Home‎ > ‎Departments‎ > ‎Technology‎ > ‎Info-Security Blog‎ > ‎

Phishing, Spyware & PII

posted Apr 29, 2013, 8:05 AM by Jason Tozer   [ updated Apr 29, 2013, 8:05 AM ]
In "What is Information Security," we looked at the guiding principles of information security: C-I-A and your responsibility in maintaining the security of information systems in RSU #20.  In this installment, I want to discuss personally identifiable information, aka PII.  PII is anything that identifies you, such as a driver's license number, SSN, credit card number, or fingerprint.  There were 11 million cases of identity theft in 2009 in the United States alone (Identity Theft).  How can we protect ourselves?  Here are some tips taken from Computer Security: 20 Things Every Employee Should Know:

1. Be careful when giving out personal information.  Know with whom you are conversing. 
2. Check your monthly bank and credit card statements.  Review your credit report annually.
3. Properly destroy your personal information: buy a cross-cut shredder.

Phishing and Spyware:

 Phishing, not a misspelling, is one a form of identity theft.  The term first began in the IT realm during the early to mid-1990s.  Typically this occurs through email, but can also occur via phone or a social networking website.  Some phishing schemes are blatantly false or suspect.  Have you received an email from the Nigerian prince wanting to give you millions?  Did you contact the prince?  Probably not.  Other phishing schemes are extremely clever.  "I'm stuck in London and I've been robbed,” has tricked a number of people in sending money to help out their friend(s) in need.  The email, or in some cases a Facebook account, has been hijacked.  When the email arrives in your mailbox, it appears to be coming from a friend of yours; someone that is in your email contact list.  This scam uses an unsuspecting victim's email address book to blast out emails asking for money and that request arrives in your email inbox.  How many email addresses are in your personal email account?  How many from the RSU #20 email address book?  What would happen should your address book be compromised?

Spyware is a broad term for software applications that monitor your actions on the computer.  Spyware is typically encapsulated in an email, but can also be delivered from a website.  From an email, spyware delivery typically requires the user (you) to click on a link.  From a website, spyware delivery is typically accomplished through "drive-by" downloads: it is delivered in the background as you view a web page.  At the least, spyware slows down a computer.  At the worst, spyware will harvest PII.

How can we protect ourselves?  Here are some tips taken from Computer Security: 20 Things Every Employee Should Know:

1. Don't open an email unless you know the sender and don't provide PII in response to an email or a pop-up.
2. Don't pirate software.  Don't download programs with which you are not familiar, especially on you RSU #20 computer.  The time to repair could run into days just for the hardware and does not include the time to repair your credit history should you release PII.
3. At home, secure your computer.  Block pop-ups.  Use anti-virus and anti-spyware software.  Make sure to keep them up to date.

Here are some sites with additional information:

http://www.us-cert.gov/nav/report_phishing.html
http://www.snopes.com
http://www.antiphishing.org/ (check out the resources page)

Next installment: Securing the PII of our students
Comments