8/8/2014: In the news it has been reported that over 1 billion usernames and passwords were stolen by Russian cyber criminals. While no specific sites have been named, please remember to use a different password for types of accounts (work accounts vs. banking accounts vs. social media accounts). We recommend using password managers to keep your passwords so you can use stronger and different passwords for sites and not have to remember all of them.
7/31/2014: We are in the process of updating the operating policy that governs information technology use at Angelo State University. The updates require users to make some changes to how they use mobile devices as well as personally owned computers when using them to perform university work with sensitive information. Please take a look at the guidance on our security operating policies page.
When you are connected to the Internet, you are at risk, but you can protect yourself with a few simple steps. Learn about the different threats and what you can do to stay safe.
What is a virus?
A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. When a virus infects your e-mail or other files, it can:
- Make copies of itself, possibly filling up your disk drive.
- Send itself to everyone else on your e-mail list.
- Reformat your disk drive and/or delete your files and programs.
- Install hidden programs, such as pirated software, that can be distributed and sold using your computer.
You can pick up a virus from an e-mail or instant message attachment, free content you download from a website or on a disk someone shares with you. If your computer is not protected, once you download and install the program, the virus can spread.
- Computer slows down - this could indicate unauthorized activity going on in the background.
- Very large amount of modem or network activity
- Unusual behavior of your computer
- Applications are not operating correctly or content in files appears scrambled
Help! I’m infected. Now What?
- Get the latest updates from your antivirus vendor’s website.
- Run your virus protection scan. It will find infected files automatically. It will advise whether it is able to remove viruses from every file or whether you should delete infected files.
- Use a virus removal tool such as:
Help protect your computer by using and updating your antivirus software and keeping your operating system updated.
- Scan incoming e-mail and attachments - before you open them.
- Sign up for automatic updates with your antivirus vendor.
- Schedule weekly disk drive scans to check your system while you sleep.
- Check your antivirus software regularly to make sure it is active.
- To help reduce the risk of a virus exploiting a vulnerability in your operating system, make sure you have the latest patches and updates.
What is spyware?
Spyware is software installed on a computer without the user’s knowledge which gathers information about that user for later retrieval by whoever controls the spyware. The information that is gathered is usually information on the user’s computer and the user’s habits of use. This information could contain credit card numbers, pin codes, bank account information and more. This can lead to stolen identities and fraudulent use of information. The information that is gathered is sent to another person or business.
You might have spyware or other unwanted software installed on your computer if…
- You see pop-up advertisements all the time.
- Your settings have changed and you can’t change them back to the way they were.
- Your web browser contains additional components that you don’t remember downloading.
- Your computer seems sluggish.
Spyware can be removed using anti-spyware utilities. There are several anti-spyware utilities that are freely available.
- Use your computer’ firewall.
- Keep your operating system updated.
- Adjust your web browser’s security settings.
- Download and install anti-spyware protection (see links on Treatment tab)
- Download more safely:
- Only download programs from websites you trust.
- Read all security warnings, license agreements, and privacy statements associated with any software you download.
- Never click “Agree” or “OK” to close a window. Always click the close button in the corner of the window or a keyboard shortcut to close a window.
- Avoid “free” music and movie file-sharing programs.
- Use a standard user account instead of an administrator account.
What is phishing?
Phishing is usually an attempt to deceive you into thinking a legitimate organization is requesting information from you. These requests for information may look innocent at first glance or may seem to come from a legitimate source, but do not. These scams request you reply to an email, respond to a request by phone, or follow a link to a web site.
Links to websites (sent to you through e-mail) often take you to web pages that look very similar to the legitimate service the e-mail is faking. Banks, E-bay, and online e-cash services like Paypal are common targets.”
What does a Phishing e-mail look like?
Phishing Sample 2 (page 2)
Phishing e-mails often attempt to use emotional triggers to get you to react quickly without thinking through whether you should respond, such as dire language about time limits, loss of service, penalties, or language targeting a desire for money. They often have grammar, spelling, and syntax errors, and phrasing that a native speaker would not use.
An example would be an e-mail with a generic greeting warning of a change in an account requiring you to verify your account information. These e-mails typically include directions to reply with private information, or provide a link to a web site to verify your account by providing personal information such as name, address, bank account numbers, Social Security numbers, or other sensitive personal information.
Indicators of a phishing e-mail:
- Name and e-mail address don’t match
- Attempt to prove legitimacy using words such as ‘Official’
- Uses a real organization or company name but incorrect e-mail address
- Poor grammar
- Unsolicited requests for personal information are a clear danger signal
What should I do if I have been scammed by phishing?
- Change your ASU login credentials
- Change your Banner INB password
- Set mobile devices to delete all data via Exchange and/or FindMyiPad.
- Change login and password for any personal accounts that share the same password
- Online banking
- Personal email
- Online purchasing (Paypal, Amazon, eBay, etc.)
- iTunes account
- Social media (Facebook, Twitter, blogs, etc.)
- Online backup service or file sharing (Dropbox, Mozy, Carbonite, etc.)
- Contact the abuse or fraud department of the service being impersonated (eBay, Paypal, etc.)
- Call the Technology Service Center
- If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report.
Visit the FTC web site for more information on Identity Theft.
How can I avoid phishing scams?
- Never send passwords, bank account numbers, or other private information in an e-mail.
- Avoid clicking links in e-mails, especially any that are requesting private information.
- Be wary of any unexpected e-mail attachments or links, even from people you know.
- Look for ‘https://’ and a lock icon in the address bar before entering any private information.
- Have an updated anti-virus program that can scan e-mail.
ASU Information Technology will never ask for your password in an e-mail.
However, there will be times when legitimate messages must be sent to inform our e-mail users of various issues. These may include password expiration notices, inactive account removal, or cases of account abuse. If you are ever in doubt about the legitimacy of an e-mail, call the Technology Service Center at (325) 942-2911.
Why can’t ASU stop these e-mails?
Even though ASU stops thousands of phishing attempts, spam e-mails, and virus infected messages every day, the methods scammers use change very quickly and we must be careful not to implement filtering which may block otherwise legitimate e-mail.