Table of Contents
1. Introduction..................................................................................................................5
2. Computer Ethics..........................................................................................................6
2.4 Scenarios................................................................................................................8
3. Understanding Internet..............................................................................................9
5. Filtering services.........................................................................................................27
5.4 Changing the parental control settings in the parental control toolbar 37
K9 also offers:.............................................................................................................40
7. Social Networking.....................................................................................................49
8. Social Engineering.....................................................................................................51
9.4 Guidelines............................................................................................................57
11. Blogging....................................................................................................................62
11.1Types of blogs....................................................................................................62
17.3 In Organizations................................................................................................93
23.1 MBSA.................................................................................................................126
Cyber Security needs have to be addressed at all levels, from the individual user
to an organization and beyond that to the government and the nation. Cyber
Security is becoming synonymous with National Security as Computer
Networking, which is vulnerable to Cyber attack and forms the backbone of
critical infrastructure of the country's banking, power, communication network,
etc... It is, therefore, important to have secure Computer Systems and
Networks. Also, increased focus on outsourcing of IT and other services from
developed countries is bringing the issue of data security to the fore.
Furthermore, owing to the massive Internet boom, a lot of home users with little
or no prior knowledge of the threats and their countermeasures are exposed to
the Internet. This, the attackers, can exploit to expand their base of malicious
activity and use innocent people for their schemes. Consequently, we aim to
spread the education to school children, teachers, parents and senior citizens and
equip them with the knowledge needed to mitigate the threat.
2.2.1 Acceptance
2.2.7 Supervision
You should know what children are doing on the Internet and
the sites they visit on the Internet and should check with whom
they are communicating.Restrict them browsing inappropriate
sites. Parental involvement is essential when a child is using
the Internet in order to make him follow the rules.
We must encourage children, students and others to gain the knowledge from
the Internet and use it wisely. Internet is a great tool where we can gather
information which can be used for learning.
2.4 Scenarios
2.4.1 Scene 1
Ravi asked kishore if he could look at the essay written by him, He said sure and
didn’t think much about it. After some days their essays were verified by the
class teacher who asked kishore to stay after class. The teacher pointed out that
their essays were similar and asked for an explanation.
So always teach and guide children not to copy content or information from
Internet or from classmates.
2.4.2 Scene 2
Vicky has stepped out from the computer lab without logging off. Bob sits on
Vicky’s computer, logs-in as Vicky, sends false e-mail messages to a number of
students and posts similar messages on the class newsgroup.
So teach children that they must never misuse others computers and e-mail IDs
to harm others and defame them.
The word “Internet” exactly means “network of networks”. The Internet consists
of thousands of smaller regional networks spread throughout the world. It
connects approximately 80 million users in Asian countries on any given day.
Web site contains one to millions of inter connected pages, has hyperlinks to
connect and help to find your way around the web site. You can find different
kinds of information on the web- like games, health matters, holiday destination,
train timetables, weather forecast and many more. There are millions of web
sites available on the Internet, and you can find any thing that interests you.
Each Web site has its own unique address, which is called a Uniform Resource
Locator or URL. To visit a site, you need to type its address in the address bar of
your web browser.
Through the Internet, thousands of people around the world are able to access
information from their homes, schools, Internet cafes and workplaces.
The user can connect easily through ordinary personal computers and
share the knowledge, thoughts by making the use of an Internet.
We can send electronic mail (e-Mail) to family members and friends with
accounts on the Internet, which is similar to sending letters by post. The
E-mail can be sent within minutes no matter where they are without
postal stamps etc.
We can post information that can be accessed by others and can update it
frequently.
We can access multimedia information that includes video, audio, and
images.
We can learn through Web-Based Training and Distance Learning on the
Internet.
The geographic sharing of the Internet continues to spread, around the world
and even beyond. A main feature of the Internet is that once you have connected
to any part of it, you can communicate with all of it.
The Internet is a great tool for developing the communication and collaboration
skills of students and children. Above all, the Internet is an effective means of
building language skills. Through e-Mail, chat rooms and discussion groups,
students learn the basic principles of communication in the written form. This
gives teachers the opportunity to incorporate Internet-based activities into
normal literacy programs and bring variety to their teaching strategies.
3.5.1 Privacy
Some websites prompt students to complete a form revealing their name, e-Mail
address, age and gender, and sometimes even their telephone number and postal
address, in order to access information. Some requests are legitimate: much
depends on the nature of the website requesting the information. Providing
personal information online can result in a student being targeted for spam
(unsolicited e-Mail), advertising materials and/or viruses. Privacy issues also
apply to students developing personal websites and publishing online. Personal
details, including photographs of themselves or other students, may lead to the
information being captured and reused by others for illicit purposes.
Risks in Peer to peer networking due to their unstructured networks and sharing
with unknown computers or persons may rise to affect or infect your computers
with viruses, spam's
Use filtering software you trust to filter the data communication from
your system.
