Contents at a glance
- Password Threats
- E-Mail Security
- Online Scams
- Social Networking Risks
- ATM Threats
- Online Banking
- Online Shopping
- Mobile Security
How to remain Cyber-safe
Here, we shall discuss eight technology-driven situations in Cyber-space and how to remain cyber-safe. Every citizen, while working with internet using computing or cell phone – should know the basics of these situations and take appropriate precautions – while working on-line. Please remember proper “awareness” and “alertness” can save you from getting into trouble in this e-world.
1. PASSWORD THREATS
The passwords should not be shared with other persons as they might be misused. The Stolen passwords can be used by unauthorized users who may collect your personal information.
One way of stealing the password is standing behind an individual and note the password while he/she is typing it (Shoulder Surfing). Shoulder surfing is a direct observation technique to get passwords, PINs, other sensitive personal information one may listen in on your conversation if you give your credit-card number over the phone. Shoulder surfing is easily done in crowded places. It’s comparatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Do not write passwords in disk or paper so that the Cheater get it easily.
Another way of stealing the password is through guess. Hackers try all the possible combinations with the help of personal information of an individual. They will try with the person’s name, pet name (nick name), numbers (date of birth, phone numbers), school name … etc. When there are large number of combinations of passwords the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.
Hackers also try with all possible dictionary words to crack your password with the help of some software tools. This is called a “Dictionary attack”.
Sharing your passwords with strangers:
Sharing the passwords with the unknown persons (strangers) may also lead to loss of your personal information. They can use your login information and can get the access to your information. The operating system does not know who is logging into the system, it will just allow any person who enters the credential information into the login page. The persons like strangers after getting access to your information they can do anything with it. They can copy, modify or delete it.
Guidelines for maintaining a good password
- Use at least 8 characters or more to create a password. The more number of characters we use, the more secure is our password.
- Use various combinations of characters while creating a password. For example, create a password consisting of a combination of lowercase, uppercase, numbers and special characters etc.
- Avoid using the words from dictionary They can be cracked easily.
- Create a password such that it can be remembered. This avoids the need to write passwords somewhere, which is not advisable.
- A password must be difficult to guess,
- Change the password once in two weeks or when you suspect someone knows the password.
- Do not use a password that was used earlier.
- Be careful while entering a password when someone is sitting beside you.
- Do not use the name of things located around you as passwords for your account.
- Be aware of Shoulder Surfers at public places or schools while entering your passwords. Cover the keyboard with paper or hand or something else from viewed by unauthorized users,
- You should not write the passwords on the paper or on any disk drive to store it, brain is the best place to store them.
- You should not use a password that represents their personal information like nicknames, phone numbers, date of birth etc.
2. E-MAIL SECURITY
E-mails are just like postcards from which the information can be viewed by anyone. When a mail is transferred from one mail server to another mail server there are various stops at which there is a possibility of unauthorized users trying to view the information or modify it.
Since a backup is maintained for an e-mail server, all the messages will be stored in the form of clear text though they have been deleted from your mailbox. Hence, there is a chance of viewing the information by the people who are maintaining backups. So, it is not advisable to send personal information through e-mails.
Some examples of e-mail fraud
- Say, you have won a lottery of million dollars, getting or receiving such kind of mails is a great thing, and really it’s the happiest thing. However, these mails may not be true. By responding to such a kind of mails many people lost huge amount of money. So ignore such kind of e-mails, do not participate in it and consider it as a scam.
- Sometimes e-mails offering free gifts and asking personal information are received from unknown addresses. This is one way to trap your personal information.
- Generally spammers or hackers try to steal e-mail address and send malicious software or code through attachments, fake e-mails, and spam and also try to collect your personal information.
Guidelines for using e-mail safely
- Since the e-mail messages are transferred in clear text, it is advisable to use some encryption software like PGP (pretty good privacy) to encrypt e-mail messages before sending, so that it can be decrypted only by the specified recipient only
- Use e-mail filtering software to avoid Spam or so unwanted mails that only messages from authorized users are received. Most e-mail providers offer filtering services.
- Do not open attachments coming from strangers, since they may contain a virus along with the received message.
- Be careful while downloading attachments from e-mails into your hard disk. Scan the attachment with updated antivirus software before saving it
- Do not send messages with attachments that contain executable code like Word documents with macros, .EXE files and ZIPPED files. We can use Rich Text Format instead of the standard .DOC format RTF will keep your formatting, but will not include any macros. This may prevent you from sending virus to others if you are already infected by it.
