• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Password management
 

Password management

on

  • 3,407 views

 

Statistics

Views

Total Views
3,407
Views on SlideShare
1,349
Embed Views
2,058

Actions

Likes
1
Downloads
40
Comments
0

6 Embeds 2,058

http://www.neseerses.com 1980
http://www.sohotechtraining.com 64
http://egitimler.blogcu.com 5
http://www.google.com.tr 4
http://www.linotech.info 4
http://www.google.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Source: http://www.slideshare.net/NortonOnline/2012-norton-cybercrime-report-14207489
  • MakeUseOf.com Password Management Guide – Page 5, para 8 Image from: http://www.google.com/intl/en/landing/2step/
  • Source: MakeUseOf.com Password Management Guide – Page 7For more in-depth information about threats against passwords, please read the following resources:• Guide to Enterprise Password Management (Draft)• THE RISK OF SOCIAL ENGINEERING ON INFORMATION SECURITY: A SURVEY OF IT PROFESSIONALS• What Is Social Engineering? [MakeUseOf Explains]• How To Protect Yourself Against Social Engineering Attacks
  • The point is that you don’t have to memorize hundreds of passwords to ensure your accounts will not be compromised. Use really strong passwords only for your high and medium security accounts.
  • Source: http://dailyinfographic.com/how-strong-is-your-password-infographic
  • http://www.makeuseof.com/tag/7-ways-to-make-up-passwords-that-are-both-secure-memorable/
  • Image from: http://security.arizona.edu/files/db_toothbrush.jpg
  • Source: http://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe
  • http://rumkin.com/tools/password/passchk.php
  • This technique was developed by security guru Steve Gibson, president of Gibson Research Corporation (GRC).
  • Many people feel overwhelmed by the number of passwords they have to remember. Thus, People reuse passwords so that they don’t have to track many different logins. http://www.technewsdaily.com/3756-password-overload.html
  • According to a landmark study (PDF) from 2007. Such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too.
  • MakeUseOf.com Password Management Guide – Pages 20-23
  • MakeUseOf.com Password Management Guide – Pages 20-23
  • http://www.technewsdaily.com/3756-password-overload.html
  • http://mashable.com/2013/03/27/tips-against-identity-theft/
  • Source: http://www.ic3.gov/media/annualreports.aspx
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
  • http://www.ic3.gov/media/annualreports.aspxThe Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

