Columbia College Becomes STOP. THINK. CONNECT. Partner

Columbia College is proud to announce our partnership with STOP. THINK. CONNECT.

You can view the press release with information about the organization here: Press Release

Safer Internet Day

It's Safer Internet Day worldwide, and to celebrate below is a link to some safety tips posted on our Facebook.

Check out our safety tips album on Facebook here.

The history of Safer Internet Day (SID)

SID began as a project to take initiative worldwide for Internet safety. This project was adopted by Insafe in 2005 and is now celebrated in more that 100 countries worldwide each year on the 9th of February.

In the US specifically there has not been much coordination of the day until Spring 2013 when the event gained government support. The event, hosted in the US by iSafe, have many goals of how to raise awareness and create a collaborative environment for information and promotion of active participation in Internet safety.

Make sure you are checking your security knowledge this Safer Internet Day, and help us to keep the Internet safe for everyone! Ways you can start right now:

1. Subscribe to our new blog posts by entering your email in the right hand column. You can stay up to date on the most important and latest security news.

2. Follow the link to our Facebook album above and find tips on how to keep each of your social media profiles safe.

3. On the navigation bar above, select CCIS Policy and update yourself on the college's policy for security.

Happy Safer Internet Day, let's keep our Internet safe!

Free online cyber security courses for beginners

Looking to learn more about cyber security and how you can protect your data at work and at home? Thanks to Andra Zaharia at Heimdal Security, below I have provided the link to her list of 50+ cyber security online courses! At the top of her list, she starts with FREE courses for beginners, then on to more advanced and costly. Make sure you're security aware and take a look at these courses.

Check out the list here!

Happy Data Privacy Day!

Here are some ways you can make sure you are owning your online presence and staying privacy aware for this Data Privacy Day.

1) Follow the online stream of the Data Privacy Day State of Privacy starting at 9:30am CST: https://goo.gl/O3dEUj 

2) Look at these privacy tips: http://goo.gl/jCVEsU 

3) Check your privacy settings: http://goo.gl/ZcLKBG 
The people at the National Cyber Security Alliance put together this list of sites and where the privacy settings are located for your ease!

4) Refer to the privacy library on the Data Privacy Day site year-round here: http://goo.gl/0OL06c

5) Follow the National Cyber Security Alliance YouTube page for year-round videos on how to own your online presence: https://goo.gl/Vz4IZ0

6) Learn about the history of Data Privacy Day here: http://goo.gl/ZIg6yj

7) Take this Data Privacy IQ Quiz to test your knowledge: http://myprivacyiq.com/

8) Make sure to subscribe to our CougarSecurity blog in the right hand column on the main page to get our security updates: http://cougarsecurity.blogspot.com/

Watch out Apple users! Link crashing Safari

Following the fun users had with the “effective power” iPhone text message bug, people have been sending a link to users of Apple’s Safari browser that will crash their iPhones or Macs.

The link, which is simply crashsafari.com, overloads the default browser with a self-generating text string which populates the address bar. After about 20 seconds or so it will force an iPhone to reboot, while significantly heating up as the smartphone tries to handle the code of the site.

A similar thing happens on iPads, which also has Safari, while even Android devices running Chrome heat up and become sluggish. Rebooting the iPhone or quitting Chrome on an Android device clears the problem.

Desktop and laptop computers are also affected to a lesser degree depending on how much processing power they contain. The site will cause Safari on a Mac to crash. Chrome on a Mac and PC also becomes bogged down.

The code of the website appears to generate an ever-increasingly long string of characters, which becomes harder and harder for the browser to load, likely resulting in a memory issue and forcing the reboot of the device.

As with the effective power text message bug, users have started sending the link disguised by URL shorteners with tempting text to get iPhone users to click on the link and crash their smartphones.

For the immediate future, iPhone users should be very careful about which shortened or obfuscated links they click on, should they be forced into rebooting their smartphone. Should the worst happen, it appears that smartphones will behave normally after a reboot.

Source: The Guardian

http://www.theguardian.com/technology/2016/jan/25/sending-link-to-website-lets-you-crash-safari-and-anyones-iphone?CMP=twt_a-technology_b-gdntech

Watch out for job scams

Watch out for job scams

One security issue most don’t think of is a job scam. There are scams that will reach out with a job opportunity. This can happen in your email, or even on a job board full of job posts. This applies to both students and faculty/staff.

Here are some tips and tricks to keep your on your toes when a job offer comes your way that you weren’t searching for.

Watch for these signs of a job scam:

• The job is TOO good to be true.  
• You are asked to send or transfer money. 
• Bank account or social security number or other personal information is requested up front.  
• The site advertises "secret" job postings for a fee.   
• Poorly written and/or vague job description that may state "no experience needed."
• Questionable email address (e.g., contact email doesn't match company domain).

What can you do to ensure that a job posting is real?

• Research the company website and check to see if the job vacancy is posted.
• Google the company and job and see if there are complaints or a poor reputation.  
• Check the employer's rating with the Better Business Bureau or Missouri Attorney General'soffice.
• Ask questions and get specifics in writing.  

Make sure to flag any emails or posts and forward them to CCHelpDesk@ccis.edu so we can take care of it. A good rule of thumb is, if it’s too good to be true, it probably is.

Data Privacy Day Events

Take a look at the Data Privacy Day events below, and they're starting today! Make sure to get these virtual events on your calendar and stay up on how you can be #PrivacyAware.

If you can't make it online for one of these virtual events, Tech Services will be live tweeting the Twitter chats as well as the online stream so you don't have to miss any information!

