University of Cincinnati University of Cincinnati

How to Shop safely this Holiday season

PresenterPresenter

Quinn Shamblin– UC Information Security Officer– Certifications:

CISSP, GCFA , PMP

– Contactinfosec@uc.edu558-ISEC

Holiday Shopping SafetyHoliday Shopping Safety

Lots of money this time of yearThings to be mindful of during this

Holiday season– Phishing Email– Fraudulent Websites– Other Concerns– Physical Safety

Phishing & Email SafetyPhishing & Email Safety

PhishingPhishing

Phishing is a way of fraudulently acquiring sensitive information using social engineering and technical subterfuge.

It tries to trick users with official-looking messages– Credit Card, Bank Website– eBay, Paypal

Some phishing e-mails also contain malicious or unwantedsoftware that can track your activities or slow your computer

Types of PhishingTypes of Phishing

Email– Phishing e-mails may appear to be from institutions that

you use every day, but they really come from a criminal trying to steal information

Web Site– If you follow a link from an email or from an

untrustworthy web site, it may take you to a site clone that records your information before logging you into the real site

IM / Social Networking Websites (My Space)– You may be contacted by someone claiming to be from

support, asking you for account information

ProliferationProliferation

ProliferationProliferation

Dear Bank Of America Customer,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.

This might be due to either of the following reasons:

1. A recent change in your personal information ( i.e.change of address).2. Submiting invalid information during the initial sign up process.3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

Please update and verify your information by clicking the link below:

http://www.Bankofamerica.com/update/index.asp

If your account information is not updated within 48 hours then your ability to access your account will become restricted.

Thank you

The Bank of America Accounts Management Department

Update Your Online Banking InformationUpdate Your Online Banking Information

http://pacesettermarketing.ca/www.bankofamerica.com/index.html

This credit card transaction will appear on your This credit card transaction will appear on your bill as "PAYPAL INPHONIC*"bill as "PAYPAL INPHONIC*"

This email confirms that you have paid INPHONIC (sales@inphonic.com) $239.95 USD using PayPal. This credit card transaction will appear on your bill as "PAYPAL INPHONIC*".

PayPal Shopping Cart Contents

Item Name: NEW MOTOROLA V3 PINK RAZR RAZOR QUAD-BAND CELL PHONE

Quantity: 1

Total: $219.95 USD

Cart Subtotal: $219.95 USD

Shipping Charge: $20.00 USD

Cart Total: $239.95 USD

Shipping Information

Shipping Info: Richard McCoy 102 N Magnolia Tr. Waco, ME 04172 United States

Address Status: Unconfirmed

If you haven't authorized this charge, click the link below to cancel the payment and get a full refund.

Dispute Transaction

Thank you for using PayPal!The PayPal Team

◄ http://intergate.gunterisd.org/~guest/index.html

Important Notice: Your Amazon.com Order Important Notice: Your Amazon.com Order (#002-4082816-7275366)(#002-4082816-7275366)

Greetings from Amazon.com.

We have not yet received a valid method of payment and thus are unable to proceed with your order (#002-4082816-7275366). Your order remains open. 

Your credit card payment for the above transaction could not be completed. An issuing bank will often decline an attempt to charge a credit card if the name, expiration date, or ZIP Code you entered at Amazon.com does not exactly match the bank's information. 

To verify and/or update payment information for this order, please visit the following page:https://www.amazon.com/gp/css/account/payment-update

Please note that if we do not receive payment from you within the next 3 days, your order will be canceled.  If you would like to cancel the above order (#002-4082816-7275366) now, please visit the following page: https://www.amazon.com/gp/css/homepage/order-summary 

You can view our privacy policy and contact information at: http://www.amazon.com/gp/help/customer/policy_privacy   

Thank you for shopping at Amazon.com.Sincerely, Amazon.com Customer Service

▲ http://rds.yahoo.com/_ylt=A0oGkkc89eREaekARGxXNyoA;_ylu=X3oDMTB2cXVjNTM5BGNvbG8DdwRsA1dTMQRwb3MDMQRzZWMDc3IEdnRpZAM-/SIG=12cpokol2/EXP=1155942076/**http://plamea.lydo.org/pralea.php

Fifth Third Bank: 0fficial Information. Fifth Third Bank: 0fficial Information.

http://pacesettermarketing.ca/www.53com/index.html

How to avoid PhishingHow to avoid Phishing

DON’T CLICK THE LINK in emailsType the site name into your browser

directlyNever send sensitive account

information in e-mail (Account numbers, SSN, passwords)

Never give any password out to anyone

Web SafetyWeb Safety

Increased Security FocusIncreased Security Focus

Use the latest products and services to help warn and protect you from online scams

Microsoft Phishing Filter – Helps protect you from Web fraud and the risks

of personal data theft – Warns or blocks you from visiting reported

phishing Web sites. – Included in Internet Explorer 7&8 or Windows

Live Toolbar

Digital CertificatesDigital Certificates

A digital certificate is what proves the identity of a website.