Password management Password management Presentation Transcript

  • PASSWORDMANAGEMENT:Creating and managingpasswords to be assecure as possible
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  •  A password is a string of characters that gives you access to acomputer or an online account.WHAT’S A PASSWORD?
  • Password cracking is the process of breaking passwords inorder to gain unauthorized access to a computer or account.Guessing:Method of gaining accessto an account byattempting to authenticateusingcomputers, dictionaries, orlarge word lists. Brute force – uses everypossible combination ofcharacters to retrieve apassword Dictionary attack – usesevery word in a dictionaryof common words toidentify the passwordSocial Engineering/Phishing:Deceiving users into revealingtheir username andpassword. (easier thantechnical hacking) Usually by pretending to bean IT help desk agent or alegitimate organizationsuch as a bank. DO NOT EVER SHARE YOURPASSWORDS, sensitivedata, or confidentialbanking details on sitesaccessed through links inemails.COMMON THREATS AGAINSTYOUR PASSWORD
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  • Banking andBusinessservicesHOW MANY PASSWORDS DO YOU HAVE?PersonalEmailsSocial media& newsWorkrelatedaccounts
  • DON’T FORGET YOUR COMPUTER ANDPHONE LOGINS!
  • Tiered password systems involve having different levels ofpasswords for different types of websites, where the complexity ofthe password depends on what the consequences would be if thatpassword is compromised/obtained. Low security: for signing up for a forum, newsletter, ordownloading a trial version for a certain program. Medium security: for social networking sites, webmail andinstant messaging services. High security: for anything where your personal finance isinvolved such as banking and credit card accounts. If these arecompromised it could drastically and adversely affect your life.This may also include your computer login credentials.Keep in mind that this categorization should be based on howcritical each type of website is to you. What goes in which categorywill vary from person to person.TIERED PASSWORD SYSTEMS
  • 1. Categorize your passwords into 3 categories:high, medium, or low. Categorization should be based onhow critical each type of website is to you. Take 5 minutesto categorize some of your online accounts.2. Your high security passwords are the most important. Keepin mind: You should change any password that is weak. If you have used any of your passwords for more than 1 site, youshould change.HANDS-ON PART 1: REVIEW ANDCATEGORIZE YOUR PASSWORDS
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  • COMMONMISTAKES INCREATINGPASSWORDS
  • RISK EVALUATIONOF COMMON MISTAKESMistake Example Risk EvaluationUsing a Common Password.123456789passwordqwertyToo risky. These are most criminal’s first guesses, sodon’t use them.Using a Password that is basedon personal dataGladiator―Bobby‖―Jenny‖―Scruffy‖Too risky: anyone who knows you can easily guess thisinformation. Basing a password on your social securitynumber, nicknames, family members’ names, the namesof your favorite books or movies or football team are allbad ideas.Using a Short PasswordJohn12Jim2345The shorter a password, the more opportunities forobserving, guessing, and cracking it.Using the same passwordeverywhere.Using one password onevery site or onlineservice.Too risky: it’s a single point of failure. If this password iscompromised, or someone finds it, the rest of youraccounts – including your sensitive information – are atrisk.Writing your passwords down.Writing your passworddown on a postit notestuck to your monitor.Very high risk, especially in corporate environments.Anyone who physically gets the piece of paper or stickynote that contains your password can log into youraccount.
  •  Strong passwords: are a minimum of 8 characters in length, it’s highly recommendedthat it’s 12 characters or more contain special characters such as @#$%^& and/or numbers. use a variation of upper and lower case letters.WHAT MAKES A PASSWORD SAFE?
  • It must not containeasily guessedinformation suchyour birthdate, phonenumber, spouse’sname, pet’sname, kid’sname, loginname, etc.It shouldn’t containwords found in thedictionary.WHAT MAKES A PASSWORD SAFE?(CONT.)
  •  “Treat your password like yourtoothbrush. Don’t let anybodyelse use it, and get a new oneevery six months.” ~ CliffordStoll The stronger your password, themore protected your account orcomputer is from beingcompromised or hacked. Youshould make sure you have aunique and strong password foreach of your accounts.HOW TO MAKE A STRONG PASSWORD
  • 1. Pick up a familiar phrase or quote, for example, ―May the forcebe with you‖ and then abbreviate it by taking the first letter ofeach word, so it becomes ―mtfbwy‖2. Add some special characters on either sides of the word tomake it extra strong (like #mtfbwy!)3. And then associate it with the website by adding a fewcharacters from the website name into the original passwordas either a suffix or prefix. So the new password for Amazoncould become #mtfbwy!AmZ, #mtfbwy!FbK for Facebook and soon.*While this technique lets us reuse the phrase-generated part ofthe password on a number of different websites, it would still be abad idea to use it on a site like a bank account which containshigh-value information. Sites like that deserve their own passwordselection phrase.MOZILLA’S SAFEPASSWORD METHODOLOGY
