Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Updated for SIDLIT 2016 - Jonathan Bacon, Retired Old Guy
From www.informationisbeautiful.net see http://goo.gl/a0pGe
 National Cyber Security Alliance: 20% chance
per 2013 article PCWorld
 May 2014 Ponemon Institute study
commissioned by...
 First protect yourself
 Then help and protect
your students
 “Oxygen Mask Rule” or
“Pass It On” effect
“Cyber hunters from Symantec,Trend Micro,
Kaspersky, Mandiant, Phishlabs and hundreds
of other security firms and governme...
 Install and keep virus protection up-to-date
 Use strong passwords (upper/lower case, numbers,
special characters) and ...
 Avoid easy to guess passwords (e.g., password,
12345678, important dates, information about you
that can be Googled, or ...
12345
111111
password
12345678
1234567
123456789
abc123
123456
123123
qwerty
Source ZDnet
abcd
monkey
welcome
iloveyou
hello
july
love
dragon
password
qwerty
Source ZDnet
Bad Better Best
12345678 WP19891990* SJdyhGnA
password #33@JcCc! CCvHSMLu
admin sf2ut2bU pj3QaSe3
iloveyou aNwYcCd4Y 4mhCM...
 Use product like Norton Internet Security to flag
safe sites
 Go to website by typing web link in browser, don’t
use em...
 Web address in browser starts with https:// and
 Closed padlock appears in your web browser
 Padlock is function of
browser, not the web
page, but…
 Click on padlock for
details
 Name of company
 “The connectio...
Note: Different browsers have padlock in different locations
Edge Secure Site
 When shopping online, try to use only trusted
retailers (Amazon, big name retailers)
 Even with trusted retailers, chec...
 Turn off sharing (i.e., network discovery or stealth
mode, file and printer sharing)
 Enable your firewall
 Windows: C...
 Consider using aVPN (Virtual Private Network) such
as CyberGhost (has 4 profiles)
 Full automaticWi-Fi protection
 Ano...
 Carry cards safely and only what you need
 When traveling, notify card company
 Consider one card for local, another f...
 Fraud where scammer pretends to be legitimate
person and trick you into revealing personal
information
 Credit card inf...
 Requests for confidential information by phone or
email
 Scare tactics, playing on your fears
 Generic-looking request...
 “Don’t Miss Out!”
 “We_have_found_yOu_amazing_credit!”
 “
May be telemarketer,
spammer, phisher,
scammer, wrong number
 Don’t answer
 Use voicemail as filter
 Google the number ...
 Uses incorrect URL
 Fake: www.chase.com.support.com
 Real: www.chase.com
 Asks for banking information
 Uses a publi...
 Opening SPAM from strangers
 Failure to use strong passwords and change them
frequently (at minimum every 6 months)
 C...
 Use strong passwords and include upper and
lowercase letters, numbers and special characters (if
allowed)
 Use two-fact...
 Notify all financial institutions
 Banks
 Credit Card Companies
 Lenders
 Visit Federal Government’s IdentityTheft s...
• I want to report identity theft
• Someone else filed a tax return using my information
• My information was exposed to a...
 Capitalizes on fear
 Requires payment of fee to (supposedly) regain
access to your files or computer
 $325M paid for s...
 Backup regularly – apply 3-2-1 rule (offline backups)
 Verify email sources/don’t click untrusted links
 Bookmark freq...
 Currency: timeliness of information, current
or out-of-date?
 Relevance: intended audience, related to
topic?
 Authori...
Hackers and Hacking
 Biggest Data BreachesVisualization http://goo.gl/a0pGe
 Zone-H http://www.zone-h.org/ Information o...
Phone Calls from Unknown, Unavailable, Unlisted Sources
 “Should you answer unknown phone calls?”
https://www.quora.com/S...
Safety Advice
 “What amateurs can learn from security pros about staying safe online”
http://goo.gl/FRWRZX
 “5WaysYou Ca...
Evaluating Online Sources
 Tips andTricks for EvaluatingWeb Sites
http://www.library.illinois.edu/ugl/howdoi/webeval.html...
Living in a World of Hackers, Phishing, Scams and SPAM
Living in a World of Hackers, Phishing, Scams and SPAM
Living in a World of Hackers, Phishing, Scams and SPAM
Living in a World of Hackers, Phishing, Scams and SPAM
Living in a World of Hackers, Phishing, Scams and SPAM
Upcoming SlideShare
Loading in …5
×

