This ppt is based on cyber crime information. If any person want to know what is cyber crime and what happen in this then this ppt is very useful for them.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
This ppt is based on cyber crime information. If any person want to know what is cyber crime and what happen in this then this ppt is very useful for them.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
Cyber Crime and Cyber security .
it has been estimated that the cost of crimes committed, annually,would increase from $3 trillion to $6 trillion by 2021. with increase of cyber crimes, the needs for professionls to secure the system from such attacks has risen up.
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
Cybercrime is a type of crime done by the help of computer and internet. Brief about types of cyber crimes, Case studies and Cyber hygiene from cyber threats.
Be smart & creative in cyber world. #D3
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
The presentation is all about internet scams and specially describe the concept of Phishing & pharming and all its related type with a comprehensive description.
Cyber Crime and Cyber security .
it has been estimated that the cost of crimes committed, annually,would increase from $3 trillion to $6 trillion by 2021. with increase of cyber crimes, the needs for professionls to secure the system from such attacks has risen up.
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
Cybercrime is a type of crime done by the help of computer and internet. Brief about types of cyber crimes, Case studies and Cyber hygiene from cyber threats.
Be smart & creative in cyber world. #D3
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
The presentation is all about internet scams and specially describe the concept of Phishing & pharming and all its related type with a comprehensive description.
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
Phishing is basically the type of cybercrime in which attackers imitates a real person through institution and mimics that they are sending message from an authorized organization and then take the details of the user personal identity, credit card details and any type of bank information and will breach the personal details of the user. There are many free tools to help in web based scams. Basically the free anti phishing toolbars in the below given study were examined many example in which Spoof Guard anti phishing toolbar is sufficient and good at identifying fraudulent sites and can also gave false positive results. Earth Link, Google, Net Craft, Cloud Mark and Internet Explorer seven detected many of the fraudulent or fake sites even more than 15 of fraudulent sites are false positive. Trust Watch, eBay and Netscape correctly found the fraudulent websites and by the combination of the toolbars the expected outcome came out. Dr. Lalit Pratap | Mr. Shubham Sangwan | Monika "E-Mail Phishing Prevention and Detection" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49541.pdf Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/49541/email-phishing-prevention-and-detection/dr-lalit-pratap
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
The presentation on phishing scam offenses by Internet 2.0 Conference offers a comprehensive overview of this prevalent form of cybercrime. It covers the nature of phishing scams, various types including spear phishing, whaling, smishing, and vishing, and highlights legit ways of avoiding such scams.
Social engineering refers to all techniques aimed at talking a target into revealing specific information or performing a specific action for illegitimate reasons.
Sources of Funds, Venture Capital System, Designing a Funding Strategy, What investors look in a pitch funding, Current funding options available in GLobal Market
Core Concept of Marketing, Nature and Scope of Marketing, Importance, Selling Vs Marketing, Marketing Concepts, Segmentation, Basis of Segmentation, Targeting, Strategies of Targeting, Positioning, Strategieis of Positioning, Consumer Markets and Buying Behaviour, Consumer Behaviour, Buying Decision Behaviour
Entreprenuership Development Plan, Institutional Support System, National Institute for Entrepreneurship and Small Business Development, STEPs stands for Science and Technology Entrepreneurs Park, National Alliance for Young Entrepreneurs (NAYE), Technical Consultancy Organizations (TCOs), National Small Industries Corporation, Industrial Development Bank of India (IDBI), IFCI (Industrial Finance Corporation of India), ICICI (Industrial Credit and Investment Corporation of India) , RUDSETI (Rural Development and Self Employment Training Institute), Rural Development and Human Development Training Programs, Technology Transfer Programs
Planning and organizing Entrepreneurial VentureArnav Chowdhury
Define Process of planning
entrepreneurial venture, How to Organize business research
tool and techniques, Define Life cycle of venture, Define Problem solving approaches,What are the ways of financing new venture
Introduction to entrepreneurship: What are Entrepreneurship Traits, Define Entrepreneur decision making process
What is the Role of entrepreneurship in economy
Analyze Concept of start up and forms of ownership
Role of Women entrepreneur and challenges
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and Necessity, advantages.
