InfoSec tricks and treats: 2019 edition

by Elizabeth Jenike, IT Services

Another year, another October: National Cyber Security Awareness Month has come and gone, and now that the colder months are on their way, how are you upping your security game? Are you making sure to protect your accounts and online presence against fraudulent attacks?

Don’t be spooked—here are some security treats to offset the tricks this Halloween season!

1. That’s not a ghost in your Duo app

A white ghost

Have you ever received a notification from your Duo Mobile application that you didn’t initiate?What about a phone call from Duo? If so, that means someone is trying to access your account without your permission.

When this happens, simply press the red X in the Duo app, or deny the attempt via phone prompts. This will alert Duo that it shouldn’t give access to your account. There will then be an option on the screen (in the app) to report the login attempt as fraudulent.

This situation is the entire reason Duo was implemented in the first place—to prevent outside forces from gaining access to information protected solely by easily compromised passwords. If Duo had not been on your account, your info could have been stolen, e.g., bank account info or Canvas gradebook stats.

So, no—your Duo app isn’t haunted. It’s simply alerting you that your password has been leaked somehow. The best course of action is to change your password immediately—it could have been hacked as part of a large data breach (e.g., the Chegg breach that occurred earlier this semester).

2. The horror! The horror! (...Of phishing messages)

We all know the best security practices of checking email: Make sure you know the sender, hover over links to see where they point before clicking, and never respond to requests for personal information. Phishing schemes are getting more sophisticated by the day, however—and that means we need to be more vigilant in detecting and reporting those kinds of messages.

A good rule of thumb is if you receive a request from someone to change passwords, provide personal information, or send gift cards, ignore the message. If what they are offering sounds too good to be true, it probably is. It’s best to simply ghost these would-be malicious actors.

Whatever the issue—don’t lose your head over a phishing message. Simply forward it to InfoSec and don’t respond.

An orange, smiling jack-o-lantern

3. Keep your passwords under wraps

Password sharing between accounts is generally a no-no. When we hear about big data breaches, we urge users to change their passwords for many reasons. If members of the Miami community re-use their MUnet password for other online accounts, their Miami credentials could possibly be compromised by large-scale data breaches.

How do you fix that problem? Remembering different passwords for all of our online accounts is cumbersome and sometimes plain impossible (especially if we’re utilizing all of our password-generation best practices and using passphrases that contain special characters, numbers, and uppercase/lowercase letters). Password management apps can be a lifesaver. They can help you generate strong passwords, and you don’t have to remember every single code for every single account you have—instead, the manager remembers them for you. All you have to retain is the code for the app itself.

These are just a few ways to stay safe this Halloween season. For more information about how to beef up your information security profile and about National Cyber Security Month in general, visit the website of the National Initiative for Cybersecurity Careers and Studies.

On a more serious note, phishing messages have been on the rise at Miami lately. Please make sure you remain vigilant in scoping out fraudulent emails. They’re getting more sophisticated by the day. Visit our Security Corner for a list of phishing announcements as we hear about them.

Stay safe out there!

Security Corner