Living in a World of Hackers, Phishing, Scams and SPAM

865 views

Published on

How do you protect yourself and educate your students on privacy concerns and the lurking dangers of living and learning online? Considered by many the most pervasive danger in modern times is loss of privacy and fraud online and off.
Every day the media is full of news about individuals who are victims of identity theft, credit card theft, and a variety of financial scams. If you and your students don’t know of someone who has endured an invasion of privacy or online fraud, you will soon enough. The best defense is knowledge.
Among other issues, the session will address the following questions and issues:
• How do I avoid being the subject of identity theft?
• What can I do to protect myself from credit card fraud?
• What should I do if I suspect fraud?
• Are there online activities that endanger your privacy and your credit?
• Are there best practices that will help protect your privacy and your credit?
• How do I recognize SPAM and avoid contributing to the problem?
A related issue is the discernment necessary to understand what is real and what is fake online. Judging the authenticity and verifiability of messages and websites will be addressed.

The session will focus on potentially dangerous online and privacy related behaviors that can endanger the instructor's or student's privacy and finances. We will also address steps to take if the individual feels their online privacy or finances have been hacked or endangered. Further, we'll discuss the unconscious ways in which we all contribute to spamming.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Living in a World of Hackers, Phishing, Scams and SPAM

  1. 1. Updated for SIDLIT 2016 - Jonathan Bacon, Retired Old Guy
  2. 2. From www.informationisbeautiful.net see http://goo.gl/a0pGe
  3. 3.  National Cyber Security Alliance: 20% chance per 2013 article PCWorld  May 2014 Ponemon Institute study commissioned by CNN Money: 50% of US adults hacked over 1 year  National Small Business Association 44% hacked per 2013 study  Pretty darn high!
  4. 4.  First protect yourself  Then help and protect your students  “Oxygen Mask Rule” or “Pass It On” effect
  5. 5. “Cyber hunters from Symantec,Trend Micro, Kaspersky, Mandiant, Phishlabs and hundreds of other security firms and government agencies spend days, weeks, months, years tracking the bad folks who prey on people’s ineptitude, gullibility, stupidity, greed and laziness.” Andy Marken, Marken Communications
  6. 6.  Install and keep virus protection up-to-date  Use strong passwords (upper/lower case, numbers, special characters) and don’t reuse passwords  Use a random generator for highly secure passwords  Don’t provide answers to security questions that can be Googled (make up the answer!)  Delete registration emails with temporary passwords and change password immediately
  7. 7.  Avoid easy to guess passwords (e.g., password, 12345678, important dates, information about you that can be Googled, or previously used passwords)  Change passwords frequently.  If you suspect you’ve been hacked, change all passwords now!  Store all passwords safely (use a password vault such as mSecure, Dashlane, LastPass, KeyChain); no paper record.  Use 2-Step verification, if available (e.g. Google, Amazon)
  8. 8. 12345 111111 password 12345678 1234567 123456789 abc123 123456 123123 qwerty Source ZDnet
  9. 9. abcd monkey welcome iloveyou hello july love dragon password qwerty Source ZDnet
  10. 10. Bad Better Best 12345678 WP19891990* SJdyhGnA password #33@JcCc! CCvHSMLu admin sf2ut2bU pj3QaSe3 iloveyou aNwYcCd4Y 4mhCMaGb The BEST passwords use random letters, numbers and special characters. Password vaults can generate/store random passwords. Or sites like https://www.random.org/passwords/, but read the caveat! The BETTER passwords use personal info (can’t be Googled), with meaning for you (easily remembered), or abbreviated phrase.
