+

Information Security Tips (March 2023) – Screen sharing features hide dangers, do you know how to prevent them?

/in /by

Screen sharing features refer to the function of sharing your computer screen or mobile screen with others during online meetings or remote work. This function can facilitate communication and collaboration, but it also poses some cyber security risks that may make you a target of scammers or hackers. According to a notice from the Judiciary Police, this function is also a tool for phone scammers.

Scammers may pretend to be government officials, customer service representatives, or bank employees, claiming to assist you with online video call investigation, problem solving, account updating, benefit claiming and so on. Then, they ask you to download unknown applications (APPs) or share your screen with them, and instruct you to input personal information, bank account passwords, verification codes, transfer money, etc. In fact, once you share your screen with them, they can see what you type and may also install malicious software, steal your data and control your device without your knowledge.

To prevent above risks, here are some information security tips:

  • Do not share your screen with strangers or people whose identity you have not verified;
  • Do not click on suspicious links or open suspicious attachments;
  • Do not download or install applications (APPs) or software from unknown sources;
  • Do not turn on screen sharing features or input confidential data when using public WiFi;
  • Choose a reputable software or platform with data encryption function to share your screen;
  • Only share the necessary content when sharing your screen, and monitor the scope and duration of the sharing;
  • End the meeting and log out of the software or platform immediately after sharing your screen.

Remember to stay alert and be careful when using screen sharing features and do not let yourself to become a victim of scams.

Reference

Judiciary Police – Police Information Circular
Know social engineering and beware of phone scams
How to download and install software in a secure manner?

Information Security Tips (February 2023) – Know social engineering and beware of phone scams

/in /by

In recent years, we have heard frequent warnings to beware of scams through various channels, but phone scams continue to happen. In fact, scammers use “social engineering” to obtain personal information, sensitive data, or conduct fraud. Social engineering is the use of psychology and interpersonal relationship skills to exploit human emotions such as curiosity, fear, and trust. Scammers often impersonate others, such as bank clerks, police, government officials, or court personnel, or pretend to be relatives or friends, to trick victims into providing personal information or transferring money, in order to achieve illegal profits.

To prevent to be the victim of the phone scams, here are some tips:

  • Stay alert: Scammers will use the above techniques to impersonate others to commit fraud. Therefore, don’t easily trust the identity of the caller and verify their identity through official channels.
  • Pay attention to language expressions: Fraud calls often threaten or intimidate victims. Stay calm and pay attention to the caller’s language and accent. If there is any question, you may discuss with family and friends or seek help from relevant institutions.
  • Do not disclose personal information easily: Just as “don’t flaunt your wealth,” personal information should also be kept confidential, such as bank card numbers, passwords, and ID numbers. If you need to provide such information, do this through secure and reliable methods.
  • Do not easily transfer the money: When a call related to funds is received, do not easily transfer the money. Verify the identity and information of the caller through official channels and ensure the security of the transaction.
  • Enhance security awareness: Pay more attention to security information and enhance your ability to identify and prevent fraud. If you notice any suspicious activity, contact the authorities to prevent being scammed.
  • Share security information with family members: It is also important to increase the security awareness of the family members, as scammers may use social engineering techniques to deceive or trick them into revealing personal information. Scammers may also use this information to impersonate a family member and carry out fraud activities.

In conclusion, preventing phone scam requires sharp vigilance, enhancing security awareness, not easily disclosing personal information or transferring money, and verifying the identity and information of the caller through official channels. Be cautious about anything about funds, in order to prevent losses.

Information Security Tips (January 2023) – Protect privacy on social media from being used by criminals

/in /by

In the last security tips, we have provided some information about online scams and suggest users to raise their security awareness to avoid falling into online scams. In fact, protecting your privacy on social media can also prevent you from being involved in scams.

Here are two examples of disclosing privacy in social media:

1. Online romance scams
Scammers look for targets on various social platforms based on disclosed information. After getting to know the victims’ interests, scammers easily win the victims’ affection and start an online romantic relationship. Then, scammers use a plethora of reasons to ask for money. Scammers and victims never meet in real life.

