December 19, 2016 By Pamela Cobb 3 min read

Whether hanging stockings, lighting candles on a menorah or gathering for an Airing of Grievances, if you are an IT professional visiting family this season, you will inevitably be asked to fix the family computer, tablet, smartphone or programmable thermostat while you’re there.

As an introvert, I use the hour I might have to spend uninstalling browser toolbars and removing adware to recharge from the intensity of so many people crammed into one place. It’s my own little holiday within a holiday. However, I do wish I could leave my family with a list of things not to do on a computer or tablet.

Fortunately, there’s enough combined internet security brainpower at IBM to create such a list. In fact, we have a handy printable version you can leave with your folks on your next visit.

Online Safety Tips to Fix the Family Computer

At its core, the advice boils down to increasing awareness of your digital surroundings. Here are some examples.

Trust Is Tops

  • Only use trusted apps or software. Download apps directly from trusted app stores such as iTunes and software from well-known sites such as CNet. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result. Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all. Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software. Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinize links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions. When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favorite dessert, favorite song, etc.) and enter answers that only you would know. You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protections if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.
  • Monitor accounts for unusual activity. Be sure to check your accounts frequently, especially during the holiday shopping season. Visit any of the three credit bureaus — Equifax, Experian or TransUnion — to place a fraud alert or freeze on your credit report or to learn more about credit fraud.

 

 

Have a Happy, Hack-Free Holiday!

I wish my fellow IT professionals luck this holiday season. Personally, I hope I won’t have to fix the family computer again in 2017. I will, however, commit to fixing the adjustable thermostat, since I’m always the coldest one in the house.

If you’d like to learn more about particular attack vectors, check out the many reports available from the IBM X-Force research hub. And don’t forget to print the handy tips list above to leave with your family!

More from X-Force

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

You just got vectored – Using Vectored Exception Handlers (VEH) for defense evasion and process injection

10 min read - Vectored Exception Handlers (VEH) have received a lot of attention from the offensive security industry in recent years, but VEH has been used in malware for well over a decade now. VEH provides developers with an easy way to catch exceptions and modify register contexts, so naturally, they’re a ripe target for malware developers. For all the attention they’ve received, nobody had publicized a way to manually add a Vectored Exception Handler without relying on the built-in Windows APIs which…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today