October is National Cyber Security Awareness Month. This week's cyber security "Tip of the Week" from ITS focuses on avoiding scams designed to infect your computer or steal information and passwords.
Criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal personal or private information or passwords, or trick you out of money. Even as more "traditional" phishing scams continue, new ploys are emerging to trick you into clicking on malicious links or installing harmful software on your computer. Two scams that seem to be picking up steam right now are:
1. Malicious "tiny URLs": These are links to malicious web sites that have been shortened so you can't tell by looking at them where they will take you.
2. Malicious links to fake videos: In this scam, you are urged to click on a link to a video. When you click on the link, you get a message that you need to install a missing video plug-in to see the video. The fake plug-in is harmful software that will infect your computer.
Both of these scams are especially common on Twitter, Facebook, and Myspace, but they also show up in spam and instant messages (IM).
Here are a few pointers to avoid getting fooled:
- Only click on links from trusted sources. Never click on a link from a "mystery source" unless you have a way to independently verify that it is safe.
- Delete unsolicited e-mails; don't open, forward, reply to, or click on links or attachments in them.
- Don't give private information to anyone you don't know or who doesn't have a legitimate need for it (in person, over the phone, via e-mail or the Internet).
- You should never disclose your password to anyone, even if they say they work for UCSC, ITS, or other campus organizations.
- If an offer sounds too good to be true, it probably is. If you want to investigate something, look it up on your own (e.g., do a Google search) instead of clicking on an unknown or unsolicited link.
For questions contact the ITS Support Center: help@ucsc.edu, itrequest.ucsc.edu, 459-HELP.
Additional cyber security information is available on the ITS Security Awareness Web site.