If the certificate fails in some way, that means that the identity of the site cannot be proven and an encrypted channel will not be created.

If the certificate fails, the web browser will show a warning message. (Next Slide)

Do not provide sensitive information to a site that cannot be confirmed.

Certificate WarningCertificate Warning

Safety Feature – Green Closes the PageSafety Feature – Green Closes the Page

Web site with failed Certificate (Not Encrypted)Web site with failed Certificate (Not Encrypted)

The pink background reminds you not to give sensitive information to this site… (IE 7 only)

Certificate-Verified URL (Encrypted)Certificate-Verified URL (Encrypted)

Certificate-Verified URL (Encrypted)Certificate-Verified URL (Encrypted)

In IE 6 and previous, Netscape, Mozilla, Firefox, etc.Look for the padlock in the lower right-hand corner

Basic ChecklistBasic Checklist

Install a reputable Anti-Virus package– McAfee is free to UC personnel: www.uc.edu/infosec – Look for “Free Anti-Virus” (upper right-hand corner)

Set up your system to automatically download and install critical updates

– Go to Start > Programs > Accessories > System Tools > Windows Security Center

– Click on Automatic Updates– Select Automatic, choose the appropriate time and Click

OK. If you are using a non-windows system, check this link for

patches: http://www.uc.edu/infosec/Software.htm KNOW to whom you give personal information…

Good Site or Bad?Good Site or Bad?

Other ConcernsOther Concerns

Telephone ScamsTelephone Scams

Verify any person who contacts you (by phone or email).

Know who you are talking to…If someone calls you on a sensitive topic, thank them, hang up and call them back using a number that you know is correct, like from your credit card or statement.

Solicitation in PublicSolicitation in Public

Confine your charitable giving to reputable established organizations– Unfamiliar? Ask for literature

If solicited by an individual for personal charity, don't give cash; offer to buy the individual food or drink or refer them to local assistance resources.

Solicitation via PhoneSolicitation via Phone

National Do-Not Call List– https://www.donotcall.gov/

If solicited by telephone despite being on the list, simply hang up. – It is your phone, there for your

convenience, not theirs.

Solicitation at HomeSolicitation at Home

Door-to-door– With the exception of local organizations, door-

to-door sales are often fraudulent, and should be viewed with skepticism.

– If it sounds too good to be true, it usually is. – Under consumer protection laws, you have a

right to written information about any offer, and the right to cancel any order within three days should you reconsider your decision.

Physical SafetyPhysical Safety

IncentiveIncentive

There is a lot of money flowing during the holiday season

Criminals know this

ATMsATMs

Using debit or credit cards is much safer than carrying a lot of cash– Liable for only $50

Be observant– If anyone is loitering, or you don't like

their looks, go to another ATM

Vehicle SafetyVehicle Safety

Maintain at least half a tank of fuel When driving, keep doors locked and windows

rolled up When parking, roll up the windows, lock the vehicle,

take the keys, and conceal valuables, preferably in the trunk. Park and walk in lighted areas to the extent possible

When returning to your vehicle, carry your keys in your hand and be ready to unlock the door and enter as quickly as possible. Take a quick look inside before entering

If your vehicle breaks down...If your vehicle breaks down...

Pull as far onto the shoulder as possible Turn your emergency flashers on If you have a phone, summon assistance Await assistance inside your locked vehicle

– If a stranger stops, speak to them through a partially rolled-down window, and ask them to go to a phone and call police or a tow service

– Do not exit your vehicle until a law enforcement officer or tow operator are on scene

On longer trips, be sure you have a phone, water, food, and blankets in the vehicle for emergencies

In PublicIn Public

While out and about, present an alert appearance

Avoid concentrating to hard on shopping Wear conservative, comfortable clothing Grip carried items firmly and avoid leaving

them unattended Carry minimal cash and valuables, wear

minimal jewelry

While shoppingWhile shopping

Shop with friends or relatives if possible– More fun and there IS safety in numbers

Be alert in crowded places– Among pickpockets' favorites are revolving doors,

jammed aisles, elevators, and public transportation stops and vehicles, especially at rush hour

Carry the day's most expensive purchases closest to your body

Don't carry so much you lose the ability to react quickly

Keep a close eye on your children while shopping

Report any incidentReport any incident

Be civically minded. Help protect us your friends and neighbors– If you “don’t want to take the time”, the

offender may do something worse next time.

Great time of year… Great time of year…

Keep these safety basics in mindAvoid trouble and have