This document discusses various cyber threats and provides tips to protect against them. It begins by outlining groups that may want personal information, such as nation states, cyber criminals, and corporate spies. It then details common cyber threats like malware, viruses, worms, spyware, and social engineering. The document provides examples of these threats and discusses how to prevent identity theft, protect sensitive data, use social media securely, and identify phishing attempts. It concludes by offering advice on mobile, wireless, and internet security best practices.
8. What Are The Threats?
Viruses
A program that, when executed, replicates by
inserting copies of itself (possibly modified) into other
computer programs, data files, or the boot sector of
the hard drive; when this replication succeeds, the
affected areas are then said to be "infected".
-Wikipedia
Symantec executive believes anti-virus products stop
only 45% of the cyber attacks today
9. What Are The Threats?
Computer Worms
• A computer program that replicates itself in order to
spread to other computers. Often, it uses a
computer network to spread itself, relying on
security failures on the target computer to access it.
Unlike a computer virus, it does not need to attach
itself to an existing program.
-Wikipedia
10. What Are The Threats?
Spyware
• Software that aids in gathering information about a
person or organization without their knowledge and
that may send such information to another entity
without the consumer's consent, or that asserts
control over a computer without the consumer's
knowledge.
-Wikipedia
11. What Are The Threats?
Malvertising
• injecting malicious or malware laden advertisements into legitimate
online advertising networks and webpages. Online advertisements
provide a solid platform for spreading malware because significant
effort is put into them in order to attract users and sell or advertise the
product. Because advertising content can be inserted into high-profile
and reputable websites, malvertising provides malefactors an
opportunity to "push" their attacks to web users who might not
otherwise see the ads, due to firewalls, more safety precautions, or
the like.
-Wikipedia
12. Identity Theft
• Someone uses your identity to commit a crime, take out
a loan or credit, or anything else in your name.
• Results:
• Be arrested for a crime you did not commit
• Refused credit (CC’s, Auto, Mortgages) for bad credit
• Lose hundreds or thousand of dollars to thieves and
countless hours clearing up them mess
14. P2P File Sharing and IM
• Be extremely careful with file sharing software (BitTorrent, Kazaa,
eDonkey, Limewire, etc.) and Instant Messaging (IM).
• File sharing can expose your computer to the risk of malicious files
and attackers:
• Improperly configured file sharing software can allow others access
to your entire computer
• Files may not always be what they say they are
• Also, if you share copyrighted files, you risk being sued by the
RIAA,
• Some anti-virus programs cannot detect viruses in
P2P/IM/chat files, so viruses and other malicious code can be
spread this way.
15. Social Engineering
• The practice of trying to trick or manipulate people into breaking
normal security procedures is called “Social Engineering”. The
principle behind social engineering and scams in general is that
people are the weak link in security – that it can be easier to trick
people than to hack into computing systems by force.
• Social engineers exploit people’s natural tendency to want to be
liked and helpful. They also take advantage of our tendency to act
quickly when faced with a crisis.
16. Phishing / Spear Phishing
Phishing is a scam designed to steal information or
passwords, compromise computers or trick you out of
money - typically via deceptive emails, texts, posts on
social networking sites, pop-ups or phone calls. A
phisher may ask for your name, account information,
date of birth, Social Security number, address, etc. They
may also try to get you to click on a link or open a file.
17. Key Indicators of Social Engineering
Attacks
• You are being asked for personal or private information, your password, financial account
information, Social Security Number, or money.
• Unexpected/unsolicited email with a link or an attachment
• Requests that you forward emails, attachments, links, etc. to your friends, co-workers or family
• Promises of something too good to be true. This includes bargains and “great offers,” or links to
claim an award/reward.
Other indicators that an email isn’t legitimate:
• It’s not addressed to you, specifically, by name.
• The sender isn’t specified, isn’t someone you know, or doesn’t match the “from” address.
• It has spelling or grammatical errors.
• It has a link that doesn’t seem match where the email says the link will take you, or an
attachment with an incorrect or suspicious filename – or a suspicious file extension (e.g.: *.zip,
*.exe, *.vbs, *.bin, *.com, *.pif, *.zzx)
• It has a link/attachment to view an unexpected “manifest”or track an unknown package
• It includes links to pictures or videos from people you don’t personally know
22. Preventing Identity Theft
•Check Your Credit Report At Least Annually
•You have the right to order your credit report
from each of the three credit bureaus every
year
• Equifax – https://www.equifax.com/CreditReportAssistance/
• TransUnion – https://www.transunion.com/personal-
credit/customer-support/faqs/credit-reports-and-
disclosures.page#freeAnnualReport
• Experian - www.experian.com
• Freeze your credit
• http://www.clarkhoward.com/news/clark-howard/personal-finance-
credit/credit-freeze-and-thaw-guide/nFbL/
23. Preventing Identity Theft
• Don't respond to email, instant messages (IM), texts, phone calls,
etc., asking you for your password. Even if they say they work for
District IT Dept. District IT will never ask for your passwords.
• Don't give personal or financial information to anyone you don't
know or who doesn't have a legitimate need for it -- in person,
over the phone, via email, IM, text, Facebook, Twitter, etc.
• Use hard-to-guess passwords for your credit card, bank, and
phone accounts and keep them secret.
• Use known, trusted websites when you are logging in or providing
information online. Don't log in or provide sensitive information to
a web page you reached by clicking on a link -- in email, IM, text
message, advertisements, Social Networks, search results, etc.
