Home Computer Security 101
Computer Security 101 Final Exam Answers
Question 1'Phishing' is:
'Phishing' is the term for e-mails sent by spammers who are trying to trick readers into clicking on links and/or giving them personal information. These e-mails often look and sound like they are coming from official agencies. On safecomputing.umich.edu, under 'Latest Alerts', you can view the latest phishing attempts. This is an excellent tool to use to compare against fishy e-mails you receive.
Question 2How can I distinguish a phishing e-mail from a legitimate request? Choose one:
This is correct! A legitimate organization will never ask for private personal information in this manner. Scam artists use social engineering techniques to trick users into opening an attachment that installs malware, or to misdirect users to malicious web sites. Others will pose as legitimate businesses or services you may use (ex. eBay™, PayPal™, your bank), asking for private personal information.
If you are unsure, it is always best to check safecomputing.umich.edu and compare the validity of the email you received against reported phishing attempts. If you know it is fraudulent, delete it.
Question 3I received an email with this link:
Should I trust it to take me to the U-M web site?
You can check the destination of a hyperlink by positioning your mouse over the link and checking the status bar at the bottom of the page. Better yet, don't trust the link at all, and type the URL into the location field yourself!
Make this a habit in order to avoid being directed to a malicious or fraudulent webpage.
Question 4After receiving the following e-mail, what should I do?
From: U-M ITCS Webmail [mailto:email@example.com]
click on the link below in order to upgrade your webmail service so as to avoid your account from being suspended :
This is an example of a real phishing e-mail that targeted U-M students. The link went to an exact copy of the U-M login screen where passwords were harvested.
Phishing e-mails are getting more sophisticated, and sometimes forge umich.edu addresses in the From field.
Any e-mail which asks you to "upgrade" or "verify" your account should be viewed with suspicion. Visit safecomputing.umich.edu for known examples of recent phishing e-mails or call 764-HELP if you have questions.
Question 5College students are at risk for identity theft because:
Even if you don't have much money to steal, someone just a few years out of high school has an identity that can be stolen and used to obtain new lines of credit. Be careful about what you post on social networking sites: don't post a lot of specific information (high school attended and year of graduation; complete birth date; home address). Another good habit to practice is shredding credit card offers if your name is pre-printed on the application.
Question 6A good password:
That is correct: a long string of numbers, punctuation and upper- and lower-case letters. It takes just under two minutes to crack a five-character password with lower-case letters only. To crack a 10-character password with mixed-case letters takes 45.8 millennia.
Figures are taken from the University of Wyoming Information Technology, http://uwadmnweb.uwyo.edu/InfoTech/security/passwords.htm.
Follow these guidelines for creating a secure UMICH password:
TIP: Make a strong and memorable password by using the first letter of the words in a phrase, in combination with the other stated criteria. For example, "Four score and seven years ago our fathers brought forth" becomes "4S&7yaofb4th"
Using peer-to-peer file-sharing software could put my computer's security at risk because:
Even if you think you are taking measures to do the right thing, you might still be at risk.
Peer-to-peer file-sharing is a common method to distribute malware. Your anti-virus software won't always protect you.
Sometimes scam artists will, for a fee, provide access to a library of music, while using your computer as a file-sharing server to unlawfully share music with others.
Also, even if you’ve set your file-sharing software to download only, some programs automatically reset themselves every time you reboot.
To be safe, get rid of your P2P software and only get your media from fully licensed web sites like iTunes™ or Real Rhapsody™, or directly from the artist's web page. Visit safecomputing.umich.edu/copyright to learn more about what UM is doing to educate students on P2P file sharing.
Question 8The Residence Halls Computing Program (ResComp) offers the following services to all residents of University Housing, Northwood Community Apartments, and the Lawyers Club:
This is correct! For more information on the services ResComp offers, visit http://rescomp.housing.umich.edu/tech.help/cvc#services. There you can learn more about the Center for Vulnerability Control (CVC), a service center in South Quad where residents can take their computers throughout the academic year for help with computer security issues.
Question 9A firewall is a program designed to:
The purpose of installing a firewall on your computer is to protect you from threats, such as viruses, worms, and hacking. These threats are prevalent on the internet. If you disable your firewall for even just a short time, your computer is immediately vulnerable.
Most modern operating systems, including Macintosh™ and Windows™, include a basic firewall. Make sure yours is turned on!
Question 10I should enable automatic security updates on my computer, in order to:
While there are many things that can be done to improve the security of home computers and networks, most security experts agree that regardless of the operating system you use (Macintosh™, Windows™ or Linux), keeping software up-to-date is fundamental. Learn how to enable automatic updates on your Windows™ computer by visiting http://safecomputing.umich.edu/tools/SS-3SecEssentialsPC.html
It is also important to keep your application software up to date.
Question 11I can control my privacy on Facebook™ by:
This is correct! There are a number of privacy settings that you can use on Facebook™ to control who can see your information. Visit http://www.safecomputing.umich.edu/students.php to learn more.
By the way, please don't use the same password for both U-M and Facebook™!
A friend has sent me an attachment with an *.exe file and urged me to run it. She is not online right now so I can't check in with her. What should I do?
Executable e-mail attachments are suspicious.
Executable files include codes to instruct your computer to perform a task, which could turn out to be something you really don’t want to happen. Like turn your computer into a hacker's credit card number and password-stealing robot.
You should never run an .exe file (or executable file) you receive in an e-mail, even if it appears to come from someone you know.
The From field of an e-mail is easily forged. Or your friend's e-mail account may have been hijacked.
I am searching the Internet with my PC, and a flashing window with a message that I have been infected with spyware pops up in my browser. What should I do?
This is correct! There may be more than one way to do this, under different operating systems.
For Windows™, right-click the title bar of your browser window and select "Close".
On a Mac™, press Command-W to close the active window.
To be safe, run an anti-virus scan afterwards.
January 17, 2013