University of Cincinnati

1
University of Cincinnati

• How to Shop safely this Holiday season

2
Presenter

• Quinn Shamblin
• UC Information Security Officer
• Certifications
• CISSP, GCFA , PMP
• Contact
• infosec_at_uc.edu
• 558-ISEC

3
Holiday Shopping Safety

• Lots of money this time of year
• Things to be mindful of during this Holiday
  season
• Phishing Email
• Fraudulent Websites
• Other Concerns
• Physical Safety

4
Phishing Email Safety
5
Phishing

• Phishing is a way of fraudulently acquiring
  sensitive information using social engineering
  and technical subterfuge.
• It tries to trick users with official-looking
  messages
• Credit Card, Bank Website
• eBay, Paypal
• Some phishing e-mails also contain malicious or
  unwantedsoftware that can track your activities
  or slow your computer

6
Types of Phishing

• Email
• Phishing e-mails may appear to be from
  institutions that you use every day, but they
  really come from a criminal trying to steal
  information
• Web Site
• If you follow a link from an email or from an
  untrustworthy web site, it may take you to a site
  clone that records your information before
  logging you into the real site
• IM / Social Networking Websites (My Space)
• You may be contacted by someone claiming to be
  from support, asking you for account information

7
Proliferation
8
Proliferation
9
Update Your Online Banking Information

• Dear Bank Of America Customer,
• During our regularly scheduled account
  maintenance and verification procedures, we have
  detected a slight error in your billing
  information.
• This might be due to either of the following
  reasons
• 1. A recent change in your personal information
  ( i.e.change of address).2. Submiting invalid
  information during the initial sign up
  process.3. An inability to accurately verify
  your selected option of payment due to an
  internal error within our processors.
• Please update and verify your information by
  clicking the link below
• http//www.Bankofamerica.com/update/index.asp
• If your account information is not updated within
  48 hours then your ability to access your account
  will become restricted.
• Thank you
• The Bank of America Accounts Management Department

10
This credit card transaction will appear on your
bill as "PAYPAL INPHONIC"

• This email confirms that you have paid INPHONIC
  (sales_at_inphonic.com) 239.95 USD using PayPal.
  This credit card transaction will appear on your
  bill as "PAYPAL INPHONIC".
• PayPal Shopping Cart Contents
• Item Name NEW MOTOROLA V3 PINK RAZR RAZOR
  QUAD-BAND CELL PHONE
• Quantity 1
• Total 219.95 USD
• Cart Subtotal 219.95 USD
• Shipping Charge 20.00 USD
• Cart Total 239.95 USD
• Shipping Information
• Shipping Info Richard McCoy 102 N Magnolia Tr.
  Waco, ME 04172 United States
• Address Status Unconfirmed
• If you haven't authorized this charge, click the
  link below to cancel the payment and get a full
  refund.
• Dispute Transaction
• Thank you for using PayPal!The PayPal Team

? http//intergate.gunterisd.org/guest/index.htm
l
11
Important Notice Your Amazon.com Order
(002-4082816-7275366)

• Greetings from Amazon.com.
• We have not yet received a valid method of
  payment and thus are unable to proceed with your
  order (002-4082816-7275366). Your order remains
  open. 
• Your credit card payment for the above
  transaction could not be completed. An issuing
  bank will often decline an attempt to charge a
  credit card if the name, expiration date, or ZIP
  Code you entered at Amazon.com does not exactly
  match the bank's information. 
• To verify and/or update payment information for
  this order, please visit the following
  pagehttps//www.amazon.com/gp/css/account/paymen
  t-update
• Please note that if we do not receive payment
  from you within the next 3 days, your order will
  be canceled.  If you would like to cancel the
  above order (002-4082816-7275366) now, please
  visit the following page https//www.amazon.com/
  gp/css/homepage/order-summary 
• You can view our privacy policy and contact
  information at http//www.amazon.com/gp/help/cus
  tomer/policy_privacy   
• Thank you for shopping at Amazon.com.Sincerely,
  Amazon.com Customer Service

? http//rds.yahoo.com/_yltA0oGkkc89eREaekARGxXN
yoA_yluX3oDMTB2cXVjNTM5BGNvbG8DdwRsA1dTMQRwb3MD
MQRzZWMDc3IEdnRpZAM-/SIG12cpokol2/EXP1155942076/
http//plamea.lydo.org/pralea.php
12
Fifth Third Bank 0fficial Information.
http//pacesettermarketing.ca/www.53com/index.html
13
How to avoid Phishing

• DONT CLICK THE LINK in emails
• Type the site name into your browser directly
• Never send sensitive account information in
  e-mail (Account numbers, SSN, passwords)
• Never give any password out to anyone

14
Web Safety
15
Increased Security Focus

• Use the latest products and services to help warn
  and protect you from online scams
• Microsoft Phishing Filter
• Helps protect you from Web fraud and the risks of
  personal data theft
• Warns or blocks you from visiting reported
  phishing Web sites.
• Included in Internet Explorer 78 or Windows Live
  Toolbar

16
Digital Certificates

• A digital certificate is what proves the identity
  of a website.
• If the certificate fails in some way, that means
  that the identity of the site cannot be proven
  and an encrypted channel will not be created.
• If the certificate fails, the web browser will
  show a warning message. (Next Slide)
• Do not provide sensitive information to a site
  that cannot be confirmed.

