Ask the Expert: Cyber security - What to watch out for

Protecting your personal and financial information has become increasingly more difficult as hackers advance their approach. While nothing is foolproof, Richard Toeniskoetter, chief information officer in Information Technology, has provided us with some red flags to look out for, and some precautionary steps to take both at home and work. In part one of this series we discussed what to be cautious of concerning emails, especially attachments and links.

Phones - What to watch out for

People have been convinced to give credit card numbers, banking account information and other potentially damaging data to callers over the phone. Individuals claiming to represent your bank, the IRS or even a computer security organization look for ways to convince people to let down their guard and reveal sensitive information. "If the caller is trying to intimidate or rush you into taking action immediately, they are large red flags," said Toeniskoetter.

He advises to either hang up or ask for a phone number that you can verify independently and later call back. This allows you to find the company's or agency's listed number and confirm whether or not the number from which you received the call is legitimate. He gives the example of a common scam of callers identifying themselves as the IRS and demanding payment over the phone. "If they give you a phone number to call back, you can call the local IRS office," he said. "You'll find out that the IRS doesn't call you and demand payment over the phone."

Some common phone scams include:

• A caller stating that you've won a cash prize and asking for a bank account number to transfer the money into
• Receiving a call that you are overdue on a payment and requesting payment information
• A caller identifying themselves as a representative from a computer security agency or popular company such as Microsoft claiming they've detected a virus on your computer and asking for computer data and/or log-in information. "They'll say they need you to work with them so they can log on remotely to fix your computer, but fixing it is not what they are planning to do," said Toeniskoetter.

One scheme that affects the University on a regular basis is callers posing as a Xerox representative saying their records show you are low on a particular printer supply and asking for your printer model and serial number. Greg Carlisle, production assistant in the Copy Center is the official contact for Xerox printer/copier supplies, the cost of which is included with your Xerox lease. "When they call and get your model and serial number, they generate a phony order, send counterfeit supplies and leave your office with a hefty bill," said Carlisle.

Much like the "from" address on an email, caller ID has become quite easy to falsify. A tech savvy caller can make the phone number on caller ID look like a local number while they are actually calling from overseas.

Facebook - What to look out for

While many social media platforms have been closing the gap, Facebook remains the most popular social media channel. It can also be a lucrative source for advertising and promoting businesses. Hackers have also found ways to use it to gather enough personal data from your account in order to gain access to other personal and financial accounts.

"They're trying to find out what high school you went to, names of pets, favorite colors and birthdates," said Toeniskoetter. If this information seems familiar, it's because it is among the most popular personal identifier questions for account log-ins. They are also commonly used passwords. "They are working towards being able to do a password reset for you on a bank account or something similar, so they are mining as much data as they can get," he said.

Another scam to be leery of are sites that allow you to log-in with your Facebook account. While many credible sites are Facebook affiliates, if the company or organization is unfamiliar to you, it's best not to log-in using your Facebook information.

Data backup - Protecting your files from ransomware

Imagine trying to access your files and finding a message stating "If you would like to get your files back, pay $300 through this website." If this has happened to you, you've fallen victim to ransomware. Hackers are able to encrypt your files making them inaccessible until they receive the money. "They normally will send you an encryption key to recover your files once they are paid," said Toeniskoetter. "They don't want to scare people off from paying the money because they have future 'clients'; to them it's a business, but we certainly don't encourage paying hackers."

Because ransomware is incredibly difficult to detect, Toesniskoetter says the best way to protect your files is to have a back-up which is disconnected from your computer. "One of the best, and easiest solutions is to use a cloud-based backup and storage service for a small monthly fee, such as One Drive or I-Drive. A cloud-based service uses the Internet and can safely store your data in a remote location from your desktop." If your computer is overtaken by ransomware, you can recover all your files without paying the hackers.

If you have questions or have received suspicious phone calls or emails at work contact IT@usi.edu or call the IT help desk at 812-465-1080.

If you are low on Xerox supplies for your copier/printer, contact Greg Carlisle at gcarlisl@usi.edu or 812-461-5454.