Trojan Horses
Trojan Horses are a type of malware that misrepresent themselves. Trojan Horses may be apps in smartphone stores, freeware and shareware, or even attachments to emails. The last is a very common spam technique and is often used with spam email campaigns that say you have a voicemail, fax, or shipping notification. When you click the attached document to hear the voicemail, or see the fax or who has shipped you a package, the file opens to show you what you expect to see or hear, but in the background malware is downloading on to your computer.
Drive-by Downloads and Malvertising
Drive-by downloads occur when a program is downloaded onto your device without your permission. One way this happens is through malicious advertising or malvertising. You know the advertisements that appear on the edge of many webpages? When malicious actors purchase advertising space there, they can install malware in the advertisement. That means that if you see that malicious advertisement, which looks like any legitimate advertisement, the malware hidden in the advertisement will automatically try to download onto your device.
Social Engineering - Malicious Links
Social engineering relies on tricking you into taking an action, such as clicking on a link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites is enough to infect your device. Some types of social engineering use link baiting or other techniques to get you to click on the malicious link. Link baiting (which is not necessarily malicious) is when content providers try to get you to click on a link. One popular form of link baiting is providing a teaser that generates interest in the story, such as "5 Things Preventing You From Being Rich".
Social Engineering - Scareware
Scareware, such as ransomware and fake antivirus software, frequently use social engineering by making popup boxes look like messages from your computer. These messages try to look official and say things "System Warning!" and "Threats Found!" or "Your computer is infected. Click OK to remove the virus." They hope you'll click on the message, which allows the malware to be downloaded on to your computer. Often clicking anywhere on the message allows the malware to be downloaded, so instead hit the back button or on a Windows computer, use the Task Manager to close the popup window.
As if scareware wasn't bad enough, some versions of scareware use the scary warning messages to convince you to buy the malware. Fake antivirus malware most commonly uses this technique. Fake antivirus is malware that pretends to be real antivirus software. The criminals who sell the fake antivirus have professional-looking websites, call centers where you can ask for help, and even different payment levels. After you buy and install the fake antivirus, it will infect your computer with malware instead of cleaning it, and the malicious actors have your money!
Tip 1: Don’t trust the display name. A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Check the email address in the header. If it looks suspicious, don’t open the email.
Tip 2: Look but don’t click. Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it.
Tip 3: Check for spelling mistakes. Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious. Notice the mistakes in the text in the above example just above the Microsoft copyright.
Tip 4: Analyze the salutation. Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don’t give up personal information. Legitimate banks and most other companies, including MSBSD, will never ask for personal credentials via email. Don’t give them up.
Tip 6: Beware of urgent or threatening language in the subject line. Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Review the signature. Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Tip 8: Don’t click on attachments. Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header from email address. Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
Tip 10: Don’t believe everything you see. Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
For more tips on online safety, please go to the District Website, Departments, Information Technology, Online Safety for Parents and Students. There are several tips that apply to staff as well as parents and students.
Keep a Clean Machine.
Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect Your Personal Information.
Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
Own your online presence: Set the privacy and security settings on websites to your
comfort level for information sharing. It’s ok to limit how and with whom you share information.
Connect with Care.
When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to
delete or if appropriate, mark as junk email.
Get savvy about Wi‐Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://,” which means the site takes extra measures to help secure your
information. “Http://” is not secure.
Be Web Wise.
Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
Be a Good Online Citizen.
Safer for me more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
Post only about others as you have them post about you.
Help the authorities fight cybercrime: Report stolen finances, identities and cybercrime to http://www.ic3.gov (Internet Crime Complaint Center) and http://www.onguardonline.gov/filecomplaint (The FTC).