17
Certificate Warning
18
Safety Feature Green Closes the Page
19
Web site with failed Certificate (Not Encrypted)

• The pink background reminds you not to give
  sensitive information to this site (IE 7 only)

20
Certificate-Verified URL (Encrypted)
21
Certificate-Verified URL (Encrypted)

• In IE 6 and previous, Netscape, Mozilla, Firefox,
  etc.Look for the padlock in the lower right-hand
  corner

22
Basic Checklist

• Install a reputable Anti-Virus package
• McAfee is free to UC personnel
  www.uc.edu/infosec
• Look for Free Anti-Virus (upper right-hand
  corner)
• Set up your system to automatically download and
  install critical updates
• Go to Start gt Programs gt Accessories gt System
  Tools gt Windows Security Center
• Click on Automatic Updates
• Select Automatic, choose the appropriate time and
  Click OK.
• If you are using a non-windows system, check this
  link for patches http//www.uc.edu/infosec/Softwa
  re.htm
• KNOW to whom you give personal information

23
Good Site or Bad?
24
Other Concerns
25
Telephone Scams

• Verify any person who contacts you (by phone or
  email).
• Know who you are talking toIf someone calls you
  on a sensitive topic, thank them, hang up and
  call them back using a number that you know is
  correct, like from your credit card or statement.
  

26
Solicitation in Public

• Confine your charitable giving to reputable
  established organizations
• Unfamiliar? Ask for literature
• If solicited by an individual for personal
  charity, don't give cash offer to buy the
  individual food or drink or refer them to local
  assistance resources.

27
Solicitation via Phone

• National Do-Not Call List
• https//www.donotcall.gov/
• If solicited by telephone despite being on the
  list, simply hang up.
• It is your phone, there for your convenience, not
  theirs. ?

28
Solicitation at Home

• Door-to-door
• With the exception of local organizations,
  door-to-door sales are often fraudulent, and
  should be viewed with skepticism.
• If it sounds too good to be true, it usually is.
• Under consumer protection laws, you have a right
  to written information about any offer, and the
  right to cancel any order within three days
  should you reconsider your decision.

29
Physical Safety
30
Incentive

• There is a lot of money flowing during the
  holiday season
• Criminals know this

31
ATMs

• Using debit or credit cards is much safer than
  carrying a lot of cash
• Liable for only 50
• Be observant
• If anyone is loitering, or you don't like their
  looks, go to another ATM

32
Vehicle Safety

• Maintain at least half a tank of fuel
• When driving, keep doors locked and windows
  rolled up
• When parking, roll up the windows, lock the
  vehicle, take the keys, and conceal valuables,
  preferably in the trunk. Park and walk in lighted
  areas to the extent possible
• When returning to your vehicle, carry your keys
  in your hand and be ready to unlock the door and
  enter as quickly as possible. Take a quick look
  inside before entering

33
If your vehicle breaks down...

• Pull as far onto the shoulder as possible
• Turn your emergency flashers on
• If you have a phone, summon assistance
• Await assistance inside your locked vehicle
• If a stranger stops, speak to them through a
  partially rolled-down window, and ask them to go
  to a phone and call police or a tow service
• Do not exit your vehicle until a law enforcement
  officer or tow operator are on scene
• On longer trips, be sure you have a phone, water,
  food, and blankets in the vehicle for emergencies

34
In Public

• While out and about, present an alert appearance
• Avoid concentrating to hard on shopping
• Wear conservative, comfortable clothing
• Grip carried items firmly and avoid leaving them
  unattended
• Carry minimal cash and valuables, wear minimal
  jewelry

35
While shopping

• Shop with friends or relatives if possible
• More fun and there IS safety in numbers
• Be alert in crowded places
• Among pickpockets' favorites are revolving doors,
  jammed aisles, elevators, and public
  transportation stops and vehicles, especially at
  rush hour
• Carry the day's most expensive purchases closest
  to your body
• Don't carry so much you lose the ability to react
  quickly
• Keep a close eye on your children while shopping

36
Report any incident

• Be civically minded. Help protect us your friends
  and neighbors
• If you dont want to take the time, the
  offender may do something worse next time.

37
Great time of year

• Keep these safety basics in mind
• Avoid trouble and have

Happy Holidays!