US-CERT Cyber Security Tip ST05-014 -- Real-World Warnings Keep You Safe Online
- To: security-tips@xxxxxxxxxxx
- Subject: US-CERT Cyber Security Tip ST05-014 -- Real-World Warnings Keep You Safe Online
- From: US-CERT Security Tips <security-tips@xxxxxxxxxxx>
- Date: Wed, 9 Jul 2008 15:00:32 -0400
- Organization: US-CERT - +1 202-205-5266
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-014
Real-World Warnings Keep You Safe Online
Many of the warning phrases you probably heard from your parents and
teachers are also applicable to using computers and the internet.
Why are these warnings important?
Like the real world, technology and the internet present dangers as
well as benefits. Equipment fails, attackers may target you, and
mistakes and poor judgment happen. Just as you take precautions to
protect yourself in the real world, you need to take precautions to
protect yourself online. For many users, computers and the internet
are unfamiliar and intimidating, so it is appropriate to approach them
the same way we urge children to approach the real world.
What are some warnings to remember?
* Don't trust candy from strangers - Finding something on the
internet does not guarantee that it is true. Anyone can publish
information online, so before accepting a statement as fact or
taking action, verify that the source is reliable. It is also easy
for attackers to "spoof" email addresses, so verify that an email
is legitimate before opening an unexpected email attachment or
responding to a request for personal information (see Using
Caution with Email Attachments and Avoiding Social Engineering and
Phishing Attacks for more information).
* If it sounds too good to be true, it probably is - You have
probably seen many emails promising fantastic rewards or monetary
gifts. However, regardless of what the email claims, there are not
any wealthy strangers desperate to send you money. Beware of grand
promises--they are most likely spam, hoaxes, or phishing schemes
(see Reducing Spam, Identifying Hoaxes and Urban Legends, and
Avoiding Social Engineering and Phishing Attacks for more
information). Also be wary of pop-up windows and advertisements
for free downloadable software--they may be disguising spyware
(see Recognizing and Avoiding Spyware for more information).
* Don't advertise that you are away from home - Some email accounts,
especially within an organization, offer a feature (called an
autoresponder) that allows you to create an "away" message if you
are going to be away from your email for an extended period of
time. The message is automatically sent to anyone who emails you
while the autoresponder is enabled. While this is a helpful
feature for letting your contacts know that you will not be able
to respond right away, be careful how you phrase your message. You
do not want to let potential attackers know that you are not home,
or, worse, give specific details about your location and
itinerary. Safer options include phrases such as "I will not have
access to email between [date] and [date]." If possible, also
restrict the recipients of the message to people within your
organization or in your address book. If your away message replies
to spam, it only confirms that your email account is active. This
may increase the amount of spam you receive (see Reducing Spam for
more information).
* Lock up your valuables - If an attacker is able to access your
personal data, he or she may be able to compromise or steal the
information. Take steps to protect this information by following
good security practices (see the Cyber Security Tips index page
for a list of relevant documents). Some of the most basic
precautions include locking your computer when you step away;
using firewalls, anti-virus software, and strong passwords;
installing appropriate patches; and taking precautions when
browsing or using email.
* Have a backup plan - Since your information could be lost or
compromised (due to an equipment malfunction, an error, or an
attack), make regular backups of your information so that you
still have clean, complete copies (see Good Security Habits for
more information). Backups also help you identify what has been
changed or lost. If your computer has been infected, it is
important to remove the infection before resuming your work (see
Recovering from Viruses, Worms, and Trojan Horses for more
information). Keep in mind that if you did not realize that your
computer was infected, your backups may also be compromised.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-014.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSHUKR3IHljM+H4irAQK47wf/UBbdJ+npl37vm68eVSppvlN9l6mEBf7y
7fVERhm4+SZB9qEdwfIlAOv3ww0GNslAQ3f8pqNT4A3ibwrky+ba9lkw1grhYtbg
YahVBR8JNVR1JBeq9bUp9ocjv4NLF2SPxMmNVu5aG4rt9NQ0b6UXRC/zoL/hP0N6
Q7imEmwXExMnTl+Q9tnifMp6bZAr/ULHByObN8oBCXPfB2voM4BAHmwiVNkxubI3
an9iEbw4cjrCs8KJu9UVo50+QAjGF1IFjY2cWJgxToV8NCoS2R/vzOvyTL4GOeuf
o7/Mbv6XmqlZ/T85Zo2WJMNGyd1ON4IXQ1mcn+R4rmw6aavZPisHaw==
=VSqg
-----END PGP SIGNATURE-----
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