- Avoid sending personal information through e-mails.
- Avoid filling forms that come via e-mail asking for your personal information and do not click on links that come via e-mail.
- Do not click on the e-mails that you receive from unknown users.
3. ONLINE SCAMS
Online scam is an attempt to trap you for stealing money There are many types of online scams, this includes stealing money with fake names, fake photos, fake e-mails, forged documents, fake job offers and many more. Generally, it happens by sending fake e-mails for your personal details like online banking details, credit card details. Sometimes e-mails are sent from lottery companies with fake notice, whenever you participate in online auction and e-mails received for fake gifts.
Phishing scam: Online scammers send you an e-mail and ask your account information or credit card details along with a link to provide your information. Generally, the links sent will be similar to your bank. So whenever you post your details in the link then the details will be received by scammers and money is misused.
Lottery scam: Sometimes you receive an e-mail like “you won a lottery of million dollars” receiving such kind of mails is a great thing, and really it’s a happiest thing. By responding to such kind of mails huge amount of money will be lost. As these e-mails are not true, scammers try to fool and trap you to obtain money.
Online Auction: If you bid for a product you never get the product promised or don’t match the product, and the description given to you may be incomplete, wrong, or fake. The scammer accepts the bid from one person and goes for some other sites where they can get less than the winning bid so scammers may not send the product you wanted.
Forwarding Product or Shipping Scam: Generally, it happens for products that are purchased through online advertisement. Cheating may be done using stolen credit cards and shipping to your mail address. You will be fooled and asked to reship the product to others they might have deceived, who would again reship the product overseas.
E-mail Scam: Sometimes you get an e-mail with a message like – you have won something special like digital camera, webcam – all you need to do is just visit our web site by clicking the link given below and provide in your debit or credit card details to cover shipping and managing costs. However, the item never arrives but after some days the charges will be shown on your bank account, and you will lose money.
By e-mails: Generally, fraudsters send you an e-mail with tempting offers of easy access to a large sum of money and ask you to send scanned copies of personal documents like your address proof, passport details and ask you to deposit an advance fee for a bank account. So once you deposit the funds, they take money and stop further communication, leaving you with nothing in return.
Tips to Prevent Online Scams
Confirm whether e-mail is received from bank or not: Be cautious while providing bank details online and before proceeding further confirm with the bank about the e-mail you received. Think that, if something is important or urgent why doesn’t the bank call me instead of sending e-mail?
Confirm the shipping: Beware of shipping scam. Make sure you get authorized signed document via fax before proceeding further and make sure that you receive it from an authorized company.
Be cautious during online auction: Don’t be trapped with discounts and think wisely before you proceed with online auction. Think why $200 product would be $20.
Be aware about the product you receive via e-mail: Be aware about the products you get for a discounted price. Think why you have received e-mail for products when you never enter any online shopping or contest.
Don’t be trapped by lottery scam: Don’t get trapped by scammers and e-mails with a subject line you won some $10000. Just think why only you have received the e-mail without your participation!
4. SOCIAL NETWORKING RISKS
Social networking has become most popular activity in today’s Internet world, with billions of people across the world using this media to meet old friends, making new friends, to collect and share information. Social networking while being a/ popular media has several disadvantages associated with it. These sites can be trapped by scammers or hackers leading to loss of confidentiality and identity theft, of the users. Social Networking sites are becoming very popular especially among the youth. These sites expose the kids to various risks like online bullying, disclosure of personal information, cyber-stalking, access to inappropriate content, child abuse, etc. In addition, there are many more risks like fake profiles with false information, malicious application, spam, and fake links which lead to phishing attacks etc.
Spam: Spam is usually unwanted e-mail advertising about a product sent to list of e-mails or group of e-mail addresses. Spammers send the unwanted mails or messages to the billions of users of social networking sites which are free; and are easily accessable to gather the personal information of the unsuspecting users.
Scams: Online scammers generally send an e-mail or message with a link to the user which ask for the profile information and tells the user that it would add new followers. These links sent to the user would be similar to applications, games etc. So whenever the user post his details in the link then the details will be received by scammers and information would be misused.
Phishing: Phishing attack is creation of fake site just similar to original site. These days even social networking phishing has come in different flavours just like phishing attacks on banks and popular trading websites. Social networking phishing has come up with fake mails and messages like offering some specialized themes, updating the profile, updating the security application/features etc.
