks

Friday, September 23rd, 2011

Firesheep is a Firefox extension that basically allows anyone you are sharing a wireless network with to discover and access certain online sessions that you are logged into. Many sites encrypt information only for your initial log in; once you successfully log in, the server (that hosts the website you are accessing) sends your browser a cookie granting you access. Once you are logged in, the site reverts back to an unencrypted transmission. Firesheep allows other users to access someone else’s cookies and enter websites using that login information.

To effectively combat Firesheep, you can download one of several plug-ins for Firefox that will force a webpage to use a secure web connection. However, in order for this work, the website must support full end-to-end encryption (either as HTTPS or SSL). For more information and to learn how to install one of these plug-ins, visit the University Information Security Office page.

Protect your Sensitive Data from Phishing Attacks

Friday, September 16th, 2011

Did You Know?
Loyola University Chicago blocks over one million spam messages per day.

What is Phishing?
Phishing is an attempt to steal sensitive information, such as your social security number or passwords, by posing as a trusted organization or person. Phishers are known for using this information for identity theft and other fraudulent acts.

What do Phishing attacks look like?
Phishing is most commonly attempted via an email that will claim to come from a trusted organization, such as Loyola University Chicago, your bank or your credit card company. There are two common mechanisms that phishers use to steal your sensitive information:

  • 1.  They will ask you to respond to an email with your sensitive  information.
  • 2.  They will ask you to follow links to update your sensitive  information.
    • a.  You will appear to be providing your information to the trusted company, while in fact you will be providing that information to a phisher.

What are some types of Phishing attacks?

  • “Spear Phishing” targets a particular person or organization into revealing confidential company information by impersonating the organization, or members of the organization.
  • “Whaling” specifically targets senior management into divulging confidential information.

How can I prevent becoming a victim of Phishing attacks?
No legitimate organization will ever ask you for your password!

Do not click on any links sent via email, as these may take you to a web site that places malicious software on your computer. Instead, enter the address that you know is legitimate into your browser.

For example:  Instead of clicking on the URL received in an email (such as, open up Firefox and navigate to Citibank’s known website:

Call the institution to inquire on the matter instead of following the link. In addition, refrain from calling any numbers listed in the email, and instead, use a number for the organization that you know is legitimate.

If you are prompted to enter your username and password to a site that appears legitimate, enter both incorrectly.  A fraudulent site will accept the incorrect username and password while a legitimate site will not. Also make sure to check that the SSL certificate is valid and error free. Refer to the following link and steps to validate the sites SSL certificate,

If you do provide personal or sensitive information to a malicious site, immediately contact the appropriate institution with the details surrounding the occurrence.

Where can I send potential Phishing attacks to be processed?
LUC Staff, faculty, and students should report any regular phishing emails or sites to

If you have received a Spear Phishing or Whaling attack, please forward it to

Where can I find more info?
Visit for additional security tips.