Use file sharing program controls and adjust the P2P program to run
whenever required. Disable automatic starting.
Always update Operating System, Anti virus and Anti Spyware
packages.
Do not use an administrative account. It may expose the whole system
to other users in P2P networks. Create separate account for normal
operations.
Treat all download files with suspicion.
Take back up of important files. This will help you in recovering the
files.
Delete any pirated software, files, etc. Alternatively, do not download
them at all.
In peer-to-peer networks all nodes are act as server as well as client therefore no
need of dedicated server.
Peer to peer network is easier to set up and use this means that you can spend
less time in the configuration and implementation of peer to peer network.
It is not require for the peer to peer network to use the dedicated server
computer. Any computer on the network can function as both a network server
and a user workstation.
Torrents have become an increasingly popular way to download files. No matter what
you are looking for, from audio to video to applications, torrents are an easy way to find
and download. However, most torrents are illegal and nature and you are breaking the
law by downloading them.
Peer-to-peer file sharing pretty much began with torrents. They are a type of file sharing
protocol specializing in larger file downloads. The way torrents are encoded make it
easier to download a large file, and even reputable resources are beginning to use them
to make downloading files easier for users.
IP tattlers are a pain too, in that once you download something and activate it for the
first time, it sends information to the watcher program containing the IP address of the
computer you were using and where it was downloaded from. These watchers are paid
by software development companies to bust people downloading non-free-to-play
software.
3 things you should always do before opening ANYTHING you download from torrent:
1) Download from a remote source. Like a cyber cafe or another free wifi zone. Watchers
can't find you if you download remotely, it will only send information of the place you
downloaded from.
3) Wait 48hrs before opening any program you download from torrent, and run
antivirus software scans on it before you do. Most viruses are discovered within the first
48hrs of it's release, and you need to wait till your antivirus program receives definition
updates, so that you can combat it before it attacks you. Better to let it happen to
someone else first.
Source:
http://hubpages.com/hub/torrent-sites-overview
https://torrentprivacy.com/
http://www.techfuels.com/general-networking/10266-advantages-peer-peer-
networks.html
http://www.ucertify.com/article/what-are-the-advantages-and-disadvantages-of-a-
peer-to-peer-network.html
http://www.techsoup.org/learningcenter/networks/page4774.cfm
http:// In short, http means the hypertext transfer protocol and the file is a
web page and every time you don’t need to type the http, it is automatically
inserted by the browser.
.in –It is one of the domains name, which is basically a country name.
Other domain names are .com (commercial organization), .net (network domain)
etc.
(The organization address and location of the organization address are known as
the domain name).
co.in –suffix or global domain name shows the type of organization address and
the origin of the country like the suffix co.in indicates a company in India.
Generally a web browser connects to the web server and retrieves the
information.Each web server contains the IP address, and once you are
connected to the web server by using http, it reads the hyper text mark-up
language (HTML) which is a language used to create document on World Wide
Web in which the same document is displayed in the web browser .
A Web browser is a software application that runs on the Internet and allows
viewing the web pages, as well as content, technologies, videos, music, graphics,
animations and many more.
4.2.4.4 Safari
Firefox protects you from viruses, worms, trojan horses, and spyware
delivered over the Web. If you accidentally access an attack site, it will
warn you away from the site and tell you why it isn’t safe to use.
Site Identity Button: The Site Identity Button is in the Location bar to
the left of the web address.
From the settings tab select the options and click on the under the
hood.
Under privacy enable the option show suggestions for navigation
error.
Under minor tweaks enable the enable the never save passwords.
Under computer wide SSL settings enable the option use SSL 2.0
From the page menu select the create application shortcuts, this is
used if you want some websites to be viewed regularly and you may
want to create applications shortcuts for the desired web sites that
can be placed on your desktop, start menu or quick launch menu so
you can choose any one of these options after creating if you double
click on the shortcut icon on the desktop or start menu, the websites
opens in a special window that doesn’t display tabs, buttons, address
bar or menus.
Many of the browser functions are available instead in the drop-
down menu that appears when you click the page logo in the upper-
right corner of the window. If you click a link that takes you to a
different website, the link opens in a standard Google Chrome window
so you won't lose track of your website.
Phishing Protection
Safari protects you from fraudulent Internet sites. When you visit a suspicious
site, Safari warns you about its suspect nature and prevents the page from
loading.
Malware Protection
Safari recognizes websites that harbor malware before you visit them. If Safari
identifies a dangerous page, it warns you about the suspect nature of the site.
Antivirus Integration
Safari notifies your antivirus software whenever you download a file, image,
application, or other item. This allows the antivirus software to scan each
download for viruses and malware.
Secure Encryption
Automatic Updates
Get quick, easy access to the latest security updates. Safari takes advantage of
Apple Software Update, which checks for the latest versions of Safari when
you’re on the Internet.
