Meltdown, the last thing you should do!
First, as one celebrated British author said, “Don’t Panic!” The news media are reporting two widespread computer vulnerabilities that affect most PCs made within the last few years. The vulnerabilities, called Spectre and Meltdown, allow hackers to read the memory on your computer and see what information is being processed or used. However, there’s no need to panic or be particularly stressed out at this point. Even though these vulnerabilities are pretty bad, there has been little news about an actual exploit allowing the bed guys to take advantage of these issues, and computer manufacturers and software companies are working hard to roll out patches.
What should you do? Ensure you have automatic updates for your operating system and web browsers turned on. As soon as the operating system and browser companies have patches, you will automatically download and install them. If you decide to patch yourself rather than let automatic updates do the work for you, keep a close eye on the companies that made your computer and install the patches they offer as soon as they are available.
So, for now, relax, patch your systems as the patches become available and keep using your computer as you would normally. If you have any questions, please call the Information Security Office at 942-2333.
When you are connected to the internet, you are at risk, but you can protect yourself with a few simple steps. Learn about the different threats and what you can do to stay safe.
What is a virus?
A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. When a virus infects your email or other files, it can:
- Make copies of itself, possibly filling up your disk drive.
- Send itself to everyone else on your email list.
- Reformat your disk drive and/or delete your files and programs.
- Install hidden programs, such as pirated software, that can be distributed and sold using your computer.
You can pick up a virus from an email or instant message attachment, free content you download from a website or on a disk someone shares with you. If your computer is not protected, once you download and install the program, the virus can spread.
- Computer slows down - this could indicate unauthorized activity going on in the background.
- Very large amount of modem or network activity
- Unusual behavior of your computer
- Applications are not operating correctly or content in files appears scrambled
Help! I’m infected. Now What?
- Get the latest updates from your antivirus vendor’s website.
- Run your virus protection scan. It will find infected files automatically. It will advise whether it is able to remove viruses from every file or whether you should delete infected files.
- Use a virus removal tool such as:
Help protect your computer by using and updating your antivirus software and keeping your operating system updated.
- Scan incoming email and attachments - before you open them.
- Sign up for automatic updates with your antivirus vendor.
- Schedule weekly disk drive scans to check your system while you sleep.
- Check your antivirus software regularly to make sure it is active.
- To help reduce the risk of a virus exploiting a vulnerability in your operating system, make sure you have the latest patches and updates.
What is spyware?
Spyware is software installed on a computer without the user’s knowledge which gathers information about that user for later retrieval by whoever controls the spyware. The information that is gathered is usually information on the user’s computer and the user’s habits of use. This information could contain credit card numbers, pin codes, bank account information and more. This can lead to stolen identities and fraudulent use of information. The information that is gathered is sent to another person or business.
You might have spyware or other unwanted software installed on your computer if…
- You see pop-up advertisements all the time.
- Your settings have changed and you can’t change them back to the way they were.
- Your web browser contains additional components that you don’t remember downloading.
- Your computer seems sluggish.
Spyware can be removed using anti-spyware utilities. There are several anti-spyware utilities that are freely available.
- Use your computer’ firewall.
- Keep your operating system updated.
- Adjust your web browser’s security settings.
- Download and install anti-spyware protection (see links on Treatment tab)
- Download more safely:
- Only download programs from websites you trust.
- Read all security warnings, license agreements, and privacy statements associated with any software you download.
- Never click “Agree” or “OK” to close a window. Always click the close button in the corner of the window or a keyboard shortcut to close a window.
- Avoid “free” music and movie file-sharing programs.
- Use a standard user account instead of an administrator account.
What is phishing?
Phishing is usually an attempt to deceive you into thinking a legitimate organization is requesting information from you. These requests for information may look innocent at first glance or may seem to come from a legitimate source, but do not. These scams request you reply to an email, respond to a request by phone, or follow a link to a web site.
Links to websites (sent to you through email) often take you to web pages that look very similar to the legitimate service the email is faking. Banks, E-bay, and online e-cash services like Paypal are common targets.”
What does a Phishing email look like?
Phishing emails often attempt to use emotional triggers to get you to react quickly without thinking through whether you should respond, such as dire language about time limits, loss of service, penalties, or language targeting a desire for money. They often have grammar, spelling, and syntax errors, and phrasing that a native speaker would not use.
An example would be an email with a generic greeting warning of a change in an account requiring you to verify your account information. These emails typically include directions to reply with private information, or provide a link to a web site to verify your account by providing personal information such as name, address, bank account numbers, Social Security numbers, or other sensitive personal information.
Indicators of a phishing email:
- Name and email address don’t match
- Attempt to prove legitimacy using words such as ‘Official’
- Uses a real organization or company name but incorrect email address
- Poor grammar
- Unsolicited requests for personal information are a clear danger signal
What should I do if I have been scammed by phishing?
- Change your ASU login credentials
- Change your Banner INB password
- Set mobile devices to delete all data via Exchange and/or FindMyiPad.
- Change login and password for any personal accounts that share the same password
- Online banking
- Personal email
- Online purchasing (Paypal, Amazon, eBay, etc.)
- iTunes account
- Social media (Facebook, Twitter, blogs, etc.)
- Online backup service or file sharing (Dropbox, Mozy, Carbonite, etc.)
- Contact the abuse or fraud department of the service being impersonated (eBay, Paypal, etc.)
- Call the Technology Service Center
- If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report.
- Consider monitoring your credit (you can get a free credit report from each of the three credit reporting companies once a year at annualcreditreport.com). You could also place a fraud alert or credit freeze to help protect your credit in the future.
Visit the FTC web site for more information on Identity Theft.
How can I avoid phishing scams?
- Never send passwords, bank account numbers, or other private information in an email.
- Avoid clicking links in emails, especially any that are requesting private information.
- Be wary of any unexpected email attachments or links, even from people you know.
- Look for ‘https://’ and a lock icon in the address bar before entering any private information.
- Have an updated anti-virus program that can scan email.
ASU Information Technology will never ask for your password in an email.
However, there will be times when legitimate messages must be sent to inform our email users of various issues. These may include password expiration notices, inactive account removal, or cases of account abuse. If you are ever in doubt about the legitimacy of an email, call the Technology Service Center at 325-942-2911.
Why can’t ASU stop these emails?
Even though ASU stops thousands of phishing attempts, spam emails, and virus infected messages every day, the methods scammers use change very quickly and we must be careful not to implement filtering which may block otherwise legitimate email.