2. Steal other people’s photos and then commit fraud
Criminals steal other people’s photos, pretend to be other people’s names to open accounts on social networking platforms, and use the fake accounts to contact other target people continuously to obtain phone numbers or personal information. Relevant information is very likely to be used for various fraudulent activities.

In both examples, scammers are using information disclosed by others on the Internet to commit crimes. Just think about it, the more information a stranger knows about you, the greater your are at risk.

Here are some tips for preventing the above scams:

      • Remember that the Internet is a virtual world where anyone can assume a false identity;
      • Be vigilant at all times about people or messages from unknown sources;
      • Properly protect personal information, and do not casually disclose personal and relatives and friends information on social networking platforms;
      • Enable two-factor security authentication for social networking platform accounts to improve account security while limiting who can access your information.

Reference

Information Security Tips (December 2022) – Enhance security awareness to avoid online scam

/in /by

IT devices have become a part of our lives. No matter how old you are, you can access online information through your device, such as chatting, online shopping, etc. Internet not only brings us useful information, but also makes some scams more accessible to us.

Here are two examples of online scams:

1. Online shopping scams
Have you ever shopped online but did not receive the goods after payment? Most scammers defraud consumers with the following tricks:

    • Use of special offers – Attract buyers with limited offers, sales, overseas purchasing services
    • Lose contact upon receiving money – Ask buyers to transfer money into a specific account and refuse to trade face to face. Once the money is received, the sellers disappear into thin air.
  1. Online job search scams
    Fraudsters post job ads on various social media platforms, forums or instant messengers, and lure job seekers intopaying fees, guarantee fees or other chargesunder various pretexts. After snatching the money, the fraudsters will be out of contact. Such scams may have the following characteristics:
    • Offer high salary or work from home jobs
    • Low academic qualifications or age requirements
    • Do not mention the specific job post and duties
    • Do not mention the name or address of the company, but only provide contact information with instant messenger or mobile phone number

In the above cases, the psychology of people who want to get a discount or preferential treatment is exploited for scams.

Here are some tips to prevent the above scams:

    • Remember that the Internet is a virtual world where anyone can assume a false identity.
    • Always be alert to people or messages from unknown sources.
    • If possible, shop on shopping platforms with a good reputation to reduce the risk of being scammed.
    • When shopping, pay attention to the origin of goods to avoid inadvertently running afoul of the law.
    • Be careful when applying for a job. You can start by collecting data to verify that the company or job actually exists.
    • If you encounter any problems, you should talk to your family or friends.

Reference

 

Information Security Tips (September 2022) – Be careful with suspicious messages!

/in /by

Regarding the recent suspicious messages about the withdrawal of epidemic prevention subsidies with the respective link, the Social Welfare Bureau clarifies that it was a fraudulent message, and the case has been reported to the Judiciary Police.

The Social Welfare Bureau reminds the public to be careful about this fraudulent message. If you receive similar message, please be alert and DO NOT believe it. DO NOT click the link and DO NOT provide any personal information. You should report to the Judiciary Police if you encounter similar case.

Sample of the fraudulent message

(Original in Chinese, translated version for reference only)

In addition, some users have also received phishing email about the withdrawal of social insurance subsidies in Mainland China.

Sample of the phishing email

(Original in Chinese, translated version for reference only)

ICTO would like to remind you that phishing attempt can be recognised by users who stay vigilant when they come across the following common characteristics of phishing messages and emails:

    • It involves imitating a trusted official and trick users to click on malicious links.
    • It may contain important notice which requires immediate actions, conveys messages of threat or gives an offer that is too good to be true (e.g. free overseas trip ticket).
    • It may contain shortened Uniform Resource Locators (URLs).
    • It may copy official contents such as texts, logos, and contact information to make it look genuine.

Responding to phishing message attacks

    • DON’T arbitrarily forward the phishing message. Mass messaging indiscriminately will lead to abuse. Spreading fake news or rumor, it may violate the relevant laws.
    • Delete or block the phishing message immediately to prevent from accessing the malicious contents again.
    • Report the case to the Judiciary Police if criminal activities and leakage of personal data are involved respectively.