Pop-Up Blocking
Cookie Blocking
Some companies track the cookies generated by the websites you visit, so they
can gather and sell information about your web activity. Safari is the first
browser that blocks these tracking cookies by default, better protecting your
privacy. Safari accepts cookies only from the current domain.
The content filtering over the Internet sometimes called parental controls, these
are used to block any access to offensive websites. It is not guaranteed but it can
be very helpful.
People find some inappropriate content like images of sex, violence or strong
language on the Internet.
As Internet is a free zone anyone can post anything and there is no effective
restriction on the Internet itself. As a result, many people use content filtering
software and set browser settings to block offensive websites.
In Internet Explorer, there is an option to restrict the web sites and access only
those web sites set by a user.
In Yahoo search engine there is option for a safe search filtering Click on
Advanced Select desired option
Remember none of these filtering features are 100 % accurate- and some
unsuitable content may still slip through.
It is important to teach your children to surf the web safely and take time to
explore the Internet with them.
The Parental Control Bar in Windows vista OS supports for Internet Explored by
default. For information on setting up parental controls in Windows Vista.
Open Parental Controls by clicking the start button, clicking Control Panel, under
User accounts, clicking Setup Parental Controls. If you are prompted for an
administrator password or confirmation, type the password or provide
confirmation.
Then click the standard user account for which to set Parental Controls
Under Parental Controls, Click On.
Once you've turned on Parental Controls for your child's standard user account,
you can adjust the individual settings that you want to control. You can control
the following areas like web restrictions, time limits , games, can block specific
programs.
Third party parental control bar tools can be downloaded from the following
links.
There are many Firefox addons or extensions, which we can download from
https://addons.mozilla.org/en-US/firefox/search?q=parental+control&cat=all
Some of the products/addons for Firefox
Glubble allows you to create a private family page where you can monitor and
support your children’s online activities. Glubble provides games, chat, safe
surfing, and a Family Photo Timeline service for uploading, storing, and sharing
your photos online. Glubble integrates Ask for Kids, a safe search engine for
children.
Web page content by using a list of inappropriate words and replacing them
with asterisks (***). Note that the bad word filter does not block websites
containing the words; you must add the website to a Blacklist. ProCon can also
block all traffic, making sure that only desired websites (set in the Whitelist) can
be accessed. You can manage "white" and "black" lists of sites and pages. ProCon
also has password protection in order to keep others from changing the settings
Available: https://addons.mozilla.org/firefox/addon/1803
2. After double clicking, it will ask to close any other browser windows. Click ‘OK’
button.
4. The wizard asks for the parental control password which will be used to
manage parental control settings.
5. Type the password and enter a question which will be used as a hint when you
forget the password typed earlier. Be sure that your child doesn’t know the
answer for the question.
6. Type the e-Mail address, to which the parental password will be sent and click
‘Next’.
7. Next the installation starts by taking appropriate files from the website and
completes with in a few minutes.
9. Below shows the ‘parent’ button showing that the browser is acting in ‘parent’
mode.
10. Type the website that you want to block for children and click the button
‘Block this site’.
12. After entering the password and clicking OK. A window opens telling that the
site is blocked.
15. When the child wants to browse the blocked site, it asks for the password
to open the site which is shown as below.
2. After clicking change parental settings, a window opens and asks for the
‘parent control password’.
3. Type the password and click ‘ok’. After that a window opens like this.
4. You can add sites in the allowed list by clicking the ‘allowed site list’ tab.
6. You can also add sites in the blocked list by clicking ‘blocked site list’.
7. Type the website that you want to block and click ‘block’ button as shown in
the below figure.
8. You can also filter some type of contents by clicking ‘basic site filters’ tab.
To protect your home computer from online threats of all kinds, you need a robust
security solution that’s updated in real time.
With Blue Coat K9 Web Protection, you don’t have to wait for the latest security patch or
upgrade, which can leave your computer vulnerable to new and evolving Web threats.
K9 delivers the comprehensive protection you need automatically. With K9, you get the
same advanced Web filtering technology used by enterprise and government
institutions worldwide — all with a user-friendly interface that allows you to control
Internet use in your home.
K9 also offers:
Real-time malware protection — Blue Coat WebFilter helps identify and block
illegal or undesirable content in real time, including malware-infected sites. You
also benefit from the WebPulse cloud service, a growing community of more
than 62 million users who provide more than six billion real-time Web content
ratings per day.
Automatic content ratings — New Web sites and pages are created every
More on:
http://www1.k9webprotection.com/
Click on the spam filter option and add e-Mail ID which you feel not a trusted ID
or e-Mail ID of an unknown user.
X.400 is the universal protocol that provides a standard format for all e-Mail
messages. X.500 is an extension to X.400 standard, which provides standard
addressing formats for sending e-Mails so that all e-Mail systems are linked to
one another.
