SlideShare a Scribd company logo

Cybercrime Protective Measures

Nerium International
Nerium International

National Cyber Security Month - Oct 2012

1 of 2
Download to read offline
Growing Cybercrime Threat A report by Symantec’s Norton unit reports indicates U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research. If my calculations are correct based upon current projected U.S. population at www.census.gov, that's more than 20 percent of the total U.S. population. Using the figure for the number of U.S. population using the internet (293.9 million) at http://www.internetworldstats.com/am/us.htm, it indicates that close to 30 percent of total U.S. internet users have been victims of cybercrime. Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec has found. On average, each victim experienced $197 in direct financial loss. In the United States, the average loss was $290. According to the report, an estimated 556 million adults across the world had firsthand experience of cybercrime over the period -- more than the entire population of the European Union. The figure equates to nearly half of all adults online (46 percent), and is up from 45 percent a year ago. There has been an increase in cybercrime that takes advantage of social networks and mobile technology, according to the report, with 21 percent of online adults reporting having fallen prey to social or mobile crime. The study also found that 15 percent of Web users have had their social-networking account infiltrated, and 1 in 10 have been victims of fake links or scams through a social network. Seventy-five percent of those who participated in the study believed that cybercriminals are gearing more towards social networks. Over 13,000 participants across 24 countries were interviewed for the report. Source: http://news.cnet.com/8301-1009_3-57506216-83/cybercrime-costs-u.s-consumers-$20.7-billion/ Note: Being that the data in Norton’s cybercrime report referenced above was developed from interviews/surveys, there is some question concerning its accuracy. Regardless, the report does address a growing financial threat to internet users. Cybercrime protective measures on the back side of this page. Updated 13 September 2012 375 AMW/XPO
Cybercrime Protective Measures:  Use unique passwords for each of your online accounts. You might want to consider password management software to help you manage the dozens of passwords you’ll likely accumulate. You can check out PC World’s article, Best Password Managers: Top 4 Reviewed, at http://www.pcworld.com/article/208113/best_password_managers_to p_4_reviewed.html. There are numerous free and commercial password managers available, but the commercial products typically provide more features.  Use long, complex passwords which use a combination of upper and lowercase letters, numbers, and special characters. Microsoft’s Safety and Security Center’s password page at http://www.microsoft.com/security/online-privacy/passwords- create.aspx recommends passwords of eight or more characters, but passwords of 12 or more characters provide considerably better protection. A 6-character alphanumeric password can be broken offline in less than a second; However, A 10-character password with a special character using the same computer to crack it offline can take 54.46 years. If they use a massive parallel processing grid to attack that same 10-character password, it can take just 2.83 weeks to crack. That’s why long and complex passwords are best.  Use antivirus and firewall software and keep them current. Make sure you don’t let your antivirus subscription expire, if applicable. Ensure realtime protection is enabled so documents are scanned as they’re opened, copied, downloaded, etc. Also, enable auto-updating of virus signatures to occur every week or less (preferably less), and run a full system scan regularly.  Keep your operating system and application software current and patched. Some commercial software installs a separate program that runs upon start-up to check for software updates. Others require you to select an option from the program’s menu to check for program updates. When financially feasible you should consider purchasing upgrades to the latest major version of application software; in many cases, the latest version provides additional security features.  Validate/verify identities and claims received via e-mail or social networking site posts. Call the individual, visit the company’s/organization’s legitimate website by typing the address in your browser, etc.  Inspect uniform resource locators (URLs, or internet addresses) in e-mail messages and posts on social networking sites (SNSs) by hovering your mouse over the link. The actual destination URL will appear in a pop-up window or the application’s status bar. Visit only those sites you trust.  Be suspicious of all shortened URLs as these can point to any legitimate or malicious website. Validate the legitimacy of the link with the individual who sent/posted the URL.  Restrict not only your personal information and posts on SNSs, but also restrict your friends list to your SNS friends. This will help you avoid getting social engineered due to known associations with your friends. Scammers have created fake SNS pages using friends’ photos from legitimate pages (based upon unrestricted friends lists) and sent friend requests to gain access to personal information.  Validate with the actual person before blindly accepting friend requests due to the social engineering threat. A number of military personnel accepted friend requests from a fraudulent account purporting to belong to NATO Senior Commander James Stavridis, which compromised the military members’ personal information. This social engineering scam was reportedly traced to China (if interested, see http://defensesystems.com/articles/2012/03/12/nato-fake-facebook-scam-china-suspected.aspx).  Create a list of bogus answers to challenge questions and use the bogus answers on websites. For example, you can use “Steelers” for favorite football team, even though you live in Chicago and your favorite team is the Bears. If a scammer knows you live in Chicago, they’ll likely suspect you’re a Bears fan. And, if by chance, a scammer actually gets access to your SNS posts and finds that your pet’s name is Fluffy, it will do them absolutely no good if your bogus answer for the associated website challenge question is “Thor.”

