Home | eCampus | Request Info | Special Offers
Click to print this page
Web Login:
Web Password:

 
Forgotten Login?
Welcome to the Information Security Student Website
Frequently Asked Questions
Phishing Scams
Protecting Your Privacy
Credit Card Security
Password Myths
Other Resources
Ask a Question / Feedback
Welcome to the Information Security Student Website

Security is everyone's responsibility!

This site has been created in order to give all students a resource to enable good security and safety whether on campus, at work or at home.

Click on the links to the left to learn more about important safety and security issues.

If you have comments or questions regarding this site, contact Security and Compliance.

BE CAREFUL ABOUT GIVING OUT YOUR PERSONAL INFORMATION EITHER OVER THE PHONE OR VIA EMAIL.  MAKE SURE THE SOURCE OF THE REQUEST IS A LEGITIMATE ONE BEFORE YOU DIVULGE ANY INFORMATION!

Frequently Asked Questions

Should I open all email attachments?

You should be aware that email from unknown sources that contain attachments could contain viruses.  Once the attachment is opened, it could shut down an entire network.  Even email from friends and family members may unintentionally carry a virus. Never open an email attachment from an unknown source, unless it is a PDF file. PDF files do not have the capacity to generate a virus.  Generally, PDF attachments are considered safe. If you receive any other kind of email attachment, always use virus scanning software before opening it.

How can I tell if I'm on a secure website?

If you are on a secure website (also known as SSL), the URL path will start with https://. Notice the "s" after http which indicates a secure site. When using a credit card for online purchases, it is best to type the URL directly onto the address line in the browser window to ensure you navigate to the site you want. Frequently, legitimate websites (such as Amazon.com of Paypal.com) are "spoofed", which means they are copied and made to look like the actual site but instead direct you to an unauthorized website that attempts to gain your personal information. In order to recognize a true secure website, the "lock" image will be displayed on the status bar.  If you double click on the lock, the digital certificate form will pop up and will be your assurance that the site is secure.  To see a picture of the lock graphic, click here. To see a picture of the digital certificate that will be displayed after you double click the lock graphic, click here.

What is a firewall?

A firewall is a system designed to prevent unauthorized access to or from a network or computer. Firewalls are used to prevent unauthorized users from accessing a network or computer. All traffic entering or leaving passes through the firewall, which examines each message and blocks those that do not meet the specified criteria. Firewall protection is especially useful for users with "always on" connections such as DSL or cable modem.

What if someone asks me for my password?

You should NEVER share your password with anyone, or send it via email. Your password is your key to keeping unauthorized people from accessing your personal information and/or a campus website designed only for use by students.

Where can I find information on how to protect my identity?

Click here for information from the Federal Trade Commission on protecting your identity.

I have been told to have a strong password, what is that?

A strong password is a password that cannot be guessed and is very hard to crack.  Strong passwords have the following characteristics: contain upper and lower case characters, contain punctuation characters, are at least 8 characters long and do not contain words in any language. Another way to create a strong password is to use a password that contains a phrase or substitution such as: h3izMiL0v (he is my love). Always use the strongest password possible for your student website or when logging in.

Phishing Scams

The Anti-Phishing Working Group defines phishing scams as attacks that use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Phishing scams are growing at an alarming rate. In July 2006, a record number of consumer brands were hijacked for phishing scams. You may have received an email from an easily recognizable company such as Pay Pal or Ebay asking you for personal information or directing you to update your account information. These unsolicited emails are often spoofed web sites, not the real thing. You can ensure that you are on a legitimate website by typing the URL in the URL line on the web page and navigating to the site.

Never respond to an unsolicited request for personal information.

For more information about safeguarding your personal information click this link provided courtesy of the Federal Trade Commission.

Take a look of some of these tips to help you avoid getting hooked on a phishing scam.

  • Ignore offers for free software to download when you're surfing the internet.
  • Be careful about sharing files, you may pick up a virus.
  • Don't respond to pop-ups.
  • You can report spam to spam@uce.gov.
  • Phishing schemes can be reported to reportphishing@antiphishing.org.
  • Contact your internet service provider (such as AOL) to alert them to suspected scams.

SANS Ouch!