The working of e-Mail is as shown in the figure below. Each mail server consists
of two different servers running on a single machine. One is POP3 (Post Office
Protocol) or IMAP (Internet Mail Access Protocol) server which holds the
incoming mails and the other SMTP (Simple Message Transfer Protocol) server
which holds the outgoing mails. SMTP works on the port number 25 and POP
works on the port number 110 and IMAP works on the port number 143.
When Client 1 sends a mail to Client 2, first the mail goes to the SMTP
server of mail server 1. Here the SMTP server divides the receiver address
into two parts username and domain name.
Now with the help of the domain name it will request particular IP
address of the recipient’s mail server, and then it will send the message to
mail server 2 by connecting to its SMTP server.
Than SMTP server of Mail Server 2 stores the message in Client2 mailbox
with the help of POP3 in mail server 2. When the client 2 opens his
mailbox, he can view the mail sent by client 1.
POP3 server contains a collection of text files one for each mail account.
When a message has arrived to a particular user it will append that
message at the bottom of that particular user account text file.
When a user connects to the mail server for checking his mails, he
connects to POP3 server of that mail server through port 110. Here it
requires username and password to view his mailbox on the mail server.
Since a backup is maintained for an e-Mail server all the messages will be stored
in the form of clear text though it has been deleted from your mailbox. Hence
there is a chance of viewing the information by the people who are maintaining
backups. So it is not advisable to send personal information through e-Mails.
Say you have won a lottery of million dollars, Getting or receiving such kind of
mails is a great thing, and really it’s the happiest thing. However these mails may
not be true.By responding to such a kind of mails many people lost huge amount
of money. So ignore such kind of e-Mails, do not participate in it and consider it
as a scam.
Sometimes e-Mails offering free gifts and asking personal informa are received
from unknown addresses.This is one way to trap your personal information.
6.1.3.1 Attachments
Sometimes attachments come with e-mails and may contain executable code like
macros, .EXE files and ZIPPED files. Sometimes attachments come with double
extensions like “attachment.exe.doc”.By opening or executing such attachments
malicious code may downloaded into your system and can infect your system.
Tip: Always check and confirm from where the e-mail has been received,
generally service people will never ask or provide your password to change.
Spam messages may trouble you by filling your inbox or your e-mail database.
Spam involves identical messages sent to various
recipients by e-Mail. Sometimes spam e-mails come with
advertisements and may contain a virus. By opening such
e-Mails, your system can be infected and your e-Mail ID is
listed in spammers list.
6.1.3.5 Hoaxes
Hoax is an attempt to make the person believe something which is false as true. It
is also defined as an attempt to deliberately spread fear, doubt among the users.
Use e-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering services.
Avoid opening attachments coming from strangers, since they may contain a
virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard disk. Scan
the attachment with updated antivirus software before saving it.
Use E-Mail filtering software to avoid Spam so that only messages from
authorized users are received. Most e-Mail providers offer filtering
services.
Do not open attachments coming from strangers, since they may contain a
virus along with the received message.
Do not send messages with attachments that contain executable code like
Word documents with macros, .EXE files and ZIPPED files. We can use
Rich Text Format instead of the standard .DOC format. RTF will keep your
formatting, but will not include any macros. This may prevent you from
sending virus to others if you are already infected by it.
Avoid filling forms that come via e-Mail asking for your personal
information. And do not click on links that come via e-Mail.
Do not click on the e-Mails that you receive from un trusted users as
clicking itself may execute some malicious code and spread into your
system.
6.2.1.1 Spim
Generally, it happens in real time and we need to stop the work and deal with
spim as the IM window pop-ups, in the e-mail we have time to delete and we can
delete all spam at a time, or we can scan before opening any attachments. This
cannot be done in IM.
Through social networking there are many advantages like we can get into any
kind of groups based on our hobbies, business, schools and many more, it is a
different communication tool to keep in touch with friends and colleagues.
Apart from all these advantages there are disadvantages like based on these
communication tools, sites can be trapped by scammers or any hackers so it is
very important to protect yourself.
These social networking sites are very popular with young people. They expose
them to risks they have always faced online but in a new forum: online bullying,
disclosure of private information, cyber-
stalking, access to age-inappropriate
content and, at the most extreme, online
grooming and child abuse.
Most of the sites and services provide options for privacy settings and use
them to prevent attackers to view your information. You can also set the
Careless talking about business, the office, home, personal and the people and
discussing with those who not authorized to talk, and also gives the sensitive
information indirectly to someone who may use it for a specific reason such as
breaking into your computer, your organization details etc.
A Social Engineer may meet you outside of your work place or organization and
may ask you about your work or how your organization does the things.
A Social Engineer may come to your organization to present business needs and
may ask for network connectivity to know about network information or any
sensitive information.