  11. 11.  Use product like Norton Internet Security to flag safe sites  Go to website by typing web link in browser, don’t use email link  Check spelling carefully when typing web link  Check for padlock and https:// and do not log into a site if not secure  Examine site carefully (misspellings, fuzzy images)  If site feels wrong or fake, do not login, instead call the company directly  Log out of any secure site when you are finished
  12. 12.  Web address in browser starts with https:// and  Closed padlock appears in your web browser
  13. 13.  Padlock is function of browser, not the web page, but…  Click on padlock for details  Name of company  “The connection to the server is encrypted and…”  “Your connection…is private”  Transport Layer Security (TLS) in use  Check domain name  citi.support.com vs citi.com
  14. 14. Note: Different browsers have padlock in different locations Edge Secure Site
  15. 15.  When shopping online, try to use only trusted retailers (Amazon, big name retailers)  Even with trusted retailers, check that the web address is not spoofed (more to follow)  Preferably, conduct sensitive online activities (banking, purchasing) at home  Avoid making purchases on publicWi-Fi or public computers unless “you’re sure it’s secure”
  16. 16.  Turn off sharing (i.e., network discovery or stealth mode, file and printer sharing)  Enable your firewall  Windows: Control Panel > System and Security >Windows Firewall  Mac: System Preferences > Security & Privacy > Firewall  iPad: no firewall needed unless jail broken (Firewall IP)  Remember use HTTPS andTLS/SSL connections, look for padlock  Turn offWi-Fi when not using it
  17. 17.  Consider using aVPN (Virtual Private Network) such as CyberGhost (has 4 profiles)  Full automaticWi-Fi protection  Anonymous browsing  Secure streaming (Netflix, Hulu)  Compress internet traffic to save data costs  Use password vault (LastPass, mSecure) to avoid typing passwords that can be captured
  18. 18.  Carry cards safely and only what you need  When traveling, notify card company  Consider one card for local, another for online  Remove USPS mail from mailbox in timely fashion  Stop mail when traveling or have neighbor pickup  Securely store or shred statements  Review your account activity frequently  Check for unexpected, inflated charges and test ($1.00) charges
  19. 19.  Fraud where scammer pretends to be legitimate person and trick you into revealing personal information  Credit card information  Social security numbers  Passwords, PINs  Examples:  Sends email pretending to be from your bank, a vendor you know, a company you know  Hosts a fake (spoofed) website  Calls you on the phone, urgent message or warning
  20. 20.  Requests for confidential information by phone or email  Scare tactics, playing on your fears  Generic-looking requests (Dear Sir/Madam)  Forms embedded in email
  21. 21.  “Don’t Miss Out!”  “We_have_found_yOu_amazing_credit!”  “
  22. 22. May be telemarketer, spammer, phisher, scammer, wrong number  Don’t answer  Use voicemail as filter  Google the number or use reverse lookup app  Block the number, if necessary Long lost friend, emergency call from someone you know (unknown number), vendor (doctor, repair person, bank) that turns off caller ID  Answer but be prepared to hang-up without comment
  23. 23.  Uses incorrect URL  Fake: www.chase.com.support.com  Real: www.chase.com  Asks for banking information  Uses a public Internet account (i.e., from an email account that is not from the institution)  Misspelled words  Not a secure site  Images on website are low resolution (fuzzy)
  24. 24.  Opening SPAM from strangers  Failure to use strong passwords and change them frequently (at minimum every 6 months)  Clicking on strange-looking links (or links in messages supposedly from friends with minimal/no explanation)  Accepting Facebook Friend requests from:  People you don’t know  People who you’ve already friended  Failure to back up your data regularly  Failure to educate others (students, spouse, partner, children, grandchildren)
  25. 25.  Use strong passwords and include upper and lowercase letters, numbers and special characters (if allowed)  Use two-factor authentication, when available  Do not click on links in messages from unknown senders  Use security software and keep it up to date  Norton/Symantec  Kaspersky  McAfee  MicroTrend
