OAGITM Members: Please see the monthly 'Security Tips' newsletter below you can customize and distribute within your organization. Regards, Theresa A. Masse Chief Information Security Officer State of Oregon Department of Administrative Services Enterprise Security Office 503-378-4896 Data Classification 2 - Limited Confidentiality Notice: This message, including any attachments or links, may contain privileged, confidential and/or legally protected information. Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete all copies of the original communication, including any attachments and/or links. From: MS-ISAC [mailto:info@xxxxxxxxxx] Sent: Tuesday, November 27, 2012 5:36 AM To: MS-ISAC Subject: Cyber Security Newsletter Tip - November 2012 -Tips for Secure Shopping Online During the Holiday Season Just as a reminder - these newsletters are sent to you in template form. We do this so that you can add your organization's name/logo and your name to the newsletter. INSERT Your LOGO {INSERT Organization} Monthly Security Tips NEWSLETTER November 2012 Volume 7, Issue 11 Tips for Secure Shopping Online During the Holiday Season From the Desk of {Insert Name} Cyber Monday (the Monday after Thanksgiving) and online shopping throughout the entire holiday season have become increasingly popular in recent years, and the trend is expected to continue this season. According to MarketLive, an e-commerce software and solutions provider, online shoppers in the U.S. are projected to spend more than $54 billion this holiday season, nearly a 17 percent increase over the $47 billion spent last year. The increase in online shopping coincides with an increase in mobile device use, and more shoppers will be using special holiday smartphone apps to find the best deals. Before you click or tap to buy that "must have" item on your holiday list, check out these tips below to make sure you're doing everything you can to avoid becoming a victim of cyber crime: 1. Secure your mobile device and computer. Be sure to keep the operating system and application software updated/patched on all of your computers and mobile devices. Be sure to check that any anti-virus/anti-spyware software installed is running and receiving automatic updates. Confirm that your firewall is enabled. 2. Know and trust your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller's physical address and phone number in case you have questions or problems. 3. Look for "https" when making an online purchase. The "s" in "https" stands for "secure" and indicates that communication with the webpage is encrypted. If you submit your credit card information through an organization's website, be sure to look for indicators that the site is secure. Look for a padlock or key icon in the browser's status bar and be sure "https" appears in the website's address bar before making an online purchase. You should also make sure that your browser software is current and up-to-date. 4. Password protect your mobile device and computer. It's the simplest and one of the most important steps to take to secure your mobile device and computer. If you need to create an account with the merchant, be sure to use a strong password. Use at least eight characters, with numbers, special characters, and upper and lower case letters. Adhere to the tenant "a unique password for every unique site." 5. Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs. 6. Avoid scams and fraud. Don't ever give your financial information or personal information over e-mail or text. Be aware of unsolicited communications purporting to represent stores or charities. Always think before you click on e-mails you receive asking for donations and contact the organization directly to verify the request. Information on many current scams can be found on the website of the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center: http://www.ic3.gov/default.aspx. 7. Do not use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your credit card information when you place your order. Additionally, criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other confidential information. 8. Pay by credit card, not debit card. The safest way to shop on the Internet is to pay with a credit card rather than debit card, as credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information was used improperly. 9. Print your online transactions. Print or save records of your online transactions, including the product description and price, the online receipt, and the e-mails you send and receive from the seller. Carefully review your credit card statements as soon as you receive them to confirm that all charges are legitimate. Contact your credit card company immediately if you have unauthorized charges on your account. 10. Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others. What to do if you encounter problems with an online shopping site? Contact the seller or the site operator directly to resolve any issues. You may also contact the following: ? Your State Attorney General's Office - www.naag.org/current-attorneys-general.php<http://www.naag.org/current-attorneys-general.php> ? Your State Consumer Agency - http://www.usa.gov/directory/stateconsumer/index.shtml ? The Better Business Bureau - www.bbb.org<http://www.bbb.org> ? The Federal Trade Commission - http://www.ftccomplaintassistant.gov For additional information about safe online shopping, please visit the following sites: ? US-CERT - www.us-cert.gov/cas/tips/ST07-001.html<http://www.us-cert.gov/cas/tips/ST07-001.html> ? OnGuard Online - http://www.onguardonline.gov/articles/0020-shopping-online ? Microsoft - http://www.microsoft.com/security/online-privacy/online-shopping.aspx ? Privacy Rights Clearinghouse - https://www.privacyrights.org/Privacy-When-You-Shop ? Internet Crime Complaint Center - http://www.ic3.gov/media/2010/101118.aspx ? Smartphone Security - Android vs. iOS<http://www.veracode.com/resources/android-ios-security> Sources: ? Federal Trade Commission: Tips for Consumers http://www.ftc.gov/opa/2011/11/holidayshopping.shtm ? Daily Deal Media: Online Shopping Expected to Rise Nearly 17% this Holiday Season http://www.dailydealmedia.com/789online-shopping-expected-to-rise-nearly-17-this-holiday-season/ ? PayPal Blog: Protect Yourself from Cyber Crime this Holiday Shopping Season https://www.thepaypalblog.com/2012/10/protect-yourself-from-cyber-crime-this-holiday-shopping-season/ Brought to you by: [cid:833E4A97-96B0-4AD8-8DA4-C48C021F49E3] This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.