State of Texas
Department of Information Resources
Leadership for Texas Government Technology

SecureTexas - Protect Yourself Online ...the online security resource for Texas citizens

An overview of technology security issues, including best practices, definitions, and frequently asked questions.

• Technology Security at Home
• Email Hoaxes
• Phishing
• Protecting Your Children
• Social Engineering

Technology Security at Home

Over the last few years, there has been a significant increase in the number of attacks on home computers. This makes sense, because many home users do not protect their information resources. Home users who have cable modem and DSL connections are particularly vulnerable because they tend to leave their fast connections open 24x7. How convenient for the hacker community!

So, why should you care about home computer security? As the CERT Coordination Center points out in their Home Network Security document, "we use computers for everything from banking and investing to shopping and communicating with others through e-mail or chat programs. Although you may not consider your communications top secret, you probably do not want strangers reading your e-mail, using your computer to attack other systems, sending forged e-mail from your computer, or examining personal information stored on your computer (such as financial statements)."

You can minimize your security risks at home by following these guidelines:

• Install and maintain Anti-Virus Software. Use the software regularly.
• Install and maintain a Firewall.
• Password-protect your home wireless network.
• Keep all applications, including your operating system, patched with the latest updates from the manufacturer.
• When not using your Internet connection, turn your modem or your computer off.
• View your email as text only. Disable the function that automatically views email as html.
• Do not automatically open attachments.
• Do not run software programs of unknown origin. Make sure the software you download and install comes from a reputable source.
• Delete chain emails and junk mail. Do not forward or reply to any of them.
• Never reply back to an email to "unsubscribe" or to remove yourself from an unknown list. This lets the spammers know that they have reached a live email address and your spam mail will increase.
• Back up your critical data and documents regularly.

See: Links to Further Reading for more general information about online security.

Email Hoaxes

Included in the junk mail that fills our email boxes are dire warnings about terrible new viruses, Trojans that corrupt your system, and worms that can wipe out your hard drive. You'll also often come across urgent messages about terminally ill children, charities in trouble, pyramid schemes, and other items designed to grab your attention. Most all of these messages are hoaxes or chain letters. While hoaxes do not automatically infect systems like a virus or Trojan, they are still time consuming and costly to remove from all the systems where they exist.

Please do not spread chain letters and hoaxes by sending copies to everyone you know. Sending a copy of a cute message to one or two friends is not a big deal, but sending an unconfirmed warning or plea to everyone you know with the request that they also send it to everyone they know simply adds to the clutter already filling our mailboxes.

• Check at anti-virus and hoax sites to see if the warning or chain email has already been declared a hoax.
• You may also check the website of the company that produces the product that is supposed to contain a virus. (For example, check Microsoft for warnings about Microsoft products.)
• If you do not find any information at the these sites, this particular hoax may not yet have been reported.
• Don't automatically forward warnings and chain emails. The request to "send this to everyone you know" or some variant of that statement should raise a red flag that the warning is probably a hoax.

See: Links to Further Reading for more links about Hoaxes.

Phishing

The act of "phishing" is now being used in conjunction with virus attacks to compromise your security online.

What is Phishing?

Webopoedia defines phishing as, "The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft."

The Federal Trade Commission provides a Consumer Alert page that gives advice on how to avoid such scams. One of the most pertinent pieces of information states, "If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine..." The site also states, "Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

Spotting Phishing Sites

• Check the address bar:
  Fake sites are often hosted on domains that have nothing to do with their target. Legitimate-looking links in phishing e-mails often redirect you to fake sites.
• Spelling test:
  Some phishing gangs make their own web pages and often they are full of spelling and grammatical errors.
• Site security:
  M ost online banks use web links starting "https"rather than "http".
• Naked numbers:
  Few organizations use raw net addresses in e-mails and seeing one can flag a problem.
• Use an anti-phishing toolbar:
  Add-ons to browsers are produced by firms such as EBAY, Netcraft, Geotrust, Cloudmark, Comodo and Phishing.net that can flag fake sites. Also worth using is the Site Advisor add-on for IE and Firefox.

See: Links to Further Reading for more links about Phishing.

Protecting Your Children

• Tips for Protecting Your Children Online - from the Attorney General Of Texas - CyberCrimes Unit
• Parent's Guide to Internet Safety - from the US Department of Justice, Federal Bureau of Investigation
• See: Links to Further Reading for more links about Protecting your Children Online .

Social Engineering

"Social Engineering" sounds ominous. What does it mean? Social Engineering is essentially "people hacking".

According to SANS Institute, "Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of inappropriate trust relationships with insiders. It is the art of manipulating people into actions they would not normally take. The goal of a Social Engineer is to trick someone into providing valuable information or access to that information. It preys on qualities of human nature, such as the desire to be helpful, the tendency to trust people and the fear of getting in trouble. The sign of a truly successful Social Engineer is they receive the information without raising any suspicion as to what they are doing."
--Social Engineering: Policies and Education a Must. Rick Tims. SANS Institute.

We can fight Social Engineering by following some common sense guidelines:

• Don't give your passwords away to anyone.
• Don't reuse your passwords when going online for business or personal matters.
• Don't have confidential conversations in public settings.
• Shred sensitive information before throwing it in the recycle bin.
• Show caution when opening email attachments.
• Don't respond to or forward unsolicited email advertisements, chain letters, and hoaxes.
• Password-protect your email account.
• Log out of sensitive programs when you walk away from your computer.
• Turn your computer off when it is not in use.

See: Links to Further Reading for more links about Social Engineering and Identity Theft.

This site is a reference site. The links are to provide consumers with a listing of references to find answers, learn, stay abreast of the newest information. Some of the information provided in these sites are from commercial vendors and are not an endorsement of any kind. They are used for informational purposes only.