WBXPress

About Circulars Schemes Tools e-Books Forums Topics Members Activity
Welcome! Get Free Membership Now to Access Everything. Already a Member? Then Login Here.

Police

How to remain Cyber-Safe

Eight technology-driven situations to remain cyber-safe. 1. Password Threats, 2. E-Mail Security, 3. Online Scams, 4. Social Networking Risks, 5. ATM Threats, 6. Online Banking, 7. Online Shopping and 8. Mobile Security.

Contents at a glance

  1. Password Threats
  2. E-Mail Security
  3. Online Scams
  4. Social Networking Risks
  5. ATM Threats
  6. Online Banking
  7. Online Shopping
  8. Mobile Security

How to remain Cyber-safe

Here, we shall discuss eight technology-driven situations in Cyber-space and how to remain cyber-safe. Every citizen, while working with internet using computing or cell phone – should know the basics of these situations and take appropriate precautions – while working on-line. Please remember proper “awareness” and “alertness” can save you from getting into trouble in this e-world.

1. PASSWORD THREATS

The passwords should not be shared with other persons as they might be misused. The Stolen passwords can be used by unauthorized users who may collect your personal information.

Shoulder Surfing:

One way of stealing the password is standing behind an individual and note the password while he/she is typing it (Shoulder Surfing). Shoulder surfing is a direct observation technique to get passwords, PINs, other sensitive personal information one may listen in on your conversation if you give your credit-card number over the phone. Shoulder surfing is easily done in crowded places. It’s comparatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Do not write passwords in disk or paper so that the Cheater get it easily.

Bruteforce attacks:

Another way of stealing the password is through guess. Hackers try all the possible combinations with the help of personal information of an individual. They will try with the person’s name, pet name (nick name), numbers (date of birth, phone numbers), school name … etc. When there are large number of combinations of passwords the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.

Dictionary attacks:

Hackers also try with all possible dictionary words to crack your password with the help of some software tools. This is called a “Dictionary attack”.

Sharing your passwords with strangers:

Sharing the passwords with the unknown persons (strangers) may also lead to loss of your personal information. They can use your login information and can get the access to your information. The operating system does not know who is logging into the system, it will just allow any person who enters the credential information into the login page. The persons like strangers after getting access to your information they can do anything with it. They can copy, modify or delete it.

Guidelines for maintaining a good password

2. E-MAIL SECURITY

E-mails are just like postcards from which the information can be viewed by anyone. When a mail is transferred from one mail server to another mail server there are various stops at which there is a possibility of unauthorized users trying to view the information or modify it.

Since a backup is maintained for an e-mail server, all the messages will be stored in the form of clear text though they have been deleted from your mailbox. Hence, there is a chance of viewing the information by the people who are maintaining backups. So, it is not advisable to send personal information through e-mails.

Some examples of e-mail fraud

Guidelines for using e-mail safely

3. ONLINE SCAMS

Online scam is an attempt to trap you for stealing money There are many types of online scams, this includes stealing money with fake names, fake photos, fake e-mails, forged documents, fake job offers and many more. Generally, it happens by sending fake e-mails for your personal details like online banking details, credit card details. Sometimes e-mails are sent from lottery companies with fake notice, whenever you participate in online auction and e-mails received for fake gifts.

Phishing scam: Online scammers send you an e-mail and ask your account information or credit card details along with a link to provide your information. Generally, the links sent will be similar to your bank. So whenever you post your details in the link then the details will be received by scammers and money is misused.

Lottery scam: Sometimes you receive an e-mail like “you won a lottery of million dollars” receiving such kind of mails is a great thing, and really it’s a happiest thing. By responding to such kind of mails huge amount of money will be lost. As these e-mails are not true, scammers try to fool and trap you to obtain money.

Online Auction: If you bid for a product you never get the product promised or don’t match the product, and the description given to you may be incomplete, wrong, or fake. The scammer accepts the bid from one person and goes for some other sites where they can get less than the winning bid so scammers may not send the product you wanted.

Forwarding Product or Shipping Scam: Generally, it happens for products that are purchased through online advertisement. Cheating may be done using stolen credit cards and shipping to your mail address. You will be fooled and asked to reship the product to others they might have deceived, who would again reship the product overseas.

E-mail Scam: Sometimes you get an e-mail with a message like — you have won something special like digital camera, webcam – all you need to do is just visit our web site by clicking the link given below and provide in your debit or credit card details to cover shipping and managing costs. However, the item never arrives but after some days the charges will be shown on your bank account, and you will lose money.