Clickjacking: Generally, clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A clickjacking takes the form of embedded code or script that can run without the user’s knowledge.
Malicious applications: Malicious application might come through different applications while using or installing software. Similarly, the clicking on the social networking application starts the application installation process or link to view the video, etc. In order to fulfil its intended operation the application requests for some elevated privileges from the user like access to basic information, update, post, etc. Sometimes e-mails are received with fake e-mail address like firstname.lastname@example.org by an attachment named, “Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe” that, the e-mail claims, contains the user’s new facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software.
Tips to avoid risks by social networking
- Limit the information you put in the social networking sites.
- Don’t put personal information like your family details, addresses, personal photographs, video, etc. In case if you put your personal photographs try to change settings and make visible only for friends
- Most of the sites and services provide options for privacy settings to prevent attackers to view your information. You can make use of these options to choose/deny whom you want to allow to see your information.
- Be careful if you want to meet social networking friends in person, sometimes it may not be their true identity which is posted on the social networking sites.
- Always think before you meet such strangers. If you decide to meet them do it in a public place during the day. Kids should never be allowed to meet such strangers alone.
- Don’t ever click suspicious link while logged into social networking accounts.
- Always clean browser’s cookies and cache.
- Install a good and latest version of Anti-virus to keep your system free from malicious applications like virus, worms and Trojans.
- Don’t ever share your password with anyone; and keep changing your password regularly. Always use proper password (min 8 digits with a mix of alpha numeric & special characters)
- Don’t ever login to any site other than the legitimate sites and always check the URL for misspelled links before you proceed further.
- Use Virtual Keyboard, wherever possible to enter your password for better security as these cannot be captured by key-loggers.
5. ATM THREATS
The Automated Teller Machine (ATM) was first commercially introduced in the 1960s. By 2005, there were over 1.5 million ATMs installed worldwide. The ATM has enhanced the convenience of customers by enabling them to access their cash wherever required from the nearest ATM. Financial institutions have implemented many strategies to upgrade the security at their ATMs and to reduce scope for fraud. These include choosing a safe location for installing the ATM, installation of surveillance video cameras, remote monitoring, anti-card skimming solutions, and increasing consumer awareness.
- The fraudster inserts a folded piece of plastic film into the ATM card slot so that it will hold the card and will not allow it to be expelled by the machine.
- Another method involves use of fake cards using data collected from tiny cameras and devices called “skimmers” that capture and record bank account information.
- Another interesting method of ATM frauds involves the use of “duplicate ATMs” by the fraudsters that uses software which records the passwords typed on those machines.
- Enable your mobile phone number and e-mail with your banking transactions for timely SMS and e-mail alerts.
- Your Financial Institution or Bank will never send you an e-mail asking you to enter your Banking details online.
- Check regularly your credit card or bank account details and keep track of your transactions.
- Update your details such as change of address for receipt of cheque books, statements, debit/ credit cards at the right address.
- For protecting phishing attacks, your browser should be enabled with phishing filters and never click links in your e-mail for updating and transactions.
- Keep a strong and easy to remember password and change it regularly.
- Vishing is a form of phishing, where instead of people receiving an e-mail trying to lure them into giving personal information, the criminal uses a phone call, either live or automated to attack the bank or credit union customer and get critical information.
- Try to restrict yourself from giving personal information when you receive a call from a Bank or Credit Card Provider.
- Look for a “no tampering” sign. Crooks often place these to stop anyone curious about a new piece of equipment.
- Steer clear of a jammed ATM machine that forces customers to use another ATM that has a skimmer attached. Often, the criminal will disable other ATMs in the area to draw users to the one that has the skimming device on it
- Customers should check their bank accounts regularly to make sure there are no unusual or unauthorized transactions. If you find any unauthorized ATM transactions on your bank account, immediately notify local law enforcement agency as well as your Financial institution and/ or the establishment where the ATM is located.
- Always protect your PIN: Don’t give the number to anyone, and cover the keypad while you are entering yours.
6. ONLINE BANKING
Online Banking can also be referred as Internet Banking. It is the practice of making bank transactions or paying bills through the internet. We can do all financial transactions by sitting at home or office. Online banking can be used for making deposits, withdrawals or we can even use it for paying bills online. The benefit of it is the convenience for customers to do banking transactions. The customers need not wait for bank statements, which arrive by e-mail to check their account balance. They can check their balance each and every day by just logging into their account. They can catch the discrepancies in the account and can act on it immediately.
