IDENTIFYING CYBER THREATS NEAR YOU

1,988 views

Published on

Identifying Cyber Threats Near You.

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,988
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
0
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

IDENTIFYING CYBER THREATS NEAR YOU

  1. 1. IDENTIFYING CYBER THREATS NEAR YOU<br />CYBER CRIME TRAINING PROGRAMME<br />DAY 1<br />
  2. 2. WHO AM I?<br />WILLIAM WARERO<br />MCAFEE CERTIFIED SECURITY ADVOCATE<br />FOCUS IS ON DEPLOYMENT OF MCAFEE ENTERPRISE SECURITY SOLUTIONS<br />AND ADVOCATE OF ENTERPRISE PRODUCTIVITY SOLUTIONS<br />
  3. 3. Primary Online Risks and Threats<br />To Families<br /><ul><li>Cyberbullies
  4. 4. File-sharing abuses
  5. 5. Invasion of privacy
  6. 6. Disturbing content
  7. 7. Predators</li></ul>To Personal<br />Information<br /><ul><li>Online fraud and phishing
  8. 8. Hoaxes
  9. 9. Identity theft
  10. 10. Spam</li></ul>To Computers<br /><ul><li>Viruses
  11. 11. Worms
  12. 12. Trojans
  13. 13. Spyware</li></li></ul><li>Primary Threats to Computer Security<br />Viruses/Worms<br />Software programs designed to invade your computer, and copy, damage, or delete your data.<br />Trojans<br />Viruses that pretend to be helpful programs while destroying your data, damaging your computer, and stealing your personal information.<br />Spyware<br />Software that tracks your online activities or displays endless ads.<br />
  14. 14. Primary Online Risks for Children<br />Disturbing Content<br />If kids explore unsupervised, they could stumble upon images or information you may not want them exposed to.<br />File-share Abuse<br />Unauthorized sharing of music, video, and other files may be illegal, and download malicious software.<br />Cyberbullies<br />Both children and adults may use the Internet to harass or intimidate other people.<br />Predators<br />These people use the Internet to trick children into meeting with them in person.<br />Invasion of Privacy<br />If kids fill out online forms, they may share information you don’t want strangers to have about them or your family.<br />
  15. 15. Primary Threats to Personal Online Safety<br />Phishing<br />E-mail sent by online criminals to trick you into going to fake Web sites and revealing personal information<br />Spam<br />Unwanted e-mail, instant messages, and other online communication<br />Identity Theft<br />A crime where con artists get your personal information and access your cash and/or credit<br />Hoaxes<br />E-mail sent by online criminals to trick you into giving them money<br />
  16. 16. What is a phishing scam?<br />Phishing is a type of deception designed to steal your valuable personal data such as credit card numbers, email account details, and other account data and passwords. Phishing is also known as identity theft and is a type of social engineering. <br />
  17. 17. Common phishing scams:<br />Spoofs of businesses that you know and trust. These are e-mail messages that purport to be from companies or services that you know and trust such as your bank and could contain urgent messages with threats of account closures or other alarming consequences. <br />
  18. 18. Common phishing scams:<br />Lottery scams and other advanced fee fraud scams.For example, an e-mail message might request your help in a financial transaction such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know or that you have won a lottery that you did not enter. For more information, see Scams that promise money, gifts, or prizes. <br />
  19. 19. Common phishing scams:<br />Rogue security software scams.These are e-mail messages, Web sites, or pop-up windows that tell you that your computer is unsafe. If you download the software they offer so you can receive help, you could damage your system or waste money on software that you don't need.<br />
  20. 20. You might see a phishing scam:<br />In e-mail messages, even if the messages appear to be from a coworker or someone you know.<br />On social networking Web sites.<br />On Web sites that appear to accept donations for charity.<br />On Web sites that spoof familiar sites but that use slightly different Web addresses.<br />In your instant message (IM) program.<br />On your cell phone or other mobile device.<br />
  21. 21. Six signs of a scam<br />Generic greetings such as "Dear Customer," which indicate that the sender does not know you and should not be trusted. <br />
  22. 22. Six signs of a scam<br />Alarming or urgent statements that require you to respond immediately.<br />
  23. 23. Six signs of a scam<br />Requests for personal or financial information, such as user names, passwords, credit card or bank account numbers, social security numbers, dates of birth, or other information that can be used to steal your identity.<br />
  24. 24. Six signs of a scam<br />Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, but with a minor alteration. For example, instead of www.microsoft.com, the scammer might use www.micrsoft.com. <br />
  25. 25. Six signs of a scam<br />The text of the link in the e-mail message to you is different from the Web address that you are directed to when you click the link. You can identify the actual Web address in a link by hovering over the link without clicking it. The Web address appears in a text box above the link.<br />
  26. 26. Six signs of a scam<br />The "From" line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message<br />
  27. 27. How can I help prevent a scam from happening to me?<br />
  28. 28. Delete Spam<br />Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account and make yourself vulnerable to further abuse<br />
  29. 29. Caution!<br />Use caution when you click links in e-mail messages, text messages, pop-up windows, or instant messages. Instead, type Web addresses in a Web browser, or use your online Favorites or bookmarks.<br />
