ITS Technology Tips

What is identity theft?

Identity theft is a crime where a person uses your personal identification information, like your name, Social Security Number, driver’s license number or credit card number, without your permission with an intention to commit fraud. This also allows the criminal to steal money from you by opening up new credit card accounts and running up charges on them or purchasing new services like a phone account, internet, rent an apartment, etc. in your name. You may not even be able to find out about the theft until you review your credit card statement and notice charges you didn’t make or in some instances until you review your full credit report and credit history.

How is it harmful?

Identity theft can also provide a thief with false credentials for immigration or other applications. The biggest problem with identity theft is that the crimes committed by the thief are often attributed to the victim. The FTC (Federal Trade Commission) estimates that as many as 9 million Americans have their identities stolen each year. Identity theft is a serious crime and it can be harmful to the person whose identity is stolen by losing out on job opportunities, or denial of loans for education, housing or cars because of negative information on their credit reports. Aside from losing money and confidence in the marketplace, identity theft also soils the reputation and livelihood of the consumer. In few cases, they may even be arrested for crimes they did not commit. According to the FBI, identity theft is the fastest-growing white-collar crime in the United States.

What can one do if already a victim of Identity Theft?

1)     Place a fraud alert on your credit reports as and review them as fraud alert prevents an identity thief from opening more accounts in your name.

2)     Close the accounts that you suspect have been opened fraudulently immediately.

3)     File a complaint with the local police or with the Federal Trade Commission, which may help in recovering from identity theft more quickly.

How to avoid Identity theft?

To minimize the risk of becoming a victim of identity theft, remember the word SCAM:

S – Be stingy. Do not give your personal information to others unless you have a valid reason to trust them
C – always Check your financial information on a regular basis to track your financial status
A  – Ask for a copy of your credit report from time to time – you are entitled to 1 free report every year
M – Maintain careful records of your banking and other important financial accounts

What is the Gameover malware?

Gameover is an updated Zeus malware attack that goes after bank information.  The attack takes place when malicious users send spam email to infect computers with malware, which is designed to collect bank account information from the recipient’s computer.  After this malware is on your computer,  it is able to steal usernames, passwords and can bypass financial institutions’ user authentications.  As the name of the attack suggests, once the malware gets your information, it is “game over” for your bank account.

How it works

Spammers spread the virus to computers by sending out emails from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) saying there is a problem with your bank account or recent transaction.  A link is provided in the email to fix the problem, which then leads you to a fake website. As soon as you click the link and go to the website you also just downloaded this malware to your computer.

How to protect yourself

NACHA, FDIC, and the Federal Reserve all say they don’t send out unsolicited emails to bank account holders. So if you want to confirm there’s a problem with your account or one of your recent transactions, contact your financial institution. Do not click on any links sent via email, as these may take you to a Web site that places malicious software on your computer. Instead, enter the address that you know is legitimate into your browser. For example: Instead of clicking on the URL received in an email (such as http://www.123citi-bank-usa.com/update/yourcredentials.html), open up Firefox and navigate to Citibank’s known website: www.citibank.com.

Where can I find more info?
Visit http://www.luc.edu/uiso/protect_yourself.shtml for additional security tips.

Ning is an online platform that allows you to create your own social network or join an existing one.  It’s a unique place to share your interests with other people online. By creating a Ning webpage, you can customize the look of your site and choose features to add, such as forums or media pages. It could be used for sharing ideas, connecting to people with similar interests or even in a classroom setting (see this Educause article for some ideas). On Ning, you can also find a wide range of networks to join from politics to art.

If you teach, train or support computer users, using screen captures can be an efficient way to provide instructions.  Taking multiple screen shots and formatting your images in a word processing program can be time-consuming.  Screen Steps is an all-in-one program that allows you to capture images, add text and annotations then export your document to Word, PDF, html or a blog or Web page.

Cost – 39.95 with the option to take an additional 15% education discount: http://www.bluemangolearning.com/screensteps/purchase/

Screen Steps Help Resources:
http://bmls.screenstepslive.com/spaces/screensteps/manuals/screensteps

Google Voice is a unique phone managing and messaging system that allows you to unite all of your phones under a single number.  Once you set up an account, you get a Google Voice phone number that you can route all your calls through—home, work, and cell— so that they ring on a single device. With Google Voice, you get free SMS text messaging, as long as you have a data plan, and you can also make cheap international calls.

When you receive a call through Google Voice, all your phones (or a subset) will ring, allowing you to answer whichever phone is most accessible. You can set certain callers to automatically always go to your cell phone, directly to voicemail or only to your house phone. Additionally, Google Voice allows you to listen in on a voicemail that is in the process of being recorded so you can decide whether or not to answer the call.

Perhaps one of the coolest features of Google Voice is its transcription capabilities—Google Voice can transcribe a voicemail into a text format that can be read like an email, and even be forwarded to your email account. You can then easily respond with a call or a text message.  You can also search through voicemail transcriptions as you would your email inbox. Making things even simpler, Google Voice can integrate with your mobile device’s native address book and  you can set up different greetings for different contacts.  Google Voice is currently available for Android, BlackBerry, and iPhone devices.

