ITS Technology Tips

What is identity theft?

Identity theft is a crime where a person uses your personal identification information, like your name, Social Security Number, driver’s license number or credit card number, without your permission with an intention to commit fraud. This also allows the criminal to steal money from you by opening up new credit card accounts and running up charges on them or purchasing new services like a phone account, internet, rent an apartment, etc. in your name. You may not even be able to find out about the theft until you review your credit card statement and notice charges you didn’t make or in some instances until you review your full credit report and credit history.

How is it harmful?

Identity theft can also provide a thief with false credentials for immigration or other applications. The biggest problem with identity theft is that the crimes committed by the thief are often attributed to the victim. The FTC (Federal Trade Commission) estimates that as many as 9 million Americans have their identities stolen each year. Identity theft is a serious crime and it can be harmful to the person whose identity is stolen by losing out on job opportunities, or denial of loans for education, housing or cars because of negative information on their credit reports. Aside from losing money and confidence in the marketplace, identity theft also soils the reputation and livelihood of the consumer. In few cases, they may even be arrested for crimes they did not commit. According to the FBI, identity theft is the fastest-growing white-collar crime in the United States.

What can one do if already a victim of Identity Theft?

1)     Place a fraud alert on your credit reports as and review them as fraud alert prevents an identity thief from opening more accounts in your name.

2)     Close the accounts that you suspect have been opened fraudulently immediately.

3)     File a complaint with the local police or with the Federal Trade Commission, which may help in recovering from identity theft more quickly.

How to avoid Identity theft?

To minimize the risk of becoming a victim of identity theft, remember the word SCAM:

S – Be stingy. Do not give your personal information to others unless you have a valid reason to trust them
C – always Check your financial information on a regular basis to track your financial status
A  – Ask for a copy of your credit report from time to time – you are entitled to 1 free report every year
M – Maintain careful records of your banking and other important financial accounts

What is the Gameover malware?

Gameover is an updated Zeus malware attack that goes after bank information.  The attack takes place when malicious users send spam email to infect computers with malware, which is designed to collect bank account information from the recipient’s computer.  After this malware is on your computer,  it is able to steal usernames, passwords and can bypass financial institutions’ user authentications.  As the name of the attack suggests, once the malware gets your information, it is “game over” for your bank account.

How it works

Spammers spread the virus to computers by sending out emails from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) saying there is a problem with your bank account or recent transaction.  A link is provided in the email to fix the problem, which then leads you to a fake website. As soon as you click the link and go to the website you also just downloaded this malware to your computer.

How to protect yourself

NACHA, FDIC, and the Federal Reserve all say they don’t send out unsolicited emails to bank account holders. So if you want to confirm there’s a problem with your account or one of your recent transactions, contact your financial institution. Do not click on any links sent via email, as these may take you to a Web site that places malicious software on your computer. Instead, enter the address that you know is legitimate into your browser. For example: Instead of clicking on the URL received in an email (such as http://www.123citi-bank-usa.com/update/yourcredentials.html), open up Firefox and navigate to Citibank’s known website: www.citibank.com.

Where can I find more info?
Visit http://www.luc.edu/uiso/protect_yourself.shtml for additional security tips.

Firesheep is a Firefox extension that basically allows anyone you are sharing a wireless network with to discover and access certain online sessions that you are logged into. Many sites encrypt information only for your initial log in; once you successfully log in, the server (that hosts the website you are accessing) sends your browser a cookie granting you access. Once you are logged in, the site reverts back to an unencrypted transmission. Firesheep allows other users to access someone else’s cookies and enter websites using that login information.

To effectively combat Firesheep, you can download one of several plug-ins for Firefox that will force a webpage to use a secure web connection. However, in order for this work, the website must support full end-to-end encryption (either as HTTPS or SSL). For more information and to learn how to install one of these plug-ins, visit the University Information Security Office page.

In order to keep your computer’s operating system running safely and efficiently, it is important that you regularly install the latest software patches and updates.  In this week’s Tech Tip, the Loyola University Information Security Office provides information and resources to help you keep your software up-to-date.

What is Patch Tuesday?
Patch Tuesday refers to the second Tuesday of each month when Microsoft releases fixes for known issues in its operating systems and other products. These fixes are called patches or updates and are available for free download from the Microsoft website for any legally licensed copy of Microsoft Software.

What do patches do?
After software gets released to the public and it is being used with a greater frequency, people may begin to notice small problems that were not found during testing. Also, old software may have compatibility issues with newer hardware and new software might not run properly on older hardware. After gathering this data, these patches are released to fix these problems.

Why should I care about patches?
Software patches and updates don’t just fix small problems; they can also fix serious security issues within specific software programs. Malicious users can exploit vulnerabilities in software to gain access to part or all of your system. By keeping your software up to date, you are making it harder for someone to gain unauthorized access to your system.

How can I keep my software up to date?
The best way to keep software up to date is to regularly check and install updates from the software company. Microsoft has an update feature built into its operating systems and software which, when turned on, will automatically check with Microsoft for updates. Here at Loyola, computers in the labs, classrooms, as well as faculty/staff desktop PCs, are monitored by network software. Updates are sent to them from a main server once the update has been tested and approved by our Desktop Services team. Students who bring their own computers to campus are required the keep their operating system and antivirus solution up to date. Otherwise, they will not be able to gain access to the Loyola network.

It is also important to keep your other applications up to date. They can have security vulnerabilities that can be exploited by malicious users to gain access to your system. Some applications may have options to turn on automatic updates, but if not, it is important that you check for updates regularly. Here is list of popular software and links to the update site:

Windows:   http://update.microsoft.com
OS X:  http://www.apple.com/support/osfamily
PC Office:  http://office.microsoft.com/officeupdate              
Mac Office:   http://www.microsoft.com/mac/downloads.mspx
iPhone/iPod:  http://www.apple.com/support
Adobe:   http://www.adobe.com/support/downloads/new.jsp
Firefox:  http://www.mozilla.com/en-US/firefox/upgrade.html
Safari:   http://www.apple.com/safari/download
Opera:  http://www.opera.com/download
Norton:  http://www.symantec.com/norton/downloads/index.jsp
McAfee:  http://www.mcafee.com/us/downloads