24. Preventing Identity Theft
• When shopping online, make sure the site is secure by looking for
"https" (not http) in the web address (URL) and a padlock icon in
a corner of the page that asks you to input your password or
personal information.
• Encrypt personal information or store it on portable media and
lock it up securely.
• Use BitLocker (windows) or FileVault (Macintosh) To
encrypt Hard Drives and Thumb Drives -
• Lock up your computer with a cable. Secure laptop computers
and mobile devices at all times: keep them with you or lock them
up securely.
• Make sure a password is required to login or resume activity.
• Use a paper shredder when throwing out personal information.
25. Email Security
• Never assume that email, instant messages (IM) or attachments are
private or confidential.
• Don't send restricted data or personal information via email or instant
message (IM). These are not secure methods of communication.
• Use the “Bcc” (blind carbon copy) line for large numbers of recipients.
• This protects the email addresses of the recipients by hiding them and
makes your email easier to read. Delete email and attachments when
you no longer need them.
• Don’t click on links or open attachments in unexpected email or in pop-up
ads/windows. These could compromise your computer or take you to
malicious web sites designed to steal information.
• Just opening a malicious web page or attachment can infect a poorly
protected computer. Make sure you know where you’re going before
clicking on a link or opening something.
• Instead of clicking on an unknown link – including “tiny URLs” – look up
the website yourself (e.g. Google it) and go there on your own
26. Protecting Sensitive Data and Privacy
• Always understand the sensitivity of the data you are working on.
If you are unsure about that talk with your supervisor.
• Only use authorized systems to process sensitive data. Don’t
store data in the cloud (Dropbox, Google Drive, etc) or on other
removable media like thumb drive without prior authorization from
management.
• Don’t give private information to anyone you don’t know or who
doesn’t have a legitimate need for it.
• Don’t provide personal, sensitive or confidential information
online unless you are using a trusted, secure web page.
• At a minimum, look for “https” in the URL to indicate that there is
a secure connection.
• Get to web sites by typing the web address in directly. Don’t click
on or cut and paste links in unsolicited emails
27. Protecting Sensitive Data and Privacy
• Be especially careful about what you do over wireless.
Information and passwords sent via standard,
unencrypted wireless are especially easy for hackers
to intercept (most public-access wireless is
unencrypted).
• If you believe any sensitive data has been lost, stolen
or compromised be sure to contact the help desk or
security team immediately. The sooner our
organization is notified, the quicker we can respond to
minimize damage.
28. Mobile and Wireless Security
Mobile devices are computers, too!
• These devices can store important business and
personal information, and may be used to access
College systems, email, banking information, work and
personal accounts and they need to be protected like
any other computer.
• A good rule of thumb is not to store anything you're not
willing to lose or share with the world.
29. Mobile and Wireless Security
Mobile devices can be just as susceptible to viruses as desktop and laptop
computers. Use anti-virus/anti-malware software, if it is available for your
device, and set it to auto-update as frequently as the settings will allow.
• If your mobile device has built-in firewall or access control functionality, use it.
• Avoid using auto-complete features that remember user names or passwords.
• Disable or remove applications (apps) and plug-ins that you don't actively use
• Disable Bluetooth, wireless & IrDA (infrared) when you're not actively using them
• Turn off GPS and geotagging when you're not actively using them. These can
allow your location to be tracked without your knowledge.
• Set devices to “ask” before joining wireless networks (see below for more
information about wireless).
• If your device has a web browser, set the browser to block pop-ups. For added
privacy, also set the browser to limit the cookies it accepts.
30. Mobile and Wireless Security
Prevention in case of theft or loss:
• Back up or sync your data regularly.
• Set your device to erase itself after repeated failed log-on attempts.
• Enable remote wipe.
• Enable location tracking, keeping in mind the privacy implications.
• If lost or stolen on campus, report it immediately to campus safety
31. Have You Been Hacked?
If you suspect that you have
been hacked, then do not
hesitate to call the help desk
immediately
Help Desk Ext. 88111 or
714-438-8111
32. Internet Scams
Don't be fooled by scams!
• Criminals and hackers are constantly coming up with new
schemes designed to compromise computers, trick you into
revealing valuable information (personal, financial, etc.), steal
passwords, or trick you out of money.
• It can be difficult to know if someone is telling the truth on the
Internet.
• Scams can lead to identity theft, regular theft, access to your
accounts and personal information, and compromised computers.
• A compromised computer can put ALL of your information and
passwords at risk
33. Other Scams
• Mystery Shoppers
• Checks are sent to people who sign up to “mystery shop” a wire
transfer service.
34. Other Scams
• 419 Scams
• Scam baiting – Engaging & Exposing Internet 419 Scammers
• 419eater.com
• 419 refers to the article of the Nigerian Criminal Code dealing with
fraud
35. Top 10 Scams This Year
1. The Nigerian scam, also known as 419
2. IRS Scare Scam
3. Lottery Scams
4. Phishing emails and phony web pages
5. Items for sale overpayment scam
6. Employment search overpayment scam
7. Disaster relief scams
8. Travel scams
9. “Make Money Fast” chain emails
10. "Turn Your Computer Into a Money-Making Machine!"
36. Thank You
Be Aware And Be
Secure!
http://cyberaware.securingthehuman.org/