Antivirus Techniques: Firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS).
Brief Introduction about Anti-Phishing Approach (Common Strategies Used For Secured Authentication): Authentication using passwords like One Time Password (OTP) generators, Two Factor Authentications, Secure Socket Layer (SSL), Secure Electronic Transaction (SET), Cryptography.
Information Technology and Modern Gadgets: Introduction, Utilization of Various Gadgets, Advantages of modern gadgets, Disadvantages of modern gadgets, Top 10 gadgets in India with small description.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
PHP Frameworks: I want to break free (IPC Berlin 2024)
Unit iii: Common Hacking Techniques
1. UNIT III: Common Hacking
Techniques
Off-Line Credential-Stealing Attacks: Phishing, Vishing, Malware and Pharming.
On-Line Credential-Stealing Attack: Spyware, Logging Worms, Trojans, In
Session Phishing Attacks.
2. What is a Credential-Based Attack?
• Credential based attacks occur when attackers steal credentials to
gain access, bypass an organizations security measures, and steal
critical data.
• Credential theft, the first stage of a credential-based attack, is the
process of stealing credentials. Attackers commonly use phishing for
credential theft, as it is a fairly cheap and extremely efficient tactic.
The effectiveness of credential phishing relies on human interaction
in an attempt to deceive employees, unlike malware and exploits,
which rely on weaknesses in security defenses.
3. What is a Credential-Based Attack?
• Corporate credential theft is usually a targeted effort. Attackers scour
social media sites such as LinkedIn, searching for specific users
whose credentials will grant access to critical data and information.
The phishing emails and websites utilized in corporate credential
theft are much more sophisticated than those used for consumer
credential theft. Attackers put a great deal of effort into making these
emails and websites look nearly identical to legitimate corporate
applications and communications.
4. Phishing
• Due to the lack of adoption of multi-factor authentication and poor
password best practices, the number of credential thefts by way of
phishing has grown exponentially. Phishing attacks are often carried out
when a cybercriminal poses as part of the users’ social or professional
networks – either as an individual or entity, such as a bank – and directs
targets to enter personal information at a fraudulent website that matches
the looks of the legitimate site. Additionally, attackers oftentimes use
phishing attacks to plant malware on systems and gain full unauthorized
access to sensitive data.
5. Types of phishing include spear phishing,
whaling and clone phishing.
• Spear phishing involves the targeting of specific organizations or individuals to steal
sensitive information such as account credentials. In this type of attack, hackers
disguise themselves as trustworthy identities and typically access sensitive information
via email-spoofing or by infiltrating other online messaging systems.
• Whaling is a type of spear phishing attack aimed at C-suite executives within an
organization and often impersonate customer complaints or personal issues.
• Clone phishing is carried out by stealing a previously delivered email containing an
attachment and/or link and then using it to create a similar or “cloned” email with the
intent of gaining access to privileged credentials. Within these, the attachments/links
are replaced with malicious versions and the email address is slightly altered to deceive
the recipient.
6. Vishing
• Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share
personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s
Internet Crime Complaint Center.
• During a vishing phone call, a scammer uses social engineering to get you to share personal
information and financial details, such as account numbers and passwords. The scammer might
say your account has been compromised, claim to represent your bank or law enforcement, or
offer to help you install software. Warning: It's probably malware.
• Vishing is just one form of phishing, which is any type of message — such as an email, text,
phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal
is to steal someone's identity or money.
• It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time
using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call
appear to come from a trusted source, such as your bank.
7. Common vishing scams
• “Compromised” bank or credit card account
Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s
an issue with your account or a payment you made. You may be asked for your login
credentials to fix the problem or asked to make a new payment. Instead of giving out your
info, hang up and call your financial institution on their publicly available number.
• Unsolicited loan or investment offers
Scammers will call with offers that are too good to be true. They'll say, for example, that
you can earn millions of dollars on one small investment, pay off all your debt with one
quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act
now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors
won't make these types of offers and won't initiate contact out of the blue.
