Please enable javascript to view this page in its intended format.

Queen's University
 

Fall 2010 Newsletter


Cybercrime: Put on the Brakes and Park Your Mouse...

"Traveling the information highway" as a metaphor for "using the internet" is getting very cold. An increasing number of the "highways" are very real today and it is becoming easier for criminals to locate, follow and target victims.

 

In spite of a plethora of web sites serving up documents, tutorials and blogs regarding computer security, privacy and safety, the threat of identity theft and other types of crimes on the internet continue to increase. Mr. George Farah, Information Systems Security Manager states, "Cybercrime, computer hacking and spear phishing leading to identify theft are three of the major threats we face on the Queen's University campus in the area of computing".  Mr. Farah stresses the importance of becoming aware of these threats, "Knowing how they happen and knowing how to protect ourselves as organizations and individuals is ever increasing as the nature of these threats evolve".

 

In June 2010, a Consumer Reports survey (State of the Net 2010) indicated that over 50 percent of adults who use social networking applications provide information that makes them a target for identity theft and other crimes. This same survey reported that a million households were victims of phishing attacks; they lost money or had their accounts misused. In August 2010, the additional security risks introduced by the use of social networking sites prompted EDUCAUSE & and the Internet2 Higher Education Information Security Council (HEISC) to create a list of suggested tips for safe and secure social networking on a Social Networking Security wiki page for educational institutions.

 

It's time to put on your brakes, park your mouse, and learn about computer security, privacy and online safety. Don't become a victim.

 

This article summarizes some of the current computer security, privacy and online safety issues and presents links to additional resources on and off the Queen's campus. As you read about these issues, keep in mind that the internet is largely unregulated. There are a few new (e.g., anti-spam legislation) and existing laws being re-written and expanded (e.g., criminal harassment via email) to cover criminal activity on the internet (e.g., theft, fraud, pornography, threats, etc.). However, the best filter for determining your risk of becoming a victim is the one between your ears. Use it wisely.

 

Social networking and privacy: One risk is privacy settings on social networking sites. Do you know what they are and have they been changed without your knowledge? In the past few years, Facebook administrators have changed privacy settings to allow less restricted access to all pages. Did you change your privacy settings back? Additionally, while you may only accept friends you know personally, the same may not be said of friends you accept. The pressure to have "a lot of friends" may inadvertently prompt your friends to accept requests from strangers, and without thinking, open your personal information up to them. Finally, while many people created Facebook accounts several years ago, just to see what the hype was all about, and have no intention of using Facebook again, their personal information is still there. Facebook does not remove dormant accounts; they count on "friend requests" to lure you back. It is important to delete any personally identifying information.

  • As a resource for Queen's University students, Student Affairs has created an Online Safety web page with advice and resources for how students can protect their privacy, security, and identity while using information technology. Included is a section on Social Networking and a link to protecting your reputation and privacy on Facebook.

Social networking, application integration, and privacy: It may not be obvious to most people who put personally identifying information on social networking sites and who then use and post from location-based applications (Twitter places, TripIT, Foursquare, Gowalla, etc.) that they are increasing their risk of becoming a victim. One of the risks is best exemplified by the web site, PleaseRobMe.com, which made headlines earlier this year by aggregating tweets and "check-in" or location-based applications, such as Foursquare, to produce a list of "No one home" addresses. This site was created for the purpose of increasing awareness of security and privacy risks.

 

Location-based applications are very cool and convenient. They let your friends and family know where you are. They also let criminals looking for a target know that you are not at home, in real time. Using Google Maps, it is fairly easy to determine how long it will take you to get home from your favorite restaurant! A thief with a sense of humor might even send an anonymous tweet.

 

Interestingly enough, locational privacy is a controversial issue for many people when control of it is in the hands of authorities, e.g., video surveillance in public places, office buildings, etc. Yet most people do not realize that they are giving up their locational privacy to millions of strangers every day and some of those strangers do not have your best interests in mind. For example, when you post on twitter (or on your Facebook page) that you leaving tomorrow for 3 weeks in Europe, while your Facebook (or Myspace) page displays personally identifying information, you have just sent out an invitation to criminals. Don't make it easy. Becoming aware of and understand privacy settings on social networking sites is one way in which you can protect your privacy. In addition, understanding how the combination of applications you use can reduce your "locational privacy" is something to consider carefully.

 

dontgetcaught.jpg Phishing attacks: Did you receive an email asking you to reply (or click on a link to fill out a form) with your Queen's University NetID or email address, login password and possibly with your date of birth? If so, delete it! The "From:" field may look like it is coming from ITServices or from an authority on campus - it's a fake!

No campus authority, including ITServices, will ever send you an email asking you for your NetID and login password!
  • So why do they do it? Because it works! Out of hundreds of spam phishing emails, criminals count on a few people being gullible and easily deceived.
  • Why should I care? For two very important reasons:
    1. For your personal protection; risk of identity theft or exposing yourself to other internet crimes.
      Identity theft can take many forms, including thousands of dollars purchased on credit cards obtained using your personal information. Criminals count on good credit ratings and unfortunately, this makes university students the most ideal targets! In many cases, new cards are already pre-approved, making them easy to obtain and sell within hours. By the time you start receiving credit card bills at your residence, your money has been spent! Unfortunately, it can take many months to clear your name. Other forms of identity theft can involve stealing your personal information and images and setting up inflammatory web pages. By giving out your password you also risk the loss of your email and assignments as well as put others at risk and as explained below, you can be held accountable.
    2. Because you can be held accountable. Once someone gains access to your account, they can: 1) gain access to other accounts, 2) threaten the integrity of the campus network, 3) gain access to sensitive information, and  4) put the personal safety and privacy of others at risk. This is why giving out your NetID and login password to anyone is a violation of the Queen's University Computer User Code of Ethics. In short, you should care because you are accountable and there are consequences that have the potential to negatively affect your ability to work and study at Queen's University. The consequences are outlined in section B, titled, Procedures for Cases of Computer Abuse in the Queen's University Computer User Code of Ethics. The Computer User Code of Ethics applies fully to the use of all personal computers and other devices while they are connected to the Queen's network.

To learn more about phishing attacks, and see an actual phishing email, read the article, About Email Asking You for Your Account NetID and Password, published in ITServices Spring 2010 Newsletter.

 

For additional information, check out the Golden Rules to Safe Computing on Campus on ITServices Education & Awareness web page.

 

References

State of the Net2010. (2010, June). Consumer Reports Magazine. Retrieved August 22, 2010 from http://www.consumerreports.org/

 

 

 


 

Kingston, Ontario, Canada K7L 3N6 613.533.2000