Con artists pose as Microsoft employees in phone calls fishing for personal information

Con artists posing as Microsoft employees are calling people and trying to get them to pay for computer repairs.

A De Soto, Mo. woman was targeted by someone claiming to be from Microsoft. She says the scammer had an elaborate and convincing story about how her computer was used to hack a government website.

The man was offering to fix her computer and her neighbor’s computer for $200.

News 4 covered a similar story in November 2015.

Terrie Weaver of Spanish Lake, Mo. was contacted by someone pretending to be from Microsoft. That person said Microsoft Received information about an error on her computer and wanted to remotely access her computer to fix it.

"I've heard stories how they take control of your computer and I didn't want that to happen,” Weaver said.

The goal of the scammers in these cases is to not only get money, but also access to personal information. A company like Microsoft would never contact people asking to do this kind of work.

The best thing to do is hang up the phone.

View original article by kmov St. Louis here.

Cyberattack total is more than twice previously disclosed: IRS

Cyberattacks on taxpayer accounts affected more people than previously reported, the Internal Revenue Service said Friday.

The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.

In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.

"If somebody has all this information … we may see [a] resurgence next year of fraudulent tax returns," Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, told CNBC in 2015.

The IRS discovered an incident involving its "Get Transcript" application last May, and the Treasury Inspector General for Tax Administration conducted a nine-month investigation. That review turned up the additional accounts that could potentially have been accessed.

Additionally, the IRS said there were 295,000 taxpayer transcripts that were targeted, but "access was not successful."

The agency said it will send mailings to affected taxpayers beginning February 29.

"The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort," IRS Commissioner John Koskinen said in a statement. "We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers."

View the original article by Everrett Rosenfeld with NBC here.

Stay safe from cybercrime during tax season

Tax season is prime time for online scams. National Cyber Security Alliance has put out a tip sheet on cyber safety during tax time. Make sure to protect your data and check out these tips!

Click on the picture to enlarge.

Ransomware takes Hollywood hospital offline, $3.6M demanded by attackers

February 14, 2016 - The computers at Hollywood Presbyterian Medical Center have been down for more than a week as the Southern California hospital works to recover from a Ransomware attack.

According to officials HPMC, they're cooperating fully with the LAPD and FBI, as law enforcement attempts to discover the identity of the attackers.

However, in the meantime the network is offline and staff are struggling to deal with the loss of email and access to some patient data.

The hospital's President and CEO, Allen Stefanek, said the situation was declared an internal emergency, telling NBC LA that the hospital's emergency room systems have been sporadically impacted by the malware.

Some patients were transported to other hospitals due to the incident. In other parts of the hospital, computers essential for various functions, including CT scans, documentation, lab work, and pharmacy needs are offline.

The hospital's network has been down for at least a week, forcing staff to rely on fax machines and telephones to get work done.

Registrations and medical records are being logged on paper and staff have been told to leave their systems offline until told otherwise.

Stefanek said the attack was random, but didn't expand on any of the technical details. Sources who spoke to NBC LA and Fox 11 in LA described the attack with descriptions matching a typical Ransomware infection.

The type of Ransomware responsible for shutting down the hospital remains unknown, but one local computer consultant said the ransom being demanded was about 9,000 BTC, or just over $3.6 million dollars.

Article Credit: Steve Ragan, CSO, Feb 14, 2016 3:43 PM PT

To view original article click here.

Feb 18, 2016
Here is an updated article on the hospital: Hospital Update

Columbia College Becomes STOP. THINK. CONNECT. Partner

Columbia College is proud to announce our partnership with STOP. THINK. CONNECT.

You can view the press release with information about the organization here: Press Release

Safer Internet Day

It's Safer Internet Day worldwide, and to celebrate below is a link to some safety tips posted on our Facebook.

Check out our safety tips album on Facebook here.

The history of Safer Internet Day (SID)

SID began as a project to take initiative worldwide for Internet safety. This project was adopted by Insafe in 2005 and is now celebrated in more that 100 countries worldwide each year on the 9th of February.

In the US specifically there has not been much coordination of the day until Spring 2013 when the event gained government support. The event, hosted in the US by iSafe, have many goals of how to raise awareness and create a collaborative environment for information and promotion of active participation in Internet safety.

Make sure you are checking your security knowledge this Safer Internet Day, and help us to keep the Internet safe for everyone! Ways you can start right now:

1. Subscribe to our new blog posts by entering your email in the right hand column. You can stay up to date on the most important and latest security news.

