CYBER SAFETY MONTH HIGHLIGHTSThis slideshow outlines and summarises the mostimportant lessons we hope you took away from our cybersafety monthAll of this information and more is available on the ICTSwebsite at www.icts.uct.ac.za | Anti-Virus & Security |Cyber Safety Month, as well as on our Facebook accountat www.facebook.com/icts.uct
DID YOU KNOW?• 1 in every 436 emails are malicious• 1 in every 1.48 emails are spam (67% of all emails)• 1 in every 171.2 emails is a phishing attack• 1 in every 340.9 emails contains malware (malicious software)• 2200 malicious websites are blocked by ISPs per day
Do you ever think twice aboutwhat you do or say online?Do you know what phishing is?Hacking? Identity theft?As of 2012, it is estimated that 10.8% of theSouth African population is online, a 100%increase over the last 4 years. This meansthat many people are still new to theInternet and can easily fall prey toscammers.
Facebook, Twitter, and other social mediaare great for keeping up to date with yourfriends and family, but it isnt always wise topost or share everything you think otherswould be interested in.Here are some common sense guidelines that canprotect you against harm when sharing online:• Follow the golden rule: If youre not comfortable having the whole world know about something, dont post it.• Assume your mother and your boss are reading what you post: the things you write or show can come back to haunt you, so be careful of what you say.
• Regardless of your privacy settings, some people may still be able to access content youve restricted.• Remember that everything is permanent: Once you post something, consider it permanently published.• Be cautious of predators: Dont post revealing photos, updates, or content that would make you a target of sexual predators and other criminals.
• Never share information that could endanger yourself or your posses- sions - such as details of your daily schedule, dates when youll be going on holiday, and what security precautions youre taking.• Protect sensitive information: Never reveal sensitive information regarding your finances or banking.
• Never share your passwords, or information that could give clues to your passwords. Never betray the confidentiality of others.• Know who your friends are – it is unwise to make friends with complete strangers on social media sites - you can never be sure what their motives are.• Always beware of posting your location. Many apps have location settings, which can be turned off. These location settings can show your exact location to within a few metres. Especially don‟t check in on social media when you‟re by yourself and/or in a remote location.
• Beware of what you share. Sharing your cell number and address online are risky things to do - you should limit who sees your information.• Know how to use the security settings on all the sites you have accounts on. It may seem like a drag, but it could save your life. Make sure strangers can‟t harvest your details and use them against you.• Assume the world is watching is watching you. If you don‟t want something widely broadcast, don‟t post it. Everything that gets on the web, stays on the web. It can be in caches, cookies or saved to someone else‟s computer, once you post something, consider it permanently published, even if you delete it.
• Don‟t share photographs of yourself in compromising positions, and never post extreme views related to race, religion, or politics.• Also, don‟t publically air complaints or extreme views relating to your academic or professional career, your job tasks, employer, employees, colleagues, rival s, or anyone in your professional life. Always think first and then post only if you‟re sure that there won‟t be negative repercussions later on.• Beware of clickjacking on social media.
CYBER SAFETYMONTH PART 2: PERSONALCYBER SAFETY
PART 1: ONLINE SAFETYIdentity (ID) theft is one of the fastestgrowing crimes worldwide – with millionsof people having fallen victim to it, andfinancial costs of the crime runninginto billions of dollars.ID theft occurs when criminals steal yourpersonal information and use it for their ownbenefit – without your knowledge orpermission.However, there are guidelines you can followto severely reduce the chances of becoming avictim:
• Always keep your sensitive documents (e.g. ID document, passport, drivers licence) safe.• When any of these documents, or your credit or debit cards, expire or are replaced, immediately destroy the old version by shredding or destroying papers before disposal.• Do not ever hand your password over to anyone• Consider using an identity theft protection service to protect yourself online.
• Always use different passwords for all your different accounts. If one account is compromised, the other accounts remain safe, if all your passwords are different.• Google „Password manager‟ on Google. You can find a tool which allows you to store all your passwords safely using one master password to access them.
• Make your passwords long and strong – Use numbers, characters and for the best passwords, use a passphrase.• Ensure that your bank sends you SMS alerts when transactions occur in your bank account.• When a bill doesnt arrive on time, contact the service provider to check if theyve sent it to you.• Check your credit rating at least once a year to see if youve unknowingly been blacklisted or are at risk. South Africans can get a free credit report once a year from bureaus such as TransUnion or Experian.
