Cybercrime Protective Measures


Published on

National Cyber Security Month - Oct 2012

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybercrime Protective Measures

  1. 1. Growing Cybercrime ThreatA report by Symantec’s Norton unit reports indicates U.S.consumers lost $20.7 billion to cybercrime over the past 12months, with 71 million Americans falling victim to onlineperps, according to new research. If my calculations arecorrect based upon current projected U.S. population, thats more than 20 percent of the totalU.S. population. Using the figure for the number of U.S. population using the internet (293.9 million) at, it indicates that close to 30 percent of total U.S. internetusers have been victims of cybercrime. Meanwhile, worldwide losses resulting from cybercrimeincluding malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, areport by security company Symantec has found. On average, each victim experienced $197 in directfinancial loss. In the United States, the average loss was $290. According to the report, an estimated 556million adults across the world had firsthand experience of cybercrime over the period -- more than theentire population of the European Union. The figure equates to nearly half of all adults online (46percent), and is up from 45 percent a year ago. There has been an increase in cybercrime that takesadvantage of social networks and mobile technology, according to the report, with 21 percent of onlineadults reporting having fallen prey to social or mobile crime. The study also found that 15 percent ofWeb users have had their social-networking account infiltrated, and 1 in 10 have been victims of fakelinks or scams through a social network. Seventy-five percent of those who participated in the studybelieved that cybercriminals are gearing more towards social networks. Over 13,000 participants across24 countries were interviewed for the report.Source:$20.7-billion/Note: Being that the data in Norton’s cybercrime report referenced above was developed frominterviews/surveys, there is some question concerning its accuracy. Regardless, the report does addressa growing financial threat to internet users. Cybercrime protective measures on the back side of this page.Updated 13 September 2012 375 AMW/XPO
  2. 2. Cybercrime Protective Measures: Use unique passwords for each of your online accounts. You might want to consider password management software to help you manage the dozens of passwords you’ll likely accumulate. You can check out PC World’s article, Best Password Managers: Top 4 Reviewed, at p_4_reviewed.html. There are numerous free and commercial password managers available, but the commercial products typically provide more features. Use long, complex passwords which use a combination of upper and lowercase letters, numbers, and special characters. Microsoft’s Safety and Security Center’s password page at create.aspx recommends passwords of eight or more characters, but passwords of 12 or more characters provide considerably better protection. A 6-character alphanumeric password can be broken offline in less than a second; However, A 10-character password with a special character using the same computer to crack it offline can take 54.46 years. If they use a massive parallel processing grid to attack that same 10-character password, it can take just 2.83 weeks to crack. That’s why long and complex passwords are best. Use antivirus and firewall software and keep them current. Make sure you don’t let your antivirus subscription expire, if applicable. Ensure realtime protection is enabled so documents are scanned as they’re opened, copied, downloaded, etc. Also, enable auto-updating of virus signatures to occur every week or less (preferably less), and run a full system scan regularly. Keep your operating system and application software current and patched. Some commercial software installs a separate program that runs upon start-up to check for software updates. Others require you to select an option from the program’s menu to check for program updates. When financially feasible you should consider purchasing upgrades to the latest major version of application software; in many cases, the latest version provides additional security features. Validate/verify identities and claims received via e-mail or social networking site posts. Call the individual, visit the company’s/organization’s legitimate website by typing the address in your browser, etc. Inspect uniform resource locators (URLs, or internet addresses) in e-mail messages and posts on social networking sites (SNSs) by hovering your mouse over the link. The actual destination URL will appear in a pop-up window or the application’s status bar. Visit only those sites you trust. Be suspicious of all shortened URLs as these can point to any legitimate or malicious website. Validate the legitimacy of the link with the individual who sent/posted the URL. Restrict not only your personal information and posts on SNSs, but also restrict your friends list to your SNS friends. This will help you avoid getting social engineered due to known associations with your friends. Scammers have created fake SNS pages using friends’ photos from legitimate pages (based upon unrestricted friends lists) and sent friend requests to gain access to personal information. Validate with the actual person before blindly accepting friend requests due to the social engineering threat. A number of military personnel accepted friend requests from a fraudulent account purporting to belong to NATO Senior Commander James Stavridis, which compromised the military members’ personal information. This social engineering scam was reportedly traced to China (if interested, see Create a list of bogus answers to challenge questions and use the bogus answers on websites. For example, you can use “Steelers” for favorite football team, even though you live in Chicago and your favorite team is the Bears. If a scammer knows you live in Chicago, they’ll likely suspect you’re a Bears fan. And, if by chance, a scammer actually gets access to your SNS posts and finds that your pet’s name is Fluffy, it will do them absolutely no good if your bogus answer for the associated website challenge question is “Thor.”