SANS Ouch! newsletters show you what to look for and how to avoid phishing and other scams, plus viruses and malware and it uses the latest attacks as examples. Keep yourself from becoming a victim of a phishing scam by checking out the SANS Ouch website with examples of phishing emails.

Protecting Your Privacy
  • Never ever give your personal information, such as your social security number, mother's maiden name, date of birth, or any combination thereof, to anyone unless you have initiated the call or requested the service, etc. It IS acceptable to supply this type of personal information on ApplyWeb and application forms.
  • Don't carry information such as your social security number, extra credit cards and ID's, PIN numbers of passwords in your wallet or purse.
  • When asked for your social security number for a legitimate purpose, ask if you can provide other types of identifers (such as a driver's license). Only give out your social security number if absolutely necessary and only AFTER you are certain the request is legitimate.
  • Take advantage of your yearly free credit report to monitor for evidence of identity theft. Scan your report for unknown accounts, increased inquiry activity and bad credit incidents.
  • Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy should also tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don't see a privacy policy, or don't understand it - consider doing business elsewhere.
  • You can also visit the US Department of Justice Identity Theft Prevention and Fraud page.
  • Learn more about privacy and privacy rights at Privacy Rights.org.

To view the Apollo Group privacy policies, click here.

To view the College for Financial Planning® privacy policies, click here.

Identity Theft and Student Aid

Identity theft includes unauthorized use of your name, address, date of birth, social security number, credit card and bank account numbers, PIN's and security keywords such as "Mother's Maiden Name." According to the Federal Trade Commision, most victims do not discover the event until many months or years after the theft or security breach. Make sure you are protected. Visit the following link about student aid and identify theft provided by the Department of Education.

Email, Internet and Home Security

  • Reduce your risk
  • Make sure that all web sites where you perform transactions use SSL encryption, especially using wireless connectivity (see the FAQ's above)
  • Install antivirus and antispyware tools on your computer and keep them updated
  • Don't respond to emails requesting confirmation of account number or password, particularly if immediate action is requested
  • What to do if you are a victim
  • Security at home
Credit Card Security

Credit card fraud is at an all-time high. Thieves find new, more creative and sophisticated ways to steal your credit card information. Putting the following tips into practice can help protect you from this ever-increasing threat.

Using your card...

  • Don't let websites "store" your cards. The encryption technology used for transactions -- the information zipping back and forth between your computer and the merchant's -- may well be better than the security used to protect information stored in the merchant's databases. Besides, a big database of credit card numbers is a juicy target for hackers.
  • Don't forget your card. You might be rushed, or distracted by your kids, or involved in an interesting little chat with the clerk. But, keep an eye on your card and make sure it goes back in your wallet. A good practice is to leave your wallet on the counter or restaurant table, with your hand on top of it, until the card goes back in. This can be a little awkward sometimes, but it helps remind you not to leave the store without your card.
  • Shield your card. Think about how many people these days carry around camera phones -- and think how easy it would be to snap a picture of your card if it were left in plain view.
  • Don't give your number out to solicitors. This includes telemarketers who contact you by phone to offer you a "great deal" on magazine subscriptions, vacations or any other purchase. If you ever get anything, you're likely to pay a lot more for it than agreed, and some of these scammers fight tooth and nail against your attempts to have the charges removed.
  • Ensuring the site you have visited is secure. You can recognize a secure site by verifying that the site encrypts private information. Encryption is done through the use of a digital certificate.  In order to recognize a true secure website, the "lock" image will be displayed on the status bar.  If you double click on the lock, the digital certificate form will pop up and will be your assurance that the site is secure.  To see a picture of the lock graphic, click here. To see a picture of the digital certificate that will be displayed after you double click the lock graphic, click here.

Protecting and reviewing your information...

