Monthly Archives: May 2016

Half of people plug in USB drives they find in the parking lot

“The security community has long held the belief that users can be socially engineered into picking up and plugging in seemingly lost USB flash drives they find,” the researchers reported this month.

“Unfortunately, whether driven by altruistic motives or human curiosity, the user unknowingly opens their organization to an internal attack when they connect the drive – a physical Trojan horse.”

The study dropped USB sticks containing HTML files that had img tags embedded; opening the files fetched the image from a remote server, allowing the researchers to track the USB drives’ use and rough location. It’s obviously not a perfect means to detect usage, but close enough. And, yes, we’re talking about people – students and staff – who hang around a uni campus.

The drives were usually picked up within hours of being left in the lot, with one being opened just six minutes after being dropped off. Overall, 48 per cent of the drives were picked up and plugged into a PC.

Additionally, the study found that just 16 per cent of users bothered to scan the drives with anti-virus software before loading the files; 68 per cent of the respondents said they took no precautions whatsoever before plugging in the drives.

The users said that, for the most part, they were acting in good faith. 68 per cent of the users said they were only accessing the drive in order to find its owner, though a “handful” of respondents said they were planning to keep the USB drive for themselves.

This led the researchers to believe that an attacker would have no problem spreading malware in an organization by simply dropping an infected USB drive in a public place.

“We hope that by bringing these details to light, we remind the security community that some of the simplest attacks remain realistic threats,” the researchers said.

“There is still much work needed to understand the dynamics of social engineering, develop technical defenses, and learn how to effectively teach users how to protect themselves.”

Reference:

[1] Shaun Nichols “Half of people plug in USB drives they find in the parking lot”

10 Ways to Avoid Fraud

Crooks use clever schemes to defraud millions of people every year. They often combine new technology with old tricks to get people to send money or give out personal information. Here are some practical tips to help you stay a step ahead.

  1. Spot imposters. Scammers often pretend to be someone you trust, like a government official, a family member,a charity or a company you do business with. Don’t send money or give out personal information in response to an unexpected request — whether it comes as a text, a phone call, or an email.
  2. Do online searches. Type a company or product name into your favorite search engine with words like “review,” “complaint” or “scam.” Or search for a phrase that describes your situation, like “IRS call.” You can even search for phone numbers to see if other people have reported them as scams.
  3. Don’t believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren’t always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
  4. Don’t pay upfront for a promise. Someone might ask you to pay in advance for things like  debt relief. credit and loan offers,mortgage assistance, or a job They might even say you’ve won a prize, but first you have to pay taxes or fees. If you do, they will probably take the money and disappear.
  5. Consider how you pay. Credit cards have significant fraud protection built in, but some payment methods don’t. Wiring money through services like Western Union or MoneyGram is risky because it’s nearly impossible to get your money back. That’s also true for reloadable cards like MoneyPak, Reloadit or Vanilla. Government offices and honest companies won’t require you to use these payment methods.
  6. Talk to someone. Before you give up your money or personal information, talk to someone you trust. Con artists want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search  consult an expert — or just tell a friend.
  7. Hang up on robocalls. If you answer the phone and hear a recorded sales pitch  hang up and report it to the FTC. These calls are illegal, and often the products are bogus. Don’t press 1 to speak to a person or to be taken off the list. That could lead to more calls.
  8. Be skeptical about free trial offers. Some companies use free trials to sign you up for products and bill you every month until you cancel. Before you agree to a free trial, research the company and read the cancellation policy. And always review your monthly statements for charges you don’t recognize.
  9. Don’t deposit a check and wire money back. By law, banks must make funds from deposited checks available within days, but uncovering a fake check can take weeks. If a check you deposit turns out to be a fake, you’re responsible for repaying the bank.
  10. Sign up for free scam alerts from the FTC at ftc.gov/scams.  Get the latest tips and advice about scams sent right to your inbox.

Reference: FTC Consumer Information ” 10 ways to Avoid Fraud”

TAG You’re It!

As one of the leading technology industry associations, TAG has been dedicated to the promotion and advancement of the technology industry. Columbus State University has been recently able to start a student chapter so that we also can get in on the latest advancements! Tuesday, May 3rd at 5:30pm there will be an interest meeting for all students, faculty and staff interested. It will be held in the Columbus Room located in the Davidson Center. Did we mention that there will be FREE FOOD?

13119748_1270908099604522_4525121696868499005_o