-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Tip ST11-001 Holiday Traveling With Personal Internet-Enabled Devices The internet is at our fingertips with the widespread use of internet-enabled devices such as smart phones and tablets. When traveling and shopping anytime, and especially during the holidays, consider the wireless network you are using when you complete transactions on your internet-enabled device. Know the risks Your smart phone, tablet, or other internet-enabled device is a full-fledged computer. It is susceptible to risks inherent in online transactions. When shopping, banking, or sharing personal information online, take the same precautions with your smart phone or other internet-enabled device that you do with your personal computer â?? and then some. The mobile nature of these devices means that you should also take precautions for the physical security of your device (see Protecting Portable Devices: Physical Security for more information) and consider the way you are accessing the internet. Do not use public Wi-Fi networks Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction. If you simply must check your bank balance or make an online purchase while you are traveling, turn off your device's Wi-Fi connection and use your mobile device's cellular data internet connection instead of making the transaction over an unsecure Wi-Fi network. Turn off Bluetooth when not in use Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cyber criminals have the capability to pair with your phone's open Bluetooth connection when you are not using it and steal personal information. Be cautious when charging Avoid connecting your mobile device to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways that a user may not anticipate. As a result, a malicious computer could gain access to your sensitive data or install new software. Don't Fall Victim to Phishing Scams If you are in the shopping mode, an email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks too good to be true, or the link in the email or attachment to the text seems suspicious, do not click on it! What to do if your accounts are compromised If you notice that one of your online accounts has been hacked, call the bank, store, or credit card company that owns your account. Reporting fraud in a timely manner helps minimize the impact and lessens your personal liability. You should also change your account passwords for any online services associated with your mobile device using a different computer that you control. If you are the victim of identity theft, additional information is available from http://www.idtheft.gov/. For even more information about keeping your devices safe, read Cybersecurity for Electronic Devices. _________________________________________________________________ Produced in 2011 by US-CERT, a government organization. Terms of use http://www.us-cert.gov/legal.html This document can also be found at http://www.us-cert.gov/cas/tips/ST11-001.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTu9Xmz/GkGVXE7GMAQJKKAf/UcQLo41xzzLRs1TmvhOwNzx0fCguFHdh W4/6YaDQ7rDxOBBaZLLwu351/Lh1ohMixF3GheLhqNZ9TB1A/cxxUrIa/i38wvpz aWcrNP9eQ55cs3+ngyZl98ZOnE+pyyFKNDctgZrohM3folJeRXj+Bj3gcxkJ80fi t7aQ0gJ94y6lkDZChLoVlNACOiErZcGh2/kcIYMgXSpnJU2mC5XLciZAsXxg/n9J yAar0zNOy/dKUJMkVJcfTaVtmMO8QlWb2iWkoAjC6qmqt8jE92Whntgw2HQ/e01m snMfLm791S6VBiOJG8+76h9404yFK6sC+mCnpeBtRgr06thtwnZfNA== =y/DQ -----END PGP SIGNATURE-----