Link Manipulation: Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers.
Filler Evasion: Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.
Phishing Attacks: An e-mail message from a large online retailer or Internet Bank website announces that your account has been compromised and need to be updated and gives the link to update the same. So you follow a link in the message, if you click on the link it leads to the website that is as similar as original website, it is spoofed login page. If you give the account details that will be redirected to the attacker and it might be misused.
Malware attacks: Attackers try to send the malware through attachments, try to trap you by sending false e-mails with attachments saying to update your account information.
Clampi Virus Targets Users at Banks and Credit Card Sites: Keeping up with the latest Web security threats is a daunting task, because viruses and Trojans emerge, evolve, and spread at an alarming rate. While some infections like Nine Ball, Conficker, and Gumblar have hit the scene and immediately become the scourge of the cyber security world, others take their time – quietly infiltrating more and more computers before revealing the true depth of the danger they pose. One such slow grower is Clampi, a Trojan that made its debut as early as 2007 (depending on who you ask) but is only now raising hairs outside professional security circles. Clampi primarily spreads via malicious sites designed to dispense malware, but it’s also been spotted on legitimate sites that have been hacked to host malicious links and ads. Using these methods, Clampi has infected as many as half a million computers, Joe Stewart, of Secure Works, told a crowd at the Black Hat Security Conference in July, USA Today reports. Once installed on a PC, the Trojan quietly waits for you to visit a credit card or banking Web site. When it detects you’re on one of the roughly 4,600 financial Web sites it’s trained to watch, it records your username and password, and feeds that information back to the criminals. Clampi can even watch for network login information, allowing it to spread quickly through networked PCs (e.g., those in an office). In fact, it seems that businesses have been the primary target of Clampi so far. According to the Times Online, in July, an auto parts shop in Georgia was robbed of $75,000 when criminals stole online banking information using Clampi. The Trojan was also used to infiltrate computers for a public school district in Oklahoma and submit $150,000 in fake payroll payments.
- Never click web links in your e-mail and no bank will ask you to update the accounts through online.
- Never provide personal information including your passwords, credit card information, account numbers to unknown persons.
- Never keep username, account name and passwords at one place. Always try to remember passwords.
- Always use phishing filters at your Internet browser.
- Do not click any images in the web sites if you are unsure.
- Confirm whether e-mail is received from bank or not.
- Be cautious while providing bank details via online, before proceed further confirm with bank about the e-mail you received. Think that if something is important or urgent why don’t bank calling me instead of sending e-mail?
- Delete all cookies and history file before you perform online transactions.
- Always use virtual keyboard while accessing online banking.
- Delete all the history and cookies once you are done with online transactions.
- Avoid accessing online banking in cybercafes.
7. Online Shopping
Online shopping has become very popular to purchase all things without leaving your home, and it is a convenient way to buy things like electronic appliances, furniture, cosmetics, and many more. We can avoid the traffic and the crowd. We can buy at any time instead of waiting for the store to open. Apart from all these advantages risks are also there. It is very much important to take some safety measures before you go for online shopping.
Tips for safe online shopping
- Before you go for online shopping make sure that your PC is secured with all core protections like antivirus, anti spyware, firewall including system updated with all patches and web browser security.
- Before buying things, one should research about the web site from which he/she wants to buy. Attackers try to trap with websites that appear to be legitimate, but they are not. So make a note of the telephone number and physical address of the vendor and confirm that the website is a trusted site. Search for different web sites and compare the prices. Check the reviews of consumers and media of that particular web site or merchants.
- If you are ready to buy something online, check whether the site is secure like https or padlock on the browser address bar or at the status bar and then proceed with financial transactions.
- After finishing the transaction take a print or screenshot of the transaction records and details of purchase data like price, confirmation receipt, terms and conditions of the sale.
- Immediately check the credit card statements as soon as you finish online transaction. Verify about the charges you paid were same, and if you find any changes immediately report to concerned authorities.
- After finishing your online shopping clear all the web browser cookies and turn off your PC since spammers and phishers will be looking for the system connected to the Internet and will try to send spam e-mails and will try to install the malicious software that may collect your personal information.
- Beware of the e-mails like “please confirm of your payment, purchase and account details for the product”. Remember legitimate business people never send such e-mails. If you receive such e-mail immediately call the merchant and inform the same.
- A new kind of fraud attempt is being observed in the case of mobile wallets. User should be careful and should not disclose his/her PIN.