Recommended

The Malta alternative
The Malta alternativeThe Malta alternative
The Malta alternativeInfotropic Media
 
얘너나
얘너나얘너나
얘너나woonjjang
 
Mathematical problem solving strategies in plain english
Mathematical problem solving strategies in plain englishMathematical problem solving strategies in plain english
Mathematical problem solving strategies in plain englishAlexander Decker
 
How and why you should spend money on facebook.
How and why you should spend money on facebook.How and why you should spend money on facebook.
How and why you should spend money on facebook.Anyssa Jane
 
Json Rpc Proxy Generation With Php
Json Rpc Proxy Generation With PhpJson Rpc Proxy Generation With Php
Json Rpc Proxy Generation With Phpthinkphp
 
eTwinning portal
eTwinning portaleTwinning portal
eTwinning portalnsspt
 
A short tutorial on r
A short tutorial on rA short tutorial on r
A short tutorial on rAshraf Uddin
 
May picnic flyer
May picnic flyerMay picnic flyer
May picnic flyerNerium International
 

Recommended

The Malta alternative
The Malta alternativeThe Malta alternative
The Malta alternativeInfotropic Media
 
얘너나
얘너나얘너나
얘너나woonjjang
 
Mathematical problem solving strategies in plain english
Mathematical problem solving strategies in plain englishMathematical problem solving strategies in plain english
Mathematical problem solving strategies in plain englishAlexander Decker
 
How and why you should spend money on facebook.
How and why you should spend money on facebook.How and why you should spend money on facebook.
How and why you should spend money on facebook.Anyssa Jane
 
Json Rpc Proxy Generation With Php
Json Rpc Proxy Generation With PhpJson Rpc Proxy Generation With Php
Json Rpc Proxy Generation With Phpthinkphp
 
eTwinning portal
eTwinning portaleTwinning portal
eTwinning portalnsspt
 
A short tutorial on r
A short tutorial on rA short tutorial on r
A short tutorial on rAshraf Uddin
 
May picnic flyer
May picnic flyerMay picnic flyer
May picnic flyerNerium International
 
RR crossing closure 6-10 May
RR crossing closure 6-10 MayRR crossing closure 6-10 May
RR crossing closure 6-10 MayNerium International
 
Calling All Artists
Calling All ArtistsCalling All Artists
Calling All ArtistsNerium International
 
March 2013 Spouse Newsletter
March 2013 Spouse NewsletterMarch 2013 Spouse Newsletter
March 2013 Spouse NewsletterNerium International
 
A&FRC Feb 2013 Calendar
A&FRC Feb 2013 CalendarA&FRC Feb 2013 Calendar
A&FRC Feb 2013 CalendarNerium International
 
AF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF SpousesAF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF SpousesNerium International
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 
NCSAM 2012 Privacy
NCSAM 2012 PrivacyNCSAM 2012 Privacy
NCSAM 2012 PrivacyNerium International
 
Elicitation Brochure from DHS
Elicitation Brochure from DHSElicitation Brochure from DHS
Elicitation Brochure from DHSNerium International
 
Arts & Crafts Center
Arts & Crafts CenterArts & Crafts Center
Arts & Crafts CenterNerium International
 
A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)Nerium International
 
375th FSS
375th FSS375th FSS
375th FSSNerium International
 
Bowling Stars & Strikes
Bowling Stars & StrikesBowling Stars & Strikes
Bowling Stars & StrikesNerium International
 

More Related Content

More from Nerium International

AF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF SpousesAF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF SpousesNerium International
 
A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)Nerium International
 

More from Nerium International (12)

RR crossing closure 6-10 May
RR crossing closure 6-10 MayRR crossing closure 6-10 May
RR crossing closure 6-10 May
 
Calling All Artists
Calling All ArtistsCalling All Artists
Calling All Artists
 
March 2013 Spouse Newsletter
March 2013 Spouse NewsletterMarch 2013 Spouse Newsletter
March 2013 Spouse Newsletter
 
A&FRC Feb 2013 Calendar
A&FRC Feb 2013 CalendarA&FRC Feb 2013 Calendar
A&FRC Feb 2013 Calendar
 
AF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF SpousesAF101: Back to Basics Guide for AF Spouses
AF101: Back to Basics Guide for AF Spouses
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
 
NCSAM 2012 Privacy
NCSAM 2012 PrivacyNCSAM 2012 Privacy
NCSAM 2012 Privacy
 
Elicitation Brochure from DHS
Elicitation Brochure from DHSElicitation Brochure from DHS
Elicitation Brochure from DHS
 
Arts & Crafts Center
Arts & Crafts CenterArts & Crafts Center
Arts & Crafts Center
 
A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)A&FRC (Airmen & Family Readiness Ctr)
A&FRC (Airmen & Family Readiness Ctr)
 
