Cyber Security Tip ST05-014 -- Real-World Warnings Keep You Safe Online

[US-CERT Security Tips <security-tips () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST05-014
                  Real-World Warnings Keep You Safe Online

   Many of the warning phrases you probably heard from your parents and
   teachers are also applicable to using computers and the internet.

Why are these warnings important?

   Like the real world, technology and the internet present dangers as well as
   benefits. Equipment fails, attackers may target you, and mistakes and poor
   judgment happen. Just as you take precautions to protect yourself in the
   real world, you need to take precautions to protect yourself online. For
   many users, computers and the internet are unfamiliar and intimidating, so
   it is appropriate to approach them the same way we urge children to approach
   the real world.

What are some warnings to remember?

     * Don't trust candy from strangers - Finding something on the internet
       does not guarantee that it is true. Anyone can publish information
       online, so before accepting a statement as fact or taking action, verify
       that the source is reliable. It is also easy for attackers to "spoof"
       email addresses, so verify that an email is legitimate before opening an
       unexpected email attachment or responding to a request for personal
       information (see Using Caution with Email Attachments and Avoiding
       Social Engineering and Phishing Attacks for more information).
     * If it sounds too good to be true, it probably is - You have probably
       seen many emails promising fantastic rewards or monetary gifts. However,
       regardless of what the email claims, there are not any wealthy strangers
       desperate to send you money. Beware of grand promises—they are most
       likely spam, hoaxes, or phishing schemes (see Reducing Spam, Identifying
       Hoaxes and Urban Legends, and Avoiding Social Engineering and Phishing
       Attacks  for more information). Also be wary of pop-up windows and
       advertisements for free downloadable software—they may be disguising
       spyware (see Recognizing and Avoiding Spyware for more information).
     * Don't advertise that you are away from home - Some email accounts,
       especially  within  an  organization,  offer  a feature (called an
       autoresponder) that allows you to create an "away" message if you are
       going to be away from your email for an extended period of time. The
       message  is  automatically sent to anyone who emails you while the
       autoresponder is enabled. While this is a helpful feature for letting
       your contacts know that you will not be able to respond right away, be
       careful how you phrase your message. You do not want to let potential
       attackers know that you are not home, or, worse, give specific details
       about your location and itinerary. Safer options include phrases such as
       "I  will  not  have access to email between [date] and [date]." If
       possible, also restrict the recipients of the message to people within
       your organization or in your address book. If your away message replies
       to spam, it only confirms that your email account is active. This may
       increase the amount of spam you receive (see Reducing Spam for more
       information).
     * Lock up your valuables - If an attacker is able to access your personal
       data, he or she may be able to compromise or steal the information. Take
       steps to protect this information by following good security practices
       (see  the  Cyber  Security  Tips index page for a list of relevant
       documents). Some of the most basic precautions include locking your
       computer when you step away; using firewalls, anti-virus software, and
       strong passwords; installing appropriate software updates; and taking
       precautions when browsing or using email.
     * Have a backup plan - Since your information could be lost or compromised
       (due to an equipment malfunction, an error, or an attack), make regular
       backups of your information so that you still have clean, complete
       copies (see Good Security Habits for more information). Backups also
       help you identify what has been changed or lost. If your computer has
       been infected, it is important to remove the infection before resuming
       your work (see Recovering from Viruses, Worms, and Trojan Horses for
       more information). Keep in mind that if you did not realize that your
       computer was infected, your backups may also be compromised.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization. Terms of use
     US-CERT

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-014.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit http://www.us-cert.gov/cas/signup.html.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTHUm0z6pPKYJORa3AQIuRAf/XgjiKIhSQJze5WqRKrt/NETDkQip+H0L
u2r8s3JW76LONa6XFTlD+n1TCddtHtRFpfdMAtWCAQvIqEJclG6VqFywmgz6Vs4d
AocdAbqECu3z6pfI3cKUnHLomN9D4XK27xymrG/ZgE4tU2NYkJqK5rNejYep+X9J
zZTXrShBDQNXB/tfbBrQcboNc/pOHIdDZqa+xNpkayfBjCaVlHMB4o9uwQD66opt
cmo8MqEeeVXsZcVDFjbZfr3UY32iZ8NWkMUnbVA+R8OUG5XttZQQdtPCTJQPoZhT
0cuIaScP5Y4H+XZR46xUVesD7aQtgAWpMtaJV1N1vtxFKW6rbn9nBg==
=39kF
-----END PGP SIGNATURE-----