  • While generating a password you should follow two rules; Lengthand Complexity. Let’s start by using the following sentence: ―Maythe force be with you‖. Let’s turn this phrase into a password.1. Take the first letter from each word: Mtfbwy.2. Now increase its strength by adding symbols and numbers:!20Mtfbwy13! The 20 and 13 refer to the year, 2013. Secondly, I put a ―!‖ symbol on each end of the password Try using the name of your online account in the password !20Mtfbwy13!Gmail (for gmail) fb!20Mtfbwy13! (for Facebook) That’s one password developing strategy. Let’s keep addingcomplexity, while also attempting to keep things possible tomemorize. *you actually should not use a should not be acommon phrase.USING A PASSPHRASE TO WRITE ASECURE PASSWORD
  •  Password Haystack is a methodology of making your passwordextremely difficult to brute force by padding the passwordwith a pattern like (//////) before or/and after yourpassword.HAYSTACKING YOUR PASSWORD:A SIMPLE AND POWERFUL WAY OF SECURING YOUR PASSWORDHere’s how it works:1. Come up with a password, but try to make it as a mix of uppercase andlowercase letters, numbers and symbols2. Come up with a pattern/scheme you can remember, such as the first letter ofeach word from an excerpt of your favorite song or a set of symbols like(…../////)3. Use this pattern and repeat using it several times (padding your password)Let’s have an example of this:Password:!20Mtfbwy13!By applying this approach, the password becomes a Haystacked Password:…../////!20Mtfbwy13!…../////
  • Use these tools to test the strength of a password. As aprecaution, you probably shouldn’t use these services to testyour actual password. Instead, simply use it to learn what worksand what doesn’t work. Just play with the strength checkers byconstructing fake passwords and testing them. http://rumkin.com/tools/password/passchk.php https://www.microsoft.com/security/pc-security/password-checker.aspx http://www.grc.com/haystack.htm http://howsecureismypassword.net/HANDS-ON PART 2:TESTING YOUR PASSWORDS
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  • PASSWORD OVERLOAD: HOW CANANYONE REMEMBER THEM ALL?Many people use a few passwords for all oftheir major accounts.The average Web user maintains 25 separateaccounts but uses just 6.5 passwords toprotect them.
  • If one of your accounts is hacked, it’s likely thatyour other accounts that used the samepassword will quickly follow.More than 60%ofpeople use the samepassword across multiplesitesPASSWORD SECURITY
  •  Human memory is the safest database for storing all yourpasswords Writing passwords down on a piece of paper Storing passwords on a computer in a Word document or Excelfile Password Manager is software that allows you to securelystore all of your passwords and keep them safe, typicallyusing one master password. This kind of software saves anencrypted password database, which securely stores yourpasswords either on your machine or on the Web. You should not rely totally on any type of password manager Your single master password must be unique and complexPASSWORD MANAGEMENT TECHNIQUES(WAYS TO STORE YOU PASSWORDS)
  • HUMAN MEMORY Strength: safest database for storing all your passwords Weakness: Easy to forget
  •  Strength: ease of access Weaknesses: You can lose the paper Paper could be easily stolen or viewed by other peopleWRITING PASSWORDS DOWNON A PIECE OF PAPER
  •  Strength: ease of access Weaknesses: Data is not encrypted, anyone who has access to the computer thatthe file is saved on can easily read your passwords If your computer breaks, you could possibly permanently lose the fileSTORING PASSWORDS ON A COMPUTERIN A WORD DOCUMENT OR EXCEL FILE
  •  Password Manager is software that allows you to securelystore all of your passwords and keep them safe, typicallyusing one master password. This kind of software saves anencrypted password database, which securely stores yourpasswords either on your machine or on the Web. You should not rely totally on any type of password manager Your single master password must be unique and complexPASSWORD MANAGER IS SOFTWARE