375th FSS
375th FSS375th FSS
375th FSS
 
Bowling Stars & Strikes
Bowling Stars & StrikesBowling Stars & Strikes
Bowling Stars & Strikes
 

Cybercrime Protective Measures

  • 1. Growing Cybercrime Threat A report by Symantec’s Norton unit reports indicates U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research. If my calculations are correct based upon current projected U.S. population at www.census.gov, that's more than 20 percent of the total U.S. population. Using the figure for the number of U.S. population using the internet (293.9 million) at http://www.internetworldstats.com/am/us.htm, it indicates that close to 30 percent of total U.S. internet users have been victims of cybercrime. Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec has found. On average, each victim experienced $197 in direct financial loss. In the United States, the average loss was $290. According to the report, an estimated 556 million adults across the world had firsthand experience of cybercrime over the period -- more than the entire population of the European Union. The figure equates to nearly half of all adults online (46 percent), and is up from 45 percent a year ago. There has been an increase in cybercrime that takes advantage of social networks and mobile technology, according to the report, with 21 percent of online adults reporting having fallen prey to social or mobile crime. The study also found that 15 percent of Web users have had their social-networking account infiltrated, and 1 in 10 have been victims of fake links or scams through a social network. Seventy-five percent of those who participated in the study believed that cybercriminals are gearing more towards social networks. Over 13,000 participants across 24 countries were interviewed for the report. Source: http://news.cnet.com/8301-1009_3-57506216-83/cybercrime-costs-u.s-consumers-$20.7-billion/ Note: Being that the data in Norton’s cybercrime report referenced above was developed from interviews/surveys, there is some question concerning its accuracy. Regardless, the report does address a growing financial threat to internet users. Cybercrime protective measures on the back side of this page. Updated 13 September 2012 375 AMW/XPO
  • 2. Cybercrime Protective Measures:  Use unique passwords for each of your online accounts. You might want to consider password management software to help you manage the dozens of passwords you’ll likely accumulate. You can check out PC World’s article, Best Password Managers: Top 4 Reviewed, at http://www.pcworld.com/article/208113/best_password_managers_to p_4_reviewed.html. There are numerous free and commercial password managers available, but the commercial products typically provide more features.  Use long, complex passwords which use a combination of upper and lowercase letters, numbers, and special characters. Microsoft’s Safety and Security Center’s password page at http://www.microsoft.com/security/online-privacy/passwords- create.aspx recommends passwords of eight or more characters, but passwords of 12 or more characters provide considerably better protection. A 6-character alphanumeric password can be broken offline in less than a second; However, A 10-character password with a special character using the same computer to crack it offline can take 54.46 years. If they use a massive parallel processing grid to attack that same 10-character password, it can take just 2.83 weeks to crack. That’s why long and complex passwords are best.  Use antivirus and firewall software and keep them current. Make sure you don’t let your antivirus subscription expire, if applicable. Ensure realtime protection is enabled so documents are scanned as they’re opened, copied, downloaded, etc. Also, enable auto-updating of virus signatures to occur every week or less (preferably less), and run a full system scan regularly.  Keep your operating system and application software current and patched. Some commercial software installs a separate program that runs upon start-up to check for software updates. Others require you to select an option from the program’s menu to check for program updates. When financially feasible you should consider purchasing upgrades to the latest major version of application software; in many cases, the latest version provides additional security features.  Validate/verify identities and claims received via e-mail or social networking site posts. Call the individual, visit the company’s/organization’s legitimate website by typing the address in your browser, etc.  Inspect uniform resource locators (URLs, or internet addresses) in e-mail messages and posts on social networking sites (SNSs) by hovering your mouse over the link. The actual destination URL will appear in a pop-up window or the application’s status bar. Visit only those sites you trust.  Be suspicious of all shortened URLs as these can point to any legitimate or malicious website. Validate the legitimacy of the link with the individual who sent/posted the URL.  Restrict not only your personal information and posts on SNSs, but also restrict your friends list to your SNS friends. This will help you avoid getting social engineered due to known associations with your friends. Scammers have created fake SNS pages using friends’ photos from legitimate pages (based upon unrestricted friends lists) and sent friend requests to gain access to personal information.  Validate with the actual person before blindly accepting friend requests due to the social engineering threat. A number of military personnel accepted friend requests from a fraudulent account purporting to belong to NATO Senior Commander James Stavridis, which compromised the military members’ personal information. This social engineering scam was reportedly traced to China (if interested, see http://defensesystems.com/articles/2012/03/12/nato-fake-facebook-scam-china-suspected.aspx).  Create a list of bogus answers to challenge questions and use the bogus answers on websites. For example, you can use “Steelers” for favorite football team, even though you live in Chicago and your favorite team is the Bears. If a scammer knows you live in Chicago, they’ll likely suspect you’re a Bears fan. And, if by chance, a scammer actually gets access to your SNS posts and finds that your pet’s name is Fluffy, it will do them absolutely no good if your bogus answer for the associated website challenge question is “Thor.”