By e-mails: Generally, fraudsters send you an e-mail with tempting offers of easy access to a large sum of money and ask you to send scanned copies of personal documents like your address proof, passport details and ask you to deposit an advance fee for a bank account. So once you deposit the funds, they take money and stop further communication, leaving you with nothing in return.

Tips to Prevent Online Scams

Confirm whether e-mail is received from bank or not: Be cautious while providing bank details online and before proceeding further confirm with the bank about the e-mail you received. Think that, if something is important or urgent why doesn’t the bank call me instead of sending e-mail?

Confirm the shipping: Beware of shipping scam. Make sure you get authorized signed document via fax before proceeding further and make sure that you receive it from an authorized company.

Be cautious during online auction: Don’t be trapped with discounts and think wisely before you proceed with online auction. Think why $200 product would be $20.

Be aware about the product you receive via e-mail: Be aware about the products you get for a discounted price. Think why you have received e-mail for products when you never enter any online shopping or contest.

Don’t be trapped by lottery scam: Don’t get trapped by scammers and e-mails with a subject line you won some $10000. Just think why only you have received the e-mail without your participation!

4. SOCIAL NETWORKING RISKS

Social networking has become most popular activity in today’s Internet world, with billions of people across the world using this media to meet old friends, making new friends, to collect and share information. Social networking while being a/ popular media has several disadvantages associated with it. These sites can be trapped by scammers or hackers leading to loss of confidentiality and identity theft, of the users. Social Networking sites are becoming very popular especially among the youth. These sites expose the kids to various risks like online bullying, disclosure of personal information, cyber-stalking, access to inappropriate content, child abuse, etc. In addition, there are many more risks like fake profiles with false information, malicious application, spam, and fake links which lead to phishing attacks etc.

Spam: Spam is usually unwanted e-mail advertising about a product sent to list of e-mails or group of e-mail addresses. Spammers send the unwanted mails or messages to the billions of users of social networking sites which are free; and are easily accessable to gather the personal information of the unsuspecting users.

Scams: Online scammers generally send an e-mail or message with a link to the user which ask for the profile information and tells the user that it would add new followers. These links sent to the user would be similar to applications, games etc. So whenever the user post his details in the link then the details will be received by scammers and information would be misused.

Phishing: Phishing attack is creation of fake site just similar to original site. These days even social networking phishing has come in different flavours just like phishing attacks on banks and popular trading websites. Social networking phishing has come up with fake mails and messages like offering some specialized themes, updating the profile, updating the security application/features etc.

Clickjacking: Generally, clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A clickjacking takes the form of embedded code or script that can run without the user’s knowledge.

Malicious applications: Malicious application might come through different applications while using or installing software. Similarly, the clicking on the social networking application starts the application installation process or link to view the video, etc. In order to fulfil its intended operation the application requests for some elevated privileges from the user like access to basic information, update, post, etc. Sometimes e-mails are received with fake e-mail address like services@facebook.com by an attachment named, “Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe” that, the e-mail claims, contains the user’s new facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software.

Tips to avoid risks by social networking

5. ATM THREATS

The Automated Teller Machine (ATM) was first commercially introduced in the 1960s. By 2005, there were over 1.5 million ATMs installed worldwide. The ATM has enhanced the convenience of customers by enabling them to access their cash wherever required from the nearest ATM. Financial institutions have implemented many strategies to upgrade the security at their ATMs and to reduce scope for fraud. These include choosing a safe location for installing the ATM, installation of surveillance video cameras, remote monitoring, anti-card skimming solutions, and increasing consumer awareness.

RISKS

TIPS

6. ONLINE BANKING

Online Banking can also be referred as Internet Banking. It is the practice of making bank transactions or paying bills through the internet. We can do all financial transactions by sitting at home or office. Online banking can be used for making deposits, withdrawals or we can even use it for paying bills online. The benefit of it is the convenience for customers to do banking transactions. The customers need not wait for bank statements, which arrive by e-mail to check their account balance. They can check their balance each and every day by just logging into their account. They can catch the discrepancies in the account and can act on it immediately.

RISKS

Link Manipulation: Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers.

Filler Evasion: Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.

Phishing Attacks: An e-mail message from a large online retailer or Internet Bank website announces that your account has been compromised and need to be updated and gives the link to update the same. So you follow a link in the message, if you click on the link it leads to the website that is as similar as original website, it is spoofed login page. If you give the account details that will be redirected to the attacker and it might be misused.

Malware attacks: Attackers try to send the malware through attachments, try to trap you by sending false e-mails with attachments saying to update your account information.