A Social engineer may ask your identity card to know about your personal
information about your School, organization etc.
The basic goals of social engineering are the same as hacking in general: to gain
unauthorized access to systems or information to commit fraud, network
intrusion, identity theft or simply disrupt the system and network.
8.3.1 Non-Technical
Public Places
Social Engineering can be done through public places like cafes, pubs, movie
theatres. You may release or give some sensitive information to the public or a
social engineer or someone may overhear you.
Gossips
You may talk about some gossip with colleague and may give some information
to other colleague who might be a social engineer.
You may give sensitive information of your family or organization to boast your
achievements, pride, and confidence to unknown persons.
Online
8.3.2 Technical
Vishing
It is one of the methods of social engineering over the telephone system, most
often using features facilitated by Voice over IP (VoIP), to gain access to private
personal and financial information from the public for the purpose of financial
reward. The term is a combination of "voice" and phishing.
Tip: Don’t give any financial information to unknown people over phone,
confirm to whom you are speaking and cross check with the concern company or
bank before giving any information
Phishing
Tip: If you think you've received a phishing email message, do not respond to it.
And don’t even click on the links you received from the unknown users.
Baiting
It is one of the methods of social engineering which uses physical media and
relies on the curiosity or greed of the victim. Here the attacker leaves the
malware inserted or infected USB or pen Drive, CD/DVD ROM in a location that
to be found and gives a legitimate looking and makes victim curiosity and waits
for them to use the device.
Tip: Don’t get tempted in accessing the devices which left unattended or found at
sidewalk, elevator, parking lot etc.
Persuasion
Tip: Be suspicious don’t get influenced by the unknown person and don’t give
away the confidential information to them.
Dumpster diving
Tip: Don’t dump any confidential papers into trash, before dumping make sure
you don’t have any important information in it.
A Hoax is an attempt to trap people into believing that something false is real.
This is usually aimed at a single victim and is made for illicit financial or material
gain a hoax is often perpetrated as a practical joke, to cause embarrassment.
Tip: Beware don’t believe the e-mails received from unknown and don’t ever
give the financial information.
Pretexting
Tip: Be cautious because strangers try to fool you by creating false situation and
make you to believe in order to collect the confidential information.
Immediately change any passwords you might have revealed. If you used
the same password for multiple resources, make sure to change it for each
account, and do not use that password in the future.
Consider reporting the attack to the police, and file a report with the
Federal trade commission.
There are free online games and commercial games , most of the popular games
are enclosed with end user license agreements and limited to access by the
creators of games and the breaking of the agreement range from warning to
termination.
There are massively multi-player online games like real time strategy games, role
playing game, first person shooter games and many more.
Some times because of the insecure game coding, the game software causes
buggy behaviour on your computer and introduces unknown vulnerabilities.
Malicious individuals may try to trick you installing or downloading the games
that might be bogus web sites and offer software patches for game downloading,
in reality they are malicious software.
Malicious individual can gather information about you from the profiles you
create in online games and other gaming web sites, they may be able to use it to
establish accounts in your name, resell it, or use it to access your existing
accounts. Game accounts were created in their name without their knowledge.
There was speculation that people were trying to make money selling virtual
weapons and abilities used in the game.
9.4 Guidelines
Use a firewall.
Beware of clicking links, images and pop ups in the web sites as they
may contain a virus and harm the computer.
Some free games may contain a virus, so be cautious and refer while
downloading them.
Scan all the files after you download whether from websites or links
received from e-mails.
Always use updated antivirus, spam filter and spyware to help detect and
remove virus, spyware from the application you want to download.
Never download any files like music, video, games and many more from
untrusted sites and don’t go by the recommendations given by your
friends or made by any random website's comments.
Check that the URLs are same and always download games, music or
videos from the secure websites like which use HTTPS websites instead of
HTTP. In the web address, it replaces “http” to https”. The https refers to
the hypertext transfer protocol secure.
Download anything only from thrust worthy websites. Don’t click links to
download anything you see on unauthorized sites.
Check the size of the file before you download, sometimes it shows a very
small size but after you click it increases the size of the file.
Never believe anything which says click on this link and your computer
settings will be changed and your PC can be turned into XBOX and can
play unlimited games on your computer.
Don’t accept anything that offers you free download because that may
contain malicious software.
Don’t click the link or file and let it start download automatically,
download the file and save where you want save and then run on the
application.
11.1Types of blogs
There are many different types in content and the way content is delivered or
written
Personal blogs
Corporate and organizational blogs
Genre blogs
Media type blogs
By Device blogs
11.1.4 Media type blogs (vlog, linklog, photoblog) are used for sharing the
videos called vlogs, for sharing the links called linklogs and for sharing the
photos called photoblog.