  • Consider carrying fewer cards. Reduce your exposure by limiting the number of cards a thief could potentially steal.
  • Copy what you carry. Every once in a while, empty your wallet onto a copier and zap an image of the front and back of your cards. Keep this info in a secure place (not in your purse or wallet) so you know which issuers to call to report stolen cards.
  • Know when your statements should arrive. Missing statements could indicate that someone has stolen your mail or redirected it to a new address. Check your most recent statements for the account closing dates; most close around the same time each month, and should show up in your mailbox a week or so later.
  • Review the charges. The more fastidious among us can compare our statement with receipts collected during the month. The rest of us should, at the very least, scan each charge to make sure we recognize the merchant and the amount and have some recollection of making the purchase.
  • Report suspicious or unauthorized charges. Call the issuer promptly and follow up in writing.
  • Beware of "mistakes." If a merchant makes an error processing your card, tear up the incorrect receipt or at least write "void" all over it. When presented with a receipt that has blank lines before the total, draw a line through them so that additional charges can't be added.

A few more suggestions...

  • Opt out of credit card solicitations. Reduce the volume of pre-approved credit card offers (which can be swiped and used by thieves) by calling 1-888-5OPT OUT, which will take your name off marketing lists sold by the credit bureaus. You'll need to input your Social Security number as an identifier. Signing up for this service probably won't eliminate every solicitation but it will greatly reduce those that show up in your mailbox.

  • Get a locking mailbox. And don't leave your outgoing mail where it can be swiped by anyone passing by; drop it off at the post office.
  • Keep good records. Use the company's address for "billing inquiries," which you'll find printed on your statement or in your account agreement; it's usually different from the place you send your payment. Keep copies of all correspondence with the issuer and any merchants involved.
  • When shopping online, make sure the site is secure and don't give a complete set of information about you such as your name with your address, phone number and credit card number.  And - don't use a debit card for transactions, use only a credit card.  That way, if a thief should get the card number, your bank account cannot be drained.
Password Myths

Password myths are all too common.  Many computer users choose a password that is easy to crack.  Here are some of the most common password myths.

Password Myth #1 - My password is secure.

Having a strong password will help protect you from internet thieves. Review some of the ways to develop a strong password below.

  • The best password of all is the one that the user chooses based on an education understanding of passwords - a password that is hard to crack, but never forgotten.
  • Change your password every 90-120 days
  • Don't write your password down, choose one that is easy to remember but one that cannot easily be cracked.

Password Myth #2 - My password has more than 4 characters so no one will guess it.

Safe passwords contain seven or eight characters, are not regular dictionary words, contain a special character and use at least one random capitalization. Here are some tips to get you started on creating a fun and secure password:

  • By using numerals to replace words (or parts of words), you can easily create non-dictionary words:

    Fishermen: LiveB8! or B84Fish
    Flea-market afficionados: Gr8Sale
    Golfers: Par4in2
    Newbies: 2theBa6

Password Myth #3 - I don't need to change my password.

Make your password complicated and change it often. Most users hate this suggestion, because it means they have to stretch both their memory and their fingers at login (to reach that awkward ampersand key). But using secure passwords isn't merely a suggestion anymore, at the Apollo Group and its subsidiaries, it's mandatory. On the bright side, choosing a secure password doesn't have to be mnemonic torture. Think of it as a brilliant vanity license plate that no one else, alas, will ever see.

  • Another strategy is to substitute symbols for letters. Replacing the letter "o" with a numeral "0" or the letter "s" with a dollar sign can turn a regular password into a very interesting and complex pa$$w0rd.

There are many more combinations you can use to find secure passwords. Be cre8tive.

Other Resources
  • About Your Financial Privacy
  • Security Awareness
  • Security News
  • US Department of Education Crime/Security Statistics Database Search
    • Ask a Question / Feedback

    If you would like to contact Security and Compliance with a question, comment or suggestion for this site, click here.

     
    Careers | Contact Us | FAQs | Press Room | Privacy Policy | Terms and Conditions | Other Links
    ©2001-2013, the College for Financial Planning, all rights reserved.
     
     
     
    Apollo Trademark Notification
    Notice to Users
    		 CFP®, CERTIFIED FINANCIAL PLANNERTM, and CFP (with flame logo)® are certification marks owned by the Certified Financial Planner Board of Standards, Inc. The College for Financial Planning does not certify individuals to use the CFP®, CERTIFIED FINANCIAL PLANNERTM or CFP (with flame logo)® certification marks. CFP® certification is granted only by the Certified Financial Planner Board of Standards to those persons who, in addition to completing an education requirement such as this CFP Board-Registered Program, have met its ethics, experience, and examination requirements.