  •  Password management tools are really good solutions for reducing thelikelihood that passwords will be compromised, but don’t rely on a singlesource. Why? Because any computer or system is vulnerable to attack.Relying on a password management tool creates a single point of potentialfailure. But before you turn to a password-management service based in the cloud or on yourPC, its best to review the quality of the service, said Tim Armstrong, malwareresearcher at Kaspersky Lab. He pointed out that youve got to ensure against dataleakage or insecure database practices. "Users must be extra careful in choosing aprovider," Armstrong said. "Make sure theyre a valid and reputable vendor.― Grant Brunner wrote a fascinating article at ExtremeTech about Staying safe online:Using a password manager just isn’t enough. In it, he wrote, “using a passwordmanager for all of your accounts is a very sensible idea, but don’t be lulled into a falsesense of security You’re not immune from cracking or downtime.” Broadlyspeaking, password managers such as LastPass are like any software: vulnerable tosecurity breaches. For example, LastPass experienced a security breach in 2011, butusers with strong master passwords were not affected. Disadvantage: If you forget the master password, all your other passwordsin the database are lost forever, and there is no way of recovering them.Don’t forget that password!SO WHICH ONE IS THE BEST?
  •  KeePass is a popular open-source, cross-platform, desktop-based password manager. It is available for Windows, Linuxand Mac OS X as well as mobile operating systems like iOSand Android. It stores all your passwords in a single database(or a single file) that is protected and locked with one masterkey. The KeePass database is mainly one single file which canbe easily transferred to (or stored on) any computer. Go to thedownload page to get your copy. KeePass is a local program, but you can make it cloud-basedby syncing the database file using Dropbox, or another servicelike it. Check out Justin Pot’s article, Achieve Encrypted Cross-Platform Password Syncing With KeePass & Dropbox. Make sure you always hit save after making a new entry to thedatabase!KEEPASS
  • MOZILLA FIREFOX’SPASSWORD MANAGER
  •  You should never record or write your password down on a post-it note. Never share your password with anyone, even your colleagues. You have to be very careful when using your passwords on public PCslike schools, universities and libraries…etc. Why? Because there’s achance these machines are infected with keyloggers (or keystrokelogging methods) or password-stealing trojan horses. Do not use any password-saving features such as Google Chrome’s AutoFill feature or Microsoft’s Auto Complete feature, especially on publicPCs. Do not fill any form on the Web with your personal information unlessyou know you can trust it. Nowadays, the Internet is full of fraudulentwebsites, so you have to be aware of phishing attempts. Use a trusted and secure browser such as Mozilla Firefox. Firefoxpatches hundreds of security updates and makes significantimprovements just to protect you from malware, phishingattempts, other security threats, and to keep you safe as you browsethe Web.DO NOT PUT ALL YOUREGGS IN ONE BASKET.
  •  This free tool helps usersfigure out if their accountcredentials have beenhacked. If you go to thewebsite of the service, youwill see up-to-date statisticsof the number of leakedcredentials, passwords andemail addresses. PwnedList keepsmonitoring (or crawling) theWeb in order to find stolendata posted by hackers onthe public sites and thenindexes all the logininformation it finds.PWNEDLIST
  •  ALWAYS use a mix of uppercase and lowercase letters alongwith numbers and special characters. Have a different strong password for eachsite, account, computer etc., and DO NOT have any personalinformation like your name or birth details in your password. DO NOT share any of your passwords or your sensitive datawith anyone – even your colleagues or the helpdesk agent inyour company. In addition, use your passwordscarefully, especially in public PCs. Don’t be a victimof shoulder surfing. Last recommendation that we strongly encourage is for you tostart evaluating your passwords, building your tiered passwordsystem, alternating your ways of creating passwords andstoring them using password managers.POINTS TO REMEMBER
  • 1. Decide which methods you plan to store each password.2. Download and practice using KeePass3. Check your primary emails on PwnedList.com/HANDS-ON PART 3:MANAGING YOUR PASSWORDS
  • 1. The scale of consumer cyber crime2. What is a password and facts about password security andits importance3. Tiered password system - review and categorize yourexisting passwords4. Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password5. Password management techniques6. Additional tips to secure your identityTABLE OF CONTENTS
  •  Open Wi-fi connection can be easily hacked using a freepacket sniffer software Always enable ―HTTPS‖ (also called secure HTTP) settings inall online services that support it – this includesTwitter, Google, Facebook and more. Spoofed WebsiteADDITIONAL TIPS TOSECURE YOUR IDENTITY
