Stop – Think – Connect

Why me?

I don’t have anything that anyone wants.

“We will find you and use what is yours as our own … muhahaha!”

These are often the thoughts that people have when they think about their online lives. Surely the criminals are after multi-million dollar heists from the biggest banks and mega-corps? Or they’re after databases stuffed full of usernames, passwords, credit-card numbers … I don’t have any of this.

I mean, okay if my computer was hacked then they might be able to get my WoW or XBox Live credentials – I wouldn’t like that – oh, and then I guess I do keep all my passwords stored in Firefox (without using the master password protection.) Hmmm? If someone accessed my Facebook account – again, I wouldn’t be too pleased. Hmmm? I guess I do have some spreadsheets on my machine that I use to track my grades at Mines with – would somebody be able to pretend to be me at Mines? Or start posting messages as me through Facebook, or Tweet things … ???

YOU ARE THE TARGET

STOP – THINK – CONNECT

Often the simplest target for criminals is you … people are inherently bad at clicking random links or picking up a discarded USB flash drive – but, it’s a USB 3.0 128Giga … perfect for storing all those episodes of Battlestar Galactica, Big Bang Theory, and the Matrix trilogy (classic sci-fi!) However, STOP and THINK before clicking that link or plugging that flash drive into your laptop – if something seems to be a little fishy (or, indeed, phishy) there’s a good chance it is – ignore it and just move on or report it to someone at ITS who can investigate further.

That is the core message, just like in real life, if you feel something just doesn’t feel right take a step back and assess. Talk to your friends or family about it. Especially in the virtual world, the easiest thing to do is to ignore – temporarily or permanently – that message/link/posting and apply some common-sense.

Remember, nobody official from Mines or from any other reputable company is going to ask you for information like your username and password or for your social-security number to be sent through email. Ignore, delete, and report something like this.

If you ever receive something that is full of statements like URGENT!!!, TIME-CRITICAL … it likely is not. If you believe such a request is legitimate go to the associated website manually – NEVER click the link in the message: type the regular web-address into your browsers navigation bar. If you think there is something screwy with, say, your online bank account, then you can always go old-skool and find the telephone number and call them up – every legitimate business will be more than happy to assist you in this way.

Same stop-think-connect mentality for every scammers favorite topic: sending you notice that you’ve just won $18 million through the Lottery of – if you know you never entered such a lottery draw you likely have NOT won $18 million. Same deal for the infamous alleged prince of Nigeria offering you a cut of 27.5 million US dollars. Not too likely.

If you believe that one of your online accounts may have been compromised or you believe that your credentials may have been (accidentally) leaked – change your pass-phrase immediately and contact the site. Ideally for each site you log into you should use a different pass-phrase – that way if someone compromises one of them, that’s all they have.