8. Common vishing scams
• Medicare or Social Security scam
Phone calls are the No. 1 method scammers use to reach older adults, according to the
Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare
open enrollment season — and try to glean financial information from the victim, such as
their Medicare number or bank account details. Then the scammer will either fraudulently
use the victim's Medicare benefits or steal their money.
• IRS tax scam
There are many variations of this type of scam, but typically, you'll receive a prerecorded
message. It tells you something's wrong with your tax return and if you don't call back, a
warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID
made to look like the call is coming from the IRS.
9. How to spot a vishing scam
Here are some of the tell-tale signs of a vishing scam:
• The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've
requested contact, none of these federal agencies will ever initiate contact with you by email, text
messages, or social media channels to request personal or financial information. In fact, be skeptical of
anyone who calls you with an offer.
• There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest
warrants and problems with your account. If you get one of these phone calls, remain calm and never give
out your own information. Hang up and do your own investigation.
• The caller asks for your information. They may ask you to confirm your name, address, birth date, Social
Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they
may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.
10. Malware
• Malicious software, more commonly known as malware, is a threat to your devices and your
cybersecurity. It’s software that cyber attackers develop to gain access or cause damage to a
computer or network, usually without the victim’s knowledge.
What is a malware attack?
• A malware attack is when cybercriminals create malicious software that’s installed on someone
else’s device without their knowledge to gain access to personal information or to damage the
device, usually for financial gain. Different types of malware include viruses, spyware,
ransomware, and Trojan horses.
• Malware attacks can occur on all sorts of devices and operating systems, including Microsoft
Windows, macOS, Android, and iOS.
• At least one type of malware attack is growing. Mobile ransomware attacks increased by a third
in 2018 from the previous year. Most of those attacks occurred in the United States.
11. Types of malware attacks
• Exploit kit
• Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a
target’s computer or mobile device. The kits come with prewritten code that will search for
vulnerabilities. When a vulnerability is found, the kit can inject malware into the computer
through that security hole. This is a highly effective malware attack variety, and one of the
reasons why it is so important to run software updates as soon as they become available in
order to patch security flaws.
• Malicious websites and drive-by-downloads
• A drive-by-download is a download that occurs when a user visits a malicious website that is
hosting an exploit kit for malware attacks. There is no interaction needed on the user’s part other
than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of
the browser, and inject malware via the security hole.
12. Types of malware attacks
• Malvertising
• Malicious advertising — malvertising, for short — is a threat that’s popular among
cybercriminals. The cybercriminal will purchase legitimate advertising space on legitimate
websites, but malicious code will be embedded within the ad. Similar to a drive-by-download,
there is no interaction needed on the user’s part to download the malware and be impacted by
this kind of malware attack.
• Man-in-the-middle (MitM) attack
• A man-in-the-middle attack employs the use of an unsecured, or poorly secured, usually public
Wi-Fi router. The hacker will then scan the router using special code looking for certain
weaknesses such as default or poor password use.
• Once the attacker has found the vulnerability, they will then insert themselves in between the
user’s computer and the websites that user visits and intercept the messages or information
being transmitted between the two, such as passwords or payment card data.
13. Types of malware attacks
• Man-in-the-browser (MitB) attack
• This is similar to a man-in-the-middle attack attack. All an attacker needs to do is
inject malware into the computer, which will then install itself into the browser
without the user’s knowledge. The malware will then record the data that is
being sent between the victim and specifically targeted websites.
• Social engineering and malware attacks
• Social engineering is a popular malware delivery method that involves the
manipulation of human emotions. Social engineering uses spam phishing via
email, instant messages, social media, and more. The goal is to trick the user
into downloading malware or clicking a link to a compromised website that hosts
the malware.
14. What should I do about malware attacks?
Keep your software updated
• Software updates are important because they repair security holes that have been discovered, and fix or
remove computer bugs. It’s smart to run software updates as soon as they become available.