  30. 30. Attachments and links<br />Do not open e-mail attachments or click instant message download links unless you know who sent the message and you were expecting the attachment or link.<br />
  31. 31. Giving info online<br />Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information.<br />
  32. 32. Passwords<br />Create strong passwords and avoid using the same password for your bank and other important accounts. <br />
  33. 33. Update<br />Update your security settings and operating systems<br />Use web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. Update your browser.<br />
  34. 34. Use Filters<br />Turn on filters in Mozilla Firefox, Google, in Internet Explorer and other providers to help detect unsafe and potentially unsafe Web sites as you browse.<br /> Read the warning messages that you see to decide if you want to proceed to a suspicious Web site or not.<br />
  35. 35. Firewalls and antivirus<br />Make sure your computer's firewall is turned on and that you use antivirus and antispyware software that is updated automatically<br />
  36. 36. Track transactions<br />Check your bank and credit card statements closely to identify and report any transactions that are not legitimate. <br />
  37. 37. Secure Networks<br />Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security. <br />
  38. 38. What should I do with fraudulent e-mail messages?<br />
  39. 39. Delete the message. Do not respond or click links in it.<br />Report any suspicious activity. <br />If you believe that someone is using your email account, you can reset your password. <br />Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, scan your computer with your security program<br />
  40. 40. What does a phishing e-mail look like?<br />They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.<br />
  41. 41. They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. <br />
  42. 42. They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don't respond.<br />
  43. 43. They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.<br />
  44. 44. They might include links to spoofed Web sites where you are asked to enter personal information.<br />
  45. 45. Here is an example :<br />
  46. 46. What do you see?<br />
  47. 47. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.<br />
  48. 48. Here are a few phrases to look for if you think an e-mail message is a phishing scam.<br />
  49. 49. "Verify your account."<br />Businesses should not ask you to send passwords, login names, or other personal information through e-mail.<br />If you receive an e-mail message from google asking you to update your credit card information, do not respond: this is a phishing scam.<br />
  50. 50. "You have won the lottery."<br />The lottery scam is a common phishing scam known as advanced fee fraud.<br /> One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Coca Cola. <br />In case you did not know, there is no Coca Cola lottery. <br />
  51. 51. "If you don't respond within 48 hours, your account will be closed."<br />These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised. <br />
  52. 52. What does a phishing link look like?<br />
  53. 53. "Click the link below to gain access to your account."<br />HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site.<br />
  54. 54. Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.<br />
  55. 55. What do you see?<br />
  56. 56. Example of a masked Web address ("typo-squatting" or "cybersquatting." )<br />Con artists also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address “www.yahoo.com" could appear instead as:<br />www.yaho.com<br />www.youryahoo.com <br />www.verify-yahoo.com<br />
  57. 57. Cybersquatting<br />Scammers register these domain names in order to compete with the popular site or to earn money through advertisements.<br />If you enter the wrong URL you might be taken to a site where you'll see an ad for the site you really wanted.<br /> If you click on that ad, you might get to where you want to go: You've made an extra click and the scammer has earned some money.<br />
  58. 58. Cybersquatting<br />Typo-squatters and cybersquatters can also create more insidious scams, such as downloading malicious software applications and spyware onto unprotected computers that connect to their sites.<br />
  59. 59. Cybersquatting<br />and the Internet Corporation for Assigned Names and Numbers (ICANN) has worked to remedy the situation, but cybersquatters are still out there.<br />
  60. 60. Spoofing<br />Some cyber criminals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such as your credit card number.<br />
  61. 61. What is a spoofed Web site?<br />A spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site.<br />
  62. 62. Other Scams:<br />Scams are created daily and these are not all of them. Here are some others:<br />Fake e-cards<br />Fake job opportunities<br />Donation scams<br />
  63. 63. Fake ECards<br />E-cards are created the same way Web sites are; they're built on the Internet just like this page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.<br />
  64. 64. How to avoid fake e-cards<br />Recognize the sender of the e-card. If you don't know the sender, do not trust the card. Legitimate companies have standard, obvious ways for you to recognize that the e-mail is not a fraud.<br />
  65. 65. How to avoid fake e-cards<br />Make sure you check both the display name and e-mail address of the sender.<br />When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of the e-mail. <br />
  66. 66. How to avoid fake e-cards<br />Never download or click anything from an unknown source.<br />Be wary of an e-mail message or file attachment from someone you don't know or that seems suspicious.<br />Preview a link's Web address before you click it. If the link doesn't show an address, move your mouse pointer over a link without clicking it to see where the link goes. (The address should appear on the bottom bar of your Web browser.)<br />Don't accept an end-user agreement without reading the fine print first; you might inadvertently agree to install spyware or something else you don't want.<br />