• No reputable organisation will ever ask for your password, but scammers have been known to go as far as emailing, phoning and disguising themselves as IT technicians to gain access to people‟s passwords.• Dont give out your personal information - such as ID number and home address - to people or companies you dont know, even if theyre offering you special deals or claiming youve won a prize.
Help! My identitys been stolen!If youre the victim of identity theft, the first thingyou need to do is report the fraud to the police andobtain a case number. This will assist you whendealing with banks and retailers that the thief hasused under your name and will also help you navigateyour way through the legal system.Its important to report the fraud to the Southern AfricanFraud Prevention Service (SAFPS) (Helpline: 0860 101248).If your ID book and other sensitive documents have beenlost or stolen, register them with the SAFBS via phone(011 867 2234) or email (firstname.lastname@example.org).In cases of financial fraud, you can also contact theCredit Ombudsman (http://www.creditombud.org.za/) toresolve disputes with credit providers or agents.
PART 2 : OFFLINE SAFETYIt‟s essential to take very strong precautionswhen meeting an online friend offline. Thereare no standard rules for staying safe, but someimportant guidelines are:• Be paranoid: Be aware that anyone you interact with online could be a predator in disguise.• Verify identity and information: If possible, try to verify the person‟s identity in some way – for example by calling the company they say they work for or Googling them or checking them on social media.
• Retain your privacy: While commu- nicating online, don‟t give away too much personal information such as your address, your daily schedule, financial information, etc. Also make it clear to your friends that they should not give out such information either.• Use alternate contact methods: Don‟t give out your primary email address or phone numbers. Set up alternatives for all the means you use to communicate with online acquaintances – such as an alternate email address, Skype account, and cellphone sim card.
• Retain your privacy: While communicating online, don‟t give away too much personal information such as your address, your daily schedule, financial information, etc. Also make it clear to your friends that they should not give out such information either.• Use alternate contact methods: Don‟t give out your primary email address or phone numbers. Set up alternatives for all the means you use to communicate with online acquaintances – such as an alternate email address, chat or Skype account.• Report unwelcome behaviour: If the person becomes abusive or sexually inappropriate with you online, cut off communication and report them to the police and other relevant authorities – such as the website you‟re interacting with them on.
Meeting an online friend:• Never let the person fetch you from home or work.• Meet in public places only. Make it a place of your choosing, and somewhere you don‟t normally go – because if things go wrong, you wouldn‟t want them finding you there in future.• Try to have a trusted friend with you if possible, or at least make safety arrangements like letting someone know where you‟re going, who you‟re going to meet, and what to do if they don‟t hear from you in a certain period of time.• During the meeting, avoid going to any secluded area where there‟s no one to see or help you if things go wrong.
• Take things at your own pace. Never be pressured to do anything youre uncomfortable with - no matter what the person says.• From the start of the meeting, lay down your rules – and don‟t be afraid to end the meeting if they violate your rules. And try to have your own transport nearby so that you can leave quickly if need be.• If the person gives you something to eat or drink, be careful, as it might be spiked with date-rape drugs or other substances.
CYBER SAFETYMONTH PART 3: BANKING ANDBUYING SAFETY
Many people have given up standing inlong queues at banks and have insteadopted for online banking.The cool thing about online banking is that youcan access your bank account wherever you are -provided that you have Internet access.The downside is that if a hacker gets hold of yourlog on details, they can access your bankaccount, transfer your funds, and even lock youout of your account.Follow these handy tips for banking and buying:
1. ONLINE TRADING POSTS AND AUCTION SITES• When making purchases or selling on Internet trading portals always read the buying and selling instructions carefully.• Make sure you understand the policies of the website you are dealing through – particularly regarding what it will and won‟t do if something goes wrong or a fraudulent transaction occurs. You should be able to find this information easily in its terms and conditions.• If you can, do your homework on the buyer or seller. When transacting through an online trading post like Gumtree, make sure that you have the other person‟s proof of identification, proof of residence, and correct and confirmed contact details.
• When carrying out the transaction, ensure that the transaction is witnessed by at least one person, and that a receipt is issued.• If the seller is a business, check its real-world presence. If they provide a phone number, call them up and verify their details. But remember that overseas sellers may be harder to chase in the event of a problem.
2. ONLINE SHOPPING SITES• Check online stores‟ privacy and returns policies to be sure your information will not be shared and that you are not stuck with merchandise you didn‟t order.• Be clear about shipping and delivery costs (for example, whether or not they are included and if not, if they are clearly stated).• Be clear about methods of payment and whether any of these attract any extra costs.