ICTO will introduce some other types of Phishing in the next issue of information security tips.

 

Information Security Tips (August 2022) – How to handle confidential information?

/in /by

Occasionally, you might need to transmit, store, edit and access different types of data for work purpose. No matter what format the data stored as, we are obliged to ensure proper security measures and controls are adopted on UM data to avoid data leakage, especially the confidential data. Some common causes of data leakage are human errors, weak password being cracked, stolen credentials, lost of devices, software vulnerabilities being used, insecure network connection, etc. Disclosure of confidential data may cause damage to the reputation of the University or may have certain legal implications. Therefore, please refer to the below tips to protect the data:

Protect data with password and encryption, erase old data
Ensure confidential data is handled as required by the “Guidelines of Confidentiality” and the “Guidelines for Handling Confidential Information”. For example, when you take or process the confidential data outside campus for official work purpose, the data must be protected with password and encryption with encryption tool. In addition, erase all confidential data on the device immediately after processing it.

Transmit and share data carefully
Before sending/replying/forwarding an email, please review the recipients’ email addresses, email content, attachments and ensure they are correct. For example, don’t contain too much personal information or unverified content such as rumors, exclude all unnecessary confidential data in the email history. Besides, when you share data to other people in computer systems, please ensure the privileges are set correctly.

Enable 2FA and use strong password
To minimize the probability of credentials being stolen and password being cracked, please enable Two-Factor Authentication (2FA) service and use strong password to protect your UM user account. Moreover, use different passwords for different accounts, in particular those for handling confidential data.

Protect your devices by biometric technologies
Besides using password lock, it is also recommended to use biometric technologies to protect your smart phone and tablet, i.e. fingerprint and facial recognition. It can minimize the probability of unauthorized people accessing your personal data, working email, online payment and bank information in case you lost or misplaced the device.

Update computer systems and devices, enable anti-virus software
Ensure the operating systems, web browsers and software on your electronic devices are updated to the latest version, and patch them for vulnerability as soon as possible to prevent attackers from being able to take advantage of the known problems or vulnerability. Please be reminded to enable the real-time protection and monitoring feature of anti-virus software, scan the computer regularly and keep the version up to date.

Be careful in using public WiFi networks and computers
Please always assume public WiFi network and computers are insecure as attackers may capture your data in the same public network or computer you are using. Thus, avoid performing financial or other transactions that involve confidential data while using public network and computers.

Information Security Tips (July 2022) – Tips for work from home remotely

/in /by

Everyone is working from home due to the epidemic, please remind:

  1. Make sure your computer program is up to date– Keep updating the system and software programs of the device regularly. If the anti-malware program has been installed, it should be updated to avoid damage or infection by malware; Download the protection software at here (Link) and select ESET Internet Security;
  2. Login to SSLVPN andusevirtual desktop service provided by ICTO for using major UM administrative system. Please refer to the detail information (Link);
  3. Logout from all of your accounts (including SSLVPN) before you leave your computer;
  4. Protect your datato avoid data breach;
  5. During video conferencing, do protect your privacy;
  6. DO NOTarbitrarily believe unconfirmed news. Usually, during epidemic incidence, there will be relevant fake news disseminated. Don’t let a phishing scam reel you in. Don’t arbitrarily forward unconfirmed news;

 

Information Security Tips (May 2022) – How to Use Mass Email Efficiently & Safely

/in /by

How to Use Mass Email Efficiently & Safely

In our daily work, we may need to distribute email to multiple recipients, mail groups or different organizations. What is the most efficient way to do this? Sending it one by one with the same message? or sending it in a mass email? Of course, sending a mass email will be a better choice.

Although distributing mass email saves you time from delivering the same message repeatedly, it comes with some drawbacks at the same time if it is not done carefully. Drawbacks can be disclosure of recipient contacts unnecessarily to third party, or wasting email resources, etc. The following aspects must be considered before sending the mass email:

1. Is the email justified for proper purpose?
2. Will it cause any security/privacy related issues?
3. What will happen if one of the recipients click ‘Reply All’?
4. Will the email confuse the recipients?