Clampi Virus Targets Users at Banks and Credit Card Sites: Keeping up with the latest Web security threats is a daunting task, because viruses and Trojans emerge, evolve, and spread at an alarming rate. While some infections like Nine Ball, Conficker, and Gumblar have hit the scene and immediately become the scourge of the cyber security world, others take their time — quietly infiltrating more and more computers before revealing the true depth of the danger they pose. One such slow grower is Clampi, a Trojan that made its debut as early as 2007 (depending on who you ask) but is only now raising hairs outside professional security circles. Clampi primarily spreads via malicious sites designed to dispense malware, but it’s also been spotted on legitimate sites that have been hacked to host malicious links and ads. Using these methods, Clampi has infected as many as half a million computers, Joe Stewart, of Secure Works, told a crowd at the Black Hat Security Conference in July, USA Today reports. Once installed on a PC, the Trojan quietly waits for you to visit a credit card or banking Web site. When it detects you’re on one of the roughly 4,600 financial Web sites it’s trained to watch, it records your username and password, and feeds that information back to the criminals. Clampi can even watch for network login information, allowing it to spread quickly through networked PCs (e.g., those in an office). In fact, it seems that businesses have been the primary target of Clampi so far. According to the Times Online, in July, an auto parts shop in Georgia was robbed of $75,000 when criminals stole online banking information using Clampi. The Trojan was also used to infiltrate computers for a public school district in Oklahoma and submit $150,000 in fake payroll payments.

TIPS

7. Online Shopping

Online shopping has become very popular to purchase all things without leaving your home, and it is a convenient way to buy things like electronic appliances, furniture, cosmetics, and many more. We can avoid the traffic and the crowd. We can buy at any time instead of waiting for the store to open. Apart from all these advantages risks are also there. It is very much important to take some safety measures before you go for online shopping.

Tips for safe online shopping

8. MOBILE SECURITY

Providing mobile PC or mobiles to access internet for official purpose and for remote access to all business applications may put a personal or organization’s vital information at risk. For professionals or individual users, using mobile or mobile PC, there are plenty of benefits such as work from anywhere, etc. The mobile devices have their own characteristics but also with security concerns such as sensitive information access with mobiles.

There are various threats, which can affect the mobile users in several ways. For example, sending multimedia messages and text messages to the toll free numbers, unknowingly clicking for a message received through the mobile phone. Now-a-days many malicious programs have come which will try to get access over mobile phones and laptops and steal the personal information inside it.

Exposure of critical information: Small amounts of WLAN signals can travel significant distance, and it’s possible to peep into these signals using a wireless sniffer. A wireless intruder could expose critical information if sufficient security isn’t implemented.

Lost or Stolen devices: Even if sufficient security is implemented in wireless Virtual Private Networks (VPNs), if a device is lost or stolen, the entire corporate intranet could be threatened if those devices aren’t protected by a password and other user-level security measures.

Mobile Viruses: Mobile Viruses can be major threat, particularly with devices that have significant computational capabilities. Mobile devices, in general are susceptible to Viruses in several ways. Viruses can take advantage of security holes in applications or in applications or in the underlying Operating System and cause damage. Applications downloaded to a mobile device can be as Virus-prone as desktop applications. In some mobile OS, malformed SMS messages can crash the device.

Bluejacking: Bluejacking is sending nameless, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. Bluejacking depends on the capability of Bluetooth phones to detect and contact another Bluetooth enabled device. The Bluejacker uses a feature originally proposed for exchanging contact details or electronic business cards. He or she adds a new entry in the phone’s address book, types in a message, and chooses to send it via Bluetooth. The phone searches for other Bluetooth phones and, if it finds one, sends the message. Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone. Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to “undiscoverable”.

Bluesnarfing: Bluesnarfing is the theft of data from a Bluetooth phone. Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to detect and contact others nearby. In theory, a Bluetooth user running the right software on a laptop can discover a nearby phone, connect to it without your confirmation, and download your phonebook, pictures of contacts and calendar. Your mobile phone’s serial number can also be downloaded and used to clone the phone. You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others.

E-mail Viruses: E-mail Viruses affect PDAs in much the same way regular e-mail Viruses affect PCs. These Viruses are costly to enterprises and interrupt normal business too. PalmOS/ LibertyCrackis an example of a PDA e-mail virus. It’s a known Trojan horse that can delete all applications on a Palm PDA.

Malicious softwares like Worms, Spywares and Trojans: Worms may disturb the phone network by spreading from one mobile to other mobile through Bluetooth transfer, Infrared transfer or through MMS attachments. Spyware that has entered into the mobile phone through Bluetooth may transfer the personal information to the outside network. The Trojan which got installed along with the game application in the mobile may send SMS messages to expansible members and may increase the phone bill.

Guidelines for securing mobile devices

Download PDF Source