Back up your files regularly
• Regularly copy your data to an external hard drive or a reputable cloud storage provider in case it’s ever
compromised in a malware attack. Back up the data on all of your devices, including your tablets,
computers, and smartphones.
Scan executable files before running them
• “Executable” files, which end in “.exe.”, contain step-by-step instructions for a computer to carry out a
function. Double-clicking the .exe file will trigger your computer to execute these instructions using a
software program.
• There are plenty of software options that contain antivirus software, but it’s a good idea to choose one that
scans in real-time rather than manually.
15. Pharming
• Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install
malicious code on your computer or server. The code automatically directs you to bogus websites without
your knowledge or consent.
• The goal is to get you to provide personal information, like payment card data or passwords, on the false
websites. Cybercriminals could then use your personal information to commit financial fraud and identity
theft.
• Pharming combines the words “phishing” and “farming.” This cybercrime is also known as “phishing without
a lure.”
• Phishing is an online fraud scheme where a cybercriminal hopes you’ll click on a compromised email link
which takes you to a fake site where you then enter your access credentials — such as your username and
password. If you do, the fraudster can then access the real site and steal your personal information there.
16. Pharming
• Pharming, on the other hand, is a two-step process. One,
cybercriminals install malicious code on your computer or server.
Two, the code sends you to a bogus website, where you may be
tricked in providing personal information. Computer pharming
doesn’t require that initial click to take you to a fraudulent website.
Instead, you’re redirected there automatically. The fraudster has
immediate access to any personal information you enter on the site.
17. How to protect yourself against pharming
• Ensure you are using secure web connections (look for https in the web address)
• Be cautious when opening links or attachments that you weren’t expecting or that are from an unfamiliar sender
• Avoid suspicious websites
• Enable two-factor authentication on sites that offer it
• Use a reputable internet service provider, whenever possible
• Use a VPN service that has reputable DNS servers
• Change the default password on your consumer-grade routers and wireless access point
Here are two signals of pharming.
• An unsecure connection. If your site address says “http” instead of “https” in the address line, the website may be corrupted.
• A website that doesn’t seem right. If the site you’re on has spelling errors, unfamiliar font or colors, or otherwise just doesn’t
seem legitimate, it may not be.
18. Online Credential Theft Attacks:
SPYWARE
• Spyware is unwanted software that infiltrates your computing device, stealing your internet
usage data and sensitive information. Spyware is classified as a type of malware — malicious
software designed to gain access to or damage your computer, often without your knowledge.
Spyware gathers your personal information and relays it to advertisers, data firms, or external
users.
• Spyware is used for many purposes. Usually it aims to track and sell your internet usage data,
capture your credit card or bank account information, or steal your personal identity. How?
Spyware monitors your internet activity, tracking your login and password information, and
spying on your sensitive information.
• Some types of spyware can install additional software and change the settings on your device,
so it’s important to use secure passwords and keep your devices updated.
19. Spyware
There are four main types of spyware. Each uses unique tactics to track you.
• Adware. This type of spyware tracks your browser history and downloads, with the intent of predicting what
products or services you’re interested in. The adware will display advertisements for the same or related
products or services to entice you to click or make a purchase. Adware is used for marketing purposes and
can slow down your computer.
• Trojan. This kind of malicious software disguises itself as legitimate software. For example, Trojans may
appear to be a Java or Flash Player update upon download. Trojan malware is controlled by third parties. It
can be used to access sensitive information such as Social Security numbers and credit card information.
• Tracking cookies. These track the user’s web activities, such as searches, history, and downloads, for
marketing purposes.
• System monitors. This type of spyware can capture just about everything you do on your computer.
System monitors can record all keystrokes, emails, chat-room dialogs, websites visited, and programs run.
System monitors are often disguised as freeware.
20. How do I get spyware?
• Your device is slow or crashes unexpectedly.
• Your device is running out of hard drive space.
• You get pop-ups when you are online or offline.
How to help prevent spyware?
Here are four main steps to help prevent spyware.
• Don’t open emails from unknown senders.
• Don’t download files from untrustworthy sources.