To learn more, visit the Google Voice Help Page.

If you are constantly emailing yourself documents or always carrying around your USB drive for backup, you may want to try an online service for file storage.  Drop Box is an easy backup system that enables users to share files between their computers and mobile devices. With a free account you get 2GB of space to store your files; you can also upgrade to a 100GB, 200GB, or 500GB account with a monthly paid plan.

Many Loyolans are now running the 2010 version of the Microsoft Office Suite from their desktops. Loyola traditionally offers technology workshops in January and August through our Training Central program, and starting January 2012 the Office classes – Excel, PowerPoint, and Word – will all feature the 2010 version of these programs. In addition, because the number of people using 2010 has been growing this fall, a special series of free training classes has been added in October and November to help those who have already made the transition. The first two courses – using Word 2010 Effectively and PowerPoint 2010: Bells and Whistles – are scheduled for October 12. For the full list of dates and topics, or to register, visit the ITS Training Courses page.

And if you’re still using Office 2003 or Office 2007 and want to learn more about making the switch to Office 2010, see the August 12 TechTips post.

Firesheep is a Firefox extension that basically allows anyone you are sharing a wireless network with to discover and access certain online sessions that you are logged into. Many sites encrypt information only for your initial log in; once you successfully log in, the server (that hosts the website you are accessing) sends your browser a cookie granting you access. Once you are logged in, the site reverts back to an unencrypted transmission. Firesheep allows other users to access someone else’s cookies and enter websites using that login information.

To effectively combat Firesheep, you can download one of several plug-ins for Firefox that will force a webpage to use a secure web connection. However, in order for this work, the website must support full end-to-end encryption (either as HTTPS or SSL). For more information and to learn how to install one of these plug-ins, visit the University Information Security Office page.

Did You Know?
Loyola University Chicago blocks over one million spam messages per day.

What is Phishing?
Phishing is an attempt to steal sensitive information, such as your social security number or passwords, by posing as a trusted organization or person. Phishers are known for using this information for identity theft and other fraudulent acts.

What do Phishing attacks look like?
Phishing is most commonly attempted via an email that will claim to come from a trusted organization, such as Loyola University Chicago, your bank or your credit card company. There are two common mechanisms that phishers use to steal your sensitive information:

• 1.  They will ask you to respond to an email with your sensitive  information.
• 2.  They will ask you to follow links to update your sensitive  information.
  • a.  You will appear to be providing your information to the trusted company, while in fact you will be providing that information to a phisher.

What are some types of Phishing attacks?

• “Spear Phishing” targets a particular person or organization into revealing confidential company information by impersonating the organization, or members of the organization.
• “Whaling” specifically targets senior management into divulging confidential information.

How can I prevent becoming a victim of Phishing attacks?
No legitimate organization will ever ask you for your password!

Do not click on any links sent via email, as these may take you to a web site that places malicious software on your computer. Instead, enter the address that you know is legitimate into your browser.

For example:  Instead of clicking on the URL received in an email (such as http://www.123citi-bank-usa.com/update/yourcredentials.html), open up Firefox and navigate to Citibank’s known website: www.citibank.com.

Call the institution to inquire on the matter instead of following the link. In addition, refrain from calling any numbers listed in the email, and instead, use a number for the organization that you know is legitimate.

If you are prompted to enter your username and password to a site that appears legitimate, enter both incorrectly.  A fraudulent site will accept the incorrect username and password while a legitimate site will not. Also make sure to check that the SSL certificate is valid and error free. Refer to the following link and steps to validate the sites SSL certificate, http://info.ssl.com/article.aspx?id=10068.

If you do provide personal or sensitive information to a malicious site, immediately contact the appropriate institution with the details surrounding the occurrence.

Where can I send potential Phishing attacks to be processed?
LUC Staff, faculty, and students should report any regular phishing emails or sites to spam@mailfoundry.com.

If you have received a Spear Phishing or Whaling attack, please forward it to DataSecurity@luc.edu.

Where can I find more info?
Visit http://www.luc.edu/uiso/protect_yourself.shtml for additional security tips.

Instant Eyedropper is a free software program that allows you to easily copy and save any color you see on the Web. With Instant Eyedropper, you can identify and save the HTML color code so that you can use the color on your Web page or in an image editing program, such as Adobe PhotoShop. The best part is that you can do this with just one click and without opening any graphics editing software!

How it Works

Once you install the software, the Instant Eyedropper icon will appear in your system tray.

When you click on the icon, you will see your mouse arrow turn into cross-hairs. Continuing to hold the mouse button down, you can guide the cross-hairs across your screen; you will see a zoom of the pixels under the cross-hairs so that you can select the exact pixel you would like to identify and copy. You will also see the HTML code for that specific color.

Releasing the mouse button immediately pastes the information onto your clipboard.  Additionally, you can change what format the color code is saved as. For example, rather than HTML, you can save the information in Hex or RGB notation. Simply right click over the Instant Eyedropper icon in your system tray to choose from a list of formats.