11.1.5 By the device (mobile phone, PDA, wearable wireless webcam) are
used to write the blogs through the mobile device like mobile phones or PDA
called moblog.
For example, if you give your credit card number in the site, they may use that
number for their own business or shopping purpose and the bill will be sent to
you. Another example is if your children give their school name or location
addresses in the site, the strangers who access that data may take advantage of it
and may kidnap your children.
Guide them with other positive examples such as the children are
posting their related information.
Children may face different security risks when they use a computer or when
they are online. Not only do you have to keep them safe, you have to protect the
data on your computer. By taking some simple steps, and can reduce the risks.
All the web browsers keep a record of recently visited sites and also make
temporary copies of web pages. To see recently visited sites, click on the History
button or press Ctrl and the H key.
Understand the risks yourself and plan ahead before monitoring and
allowing children access to the Internet.
Discuss with children what they can and cannot do online.
Make a contract with children on usage of computer with signing.
Work out how you are going to monitor their Internet use.
If a child is too young to access computer always sit with them while they
are online.
Ask your children to share all their online user names and passwords
with you.
Set browser settings to limit the access to inappropriate content.
Put the computer in an open area in the home.
Consider installing Internet monitoring software to track what they do
online.
Set up a separate user account for your child with a limited permission and can
give limited control over the computer.
For example, they won’t be allowed to install new programs or change settings
without your permission. It also helps monitor and control what they do online.
Online scam is an attempt to trap you for obtaining money. There are many types
of online scams, this includes obtaining money with fake names, fake photos,
fake e-mails, forged documents, fake job offers and many more.
Generally, it happens by sending fake e-Mails for your personal details like online
banking details, credit card details. Sometimes e-Mails are sent from lottery
companies with fake notice, when ever you participate in online auction and e-
Mails received for fake gifts.
Phishing scam
Online scammers send you an e-mail and ask your account information or credit
card details along with a link to provide your information. Generally, the links
sent will be similar to your bank. So when ever you post your details in the link
then the details will be received by scammers and money is misused.
Lottery scam
Online Auction
If you bid for a product you never get the product promised or don’t match the
product, and the description given to you may be incomplete, wrong, or fake. The
scammer accepts the bid from one person and goes for some other sites where
they can get less than the winning bid so scammers may not send the product
you wanted.
When ever you answer an online advertisement for a letter or e-mail manager
like some US based corporation which lacks address or bank details and needs
someone to take goods and sent to their address or ship overseas, and you are
asked to accept the transfers into your bank.
Generally, it happens for products that are purchased using stolen credit cards
and shipped to your address and then you will be fooled and asked to reship the
product to others they might have deceived who reship the product overseas.
The stolen money will be transferred to your account.
E-Mail Scam Like --Congratulations you have won Webcam, Digital Camera,
etc.
Sometimes you get an e-mail with a message like -- you have won something
special like digital camera webcam , all you need to do is just visit our web site by
clicking the link given below and provide your debit or credit card details to
cover shipping and managing costs. However the item never arrives but after
some days the charges will be shown on your bank account and you will lose
money.
By e-mails
Generally, fraudsters send you an e-mail with tempting offers of easy access to a
large sum of money and ask you to send scanned copies of personal documents
like your address proof, passport details and ask you to deposit an advance fee
for a bank account. So once you deposit the funds, they take money and stop
further communication, leaving you with nothing in return.
Generally, websites feel like official websites and seek the details of credit card,
CVV PIN of ATM and other personal details of the taxpayers in the name of
crediting income tax refund through electronic mode.
Beware of shipping scam.Make sure you get authorized signed document via fax
before proceeding further and make sure you received it from an authorized
company.
Don’t be trapped with discounts and think wisely before you proceed with online
auction. Think why $200 product would be $ 20.
Be aware about the products you get for a discounted-price.Think why you
received e-Mail for products when you never enter any online shopping or
contest.
Don’t get trapped by scammers and e-Mails with a subject line you won some
$10000 just think why only you received the e-Mail without your participation.
Link Manipulation
Filter Evasion
Phishers have used images instead of text to make it harder for anti-phishing
filters to detect text commonly used in phishing e-mails.
Malware attacks
Example:
Keeping up with the latest Web security threats is a daunting task, because
viruses and Trojans emerge, evolve, and spread at an alarming rate. While some
infections like Nine Ball, Conficker, and Gumblar have hit the scene and
immediately become the scourge of the cyber security world, others take their
time -- quietly infiltrating more and more computers before revealing the true
depth of the danger they pose.
One such slow grower is Clampi, a Trojan that made its debut as early as 2007
(depending on who you ask) but is only now raising hairs outside professional
security circles. Clampi primarily spreads via malicious sites designed to dispense
malware, but it's also been spotted on legitimate sites that have been hacked to
host malicious links and ads. Using these methods, Clampi has infected as many
as half a million computers, Joe Stewart, of Secure Works, told a crowd
at the Black Hat Security Conference in July, USA Today reports.
