Security Alert
June 11th 2019
We have recently become aware that the following phishing email is currently circulating:
Email Subject Line: Missed Call
Identity Protection Tips
Protect Personal Information
- Shred all papers with personally identifiable information (PII) and account information
- Protect your Social Security Number (SSN)
- Never carry your Social Security Card on your person
- Never give out your SSN without verifying who is requesting it and what they need it for
- Protect your Kent State ID number
- Always sign out of your account(s), especially on public and lab computers
- Secure all of your online accounts with strong, unique passwords. Learn more about password best practices
- Secure your personal computer with a firewall and antivirus
- Use strong encryption on your home network such as WPA2
- Be careful what you share on social media--do not share personal details such as birthday, name of school, pet's name, your location, etc.
- Always verify the identity of those who are asking for sensitive information before you release it
- In general, email message sent outside a secure network are not encrypted, so its possible for anyone to see and copy those messages. Take care not to divulge personal information on an unsecure connection
- Always make sure a website is secured with https:// before entering personal information such as username, password, credit card number, etc.
- Do not reveal information that could possibly lead to someone being able to answer security questions for your account(s)
- Always review your financial statements and reports, including your credit report, bank statement, credit statements, and any other financial statements
- Remember that mobile phones may not always secure your conversation and do not divulge sensitive information where people could hear you
- Take care not to display sensitive information on your screen when in a public place where somebody could easily read information over your shoulder. This is known as shoulder surfing
- Pay careful attention when clicking the "Reply All" button to make sure that you are not sending sensitive information to undesired recipients
Beware of Poisoned Search Results
During a significant media event, such as the death of a celebrity or natural disaster, many users are often searching the same thing. Cyber criminals will often create a page designed to phish credentials or install malware onto a machine and then tailor it so that it is one of the top results from a search engine. Many will pretend to be charities in order to steal your money. During big media events, stick to well known and reputable sites to avoid these scams.
Protect Accounts with Strong Security Questions
| Do's: | Example: |
|---|---|
| Choose a question that limited people will know about you. | Name of your first grade teacher |
| Most questions don't have a limit on characters. Make the answer a phrase or restate the question in the answer. | If the question is "Where was your first vacation?", make the answer "My first vacation was place." |
| If you can remember it, choose to answer the question incorrectly. | If the question asks for your mother's maiden name, answer with your grandmother's maiden name. |
| Create an algorithm, or method, for answering security questions. | Type in the question backwards. |
| Don'ts: | Example: |
|---|---|
| Don't choose a question where the answer is likely to change over the years. | Favorite food, Favorite color |
| Don't choose a question where there are limited possibilities for answers because many websites don't put a limit on how many times on can attempt security questions. | Person's birth month, make and model of a car |
| Don't choose a question that asks for simple family member information. Many people can get this information from a social media site. | Name of your aunt, First pet |
| Don't choose a question that asks for school names. If somebody knows or can find where you grew up, it won't be hard to guess where you went to school. | You grew up in Kent, so it is likely that you went to Kent State University |
Protect Accounts with Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a method that requires more than one form of verification before granting access to a computer or account.
Authentication can come from three different things:
- Something the user knows - knowledge that only the user knows. This includes passwords, security questions, and personal identification numbers (PIN).
- Something the user has - a physical item that the user has in possession. When it comes to computer and account access, this is often a USB device or randomly generated code/token from a mobile device.
- Something the user is - also known as biometric authentication. This uses a user's fingerprint, voice or iris scan for authentication.