  •  Internet crime schemes that steal millions of dollars each year from victimscontinue to plague the Internet through various methods. Following are preventativemeasures that will assist you in being informed prior to entering into transactionsover the Internet: Auction Fraud Counterfeit Cashiers Check Credit Card Fraud Debt Elimination DHL/UPS Employment/Business Opportunities Escrow Services Fraud Identity Theft Internet Extortion Investment Fraud Lotteries Nigerian Letter or "419" Phishing/Spoofing Ponzi/Pyramid Reshipping Spam Third Party Receiver of FundsINTERNET CRIME PREVENTION TIPSF R O M T H E I N T E R N E T C R I M E C O M P L A I N T C E N T E R ( I C 3 ) . I C 3 I S A P A R T N E R S H I P B E T W E E N T H E F E D E R A LB U R E A U O F I N V E S T I G A T I O N A N D T H E N A T I O N A L W H I T E C O L L A R C R I M E C E N T E R .
  • Auction Fraud Before you bid, contact the sellerwith any questions you have. Review the sellers feedback. Be cautious when dealing withindividuals outside of your owncountry. Ensure you understandrefund, return, and warrantypolicies. Determine the shipping chargesbefore you buy. Be wary if the seller only acceptswire transfers or cash. If an escrow service is used, ensureit is legitimate. Consider insuring your item. Be cautious of unsolicited offers.Counterfeit Cashiers Check Inspect the cashiers check. Ensure the amount of the checkmatches in figures and words. Check to see that the accountnumber is not shiny in appearance. Be watchful that the drawerssignature is not traced. Official checks are generallyperforated on at least one side. Inspect the check foradditions, deletions, or otheralterations. Contact the financial institution onwhich the check was drawn toensure legitimacy. Obtain the banks telephonenumber from a reliable source, notfrom the check itself. Be cautious when dealing withindividuals outside of your owncountry.ONLINE CRIME PREVENTIONIF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Credit Card Fraud Ensure a site is secure and reputablebefore providing your credit cardnumber online. Dont trust a site just because it claimsto be secure. If purchasing merchandise, ensure it isfrom a reputable source. Promptly reconcile credit cardstatements to avoid unauthorizedcharges. Do your research to ensure legitimacyof the individual or company. Beware of providing credit cardinformation when requested throughunsolicited emails.Debt Elimination Know who you are doing business with— do your research. Obtain the name, address, andtelephone number of the individual orcompany. Research the individual or company toensure they are authentic. Contact the Better Business Bureau todetermine the legitimacy of thecompany. Be cautious when dealing withindividuals outside of your own country. Ensure you understand all terms andconditions of any agreement. Be wary of businesses that operatefrom P.O. boxes or maildrops. Ask for names of other customers ofthe individual or company and contactthem. If it sounds too good to be true, itprobably is.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • DHL/UPS Beware of individuals using the DHL orUPS logo in any email communication. Be suspicious when payment isrequested by money transfer before thegoods will be delivered. Remember that DHL and UPS do notgenerally get involved in directlycollecting payment from customers. Fees associated with DHL or UPStransactions are only for shipping costsand never for other costs associatedwith online transactions. Contact DHL or UPS to confirm theauthenticity of email communicationsreceived.Employment/Business Opportunities Be wary of inflated claims of producteffectiveness. Be cautious of exaggerated claims ofpossible earnings or profits. Beware when money is required up frontfor instructions or products. Be leery when the job posting claims"no experience necessary". Do not give your social security numberwhen first interacting with yourprospective employer. Be cautious when dealing withindividuals outside of your own country. Be wary when replying to unsolicitedemails for work-at-home employment. Research the company to ensure theyare authentic. Contact the Better Business Bureau todetermine the legitimacy of thecompany.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Escrow Services Fraud Always type in the website addressyourself rather than clicking on a linkprovided. A legitimate website will be unique andwill not duplicate the work of othercompanies. Be cautious when a site requestspayment to an "agent", instead of acorporate entity. Be leery of escrow sites that onlyaccept wire transfers or e-currency. Be watchful of spelling errors, grammarproblems, or inconsistent information. Beware of sites that have escrow feesthat are unreasonably low.Identity Theft Ensure websites are secure prior tosubmitting your credit card number. Do your homework to ensure thebusiness or website is legitimate. Attempt to obtain a physicaladdress, rather than a P.O. box ormaildrop. Never throw away credit card or bankstatements in usable form. Be aware of missed bills which couldindicate your account has been takenover. Be cautious of scams requiring you toprovide your personal information. Never give your credit card number overthe phone unless you make the call. Monitor your credit statements monthlyfor any fraudulent activity. Report unauthorized transactions toyour bank or credit card company assoon as possible. Review a copy of your credit report atleast once a year.