  67. 67. Online job-hunting scams<br />Phishing scams might also appear as phony job ads, used to convince job hunters to send them personal information. Scammers post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake Web sites that appear to be those of real organizations.<br />
  68. 68. Online job-hunting scams<br />These sites might also charge fees for services they will never render. Typically, after a few days the thieves close down the scam and disappear.<br />
  69. 69. Best practices for online job hunters<br />Never provide any non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through e-mail, over the phone, in a fax, or on your resume.<br />List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.<br />
  70. 70. Best practices for online job hunters<br />Verify a prospective employer, recruiter, or recruiting agency through another source and then contact them directly-or better yet, visit them in person at the company location during regular work hours.<br />If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours<br />
  71. 71. Best practices for online job hunters<br />Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for "exclusive" job leads or for a job itself.<br />If you are paying for job placement services, don't provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.<br />
  72. 72. Best practices for online job hunters<br />Carefully evaluate contact information in job ads or related e-mails, watching out for spelling errors, an e-mail address that does not feature the company's name, and inconsistencies with area or zip codes.<br />Create an exclusive Web-based e-mail address and account for all non-personal communication.<br />
  73. 73. Donation scams<br />Natural disasters, political campaigns, and global health issues are often the focus of donation <br />Several types of phishing scams promise fantastic financial or other rewards in exchange for just a few small things you have to do…which include turning over your personal information to an identity thief.<br />Advance fee fraud scams<br />Stock tips in e-mail and text messages<br />
  74. 74. Advance fee fraud scams<br />An advance fee fraud is a scam that hooks you with the false promise of large sums of money for little or no effort on your part.<br />After you're deeply involved in the scam, you're asked to pay certain amounts of money to expedite the process. You end up not making a dime, losing your money, and perhaps turning over your personal information to fraudsters.<br />
  75. 75. Advance fee fraud scams<br />The most common form of advance fee fraud is an e-mail message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part.<br />Advance fee fraud is also known as the Nigerian Letter or the 419 scam, because the scammer often claims to be from Nigeria and 419 is the Nigerian criminal code that this scam violates.<br />
  76. 76. Advance fee fraud scams<br />Here are a few examples of the most popular advance fee frauds:<br />A foreign government official would like your assistance in transferring funds and will pay you a hefty commission if you agree.<br />You stand to inherit millions of dollars from a relative you don't remember.<br />You've won a prize or a lottery (perhaps one from a foreign country) that you don't remember entering.<br />
  77. 77. Help avoid advance fee fraud scams<br />Use spam filtering technology<br />Don't make investment decisions based on anonymous e-mail or text messages you receive.<br />Don't open attachments in unsolicited e-mails. Stock spam usually is sent as an image or as a PDF attachment.<br />Use an Internet service provider (ISP) or e-mail provider that has implemented Sender ID Framework, a technical solution to detect and block spoofed e-mail. <br />
  78. 78. Stock tips in e-mail and text messages<br />The pump-and-dump stock scam is a common form of spam these days. According to the United States Security and Exchange Commission (SEC), spammers send 100 million of these e-mail messages per week! <br />
  79. 79. Stock tips in e-mail and text messages<br />How pump-and-dump scams workScammers buy stock in a small company, often with stock prices of only a few shillings or less per share. Then they send out millions of e-mail or text messages across the globe to encourage recipients to buy that stock. These messages can even be disguised as confidential information that was sent to the recipient by mistake.<br />
  80. 80. Stock tips in e-mail and text messages<br />When enough people buy the stock, the price of the stock goes up. When the price is high enough, the spammers sell their shares. The price goes back down, and people who purchased the stock as a result of the tip suffer.<br />
  81. 81. Stock tips in e-mail and text messages<br />It can be difficult to find out who's behind pump-and-dump e-mail scams. That’s because spammers can take control of large numbers of computers and turn them into zombies that can work together as powerful 'botnets' to send the spam messages out.<br />
  82. 82. What do you do AFTER you are scammed?<br />
  83. 83. Step 1: Report the incident<br />Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.<br />The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received<br />
  84. 84. Step 2: Change all your passwords<br />Start with passwords that are related to financial institutions or information.<br />Create strong passwords<br />
  85. 85. Step 3: Routinely review your statements<br />Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.<br />
  86. 86. Step 4: Use the most up-to-date tools<br />Update your operating System, Antivirus and other network and administration tools.<br />You must evolve as technology and crime evolve.<br />
  87. 87. QUESTIONS?<br />

×