Posted by Stop. Think. Connect.

Recently there’s been a reported rise in the number of cyber incidents suspected to be the result of social engineering, a tactic which involves approaching an individual, either online or in person, and manipulating them into providing personal information that can be used to break into a computer network or assume someone’s identity.

Such schemes can be as brazen as tricking you into handing over a password or as seemingly harmless as asking what kind of software you use or the name of the person responsible for maintaining your computer network. Perpetrators may pose as coworkers, repair men, IT staff or other outsiders with an apparent legitimate need to know such information.

To avoid becoming a victim of a social engineering attack:

• Be suspicious of unsolicited contacted from individuals seeking internal organizational data or personal information.
• Do not provide personal information or passwords over email or on the phone.
• Do not provide information about your organization.
• Pay attention to website URLs that use a variation in spelling or a different domain (e.g., .com vs. .net).
• Verify a request’s authenticity by contacting the company directly.
• Install and maintain anti-virus software, firewalls, and email filters.

If you think you are a victim of a social engineering attack:

• Report the incident immediately.
• Contact your financial institution and monitor your account activity.
• Immediately change all of your passwords.
• Report the attack to the police, and file a report with the Federal Trade Commission (http://ftc.gov) and US-CERT (http://www.us-cert.gov/).

Stop. Think. Connect. Protect yourself and help keep the web a safer place for everyone.  For more information on the Stop.Think.Connect. Campaign, please visit www.dhs.gov/stopthinkconnect.

Posted by the Stop. Think. Connect. Campaign.
Social media presents both opportunities and dangers

More than half of all Americans have accounts on one or more social network  like Facebook, Twitter or MySpace. Even here at DHS we are using social media to share information and engage with the public.

While social media is a great way to communicate and share information with friends and family, there are real dangers from hackers and cyber criminals. A stranger online should be treated in the same way as a stranger in real life. Unfamiliar “friends” or connections on social networks are not likely your true friends. Worse, they could be ill-intentioned people who use social networking sites to target or collect personal information.

Whether on social networks or web connected video games, follow these simple security tips from the United States Computer Emergency Readiness Team:

• Limit the amount of personal information you post: Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your trusted friends post information about you, make sure the information is not more than you would be comfortable sharing with strangers.
• Be wary of strangers: The internet makes it easy for people to misrepresent their identities and motives. If you interact with people you do not know, be cautious about the amount of information you reveal.
• Be skeptical: Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities.
• Evaluate your settings: Take advantage of a site's security and privacy settings and review them regularly to make sure that your choices are still appropriate.

Stop.Think.Connect. Protect yourself and help keep the web a safer place for everyone.


For more information on the Stop.Think.Connect. Campaign, please visit www.dhs.gov/stopthinkconnect.

Posted by the Stop. Think. Connect. Campaign

Smartphones and other mobile devices have transformed our use of the Internet, which now touches nearly every aspect of our lives.  Nearly half of all Americans are expected to own a mobile device by the end of this year. While these tools provide users with convenient access to information and communications, they also carry risk.

Mobile users have recently captured the attention of cyber criminals who seek to take advantage of everyday citizens.  In fact, experts predict that within three years, smartphones and mobile devices will surpass computers as the primary target for cyber crime.  If a hacker can gain access to a mobile device, they can easily find e-mail addresses, stored passwords, banking information, social media accounts, and phone numbers – allowing them to steal your information, your money, and even your identity. That’s why practicing good cyber habits is so important.

You can protect yourself from cyber criminals by following the same safety rules you follow on your computer when using your smartphone.  These include:

• Access the Internet over a secure network: Only browse the web through your service provider’s network (e.g., 3G) or a secure Wi-Fi network.
• Be suspicious of unknown links or requests sent through email or text message: Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
• Download only trusted applications: Download “apps” from trusted sources or marketplaces that have positive reviews and feedback.
• Be vigilant about online security:  Keep anti-virus and malware software up to date, use varying and strong passwords, and never provide your personal or financial information without knowing who’s asking and why they need it.

STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.  For more information on Stop.Think.Connect., please visit www.dhs.gov/stopthinkconnect.

Posted by Stop. Think. Connect.

The death of Osama bin Laden has garnered attention and interest around the world.  Unfortunately, major news events like this one often bring a wave of phishing scams designed to collect your personal or financial information without your knowledge.

Phishing scammers use email or malicious websites to solicit information by posing as a trustworthy source.  For example, a scam may send an email that looks like it’s from a reputable news organization with links to photos or video when, in fact, it takes you to a malicious website or downloads harmful viruses onto your computer.

The Department’s Stop. Think. Connect. campaign reminds all Internet users to be vigilant whenever they’re online, and to use caution when opening emails that purport to show images related to bin Laden’s death.  The same caution should be used with emails about the Royal Wedding or other recent major news events.

In addition to phishing, scammers may also post fake images online that can lead you to an infected website.  At least two domains were found to be serving up fake antivirus rogueware called "Best Antivirus 2011" on searches for "Osama bin Laden body" on a Google image search in Spanish, according to reports.

By clicking on these links or websites, you are putting your computer and your personal information at risk.

The National Cybersecurity and Communications Integration Center (NCCIC) offers the following advice to protect yourself from phishing schemes:

• Keep software up to date - Many operating systems offer automatic updates.  If this option is available, you should enable it.
• Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:
• Be sure the signatures in your anti-virus software are up to date (see Understanding Anti-Virus Software for more information).
• Save the file to your computer or a disk.
• Manually scan the file using your anti-virus software.
• Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments.

View emails in “Plain Text” – many email applications have options to view emails in “Plain Text”, which will restrict link functionalities and other unnecessary, but potentially dangerous, features in emails.

In addition, the Department Stop.Think.Connect. campaign reminds all Americans that whenever you’re online, it’s important to:

• Stop before clicking on images or opening suspicious email from sources or website you don’t know.
• Think about who sent you the email before opening any attachments or clicking links.  Be wary of unsolicited attachments, even from people you know.  Above all trust your instincts.
• Connect and use the Internet with the confidence of knowing you have taken the steps to protect your computer.

If you believe you have been the victim of a phishing attack, report it by sending an email to phishing-report@us-cert.gov. 

For more information on the Stop. Think. Connect. Campaign, visit www.dhs.gov/stopthinkconnect.