Tips for Shopping Safely Online - Even on Black Friday!

Tips for Shopping Safely Online

In 2016, for the first time ever, shoppers bought more online than in stores. All Internet-connected devices are vulnerable, especially when being used for purchases. You need to be aware of ways to protect yourself as you shop online.

The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it's habit to grab your reusable bags, lock the car, and make sure you've safely put away your credit card or cash before heading home with the day's purchases. Similar precautions need to be taken when you're shopping online from the comfort of your own home. If you make these simple precautions regular online shopping habits, you'll be protecting your purchases and personal information.

The National Cyber Security Alliance recommends following these basic steps so you'll be ready to cybershop safely and securely.

• Lock down your login. One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device, lastpass.com is a recommended site.  Your usernames and passwords are not enough to protect key accounts like e-mail, banking, and social media.
• Keep clean machines. Before searching for that perfect gift, be sure that all web-connected devices—including PCs, mobile phones, smartphones, and tablets—are free from malware and infections by running only the most current versions of software and apps. Please review this Manhattan College Knowledge Base Article:  Basic Malware Removal.
• Shop reliable websites online. Use the sites of retailers you trust. If it sounds too good to be true, it probably is!
• Conduct research. When using a new website for your holiday purchases, read reviews and see if other customers have had a positive or negative experience with the site.
• Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
• Get savvy about Wi-Fi hotspots. If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts, such as e-mail and banking. Adjust the security settings on your device to limit who can access your phone. 
• Check the address bar. Look for the green lock icon and https:// in the URL before using your credit card online.
• Manhattan College has the following information available for additional support on personally owned devices:  Resources for Personal Devices

Partially re posted from: November 2018: Shop Safe Online, Even on Black Friday!

Extortion Emails Did Not Stop

Did you forget our July 2018 extortion email blog post? We didn't. Extortion emails including an old breached password from a non Manhattan College affiliated computer service (e.g., LinkedIn, Tumblr, Adobe, etc.) have been continuing to arrive to Manhattan College community email inboxes demanding money or else the extortionists will release risqué videos.


From September 17th until October 16th, we received 32,474 emails with a subject that began with Your password is. They were aimed at 576 different manhattan.edu accounts and used 977 throwaway email accounts to send the messages.

• Several password best practices to consider: Use a password manager to store a distinct, random password per company you do business with.
• Never use your JasperNet password elsewhere.
• If you know that one of your accounts has been breached, whatever password was used is now compromised and can never be used again.
• Do not use passwords such as Homework2 or password123 and instead use passwords that are longer & are not mostly dictionary words.
• Always reach out to ITS when a dialogue is desired.
  
           Email:  its@manhattan.edu  or  TEL: 718-862-7973

Also consider signing up for password breach alerts. You can use a website such as Have I Been Pwned or a browser-based solution such as Firefox Monitor.


A few popular password managers are on the market. Remember that you can use distinct, random passwords using the following sites: LastPass (free), DashLane (free), or 1Password (30 day free trial). You must make sure that your master password to your password manager is never lost and that you must do regular backups of your password vaults. If you lose your master password, you will not be able to access your password vault.


How to Protect Yourself From Scams Like This:

Step up to Stronger Passwords

I Clicked on a Phishing Scam Email... What now?

Partially reposted from:  10/25/18 Harvested Passwords Used in Email Extortion | AT&T ThreatTraq

Shop Safe Online, Even on Black Friday!

In 2016, for the first time ever, shoppers bought more online than in stores. All Internet-connected devices are vulnerable, especially when being used for purchases. You need to be aware of ways to protect yourself as you shop online.

The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it's habit to grab your reusable bags, lock the car, and make sure you've safely put away your credit card or cash before heading home with the day's purchases. Similar precautions need to be taken when you're shopping online from the comfort of your own home. If you make these simple precautions regular online shopping habits, you'll be protecting your purchases and personal information.

The National Cyber Security Alliance recommends following these basic steps so you'll be ready to cybershop safely and securely.