Once installed on a PC, the Trojan quietly waits for you to visit a credit card or
banking Web site. When it detects you're on one of the roughly 4,600 financial
Web sites it's trained to watch, it records your username and password, and
feeds that information back to the criminals. Clampi can even watch for network
login information, allowing it to spread quickly through networked PCs (e.g.,
Online shopping has become very popular to purchase all things without leaving
your home, and it is a convenient way to buy things like electronic appliances,
furniture, cosmetics, and many more. We can avoid the traffic and crowds. There
is no particular time to buy things we can buy at any time instead of waiting for
the store to open. Apart from all these advantages risks are involved and there
are unique Internet risks so it is very important to take some safety measures
before you go for online shopping.
Before you go for online shopping make sure your PC is secured with
all core protections like an antivirus, anti spyware, firewall, system
updated with all patches and web browser security with the trusted
sites and security level at high.
Before you buy things online research about the web site that you
want to buy things from, since attackers try to trap with websites that
appear to be legitimate, but they are not. So make a note of the
telephone number’s physical address of the vendor and confirm that
the website is a trusted site. Search for different web sites and
compare the prices. Check the reviews of consumers and media of that
particular web site or merchants.
If you are ready to buy something online check, whether the site is
secure like https or padlock on the browser address bar or at the
status bar and then proceed with financial transactions.
After finishing the transaction take a print or screenshot of the
transaction records and details of product like price, confirmation
receipt, terms and conditions of the sale.
Immediately check the credit card statements as soon as you finish
and get them to know about the charges you paid were same, and if
you find any changes immediately report to concerned authorities.
After finishing your online shopping clear all the web browser cookies
and turn off your PC since spammers and phishers will be looking for
the system connected to the Internet and try to send spam e-Mails and
try to install the malicious software that may collect your personal
information.
Beware of the e-Mails like “please confirm of your payment, purchase
and account detail for the product.” Remember legitimate business
Identity theft is a crime used to refer to fraud that involves someone pretending
to be someone else in order to steal money or get other benefits. The term is
relatively new and is actually a misnomer, since it is not inherently possible to
steal an identity, only to use it. The person whose identity is used can suffer
various consequences when he or she is held responsible for the perpetrator's
actions. In many countries specific laws make it a crime to use another person's
identity for personal gain. Identity theft is somewhat different from identity
fraud, which is related to the usage of a false identity' to commit fraud.
Application fraud
Account takeover
Account takeover happens when a criminal tries to take over another person's
account, first by gathering information about the intended victim, then
contacting their card issuer masquerading as the genuine cardholder, and asking
for mail to be redirected to a new address. The criminal then reports the card
lost and asks for a replacement to be sent.
As internet users we’re all vulnerable to online scams. Unluckily for us, as soon as we
become pretty good as spotting one type of attack, another more sophisticated version
comes along in its place.
The link actually directs you to a fake website which looks just like your bank's own
website. Once you have typed in your login details they can be accessed by the criminals
who set the fake site up.
But we’re beginning to wise up to phishing attacks like this, and many of us know we
should be very wary of clicking URLs even if they appear to be in a legitimate email.
With awareness of phishing on the up, making it more difficult for scammers to succeed,
tab napping could be the scam to watch out for next.
Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no
longer relies on persuading you to click on a dodgy link. Instead it targets internet users
who open lots of tabs on their browser at the same time (for example, by pressing CTRL
+ T).
Believe it or not, fraudsters can actually detect when a tab has been left inactive for a
while, and spy on your browser history to find out which websites you regularly visit,
and therefore which pages to fake.
So don't assume that after you have opened a new tab and visited a webpage, that web
page will stay the same even if you don’t return to it for a time while you use other
windows and tabs. Malicious code can replace the web page you opened with a fake
version which looks virtually identical to the legitimate page you originally visited.
Once you have done so, you can then be easily redirected to your bank’s genuine website
since you never actually logged out in the first place,giving you the impression that all is
well.
Always check the URL has a secure https:// address even if you don’t have tabs
open on the browser.
If the URL looks suspicious in any way, close the tab and reopen it by entering
the correct URL again.
Avoid leaving tabs open which require you to type in secure login details. Don't
open any tabs while doing online banking - open new windows instead (CTL +
N).
13.7 Clickjacking
Clickjacking is a malicious technique of tricking Web users into revealing confidential
information or taking control of their computer while clicking on seemingly innocuous
Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking
takes the form of embedded code or script that can execute without the user's
knowledge, such as clicking on a button that appears to perform another function.
Clickjacking is possible because seemingly harmless features of HTML Web pages can be
employed to perform unexpected actions.
More on :
http://en.wikipedia.org/wiki/Clickjacking
More on :
http://ha.ckers.org/blog/20081007/clickjacking-details/
13.7.2 Tips:
Never click on the links received from the unknown users.
