Common Security Threats
Scams and Hoaxes
Chain letters, email, phishing scams and hoaxes clog the network, clutter mailboxes and waste University computing resources. Some contain malware and viruses that can compromise personal computers (including Macs) and Syracuse University networks. Compromised machines found on the Syracuse University Network will require a complete reinstallation of the operating system.
For the best defense:
- Always be wary of unsolicited e-mail, even if you think you recognize the sender. E-mail addresses are often "spoofed" by spammers and hackers.
- Never open attachments that are connected to these e-mail hoaxes.
- Never click on the embedded Web links in these e-mail hoaxes.
- Never redistribute e-mail chain letters and other hoaxes across the University network.
- Delete the e-mail.
- When in doubt, e-mail ITsecurity@listserv.syr.edu or call the ITS Help Desk at 443-2677.
Additional information about phishing specifically can be found on the Phishing and Suspicious Email page. If you've interacted with (entered username/password) or gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised. Follow the instructions on our Got Phished! Now what?
Spyware
Spyware is programming that is secretly installed on personal computers when owners surf the Internet; arbitrarily download files, programs and other materials from the Internet; and click on e-mail attachments that are attached to spam and other unsolicited e-mail. Spyware can be attached or embedded in third-party applications, mobile apps, and even browser extensions.
Spyware collects information about user web or device activity. Spyware can also monitor your keystrokes, scan your computer files, snoop your chat programs, read your cookies, change your default homepage, change your default Web browser, interfere with your ability to access the Internet, and report all of the information it gathers about you to the spyware's author.
Spyware can interfere with your computer's normal operation, causing system slowdown, illegal operation errors, browser crashes, and even cause hardware failures.
For the best defense:
- Antivirus software: Install it and keep it updated. (See Antivirus Software advice)
- Spyware removal software: Install and run spyware removal software on a regular basis. Further information about free spyware removal software is available at the links below.
- Ad-Aware: http://www.lavasoftusa.com/support/download/
- SpyBot Search and Destroy: http://www.safer-networking.org/
QR Codes
Quick Response codes (or QR codes) is a type of matrix code easily readable by machines. Originally designed for the automotive industry it has gained popularity due to fast readability and greater storage capacity compared to other bar code standards (like UPC etc.). It typically contains of black modules in square grid on a white background, which can be read by an imaging device (such as a camera) and processed using simple decoders.
One of the most popular implementation of QR codes is consumer advertising as a user can just scan the code with their phone and it will take them to the website. QR codes provide quick and effortless way to direct a consumer to the brands website and therefore the consumer will be more inclined to purchase something or at least see the sale. QR codes can be used with Android, Blackberry and Apple iOS devices.
There are some risks to QR codes that can endanger the user’s contents of their phone and put their privacy at risk. The practice of cybercriminals manipulating QR codes for fraudulent use is known as “attagging”, a combination of “attack tagging”.
Malicious QR codes are easily created and the risks of scanning them for a user include linking to a malicious website, enabling GPS/camera/microphone, analysis of files/contacts/passwords, and sending email/text messages without consent.
For the best defense:
- Be cautious when scanning QR codes unless you know the source
- Avoid QR codes found in public or immediately redirect you somewhere unfamiliar
- Close and clear your browser sessions in any cases of suspected malicious codes
- Review any download activity if not directly tied to intended based on the QR code details or use
- In some cases, it is just best to type the URL into your browser as it is much safer
Additional Links and Information
- The US-CERT has additional information on identifying and protecting yourself against scams and hoaxes
- Phishing 101 from phishing.org
- Common Phishing Attacks from phishing.org
- What to do if you fell for a phish or scam
- ITS Safe Computing Tips
Need Help? Contact the ITS Help Desk at help@syr.edu or by calling 315-443-2677.