Tech Services on Twitter:
@ccistechnology

(click on photo to enlarge event schedule)

BBB Warning: Child predator email scam preys on concerned parents

Here is a news article from a year ago about an email scam that is currently going around again, this email showed up in inboxes again this morning. 

Better Business Bureau: January 26, 2015

"Buffalo, NY--Fake email warnings about a child predator being in the neighborhood are the latest methods scammers are using to steal personal information, warns the Better Business Bureau of Upstate New York.  These “community safety” alerts are designed to look official and come right to your inbox.

How the scam works:

You receive an email alert with the subject line “Pedophile alert” or “Alert: There is a Child-Predator Living Near You!”  The email typically states “you are receiving this email because there may be a risk of sex offender activity in your area,” or “a child-predator just moved into your neighborhood.”

Included in the message is a link to click that says it will take you to the information. Clicking on the link takes the user to a series of redirected sites to land on the website for Kids Live Safe, a service that sells localized reports on sex offenders. But this spam isn’t actually affiliated with Kids Live Safe.

Once you click on the links, it will infect your computer with malware that will attempt to search for stored information such as user names, passwords and credit card numbers. BBB advises people to never click on links in unsolicited emails. For more information about the URL destination - use your browser to search for information before you click.

How to spot an email scam:

• Check out the “from” field. Scammers can mask email addresses, making them appear to come from legitimate sources. Look out for email addresses that don’t match the organization name used in the message.
• Typos and grammar.  Organization logos and email formats can easily be copied, but bad grammar and poor writing typically indicate that a message is a scam.
• Check URLs. Hover over a URL to determine its real destination. Usually, the hyperlink text will say one thing and the link will point somewhere else.
• Personalized emails. Scams often pretend to be personalized, but it is actually blast emails. If the receiver never signed up for custom email alerts, the person should not be receiving them.
• Be careful with “unsubscribe” options. It’s better to just delete this type of solicitation. If you choose unsubscribe, you could open yourself up for more unwanted spam email.

To get information on registered sex offenders in your area, check out the FBI’s directory of state databases or the New York State Sex Offender Registry.

Note: KidsLiveSafe.com is a BBB accredited business."

Source: Better Business Bureau (BBB)

http://www.bbb.org/upstate-new-york/news-events/bbb-warnings/2014/12/bbb-warning-child-predator-email-scam-preys-on-concerned-parents/#sthash.v4xW4I8d.dpuf

New York state considers bill mandating backdoors in smartphone encryption

Wednesday, January 13, 2016, 02:09 pm PT, Roger Fingas

A bill up for consideration by the New York state assembly would force Apple and other smartphone makers to ensure their products can be decrypted for the sake of law enforcement.

The bill was formally introduced by Assemblyman Matthew Titone last year, but was only referred to committee just last week, according to The Next Web. Language in the document proposes that any phone made as of Jan. 1 this year and sold or leased in the state "be capable of being decrypted and unlocked by its manufacturer or its operating system provider."

To ensure compliance, smartphone makers could be fined as much as $2,500 per device breaking the law.

The sort of encryption available in iOS 8/9 and more recent versions of Android may help privacy, the bill argues, but "severely hampers" law enforcement, since it can block access to evidence.

"Simply stated, passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity," the bill suggests. It has yet to be voted on by the state assembly or senate.

Apple has vocally opposed any sort of weakened encryption, going so far as to hold the position in front of White House officials. The company's view has been that if it leaves deliberate gaps in its security, that will simply make it easier for hackers to gain access to people's devices and data.

Some government officials, such as FBI director James Comey, have claimed that Apple's position could potentially cost lives if it interferes in preventing acts like kidnapping or terrorism.

Source: Apple Insider https://t.co/7oqFaOt4FQ

Date Accessed: 1/15/16

Columbia Police Department reports phone scam

Reported from CPD January 13, 2016

The Columbia Police Department has received multiple phone calls this morning about an IRS phone scam that has been plaguing city residents. The caller impersonates an employee with the IRS and states a lawsuit has been filed against the victim. The caller attempts to gain personal and financial information from the victim to "settle the lawsuit." Calls are being received from at least one phone number identified as 346-303-9917. In some instances the caller is leaving a voicemail asking victims to "call immediately" in reference to the lawsuit. Note, government agencies do not telephone citizens asking for payment with debit, credit or green dot cards. 

Here are some safety tips:

1.) NEVER give out personal information such as credit card numbers and expiration dates, bank account numbers, dates of birth, or social security numbers to unfamiliar companies or unknown persons.
2.) If you call the number back that called you to verify the information and a recording picks up not stating the name of the company, this is a scam.
3.) Make a phone call to verify the information. A thirty second phone call can save you money.
4.) If something doesn’t seem right, it’s not right.

If you have information about a fraud, report it to your local law enforcement agency.

See original posting here.
Source: Columbia Missouri Police Department, Facebook

January 28th is Data Privacy Day

Data Privacy Day (or DPD) is an international effort held annually on January 28 to create awareness about online security and personal information protection. 

"Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on Jan. 28.

On Jan. 27, 2014, the 113th U.S. Congress adopted S. Res. 337, a nonbinding resolution expressing support for the designation of Jan. 28 as 'National Data Privacy Day.'" -NCSA

To find out more about the National Cyber Security Alliance and Data Privacy Day, you can visit the official website here. To get involved with DPD, follow the #PrivacyAware hashtag as well as our Twitter and Facebook as we continue to post about ways you can be privacy aware, and the events happening on January 28 that you can partake in such as online sessions and Twitter chats about security.