Windows Ransomware Protection
Windows Defender can limit access to important folders such as Documents only to applications on Microsoft’s “Safe” list, such as Office applications. To enable Ransomware Protection, open Windows Settings. In the ‘Find a setting’ box, type ‘ransom’ and select ‘Ransomware protection’.
In the Ransomware protection window, change the toggle in the ‘Controlled folder access’ section to ‘On’.
Phishing
From time to time you will receive email from from senders with pseudo-official titles (Help Desk, The Bank, Wealthy Benefactor…) that are transparently fraudulent. The very stupid ones are relatively easy to spot by their tortured grammar and general confusion. However there are more sophisticated attackers sending much more convincing messages intended to steal your financial information, account credentials, or infect your computer. An email itself cannot do this unless the recipient clicks a link to a malicious web site or opens a malicious attachment.
Before clicking any links in emails, hover your pointer over the link to reveal the web address (URL). If anything looks suspicious about the link, do not click. Contact BIOTA if you want us to vet the legitimacy of any message, link, or attachment.
When any web site asks for your username/password information, always check the web page address at the top of the browser window. Make sure the address belongs to the entity you intended to reach. Any site demanding a log in should be offering an encrypted connection; the URL will begin with “https://” — note the “s“. Your browser will warn you if there is anything inconsistent about the encryption certificate.
Things to bear in mind:
- There is no verification of sender name or address built into email. It is trivially easy to spoof the name of a sender. You may receive mail apparently from someone you know that is in fact malicious.
- Email is an insecure medium; never send confidential info (financial, password) in email.
- It is trivially easy to exactly replicate the look of a login web page (UTORid, banking, Facebook). The only way to be sure it’s the real thing is to examine the web address and encryption certificate carefully.
Be vigilant.
More information about how to protect yourself is available at: https://securitymatters.utoronto.ca/ Report suspected phishing email by forwarding to: report.phishing@utoronto.ca
Anti-virus Recommendations
Always keep your operating system up-to-date. Windows includes built-in anti-virus protection called Windows Defender. Do not run Windows versions older than Windows 10. Contact BIOTA if you have computers that must run older operating systems (to support lab equipment, for example).
Alternative Anti-virus for Mac or Windows: Sophos Home https://home.sophos.com/
If your browser is misbehaving (broken home page, popups) scan with an anti-malware package: Malwarebytes https://www.malwarebytes.com/