To cater the above aspects, we suggest the following:

  • Make sure the email aligns with your organization’s mission and approved purpose.
  • Use Blind carbon copy (Bcc) to hide the recipient list from individual recipient and it can protect recipients’ privacy. This can also avoid duplicated mass email when any recipient clicks ‘Reply All’.
  • Give a clear subject heading can help recipient to differentiate the normal email from spams or phishing.

For more details about Sending Mass Email, please refer to “Guidelines for Sending Mass Email and Using Email Group”.

Reference: Don’t Let a Phishing Scam Reel You In

Information Security Tips (April 2022) – How to protect your computer against viruses and malware?

/in /by

In our daily life, we used to pay attention to our home security, however, have you ever doubted about your home computer being hacked? Hackers often install Trojan horse on your computer without your acknowledge and use it to steal your important data. They can also use it to remote control your computer camera and microphone for peeping and eavesdropping. As cryptocurrency has become popular and valuable nowadays, hackers may use Trojan horse to control a lot of computers which belong to other people for crypto mining illegally. Such crypto mining attack can slow down the computer and Internet speed, increase the electricity consumption and decrease the lifespan of the computer.

Crypto mining attack is actually spreading all over the world. UM has also received an information security alert from the Cybersecurity Incidents Alert and Response Center (CARIC) of Macao that some computers of several organizations in Macao have been infected with crypto mining malware this year since February and there is an upward trend. To ensure information security, please refer to the following tips to protect your computer immediately:

  • Keep your computer up to date, patch or upgrade the operation system and software for vulnerability as soon as possible.
  • Enable the real-time protection and monitoring feature of antivirus software, scan the computer regularly and keep the version up to date.
  • Only download software from the official website of the vendor/publisher.
  • Don’t download any type of cracked or hacked programs.
  • Don’t click links and open attachments in suspicious email.
  • Securely maintain and manage your user account and password, i.e. enable two-factor authentication (2FA) service and use more complicated password.

If you found any of the below signs on your computer, it may be infected by virus or malware:

  • Loss of performance, frequent freezing or crashing.
  • Overheating or battery drops faster.
  • Loss of information, file deleted/modified or hard drive formatted without your permission.
  • Unexpected modification of web browser homepage, unwanted pop-up or redirects to websites you are not intended to visit.
  • Antivirus software is closed or stopped running.

If you suspect that your UM user account has been hacked or computer has been infected, please contact ICTO Help Desk immediately.

Reference
· Don’t Let a Phishing Scam Reel You In
· How to download and install software in a secure manner?
· Are you ready to prevent Ransomware?
· Two-Factor Authentication (2FA)
· How to choose a strong password?
· Basic Knowledge of Online Safety and Security
· Other Information Security Tips

Information Security Tips (March 2022) – How to download and install software in a secure manner?

/in /by

The daily online activities may bring risk to your electronic device, because most threats that infect your computer system, such as viruses and malware, usually come from the programs that you download and install from the Internet.

Here are the 4 tips to download and install software in a relatively safe way:

1. Only download software from the official website of the vendor/publisher
You are always recommended to download the software only from the official website of the vendor or publisher, and avoid to download software installers from third party websites. It is because some of the installers have been embedded with various types of ads, which may install additional malicious programs to your system.

2. Always delete any software that is downloaded to your device automatically
This often happens when you accidentally visit malicious websites on the Internet and the websites will send their malicious programs directly to your device. When this happens, always delete the application that is downloaded automatically to your device without your acknowledgement.

3. Don’t download any type of cracked or hacked programs
A program that includes any type of crack or hack is certainly a malicious program. When you run it, it will install malicious codes into your system or device. It tends to disturb your system and send malicious commands to it. It is better for you to stay away from cracked or hacked software.

4. Follow the installation steps carefully
When you download a software installer even from the official website, do not just mindlessly click “next”. You have to follow the installation steps very carefully because a bad software vendor might embed malware or adware into their installer. Make sure to tick off any unnecessary options during the installation.

Reference
· Don’t Let a Phishing Scam Reel You In
· How can I identify a phishing, fake email and websites?
· Beware of Phishing Trap
· Other Information Security Tips