• Don’t click on pop-up advertisements.
• Use reputable antivirus software.
21. Worms
A worm is a malicious computer program that replicates itself usually over a computer
network. An attacker may use a worm to accomplish the following tasks;
• Install backdoors on the victim’s computers. The created backdoor may be used to
create zombie computers that are used to send spam emails, perform distributed denial
of service attacks, etc. the backdoors can also be exploited by other malware.
• Worms may also slowdown the network by consuming the bandwidth as they replicate.
• Install harmful payload code carried within the worm.
22. Protecting yourself from Computer Worms
• Keep the computers’ operating system and software up-to-date with vendor-issued
security releases. These updates often contain security patches designed to protect
computers from newly discovered worms.
• Avoid opening emails that you don’t recognize or expect, as many computer worms
spread via email.
• Refrain from opening attachments and clicking on links from untrusted/unfamiliar
sources.
• Run a firewall and antivirus software to be further protected from computer worms.
Software firewalls will keep the computer protected from unauthorized access. Choose
an antivirus program that includes download scanning functionality (to detect malicious
content in email and web downloads) as well as malware removal tools
23. Symptoms of a Computer Worm
• Slow computer performance
• Freezing/crashing
• Programs opening and running automatically
• Irregular web browser performance
• Unusual computer behavior (messages, images, sounds, etc)
• Firewall warnings
• Missing/modified files
• Appearance of strange/unintended desktop files or icons
• Operating system errors and system error messages
• Emails sent to contacts without the user’s knowledge
24. Computer Worm Removal
• Check that all antivirus signatures are up-to-date.
• Scan the computer with antivirus software.
• If the scan detects a computer worm or other malware, use the software
to remove malware and clean or delete infected files. A scan that detects
no malware is usually indicative that symptoms are being caused by
hardware or software problems.
• Check that the computer’s operating system is up-to-date and all software
and applications have current patches installed.
• If a worm is difficult to remove, check online for specific computer worm
removal utilities.
25. Trojan
• A Trojan horse, or Trojan, is a type of malicious code or software that
looks legitimate but can take control of your computer. A Trojan is
designed to damage, disrupt, steal, or in general inflict some other
harmful action on your data or network.
26. How do Trojans work?
• You might think you’ve received an email from someone you know and click on
what looks like a legitimate attachment. But you’ve been fooled. The email is
from a cybercriminal, and the file you clicked on — and downloaded and opened
— has gone on to install malware on your device.
• When you execute the program, the malware can spread to other files and
damage your computer.
• How? It varies. Trojans are designed to do different things. But you’ll probably
wish they weren’t doing any of them on your device.
27. Common types of Trojans
Backdoor Trojan
• This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control
it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your
device.
Downloader Trojan
• This Trojan targets your already-infected computer. It downloads and installs new versions of malicious
programs. These can include Trojans and adware.
SMS Trojan
• This type of Trojan infects your mobile device and can send and intercept text messages. Texts to
premium-rate numbers can drive up your phone costs.
Distributed Denial of Service (DDoS) attack Trojan
• This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic
comes from your infected computer and others.
28. How to help protect against Trojans
• Computer security begins with installing and running an internet security suite. Run periodic diagnostic
scans with your software. You can set it up so the program runs scans automatically during regular
intervals.
• Update your operating system’s software as soon as updates are made available from the software
company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to
operating system updates, you should also check for updates on other software that you use on your
computer.
• Protect your accounts with complex, unique passwords. Create a unique password for each account using
a complex combination of letters, numbers, and symbols.
• Keep your personal information safe with firewalls.
• Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
• Be careful with email attachments. To help stay safe, scan an email attachment first.
29. In-session phishing
• With this technique, a fake pop-up is generated as users browse on
legitimate websites. The pop-up typically requests for account
credentials or other personal information. Users, thinking that the
pop-up is tied to the website they are browsing, enter their
information which is then retrieved by the cybercriminals.
• The best defense against this phishing technique is to always ensure
that your browsers have pop-up blockers enabled.