1 / 21

COMPUTER SECURITY RISKS

COMPUTER SECURITY RISKS. PHISHING. EXAMPLES: “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity”

jamil
Télécharger la présentation

COMPUTER SECURITY RISKS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMPUTER SECURITY RISKS

  2. PHISHING • EXAMPLES: • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity” • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

  3. PHISHING • Spam e-mail or pop-up messages • Trying to get personal information • Credit card numbers • Bank account information • Social Security numbers • Passwords • Messages claim to be from a business or organization you would deal with • Messages typically ask you to update, validate or confirm your information • Messages direct you to a website that looks just like the organization’s site

  4. Phishing • TIPS TO AVOID PHISHING SCAMS: • If you get an email or pop-up that asks for personal or financial information do not reply and do not click on the link in the message • Use anti-virus software and a firewall, and keep them up to date • Don’t email personal or financial information • Review credit card and bank account statements as soon as you receive them • Be cautious about opening any attachment or downloading any files from emails • Forward spam that is phishing for information to spam@uce.gov and to the company that was impersonated • If you believe you’ve been scammed file a complaint at ftc.gov

  5. PHARMING • Pharming is a scamming practice in which malicious code is installed on a personaly computer or server, misdirecting users to a fraudulent Web site without their knowledge or consent • Large numbers of computer users are victimized • Code can be sent in an email • Even if you type in correct web site address you will be directed to the fraudulent site (DNS poisoning) • Used to collect personal information for identity theft

  6. SPAM • May be simply annoying • May contain bogus offers and fraudulent promotions • May be used for Phishing and Pharming • Can install hidden software on your computers • Can use your computer to send more spam (botnet)

  7. SPAM SCAMS • 10 SPAM SCAMS: • The “Nigerian” email scam • Phishing • Work-at-home scams • Weight loss claims • Foreign lotteries • Cure-all products • Check overpayment scams • Pay-in-advance credit offers • Debt relief • Investment schemes

  8. SPAM/FIGHTING BACK • Be skeptical • If it looks to good to be true, it probably is • Install a spam filter and keep it updated • Block spam email through your filter when you receive them • Do not open any attachments you are not expecting

  9. SPOOFING • Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the original source • It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants to say. • Someone could send a message that appears to be from you with a message that you didn’t write

  10. BOTS/BOTNETS • A botnet, also known as a “zombie army” usually is made up of tens or hundreds of thousands of home computers sending emails by the millions • Most spam is sent by home computers that are controlled remotely and that millions of the home computers are part of botnets • Do much more harm than sending out spam and phishing scams

  11. BOTS/BOTNETS • OFTEN USED FOR: • Denial of service attacks (DOS) • Extortion • Advertising click fraud • HOW COMMON ARE THEY • One botnet was found with about 1.5 millions machines under one person’s control • Symantec’s Internet Threat Report says 26% of all bot-infected computers are located in the US (number one source of bots)

  12. BOTS/BOTNETS • PROTECTING YOURSELF • Use anti-virus and anti-spyware software and keep it up to date • Set your operating system software to download and install security patches automatically • Be cautious about opening any attachments or downloading files from emails you receive • Use a firewall to protect your computer from hacking attacks while it is connected to the Internet • Disconnect from the Internet while you are away from your computer • Download free software only from sites you know and trust • Check your sent items file or outgoing mailboxes for messages you did not send • Take action immediately if your computer is infected

  13. IDENTITY THEFT • Occurs when someone uses your name, Social Security number, credit card number or other personal information without your permission to commit fraud or other crimes • FTC estimates as many as 9 million Americans have been victims • Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name • Some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record.  • Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. • In rare cases, they may even be arrested for crimes they did not commit.

  14. How do thieves steal an identity? • Identity theft starts with the misuse of your personally identifying information your name and Social Security number, credit card numbers, or other financial account information. • Skilled identity thieves may use a variety of methods to get hold of your information, including: • Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it. • Skimming. They steal credit/debit card numbers by using a special storage device when processing your card. • Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information. • Changing Your Address. They divert your billing statements to another location by completing a change of address form. • Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access. • Pretexting.  They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. 

  15. Once they have it, here’s what they do with it: • Credit card fraud • Phone/Utilities fraud • Bank/finance fraud • Government documents fraud • Use your social security number to get a job • Rent a house or get medical services using your name • Give your personal information to police during an arrest – when YOU don’t show up a warrant is issued for your arrest

  16. How do you find out? • You may find out when bill collection agencies contact you for overdue debts you never incurred. • You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan. • You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.

  17. What should you do? • File a police report (Identity theft report) • Check credit reports and notify credit report agency • Notify creditors • Put a freeze on your credit accounts • Dispute any unauthorized transactions on your account • Notify your financial institutions

  18. Protecting yourself • Don't leave outgoing mail in an unsecured location. Deposit mail in USPS collection boxes. • Don't leave mail in your mailbox overnight or on weekends. • Have your mail held at the post office while you're out of town. • Get a mailbox that locks. • Use anti-spyware and anti-virus software. • Be wary of online shopping sites. Only shop at sites that you trust and are secure. Don't get baited by phishers. • Encrypt your wireless internet connection. • Erase your hard drive if you ever sell or give away your computer. • Buy a shredder and shred all documents that have personal information in them

  19. Immediately report lost or stolen credit cards and debit cards. • Don't keep your social security card in your wallet. • Never provide your personal information to anyone who contacts you through a phone solicitation. • Check your bills and bank statements as soon as they arrive. • Opt out of pre-approved offers. • Check your credit reports for free. • Don't list your date of birth and/or social security number on resume. • Use your ATM card wisely. • Guard your checkbook • Select strong passwords. • Secure personal information in your own home. • Know who else has your information

  20. DATA MINING • Data mining is sorting through data to identify patterns and establish relationships. Data mining parameters include: • Association - looking for patterns where one event is connected to another event • Sequence or path analysis - looking for patterns where one event leads to another later event • Classification - looking for new patterns (May result in a change in the way the data is organized but that's ok) • Clustering - finding and visually documenting groups of facts not previously known • Forecasting - discovering patterns in data that can lead to reasonable predictions about the future

  21. DATA MINING • Uses: • Retail stores/grocery stores use it to track customer’s purchasing habits (Preferred Values Card) • Amazon.com uses it to supply it’s customers with purchase suggestions: “Customers who purchased this item also purchased…” or “45% of users who viewed this item purchased it, 20% purchased…” and so on • The Pentagon pays a private company to compile data on teenagers it can recruit to the military. • The Homeland Security Department buys consumer information to help screen people at borders and detect immigration fraud

More Related