2. Follow the link to our Facebook album above and find tips on how to keep each of your social media profiles safe.

3. On the navigation bar above, select CCIS Policy and update yourself on the college's policy for security.

Happy Safer Internet Day, let's keep our Internet safe!

Free online cyber security courses for beginners

Looking to learn more about cyber security and how you can protect your data at work and at home? Thanks to Andra Zaharia at Heimdal Security, below I have provided the link to her list of 50+ cyber security online courses! At the top of her list, she starts with FREE courses for beginners, then on to more advanced and costly. Make sure you're security aware and take a look at these courses.

Check out the list here!

Happy Data Privacy Day!

Here are some ways you can make sure you are owning your online presence and staying privacy aware for this Data Privacy Day.

1) Follow the online stream of the Data Privacy Day State of Privacy starting at 9:30am CST: https://goo.gl/O3dEUj 

2) Look at these privacy tips: http://goo.gl/jCVEsU 

3) Check your privacy settings: http://goo.gl/ZcLKBG 
The people at the National Cyber Security Alliance put together this list of sites and where the privacy settings are located for your ease!

4) Refer to the privacy library on the Data Privacy Day site year-round here: http://goo.gl/0OL06c

5) Follow the National Cyber Security Alliance YouTube page for year-round videos on how to own your online presence: https://goo.gl/Vz4IZ0

6) Learn about the history of Data Privacy Day here: http://goo.gl/ZIg6yj

7) Take this Data Privacy IQ Quiz to test your knowledge: http://myprivacyiq.com/

8) Make sure to subscribe to our CougarSecurity blog in the right hand column on the main page to get our security updates: http://cougarsecurity.blogspot.com/

Watch out Apple users! Link crashing Safari

Following the fun users had with the “effective power” iPhone text message bug, people have been sending a link to users of Apple’s Safari browser that will crash their iPhones or Macs.

The link, which is simply crashsafari.com, overloads the default browser with a self-generating text string which populates the address bar. After about 20 seconds or so it will force an iPhone to reboot, while significantly heating up as the smartphone tries to handle the code of the site.

A similar thing happens on iPads, which also has Safari, while even Android devices running Chrome heat up and become sluggish. Rebooting the iPhone or quitting Chrome on an Android device clears the problem.

Desktop and laptop computers are also affected to a lesser degree depending on how much processing power they contain. The site will cause Safari on a Mac to crash. Chrome on a Mac and PC also becomes bogged down.

The code of the website appears to generate an ever-increasingly long string of characters, which becomes harder and harder for the browser to load, likely resulting in a memory issue and forcing the reboot of the device.

As with the effective power text message bug, users have started sending the link disguised by URL shorteners with tempting text to get iPhone users to click on the link and crash their smartphones.

For the immediate future, iPhone users should be very careful about which shortened or obfuscated links they click on, should they be forced into rebooting their smartphone. Should the worst happen, it appears that smartphones will behave normally after a reboot.

Source: The Guardian

http://www.theguardian.com/technology/2016/jan/25/sending-link-to-website-lets-you-crash-safari-and-anyones-iphone?CMP=twt_a-technology_b-gdntech

Watch out for job scams

Watch out for job scams

One security issue most don’t think of is a job scam. There are scams that will reach out with a job opportunity. This can happen in your email, or even on a job board full of job posts. This applies to both students and faculty/staff.

Here are some tips and tricks to keep your on your toes when a job offer comes your way that you weren’t searching for.

Watch for these signs of a job scam:

• The job is TOO good to be true.  
• You are asked to send or transfer money. 
• Bank account or social security number or other personal information is requested up front.  
• The site advertises "secret" job postings for a fee.   
• Poorly written and/or vague job description that may state "no experience needed."
• Questionable email address (e.g., contact email doesn't match company domain).

What can you do to ensure that a job posting is real?

• Research the company website and check to see if the job vacancy is posted.
• Google the company and job and see if there are complaints or a poor reputation.  
• Check the employer's rating with the Better Business Bureau or Missouri Attorney General'soffice.
• Ask questions and get specifics in writing.  

Make sure to flag any emails or posts and forward them to CCHelpDesk@ccis.edu so we can take care of it. A good rule of thumb is, if it’s too good to be true, it probably is.

Data Privacy Day Events

Take a look at the Data Privacy Day events below, and they're starting today! Make sure to get these virtual events on your calendar and stay up on how you can be #PrivacyAware.

If you can't make it online for one of these virtual events, Tech Services will be live tweeting the Twitter chats as well as the online stream so you don't have to miss any information!

Tech Services on Twitter:
@ccistechnology

(click on photo to enlarge event schedule)