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Internet Extortion Security needs to be multi-layered sothat numerous obstacles will be in theway of the intruder. Ensure security is installed at everypossible entry point. Identify all machines connected to theInternet and assess the defense thatsengaged. Identify whether your servers areutilizing any ports that have beenknown to represent insecurities. Ensure you are utilizing the most up-to-date patches for your software.Investment Fraud If the "opportunity" appears too good tobe true, it probably is. Beware of promises to make fastprofits. Do not invest in anything unless youunderstand the deal. Dont assume a company is legitimatebased on "appearance" of the website. Be leery when responding to invesmentoffers received through unsolicitedemail. Be wary of investments that offer highreturns at little or no risk. Independently verify the terms of anyinvestment that you intend to make. Research the parties involved and thenature of the investment. Be cautious when dealing withindividuals outside of your own country. Contact the Better Business Bureau todetermine the legitimacy of thecompany.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Lotteries If the lottery winnings appear too goodto be true, they probably are. Be cautious when dealing withindividuals outside of your own country. Be leery if you do not rememberentering a lottery or contest. Be cautious if you receive a telephonecall stating you are the winner in alottery. Beware of lotteries that charge a feeprior to delivery of your prize. Be wary of demands to send additionalmoney to be eligible for futurewinnings. It is a violation of federal law to play aforeign lottery via mail or phone.Nigerian Letter or "419― If the "opportunity" appears too goodto be true, it probably is. Do not reply to emails asking forpersonal banking information. Be wary of individuals representingthemselves as foreign governmentofficials. Be cautious when dealing withindividuals outside of your own country. Beware when asked to assist in placinglarge sums of money in overseas bankaccounts. Do not believe the promise of largesums of money for your cooperation. Guard your account informationcarefully. Be cautious when additional fees arerequested to further the transaction.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Phishing/Spoofing Be suspicious of any unsolicitedemail requesting personalinformation. Avoid filling out forms in emailmessages that ask for personalinformation. Always compare the link in theemail to the link that you areactually directed to. Log on to the officialwebsite, instead of "linking" to itfrom an unsolicited email. Contact the actual business thatsupposedly sent the email to verifyif the email is genuine.Ponzi/Pyramid If the "opportunity" appears toogood to be true, it probably is. Beware of promises to make fastprofits. Exercise diligence in selectinginvestments. Be vigilant in researching withwhom you choose to invest. Make sure you fully understand theinvestment prior to investing. Be wary when you are required tobring in subsequent investors. Independently verify the legitimacyof any investment. Beware of references given by thepromoter.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  • Reshipping Be cautious if you are asked to shippackages to an "overseas home office." Be cautious when dealing withindividuals outside of your own country. Be leery if the individual states that hiscountry will not allow direct businessshipments from the United States. Be wary if the "ship to" address is yoursbut the name on the package is not. Never provide your personal informationto strangers in a chatroom. Dont accept packages that you didntorder. If you receive packages that you didntorder, either refuse them upon deliveryor contact the company where thepackage is from.Spam Dont open spam. Delete it unread. Never respond to spam as this willconfirm to the sender that it is a "live"email address. Have a primary and secondary emailaddress - one for people you know andone for all other purposes. Avoid giving out your email addressunless you know how it will be used. Never purchase anything advertisedthrough an unsolicited email.Third Party Receiver of Funds Do not agree to accept and wirepayments for auctions that you did notpost. Be leery if the individual states that hiscountry makes receiving these type offunds difficult. Be cautious when the job postingclaims "no experience necessary". Be cautious when dealing withindividuals outside of your own country.ONLINE CRIME PREVENTION (CONT.)IF THE "OPPORTUNIT Y" APPEARS TOO GOOD TO BE TRUE, IT PROBABLY IS .
  •  Al-Marhoon, M. (n.d.). Password Management Guide.MakeUseOf. Retrieved April 10, 2013, fromhttp://www.makeuseof.com/pages/the-password-management-guide-fulltext http://www.slideshare.net/NortonOnline/2012-norton-cybercrime-report-14207489 http://www.ic3.gov/media/annualreports.aspxREFERENCES