• Lock down your login. One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like e-mail, banking, and social media.
• Keep clean machines. Before searching for that perfect gift, be sure that all web-connected devices—including PCs, mobile phones, smartphones, and tablets—are free from malware and infections by running only the most current versions of software and apps.
• Shop reliable websites online. Use the sites of retailers you trust. If it sounds too good to be true, it probably is!
• Conduct research. When using a new website for your holiday purchases, read reviews and see if other customers have had a positive or negative experience with the site.
• Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
• Get savvy about Wi-Fi hotspots. If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts, such as e-mail and banking. Adjust the security settings on your device to limit who can access your phone. If you must use open Wi-Fi connections, connect to a virtual private network (VPN) first.
• Check the address bar. Look for the green lock icon and https:// in the URL before using your credit card online.

partially reposted from: https://er.educause.edu/blogs/2017/9/november-2018-shop-safe-online-even-on-black-friday

It’s Phishing Season: How to Protect Yourself on Black Friday and Beyond

Black Friday is just around the corner—which means the holiday shopping season is about to get into full swing.

But crazy-long lines and fights over the last Star Wars Lego set aren’t the only headaches consumers might face come November 25.

That’s because Black Friday falls within prime cyber crime season, according to a new report from cyber security company Kaspersky Lab. In anticipation of the online-shopping deluge, digital crooks time their phishing emails, malicious links and other online attacks and scams to Black Friday, Cyber Monday and through the rest of the holiday season. By stealing your personal financial info from your computer or smartphone, they then can steal your cash—or even your identity.

Want More?

Hack This! 5 Tips for Protecting Your Online Identity

The report reveals that for the past few years, the number of online attacks during this high sales season has been nine percentage points higher than the average number of attacks that happen during the other months of the year. That same jump is expected during the 2016 pre-holiday sales season as well.

What are the biggest cyber crime threats? Phishing emails are one of the most obvious. These emails are designed to look like they were sent from a legit company, such as your own bank or an online retailer you visit frequently. They’ll ask for your PIN number or other financial info for some made-up reason, such as to confirm a purchase.

Phishing pages are endemic as well, according to the Kaspersky Lab report. These are fake websites that mimic the appearance of a known retailer’s site. When you unknowingly “buy” something and enter your credit card information to check out, your data goes to a crook.

Those innocent-looking links you receive via social media or email that lead you to great deals? That could be a cyber thief at work, too. Click the link and malware is unleashed on your phone or computer that hunts down and steals financial data from your online banking or other accounts.

Making all of this easier for cyber criminals is the fact that so many of us bank and shop via smartphone these days: By the end of 2017, an estimated 60% of all e-commerce is expected to be done from a smartphone, according to the report. Thieves look for ways to break into insecure Wi-Fi networks and poach personal data.

But let’s face it: Online and mobile shopping isn’t going away, so how can you keep your info out of the hands of criminals while still checking things off your gift list? Keep these smart tactics in mind:

Never click on a suspicious link. That goes for whether or not you know the sender. After all, he or she may have been hacked, and the link might unleash malware that steals your data.

Only shop on a retailer’s actual URL. Check the address of wherever you’re doing your shopping to make sure you’re on the website of the actual company—not a similar-looking one created to mimic the site by thieves who hope you won’t notice.

Make sure the site is secure. An easy way to tell is whether the URL starts with “https.”

Switch your phone to cellular data if you’re shopping on the go. Yes, you might have to eat into some of your data plan, but that’s better than having your financial information stolen because you’re on public Wi-Fi. Even better, install a VPN system on your mobile devices, which encrypts your data.

Use complex, unique passwords for each online retailer. It’s also safer to change them every three to four months. Sure, it’s a pain to keep track of them all, but hey, that’s what password manager tools are for.

Never give a shopping site more info than is needed. If a retailer asks for your social security number or birthday, consider it a warning sign that something’s not right.

http://www.forbes.com/sites/learnvest/2016/11/17/worried-about-black-friday-cyber-scams-6-ways-to-protect-your-money/#42e53478654a