8. MOBILE SECURITY
Providing mobile PC or mobiles to access internet for official purpose and for remote access to all business applications may put a personal or organization’s vital information at risk. For professionals or individual users, using mobile or mobile PC, there are plenty of benefits such as work from anywhere, etc. The mobile devices have their own characteristics but also with security concerns such as sensitive information access with mobiles.
There are various threats, which can affect the mobile users in several ways. For example, sending multimedia messages and text messages to the toll free numbers, unknowingly clicking for a message received through the mobile phone. Now-a-days many malicious programs have come which will try to get access over mobile phones and laptops and steal the personal information inside it.
Exposure of critical information: Small amounts of WLAN signals can travel significant distance, and it’s possible to peep into these signals using a wireless sniffer. A wireless intruder could expose critical information if sufficient security isn’t implemented.
Lost or Stolen devices: Even if sufficient security is implemented in wireless Virtual Private Networks (VPNs), if a device is lost or stolen, the entire corporate intranet could be threatened if those devices aren’t protected by a password and other user-level security measures.
Mobile Viruses: Mobile Viruses can be major threat, particularly with devices that have significant computational capabilities. Mobile devices, in general are susceptible to Viruses in several ways. Viruses can take advantage of security holes in applications or in applications or in the underlying Operating System and cause damage. Applications downloaded to a mobile device can be as Virus-prone as desktop applications. In some mobile OS, malformed SMS messages can crash the device.
Bluejacking: Bluejacking is sending nameless, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. Bluejacking depends on the capability of Bluetooth phones to detect and contact another Bluetooth enabled device. The Bluejacker uses a feature originally proposed for exchanging contact details or electronic business cards. He or she adds a new entry in the phone’s address book, types in a message, and chooses to send it via Bluetooth. The phone searches for other Bluetooth phones and, if it finds one, sends the message. Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone. Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to “undiscoverable”.
Bluesnarfing: Bluesnarfing is the theft of data from a Bluetooth phone. Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to detect and contact others nearby. In theory, a Bluetooth user running the right software on a laptop can discover a nearby phone, connect to it without your confirmation, and download your phonebook, pictures of contacts and calendar. Your mobile phone’s serial number can also be downloaded and used to clone the phone. You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others.
E-mail Viruses: E-mail Viruses affect PDAs in much the same way regular e-mail Viruses affect PCs. These Viruses are costly to enterprises and interrupt normal business too. PalmOS/ LibertyCrackis an example of a PDA e-mail virus. It’s a known Trojan horse that can delete all applications on a Palm PDA.
Malicious softwares like Worms, Spywares and Trojans: Worms may disturb the phone network by spreading from one mobile to other mobile through Bluetooth transfer, Infrared transfer or through MMS attachments. Spyware that has entered into the mobile phone through Bluetooth may transfer the personal information to the outside network. The Trojan which got installed along with the game application in the mobile may send SMS messages to expansible members and may increase the phone bill.
Guidelines for securing mobile devices
- Be careful while downloading applications through Bluetooth or as MMS attachments. They may contain some harmful software, which will affect the mobile phone.
- Keep the Bluetooth connection in an invisible mode, unless you need some user to access your m obile phone or laptops. If an unknown user tries to access the mobile phone or laptop through blue tooth, move away from the coverage area of blue tooth so that it automatically gets disconnected.
- Avoid downloading the content into mobile phone or laptop from an untrusted source.
- Delete the MMS message received from an unknown user without opening it.
- Read the mobile phone’s operating instructions carefully mainly regarding the security settings, pin code settings, Bluetooth settings, infrared settings and procedure to download an application. This will help in making your mobile phone secure from malicious programs.
- Activate the pin code request for mobile phone access. Choose a pin, which is unpredictable and which is easy to remember for you.
- Use the call barring and restriction services provided by operators, to prevent the applications that are not used by you or by your family members.
- Don’t make you mobile phone as a source for your personal data, which is dangerous if it falls in to the hands of strangers. It is advisable not to store important information like credit card and bank cards passwords, etc in a mobile phone.
- Note the IMEI code of your cell phone and keep it in a safe place. This helps the owner to prevent access to the stolen mobile. The operator can block a phone using the IMEI code.
- Regularly, backup important data in the mobile phone or laptop by following the instructions in the manual.
- Define your own trusted devices that can be connected to mobile phone or laptop through Bluetooth.
- Use free cleansing tools, which are available in the Internet to make your mobile work normally, whenever it is affected by malicious soft wares.