The following is a list of security tips (June 28, 2017):
- URL Check
Problem: I have a website URL and I do not know if it’s safe to open?!
Have you been sent a URL and you do not know if the site has malware, is used for phishing, or has a bad reputation? VirusTotal has a URL checker that can identify problem websites before you open them:
- Downloaded File Check
Problem: I have downloaded a program from a third-party site and I do not know if it is safe to open?!
Do you need to download and installs software from the internet? Someone sent you an attachment and you want to run it? Check it first to see if its safe to use!!
The best way to check for viruses is using a virus scanner. Why use a single virus scanner when you can use 50 different scanners at the same time? Check your program by uploading it to VirusTotal:
- make sure your virus scanner is up-to-date
- If your unsure that the hosting site is secure, check the URL using VirusTotal
- Many sites will list md5 hash of your download, once downloaded verify the hashes match
- Pawned Account Check
Problem: I have an account somewhere and my account info has been posted on the internet!
You may have a number of on line accounts and when account breaches occur you may not be informed that your account information has been compromised. Your account info could then be available on the internet, in a practice called a ‘pawned’ account.
The following site has a listing of most accounts that have been compromised and their associated email address:
- Pop-ups locking up my browser: Scam!
Problem: My computer web browser shows me a page that I cannot exit. I cannot exit the page, close my tabs or use any browser features at all!
There is a common browser scam in which a website can lock your browser session. The page typically will prompt you with a login prompt or Accept or OK button but no matter what click on the page remains active. A popular scam is the Tech Support Pop-Ups where the ad tells you that your computer has a virus and to call a tech support number.
Here are the steps to get your session back (Windows users):
- Press <ctrl><alt><del> and from the Task manager select your browser, and stop the task
- when you re-open your browser it will prompt you to restore the session. DO NOT restore your session, leave it closed and that by default will open a clean browser session (browser features may vary between versions but basically follow these steps).
There are some pro-active methods to help minimize these issues:
- Check your unknown URL’s using VirusTotal
- Use Adware Plugins in your browser (See: Ad Block Plus, uBlock Origin, and Privacy Badger )
- Use a Windows Sandbox program that separates your Browser from the O/S (Sandboxie)
- Email Phishing
Problem: You may receive emails asking you to disclose your username, passwords, emails, bank or credit card information.
Carleton University Faculty or Staff will not ask you to send account credentials via email.
How can you tell if an email is a Phishing attempt:
- It asks you for your password or directs you to a web form asking for your password
- If the link within the body of the message points to a non-Carleton email address
- The subject line is in all caps
- There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
- There are spelling or grammatical errors in the email
- The email offers something too good to be true
Best course of action is to simply delete this type of email.
More from CCS: How to spot a Phishing Email
Carleton University Security Tips
- Security Tips and Notices
- Creating secure passwords
- Protecting your mobile devices
- Staying safe on social media