-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-014
Real-World Warnings Keep You Safe Online
Many of the warning phrases you probably heard from your parents and
teachers are also applicable to using computers and the internet.
Why are these warnings important?
Like the real world, technology and the internet present dangers as well as
benefits. Equipment fails, attackers may target you, and mistakes and poor
judgment happen. Just as you take precautions to protect yourself in the
real world, you need to take precautions to protect yourself online. For
many users, computers and the internet are unfamiliar and intimidating, so
it is appropriate to approach them the same way we urge children to approach
the real world.
What are some warnings to remember?
* Don't trust candy from strangers - Finding something on the internet
does not guarantee that it is true. Anyone can publish information
online, so before accepting a statement as fact or taking action, verify
that the source is reliable. It is also easy for attackers to "spoof"
email addresses, so verify that an email is legitimate before opening an
unexpected email attachment or responding to a request for personal
information (see Using Caution with Email Attachments and Avoiding
Social Engineering and Phishing Attacks for more information).
* If it sounds too good to be true, it probably is - You have probably
seen many emails promising fantastic rewards or monetary gifts. However,
regardless of what the email claims, there are not any wealthy strangers
desperate to send you money. Beware of grand promisesâ??they are most
likely spam, hoaxes, or phishing schemes (see Reducing Spam, Identifying
Hoaxes and Urban Legends, and Avoiding Social Engineering and Phishing
Attacks for more information). Also be wary of pop-up windows and
advertisements for free downloadable softwareâ??they may be disguising
spyware (see Recognizing and Avoiding Spyware for more information).
* Don't advertise that you are away from home - Some email accounts,
especially within an organization, offer a feature (called an
autoresponder) that allows you to create an "away" message if you are
going to be away from your email for an extended period of time. The
message is automatically sent to anyone who emails you while the
autoresponder is enabled. While this is a helpful feature for letting
your contacts know that you will not be able to respond right away, be
careful how you phrase your message. You do not want to let potential
attackers know that you are not home, or, worse, give specific details
about your location and itinerary. Safer options include phrases such as
"I will not have access to email between [date] and [date]." If
possible, also restrict the recipients of the message to people within
your organization or in your address book. If your away message replies
to spam, it only confirms that your email account is active. This may
increase the amount of spam you receive (see Reducing Spam for more
information).
* Lock up your valuables - If an attacker is able to access your personal
data, he or she may be able to compromise or steal the information. Take
steps to protect this information by following good security practices
(see the Cyber Security Tips index page for a list of relevant
documents). Some of the most basic precautions include locking your
computer when you step away; using firewalls, anti-virus software, and
strong passwords; installing appropriate software updates; and taking
precautions when browsing or using email.
* Have a backup plan - Since your information could be lost or compromised
(due to an equipment malfunction, an error, or an attack), make regular
backups of your information so that you still have clean, complete
copies (see Good Security Habits for more information). Backups also
help you identify what has been changed or lost. If your computer has
been infected, it is important to remove the infection before resuming
your work (see Recovering from Viruses, Worms, and Trojan Horses for
more information). Keep in mind that if you did not realize that your
computer was infected, your backups may also be compromised.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
_________________________________________________________________
Produced 2005 by US-CERT, a government organization. Terms of use
US-CERT
Note: This tip was previously published and is being
re-distributed to increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST05-014.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTHUm0z6pPKYJORa3AQIuRAf/XgjiKIhSQJze5WqRKrt/NETDkQip+H0L
u2r8s3JW76LONa6XFTlD+n1TCddtHtRFpfdMAtWCAQvIqEJclG6VqFywmgz6Vs4d
AocdAbqECu3z6pfI3cKUnHLomN9D4XK27xymrG/ZgE4tU2NYkJqK5rNejYep+X9J
zZTXrShBDQNXB/tfbBrQcboNc/pOHIdDZqa+xNpkayfBjCaVlHMB4o9uwQD66opt
cmo8MqEeeVXsZcVDFjbZfr3UY32iZ8NWkMUnbVA+R8OUG5XttZQQdtPCTJQPoZhT
0cuIaScP5Y4H+XZR46xUVesD7aQtgAWpMtaJV1N1vtxFKW6rbn9nBg==
=39kF
-----END PGP SIGNATURE-----