If necessary cross check the target of the link by placing mouse at the given
link and check the details at bottom left corner before clicking. Take the help of
the picture below to understand.
What is Wi-Fi?
The radios used for Wi-Fi communication are very similar to the radios used for
walkie-talkies, cell phones and other devices. They can transmit and receive
radio waves, and they can convert 1s and 0s into radio waves and convert the
radio waves back into 1s and 0s.
802.11g transmits at 2.4 GHz like 802.11b, but it's a lot faster -- it
can handle up to 54 megabits of data per second.
One of the risks in wireless security is that an intruder can use the victim's
broadband connection to get online without paying just to surf the web, to
download pirated music or software. There may be no direct harm, but can slow
down the Internet or network ac-cess of the legitimate user of the net-work.
An intruder can use the victim's connection for malicious purposes like
distributing illegal material, launching DoS attack or hacking. The intruder
remains anonymous as the connection used by the intruder is the victim's
connection. The origin will be traced back to the victim's connection in case of
any criminal activity is discovered and investigated.
And a wireless network could also be an indirect backdoor into a corporate net-
work. An employee or a company can be a target to get confidential information.
There is a risk involved in using unsecured wireless networks. And most of the
people and organizations still use unsecured wireless networks. But the
knowledge required to attack a wireless network is becoming easier. One has the
need to secure the unsecured wireless network and be protected from
unauthorized usage of the network.
Access Point or router is the core of most Wi-Fi networks. To set up these
devices, manufacturers provide web pages to con-figure the settings that allow
owners to en-ter their network address and account in-formation. To configure
these settings by the right owner, the web pages are pro-tected and need to be
authenticated with username and password. All manufacturers provide default
usernames and passwords combination with the wireless router or ac-cess point.
These default usernames and passwords are available on the Internet. It is easy
to get these credentials from the Internet. Most of the users do not change these
usernames and passwords combina-tion. As an alert user, these settings need to
be changed.
Since there are security issues in using WEP, Wi-Fi Alliance introduced a standard for
network authentication and encryption. WPA (Wi-Fi protected Access) is one of the
several popular standards for wireless security. WPA delivers a higher level of security
that further beyond anything that WEP can offer.
In Wi-Fi networking, the SSID is broadcasted by the wireless access points or routers at
regular intervals. This feature was designed for businesses and mobile devices where
Wi-Fi clients may roam from one place to other. SSID broadcast feature is not so useful
in home Wi-Fi network. To improve the security, SSID broadcast security feature should
be disabled. Configuring the wireless clients manually to the access point with right
SSID, they no longer require these broadcast messages.
Service Set Identifier (SSID) is a network name that is used by access point and routers.
The same SSID set is used by the manufacturers for shipping their products. For
example, the SSID for Linksys devices in general is “Linksys”. Knowing the SSID may not
be the cause to hack into network, but the default SSID suggests that the network is
poorly configured and much more likely to attack it. When configuring wireless network
security, change the default SSID.
Make sure that the router’s firewall is turned on. Most of the network routers have built
in firewall capability. It is an option to enable or disable the feature. Along with the
firewall at the router side, also install and configure personal firewall software on each
computer connected to the router.
The security features in the firewall include blocking anonymous internet requests,
browsing unwanted websites, protecting from malware and spyware. And also define
the security policies so that the unwanted and anonymous connections are restricted.
An access point or a router keeps on emitting signals if it powered on. To restrict the
network to full extent, the ultimate in wireless security measures is to shut down the
access point or router. While impractical to turn off and on the devices frequently, at
least consider doing so during travel or extended periods offline. Computer disk drives
have been known to suffer from power cycle wear-and-tear, but this is a secondary
concern for broadband modems and routers.
Wireless signals are not bound to physical boundaries. The signals from the wireless
router can go beyond office building or cross the gate of one's house and can enter into
neighbor's house. Most wireless routers have a signal range of 100 feet. If this signal
range can be imagined as a sphere with wireless router as center, the signal can be
accessed form any direction up to 100 feet. It becomes easier to others to find the
wireless network and attempt to access it.
And configuring access point to accept credentials are must, otherwise any
unauthorized persons can access access-point without username and password.
References:
http://computer.howstuffworks.com/wireless-network1.htm
http://en.wikipedia.org/wiki/Wireless_network
http://en.wikipedia.org/wiki/Wi-Fi
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
http://www.thegeekpub.com/773/why-wpa-is-better-than-wep/
http://pcnineoneone.com/howto/80211bsecurity1/
There are various threats, which can affect the mobile users in several ways. For
example, sending multimedia messages and text messages to the toll free
numbers, unknowingly clicking for a message received through the mobile
phone. Now-a-days many malicious programs have come which will try to get
access over mobile phones and laptops and steal the personal information inside
it.