• Always provide the absolute minimum necessary personal information to sellers and buyers – and nothing more.• Bear in mind that paying by credit card offers greater protection against fraud than other payment methods – since banks often have measures in place to deal with credit card fraud.• Always double check all details of your purchase before confirming payment.
3. ALL ONLINE PAYMENTS• Before entering payment details on any website, ensure that the site is secure: There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register.• Even with a padlock symbol, the site might still be fraudulent. Check that the web address begins with „https://‟. (The „s‟ stands for „secure‟.).• If you‟re using the latest version of your browser, the address bar or the name of the site owner will appear in green.
• Always keep your receipts – electronic or otherwise.• Be sure to check your credit card and bank statements carefully after payment to ensure that the correct amount has been debited, and also that no fraud has taken place as a result of the transaction.• Check the online security options your bank provides. Some offer free antivirus and browser security software.• Remember that UCT staff and students can use McAfee for free – so be sure that you have it installed.
4. ONLINE BANKING SAFETY• Be wary of suspicious looking pop-ups that appear during your banking session. Memorise the process you normally go through to make a payment or transfer, and be suspicious if anything different happens.• Fraudsters sometimes try to trick people into making a real payment by phoning and pretending to be from the bank – claiming the transaction “is just a test”. Never disclose passwords or other personal information in response to an email, phone call or letter purporting to be from your bank or other financial institution.
• Any communication from banks will use your actual name and verify your account details by using security questions.• Keep your PIN (Personal Identification Number), your password, your credit or debit card number PRIVATE. Never write them down anywhere and never share them with anyone. Remember that if someone sees your credit card, they can memorise the numbers and use these to make purchases without your knowledge.• Always install the latest updates and security patches or your operating system when you are prompted to do so.
CYBER SAFETYMONTH PART 4:PORTABLE AND PUBLIC COMPUTING SAFETY
With the freedom offered by mobile computing,its easy to overlook the basic risks you facewhen doing any kind of computing - viruses.Just as desktop computers need to use antivirussoftware, laptops, mobiles and tablet computersalso need to be protected. wIth the increase ofcomputing applications on mobile phones, eventhese devices are at risk if theyre not secured witha suitable antivirus program.For laptops, UCT staff and students may useMcAfee antivirus free for both their UCT-ownedcomputers and their private computers – withoutcharge. For tablet computers and mobile phones, anumber of options are available and can be foundby Googling „Antivirus for mobile phones‟.
Are you aware that without you evenknowing it, all the personal informationthat you‟re entering on a public computerlike at an internet café may be captured bysomeone else?Hackers and cyber-criminals will do everythingin their power to gain access to yourinformation. One way they do this is to installkeystroke logging software on some publiccomputers.For each and every person using the affectedcomputer, the software can log emails thathave been sent, passwords entered, websitesaccessed, private chats, and file inputs!
• Using public Wi-Fi is extremely risky. Hackers can intercept everything you do online. This can happen if the connection between your device and the Wi-Fi is not encrypted, or if someone creates a spoof hotspot which fools you into thinking that it is the legitimate one.• When you‟re in public, it‟s preferable to use an encrypted connection – which means you‟ll probably need to pay. With an encrypted connection, you‟ll need to enter a code (called a „key‟) that the provider gives you.
• When using public Wi-Fi, always verify the name of the network you need to connect to.• Don‟t do online banking or other sensitive computing on public Wi-Fi – especially if you‟ll need to log into one of your accounts.• When using your accounts on any Wi-Fi (even „secure‟ Wi-Fi), always log out of the website as soon as you‟re done with your tasks. Do not simply close your web browser.• Never leave your portable device: laptop, smartphone or tablet unattended.
• Be aware of who is around you and may be watching what you are doing online. Do not get distracted by somebody who could steal your device.• For all portable devices including tablets and smartphones, keep your security software up to date - having the latest mobile security software, web browser, and operating system are the best defences against viruses, malware and other online threats.• Use the built-in safety features for your device: If the operating system offers a firewall, make sure it is turned on.
THANK YOU FOR BEING A PART OFCYBER SAFETY MONTH!If you have any queries, ask us on Twitter (@ICTS_Feedback) or Facebook (facebook.com/icts.uct)
WIN WITH EDUCAUSE! Win $2000 - enter the 2013 Information Security Awareness video & poster contest! You stand to win up to $2000 (that‟s R14 000) for creating a poster or a video in this internationalcompetition. The contest is aimed at material created FOR students BY students. The closing date for this competition is March 8, 2013Guidelines and rules on producing posters andvideos are available on the Educause website: www.educause.edu/securityvideocontest.