Scenario #1: Your supervisor is very busy and asks you to log into the HR Server using her user-ID and password to retrieve some reports. What should you do?
Answer #1: C - Decline the request and remind your supervisor that it is against UC policy. User-ID's and passwords must not be shared. If pressured further, report the situation to management, the ITS Support Center or the Whistleblower Office (http://whistleblower.ucsc.edu/). Scenario #2: You receive the following email from the Help Desk: Dear UCSC Email User, Beginning next week, we will be deleting all inactive email accounts in order to create space for more users. You are required to send the following information in order to continue using your email account. If we do not receive this information from you by the end of the week, your email account will be closed. *Name (first and last): *Email Login: *Password: *Date of birth: *Alternate email: Please contact the Webmail Team with any questions. Thank you for your immediate attention. What should you do? Answer #2: This email is a classic example of “phishing” – trying to trick you into “biting”. They want your information. Don't respond to email, instant messages (IM), texts, phone calls, etc., asking you for your password or other personal information. You should never disclose your password to anyone, even if they say they work for UCSC, ITS, or other campus organizations. If you receive phishing or spam in your Google email, report it to Google: http://its.ucsc.edu/google/security.html#spam Scenario #3: A friend sends an electronic Hallmark greeting card (e-card) to your work email. You need to click on the attachment to see the card. What should you do? Answer #3: D - Delete the message: This one has four big risks: 1. Some attachments contain viruses or other malicious programs, so just in general, it’s risky to open unknown or unsolicited attachments. 2. Also, in some cases just clicking on a malicious link can infect a computer, so unless you are sure a link is safe, don’t click on it. 3. Email addresses can be faked, so just because the email says it is from someone you know, you can’t be certain of this without checking with the person. 4. Finally, some websites and links look legitimate, but they're really hoaxes designed to steal your information. Scenario #4: Real-life Scenario: Question: What do you think might be going on here? Answer #4: Possible answer: Note: Often questions about personal information are optional. In addition to being suspicious about situations like the one described here, never provide personal information when it is not legitimately necessary, or to people or companies you don’t personally know. Scenario #5: Real-life Scenario: Question: What do you think might be going on here? Answer #5: Possible answers: Another possibility is that she did log out, but didn't clear her web cache. (This is done through the browser menu to clear pages that the browser has saved for future use.) Scenario #6: Two different offices on campus are working to straighten out an error in an employee's bank account due to a direct deposit mistake. Office #1 emails the correct account and deposit information to office #2, which promptly fixes the problem. The employee confirms with the bank that everything has, indeed, been straightened out. Question: What's wrong here? Answer #6: Account and deposit information is sensitive data that could be used for identity theft. Sending this or any kind of sensitive information by email is very risky because email is typically not private or secure. Anyone who knows how can access it anywhere along its route. As an alternative, the two offices could have called each other or worked with ITS to send the information a more secure way. Scenario #7: Real-life Scenario: Question: What do you think might be going on here? Answer #7: Possible answer: Sometimes they realize they loaned their account to a friend who couldn't remember his/her password, and the friend did the printing. Thus the charges. It's also possible that somebody came in behind them and used their account. This is an issue with shared or public computers in general. If you don't log out of the computer properly when you leave, someone else can come in behind you and retrieve what you were doing, use your accounts, etc. Always log out of all accounts, quit programs, and close browser windows before you walk away. Scenario #8: The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do? <Select all that apply>
Answer #8: B & D. This is definitely suspicious. Immediately report the problem to your supervisor and the ITS Support Center: slughub.ucsc.edu, 459-HELP (4357), or Kerr Hall room 54, M-F 8AM-5PM. Also, since it seems possible that someone is controlling the computer remotely, it is best if you can disconnect the computer from the network (and turn off wireless if you have it) until help arrives. If possible, don't turn off the computer. Scenario #9: Which of the following passwords meets UCSC’s password requirements
Answer #9: C UcSc4Evr! This is the only choice that meets all of the following UCSC requirements:
Scenario #10 You receive an email from your bank telling you there is a problem with your account. The email provides instructions and a link so you can log in to your account and fix the problem. What should you do? Answer #10 Delete the email. Better yet, use the web client (e.g. gmail, yahoo mail, etc.) and report it as spam or phishing, then delete it. Any unsolicited email or phone call asking you to enter your account information, disclose your password, financial account information, social security number, or other personal or private information is suspicious – even if it appears to be from a company you are familiar with. Always contact the sender using a method you know is legitimate to verify that the message is from them. Scenario #11 A while back, the IT guys got a number of complaints that one of our campus computers was sending out Viagra spam. They checked it out, and the reports were true: a hacker had installed a program on the computer that made it automatically send out tons of spam email without the computer owner’s knowledge. Q: How do you think the hacker got into the computer to set this up? Answer #11 This was actually the result of a hacked password. Using passwords that can't be easily guessed, and protecting your passwords by not sharing them or writing them down can help to prevent this. Passwords should be at least 8 characters in length and use a mixture of upper and lower case letters, numbers, and symbols. Even though in this case it was a hacked password, other things that could possibly lead to this are:
Phishing and Spam Quiz SonicWall has a fun, informative quiz to test how well you distinguish between email schemes and legitimate email. Check it out at: http://www.sonicwall.com/phishing/ Security Self Test Completion Certificate (PDF) Other Computer Security Training Pages: Back to main Computer Security Training page Rev. Sept 2015 |