Ed VanHoose is the Digital Communications Administrator/IT Manager for the Association of Illinois Electric Cooperatives
To click or not to click
I have dedicated several past columns to various topics of computer security, but recent talks with some of my colleagues have demonstrated that the need for personal awareness of malware and virus avoidance remains at the top of the list for any security process.
This month I visited with Edmond Rogers, CISSP to discuss what users could do to protect themselves. Rogers recently joined the University of Illinois Information Trust Institute as a Smart Grid Engineer. Prior to joining U of I, Rogers was a Security Analyst for Ameren and has spoken about cyber security at various security conferences around the world.
When asked what advice he could give on what you can do to protect yourself from malware and viruses Rogers says, “There are a couple of things that a person can easily do to protect themselves from many attacks that we are seeing these days. The first thing that a person can do is set their email to display mails as text. This will prevent unwanted content from displaying/running on their computer. Also, other things like keeping antivirus up to date and activating the firewall in your windows client can help.”
Of course, software can only go so far to protect you. The basic and most important line of defense still lies with the user.
The image above shows an example of a false report generated by scareware. Clicking anything on this window can infect your computer.
Rogers agrees saying, “Keep your eye out for unexpected emails from people you know or do business with. Recently, attackers have been targeting people by impersonating someone the unsuspecting users know. Never click on links in emails even if you know the person unless you have first verified that they actually sent the email.”
Many times you will see an e-mail asking you to verify your account information. You should know that any reputable business, bank or utility will never ask for that type of information in an e-mail, and will never provide you with a link to follow to type in personal information. If you see an e-mail of this type, call the company it’s from and verify they actually sent it.
Rogers suggests another technique to use instead of clicking, “If you want to verify a company you do business with wants to contact you online then go directly to their website. Do not follow links in emails. Open your web browser and type in the address you know, or follow the link in your favorites.”
Common sense plays an important factor in keeping your computer, and your online identity, safe from malware and viruses.
“Keep an eye out for the times that the mails are sent,” says Rogers. “Does your Aunt Edna really send mails out at 4am? Clicking on links for jokes, etc. without first thinking can lead to having your computer infected.”
You should also be aware of the growing trend of “scareware.” Scareware is a type of malware that pretends to be beneficial in nature—often purporting to be anti-virus software that has found a threat.
Rogers warns of this type of attack as well saying, “While surfing the web, if a windows appears on your screen warning you that your anti-virus is out of date it is not advisable to even click no in these types of boxes. A good way to get rid of these annoying pop ups is to hit Alt and F4 at the same time to close the window without clicking on it. In my experience, clicking through windows without understanding where they came from is the second most used way hackers get in.”
The general overall theme here is to be suspicious of anything unexpected that happens in your computer. Taking a breath and reading a window twice before blindly clicking yes or no could save a lot of aggravation down the road.
Everybody has technical issues. Some are interesting. Some aren’t. If you have an interesting technical problem that you want answered in a future edition of Powered Up, please drop me an e-mail. (I might even answer some of the uninteresting ones too.)
Ed VanHoose is the Digital Communications Administrator/IT Manager for the Association of Illinois Electric Cooperatives in Springfield. He is a specialist in the IT field with over 12 years of experience working in leadership roles for technology based projects in Illinois and Missouri.