COMPUTER SECURITY RISKS

PHISHING

• EXAMPLES:– “We suspect an unauthorized transaction on

your account. To ensure that your account is not compromised, please click the link below and confirm your identity”

– “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

PHISHING• Spam e-mail or pop-up messages• Trying to get personal information

– Credit card numbers– Bank account information– Social Security numbers– Passwords

• Messages claim to be from a business or organization you would deal with

• Messages typically ask you to update, validate or confirm your information

• Messages direct you to a website that looks just like the organization’s site

Phishing

• TIPS TO AVOID PHISHING SCAMS:– If you get an email or pop-up that asks for personal or

financial information do not reply and do not click on the link in the message

– Use anti-virus software and a firewall, and keep them up to date

– Don’t email personal or financial information– Review credit card and bank account statements as

soon as you receive them– Be cautious about opening any attachment or

downloading any files from emails– Forward spam that is phishing for information to

spam@uce.gov and to the company that was impersonated

– If you believe you’ve been scammed file a complaint at ftc.gov

PHARMING

• Pharming is a scamming practice in which malicious code is installed on a personaly computer or server, misdirecting users to a fraudulent Web site without their knowledge or consent– Large numbers of computer users are victimized– Code can be sent in an email– Even if you type in correct web site address you will

be directed to the fraudulent site (DNS poisoning)– Used to collect personal information for identity theft

SPAM

• May be simply annoying• May contain bogus offers and fraudulent

promotions• May be used for Phishing and Pharming• Can install hidden software on your

computers• Can use your computer to send more

spam (botnet)

SPAM SCAMS

• 10 SPAM SCAMS:– The “Nigerian” email scam– Phishing– Work-at-home scams– Weight loss claims– Foreign lotteries– Cure-all products– Check overpayment scams– Pay-in-advance credit offers– Debt relief– Investment schemes

SPAM/FIGHTING BACK

• Be skeptical• If it looks to good to be true, it probably is• Install a spam filter and keep it updated• Block spam email through your filter when

you receive them• Do not open any attachments you are not

expecting

SPOOFING• Email spoofing is the forgery of an email

header so that the message appears to have originated from someone or somewhere other than the original source

• It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants to say.– Someone could send a message that appears

to be from you with a message that you didn’t write

BOTS/BOTNETS• A botnet, also known as a “zombie army”

usually is made up of tens or hundreds of thousands of home computers sending emails by the millions

• Most spam is sent by home computers that are controlled remotely and that millions of the home computers are part of botnets

• Do much more harm than sending out spam and phishing scams

BOTS/BOTNETS• OFTEN USED FOR:

– Denial of service attacks (DOS)– Extortion– Advertising click fraud

• HOW COMMON ARE THEY– One botnet was found with about 1.5 millions

machines under one person’s control– Symantec’s Internet Threat Report says 26%

of all bot-infected computers are located in the US (number one source of bots)

BOTS/BOTNETS• PROTECTING YOURSELF

– Use anti-virus and anti-spyware software and keep it up to date

– Set your operating system software to download and install security patches automatically

– Be cautious about opening any attachments or downloading files from emails you receive

– Use a firewall to protect your computer from hacking attacks while it is connected to the Internet

– Disconnect from the Internet while you are away from your computer

– Download free software only from sites you know and trust

– Check your sent items file or outgoing mailboxes for messages you did not send

– Take action immediately if your computer is infected

IDENTITY THEFT• Occurs when someone uses your name, Social

Security number, credit card number or other personal information without your permission to commit fraud or other crimes– FTC estimates as many as 9 million Americans have

been victims– Identity thieves may rent an apartment, obtain a credit

card, or establish a telephone account in your name – Some identity theft victims can resolve their problems

quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. 

– Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports.

– In rare cases, they may even be arrested for crimes they did not commit.

How do thieves steal an identity?

– Identity theft starts with the misuse of your personally identifying information your name and Social Security number, credit card numbers, or other financial account information.

• Skilled identity thieves may use a variety of methods to get hold of your information, including:– Dumpster Diving. They rummage through trash looking for bills or other

paper with your personal information on it. – Skimming. They steal credit/debit card numbers by using a special

storage device when processing your card. – Phishing. They pretend to be financial institutions or companies and

send spam or pop-up messages to get you to reveal your personal information.

– Changing Your Address. They divert your billing statements to another location by completing a change of address form.

– Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.

– Pretexting.  They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. 

• Once they have it, here’s what they do with it:

– Credit card fraud– Phone/Utilities fraud– Bank/finance fraud– Government documents fraud– Use your social security number to get a job– Rent a house or get medical services using your

name– Give your personal information to police during an

arrest – when YOU don’t show up a warrant is issued for your arrest

How do you find out?

• You may find out when bill collection agencies contact you for overdue debts you never incurred.

• You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan.

• You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.

What should you do?

• File a police report (Identity theft report)• Check credit reports and notify credit

report agency• Notify creditors• Put a freeze on your credit accounts• Dispute any unauthorized transactions on

your account• Notify your financial institutions

Protecting yourself• Don't leave outgoing mail in an unsecured location. Deposit

mail in USPS collection boxes. • Don't leave mail in your mailbox overnight or on weekends. • Have your mail held at the post office while you're out of town. • Get a mailbox that locks. • Use anti-spyware and anti-virus software. • Be wary of online shopping sites. Only shop at sites that you

trust and are secure. Don't get baited by phishers. • Encrypt your wireless internet connection. • Erase your hard drive if you ever sell or give away your

computer. • Buy a shredder and shred all documents that have personal

information in them

• Immediately report lost or stolen credit cards and debit cards.

• Don't keep your social security card in your wallet.

• Never provide your personal information to anyone who contacts you through a phone solicitation.

• Check your bills and bank statements as soon as they arrive.

• Opt out of pre-approved offers.

• Check your credit reports for free.

• Don't list your date of birth and/or social security number on resume. • Use your ATM card wisely.

• Guard your checkbook

• Select strong passwords.

• Secure personal information in your own home.

• Know who else has your information

DATA MINING• Data mining is sorting through data to identify

patterns and establish relationships. Data mining parameters include: – Association - looking for patterns where one event

is connected to another event – Sequence or path analysis - looking for patterns

where one event leads to another later event – Classification - looking for new patterns (May result

in a change in the way the data is organized but that's ok)

– Clustering - finding and visually documenting groups of facts not previously known

– Forecasting - discovering patterns in data that can lead to reasonable predictions about the future

DATA MINING

• Uses:– Retail stores/grocery stores use it to track customer’s

purchasing habits (Preferred Values Card)– Amazon.com uses it to supply it’s customers with

purchase suggestions: “Customers who purchased this item also purchased…” or “45% of users who viewed this item purchased it, 20% purchased…” and so on

– The Pentagon pays a private company to compile data on teenagers it can recruit to the military.

– The Homeland Security Department buys consumer information to help screen people at borders and detect immigration fraud