Staying safe online in the holiday shopping rush

The national cybersecurity cooperative MS-ISAC has published a nice set of cautions for those of us who increasingly spend most of our money at websites rather than physical stores.

Here are their suggestions for shopping safely online:

Safe Online Holiday Shopping – Center for Internet Security

Monthly Security Tips Newsletter, Volume 10, Issue 11, November 2015

From the Desk of Thomas F. Duffy, Chair, MS-ISAC

It’s that time of year again – food, fun, parties, and lots of online shopping. Online shopping can be a savior, allowing you to find the perfect gift while saving time, but it can also end with identity theft, malware on your computer, and other cyber unpleasantness. Rather than letting it ruin your holiday season, you can take a few simple security precautions, and be careful where you shop, to help reduce the chances of you being a cyber victim.

When purchasing online this holiday season—and all year long—keep these tips in mind to help minimize your risk:

  1. Be cautious what devices you use to shop online. Mobile devices, such as smartphones and tablets, make shopping convenient at anytime and place, but they frequently lack the security precautions of a regular computer. If you use a mobile device to shop, make extra sure you are taking all the precautions listed below.
  2. Do not use public computers or public wireless for your online shopping. Public computers and wireless networks may contain malicious software that steals your information when you place your order, which can lead to identity theft.
  3. Secure your computer and mobile devices. Be sure to keep the operating system, software, and/or apps updated/patched on all of your computers and mobile devices. Use up-­‐to-­‐date antivirus protection and make sure it is receiving updates.
  4. Use strong passwords. The use of strong, unique passwords is one of the simplest and most important steps to take in securing your devices, computers, and online accounts. If you need to create an account with the merchant, be sure to use a strong, unique password. Always use more than ten characters, with numbers, special characters, and upper and lower case letters. Use a unique password for every unique site. The August Newsletter contains more information about the dangers of password reuse and is available at:
  5. Know your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s physical address, where available, and phone number in case you have questions or problems. Do not create an online account with a merchant you don’t trust.
  6. Pay online with one credit card. A safer way to shop on the Internet is to pay with a credit card rather than debit card. Debit cards do not have the same consumer protections as credit cards. Credit cards are protected by the Fair Credit Billing Act and may limit your liability if your information was used improperly. By using one credit card, with a lower balance, for all your online shopping you also limit the potential for financial fraud to affect all of your accounts. Always check your statements regularly and carefully, though.
  7. Look for “https” when making an online purchase. The “s” in “https” stands for “secure” and indicates that communication with the webpage is encrypted. This helps to ensure your information is transmitted safely to the merchant and no one can spy on it.
  8. Do not respond to pop-­‐ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs.
  9. Be careful opening emails, attachments, and clicking on links. Be cautious about all emails you receive, even those purportedly from your favorite retailers. The emails could be spoofed and contain malware.
  10. Do not auto-­‐save your personal information. When purchasing online, you may be given the option to save your personal information online for future use. Consider if the convenience is really worth the risk. The convenience of not having to reenter the information is insignificant compared to the significant amount of time you’ll spend trying to repair the loss of your stolen personal information.
  11. Use common sense to avoid scams. Don’t give out your personal or financial information via email or text. Information on many current scams can be found on the website of the Internet Crime Complaint Center: and the Federal Trade Commission:­‐alerts.
  12. Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.

 What to do if you encounter problems with an online shopping site?

Contact the seller or the site operator directly to resolve any issues. You may also contact the following:

Quick Guide to the New Email System, and Some Mysteries Solved

If you are completely bewildered by the new email system, there’s a quick start guide located here.

In the next few days I’ll be adding information on how to conduct searches within  your email and calendars, and about keyboard shortcuts for those who prefer them to mousing and clicking. Here’s a preview: while in an email message, typing ‘F’ (i.e. Shift+f) will open a Forwarding window, while ‘r’ will Reply. Shift-R will Reply to all.

I’ve received several questions about what appear to be missing email messages. There are two reasons why messages might not appear in your inbox:

You have ‘Conversations’ enabled. If that is the case, and there have been several messages in a Conversation, only the latest one may be visible. ‘Conversations’ are like threaded discussions on blogs or listservs. All email with the same subject line is grouped together, and as each one comes in, you see the latest one on top. Some folks like this, and others find it extremely annoying. You can turn it off by pulling down the Sort drop-down menu (discussed earlier), and scrolling to the bottom of the list, where you can select ‘Off’ for Conversations.

The other one is more mysterious. The latest Outlook (which is what Wayne Connect actually is) has an automatic sorting algorithm called ‘Clutter’. If you have it turned on, it will decide what of your email is routine, non-personal, as opposed to important messages you might really want to read. Again, some folks might find this helpful, while others might find it outrageous. For those who use Gmail it should be familiar–Gmail does a 3-way sort of a similar kind. In any case, it can be turned off. Choose Gear Icon > Options > Mail > Clutter and you can opt out. It is possible, incidentally, that this feature will be turned off centrally in the next couple of days, and you won’t need to worry about it.

Finally, a quirk about Word for those who use Track Changes to markup papers. If you attach a Word file in an email, you cannot see the markup (the ‘tracked changes’) if you use the online version of Word that appears within your email. You must download the Word file and open it with desktop Word in order to do cooperative editing.

There are still six upcoming training sessions for Academica and the new Wayne Connect – find out all the information here. Don’t forget that you can always call the C&IT Help Desk with any questions you might have. Keep an eye out on this blog for more tips and tricks in the coming days.