  26. 26.  Notify all financial institutions  Banks  Credit Card Companies  Lenders  Visit Federal Government’s IdentityTheft site: https://www.identitytheft.gov/  Concerning IncomeTax Filing? Contact the IRS at (800) 829-1040 or (800) 829-4059 if hearing disabled
  27. 27. • I want to report identity theft • Someone else filed a tax return using my information • My information was exposed to a data breach • Someone got my personal information or my wallet, and I’m worried about identity theft • Something else
  28. 28.  Capitalizes on fear  Requires payment of fee to (supposedly) regain access to your files or computer  $325M paid for single variant in 2015 (CryptoWall)  Ransomware families (variants)  CryptoWall – holds your data (files) hostage  Reveton/Law enforcement – uses federal or local law enforcement warnings (threats) “the work of your (the user’s) computer has been suspended on the grounds of unauthorized cyber activity.”  Jigsaw - Deletes files at increasing rate until ransom paid
  29. 29.  Backup regularly – apply 3-2-1 rule (offline backups)  Verify email sources/don’t click untrusted links  Bookmark frequently used and trusted websites  Apply OS, application and security updates promptly The 3-2-1 backup rule implies that you: • Have at least 3 copies of your data • Keep these backups on 2 different media • Store 1 backup offsite
  30. 30.  Currency: timeliness of information, current or out-of-date?  Relevance: intended audience, related to topic?  Authority: source of information, credentials of author, contact information?  Accuracy: reliability, truthful and correct content, spelling, grammar or typo errors?  Purpose: fact, opinion, propaganda, bias?
  31. 31. Hackers and Hacking  Biggest Data BreachesVisualization http://goo.gl/a0pGe  Zone-H http://www.zone-h.org/ Information on daily hacks.  “How to Avoid HavingYour GoogleAccount Hacked” http://goo.gl/3zCg9v  Hackers Are Getting Better, the Rest of Us Are GettingWorse http://goo.gl/InlqpV  WhyThere is a 1 in 3 ChanceYou’ll Get Hacked in 2016 https://www.bestvpn.com/blog/43225/get-hacked-one-in-three/ Passwords and Password Managers  “The Best Password Managers for 2016,” PC Magazine, February 9, 2016, http://goo.gl/uBwhw
  32. 32. Phone Calls from Unknown, Unavailable, Unlisted Sources  “Should you answer unknown phone calls?” https://www.quora.com/Should-you-answer-unknown-phone-calls-Why- or-why-not  “PSA: Missed call from a mystery number?” http://techcrunch.com/2014/02/02/missed-call-scam/ FakeWebsites and Phishing  “How to Spot a FakeWebsite and Not Get Phished” (PDF file) http://goo.gl/ZWXaKr  “How to Spot a FakeWebsite” http://goo.gl/fEh6PJ  “CanYou ReallyTrust the Browser Padlock ?” https://goo.gl/jFks6P  “Can one reliably show HTTPS status in browser (not just the lock in URL bar)?” http://goo.gl/KPUdrd  “7 essential tips to beat phishing scams” http://goo.gl/a6zHyo
  33. 33. Safety Advice  “What amateurs can learn from security pros about staying safe online” http://goo.gl/FRWRZX  “5WaysYou Can Help ProtectYourself and Stay Secure Online” from the Norton Protection Blog https://goo.gl/iBK8B9  “Talk: Credit Card SafetyTips,” newsletter from Mainstreet Credit Union, JohnsonCounty Kansas.  “How to Stay Safe on PublicWi-Fi Networks” http://goo.gl/E6AJqk  “6Ways to Use PublicWi-Fi Hot Spots Safely” http://goo.gl/KN5MtX Ransomware  “Ransomware 101:What, How andWhy” http://goo.gl/jrxgLR  “Why the 3-2-1 Backup Rule Still Makes Sense” http://windowsitpro.com/blog/why-3-2-1-backup-rule-still-makes-sense  The Current State of Ransomware-Cryptowall https://goo.gl/MZUKAF
  34. 34. Evaluating Online Sources  Tips andTricks for EvaluatingWeb Sites http://www.library.illinois.edu/ugl/howdoi/webeval.html  ChoosingCredible Sources https://www.ivcc.edu/stylebooks/stylebook6.aspx?id=14724  Evaluating Internet Resources http://eduscapes.com/tap/topic32.htm  The CRAAPTestWorksheet (California State University-Chico) http://www.edutopia.org/blog/evaluating-quality-of-online-info-julie- coiro BestVPN  Five BestVPN Service Providers http://lifehacker.com/5935863/five-best- vpn-service-providers

×