Staying Secure Online

Devices/Public Wi-Fi

When accessing the internet, be sure the device you use is secure. That is, password protect devices and be sure to sign out when using shared devices or public wifi.

For sensitive online tasks (e.g., banking, online shopping, anything with account numbers), use your own computer or mobile device and a secure network (so don't do banking on public wifi at a coffeehouse!)

Browsing

Be sure the browser you use to access the Internet is up-to-date. Older browsers are more vulnerable to malware than newer ones. 

When visiting websites, pay attention to website URLs. In particular,

• Check for any inconsistencies between the site you want to visit and the URL (e.g., if visiting Stony Brook University sites, URLs with stonybrook.com instead of .edu might be suspicious).
  • Check for misspellings/typos as well (e.g., favebook.com rather than facebook.com); scammers frequently register misspellings of popular sites and design them to look like their legitimate counterparts to try and trick you into entering your information. 
• Look for https, shttp, or a locked padlock (as opposed to just http) at the beginning of URLs, especially for online banking and shopping. This indicates that the site has extra security in it. 
• Do not click on links/popups that:
  • Claim to have offers "too good to be true" (e.g., "You've won...", "You're our millionth visitor...")
  • Claim that your computer is "infected" or "running slowly"
  • Are "clickbait" - vague news headlines that encourage you to click to a link read the rest of the "article"/view a "video" (e.g., "'X celebrity' found dead", "Check out these 10 tips to save $100 a month", etc.)
  • For more information on pop-up messages and what to do if you recieve one

Email

Avoid emails that have:

• Vague subjects, greetings, and/or content
• Incorrect names, dates (e.g., far in the future), misspellings, mismatched names/email addresses (e.g., "IT Help Desk", instead of "Customer Engagement & Support")
• Awkward wording/language/grammar 
• Strong calls to action (e.g., Urgent!!!!), warn of a deadline that's very soon (e.g., "your account will be deactivated in 24 hours unless...)
• Many recipients, especially if the list of recipients is arranged in alphabetical order
• Web links that don't match sender or are misspelled - You can hover over links to see where it will take you

If these emails contain links, attachments, or request information, do not click on the links, download the attachments, or respond with your information. Immediately  mark the message as spam or for phishing in Google Mail. Your personal information (passwords, usernames, etc.) will NEVER be requested via email.  If you accidently click on a link in a suspicious email, change your password right away, monitor your account for any suspicious activity, and contact Customer Engagement & Support.

More information on phishing emails and determining if an email attachment is legitimate

Responsible Online Behavior

Remember that online actions have the potential to affect many. When online, be cognizant of potential effects of your behavior.

• Only post appropriate content on your social media profile(s)
• Understand your social media privacy settings (your audience may be much larger than you realize)
• Avoid posting personal information (phone numbers, addresses, passwords, etc.)
• Online messages, posts, pictures, etc., leave "digital footprints" and can never be deleted completely

Contact Customer Engagement & Support with any questions about legitimacy of emails, requests, etc.

View previously recorded training or request training on this!