Cool Tools for Blackboard

For faculty who use Blackboard there is a whole set of resources to help you make the most of this powerful teaching tool. The Faculty Resource Tab:

Blackboard Faculty Tab Location



Check out the Quick Start Guides on that page, which has one-page guides on the crucial stuff:

  • Work with Respondus Test Building software
  • Request a Combined Course
  • How to copy course materials from one course to another
  • Use Blackboard Collaborate
  • Request a Blackboard Organization
  • Request Echo Personal Capture
  • Respondus LockDown Browser and Respondus Monitor
  • Where to go for help (who to contact)

On the Blackboard Videos tab there are tons of videos that will guide you through how to do things like:

  • How to View the Course Roster
  • How to Apply a Course Theme
  • How to Create the Course Tracking Reports
  • Create a Grade Center Column
  • Delete a Grade Center Column
  • Create Grade Center Color Codes
  • Create New Categories

Remember, if you ever need personal assistance, please contact the Blackboard Support team at

Insidious phish preys on your fears of being hacked

The phishers have a new trick–they send you an email purporting to be from iTunes or Amazon that tells you someone hacked your account and bought something. ‘Just click here and reset your password’. I got one the other day–it looked like this:

Screen shot of Apple Phishing message

Hovering over the iTunes link reveals, not ‘’. Apparently Amazon has been having the same problem. Here’s a page from Amazon explaining that they don’t send that kind of email:

So, in short, it’s really important to read url’s, both the obvious ones (many of us got one today that was ‘’) and the ones that only appear when you hover over them. When in doubt, hover. And when in doubt, don’t click.

Some random musings about privacy and what lack of it can do to you.

Three quite unrelated postings on ‘teh webs’ struck me this week. Two deal with what your apps are doing to you. One is a Danish public service announcement about what your apps are doing to you. Food for thought, whether we do anything about it or not, and whether we even could:

The second is self-explanatory–have you actually read the terms of use of the apps you download? What happens when you do?

The third is a much longer piece on what can happen to someone who carelessly tweets something they thought was funny. Turns out not everyone is very charitable, and it can literally ruin your life:

Incidentally, this article is an excerpt from Ronson’s forthcoming book.

I have no solutions, just sobering second thoughts.

Privacy Becomes the Center of Controversies on Both Sides of the Atlantic

Over the past couple of weeks a number of important privacy-related legal decisions have hit the IT policy landscape, and I thought I’d take time today to talk about one of them. The other will be a topic next week.

First, the European Court of Justice ruled that Google must stop linking to search results that are ‘inadequate, irrelevant or no longer relevant’ if someone requests it. It all revolves around someone who wanted Google to stop returning a newspaper article from the late nineties about his house being repossessed in the eighties.

Since then Google has received tens of thousands of requests to ‘be forgotten’, and is establishing a system to decide how to respond to those requests. It also has a warning (only on the European versions of its pages) that not all results are being displayed if that item has been ‘censored’.

As one might imagine, this has caused a firestorm. Numerous commentators have argued that this will simply permit politicians and other public figures to hide their shady pasts. Although the official court decision said ‘journalistic work may not be touched’ Google has delinked a number of blog posts on various European online newspapers, and Wikipedia itself has received at least fifty notices from Google that articles have been removed from search results. As a result Jimmy Wales, the founder of Wikipedia blasted the decision as a violation of the human right to have access to history.

An additional weird, but understandable, twist is that the ruling applies to Google, but only to European Google, so it has no effect on searches conducted from elsewhere in the world. Even more interesting, the publishers of the actual articles do not have to delete them–it’s simply that Google must not report them in a search. So the offending material is still on the web, and other search engines (such as, which does not track you and does not note where you are), and computers whose IP addresses are concealed (such as with ‘Incognito Browsing’) will still find the relevant information.

In addition, it is likely that this result will trigger what has come to be known as the Streisand Effect–loudly attempting to hide something leads to it being even more visible. This is certainly the case for the Spanish guy who started the whole story (you can find his name yourself, as well as all the information he was trying to suppress, with very simple search tools).

On Monday I’ll tell you about a different case, where a US judge attacked European’s right to privacy in a totally different way.

Happy Birthday to You–Maybe you can sing it after all

Some folks may have heard the claim that the song ‘Happy Birthday’ is copyrighted, and you’re supposed to pay royalties if you ‘perform’ it. Certainly when restaurants used to have their staff gather round customers and sing birthday greetings there was a time when they sang other songs, because some restaurant or other had been sued for copyright violation.

If you don’t believe it, you can check Snopes, the famous myth debunking website and they confirm that this is true.

Interestingly enough, someone is challenging this claim, and the case was written up recently by a web buddy of mine on the Volokh Conspiracy blog, which I read fairly regularly. It’s a classic case of ‘Copyright Trolling’–the people who are claiming the copyright have no relation to the folks who wrote the song (which wasn’t ‘Happy Birthday to You’ in its original lyrics in any case)–the authors fumbled the copyright, but someone picked it up and their catalog was bought by someone who bought it, and it was subsequently sold to someone else and so on.

This case will be fun to watch–it’s still ongoing.

Strange twist–the original authors, a pair of schoolteacher sisters named ‘Hill’ were the aunts of a famous linguist of the mid twentieth century named Archibald Hill, who I once met. Apparently he was independently wealthy because the sisters left their estate to him. You never know…