Slide 1

Download Report

Transcript Slide 1 

Internet Fraud
Can you be safe on the Internet?
Bob Samson
The Disclaimer
Marriott Vacation Club International (MVCI) disclaims
liability for any personal injury, property, or other
damages of any nature whatsoever, whether special,
indirect, consequential, or compensatory, directly or
indirectly resulting from the publication, use of, or
reliance on this course material. In issuing and making
this course available, MVCI is not undertaking to
render professional or other services for or on behalf of
any person or entity. Nor is MVCI undertaking to
perform any duty owed by any person or entity to
someone else. Anyone using this course material
should rely on his or her own independent judgment
or, as appropriate, seek the advice of a competent
professional in determining the exercise of reasonable
care in any given circumstance.
What will be covered today
• What is really happening on the Internet today?
• Five areas causing most of the problems
• Some good habits
• Some necessary habits
• Wrap up
The state of affairs today
Your Greatest Threats!
<<< From the Inside
From the Outside >>>
The Internet War Machines
• From the Inside:
– Accidental downloading of malware
– Falling for email con artists
– Purchasing dangerous products
– Giving away your data
• From the Outside:
– Viruses, worms, Trojan software
– Key Stroke Logging
– Bogus email extensions
– Web bugs, cookies, pixel tags
Meet the enemy – It’s You
• Do you:
– Sign up for free software?
– Browse unscrupulous websites?
– Open email attachments with dangerous extensions?
– Join YouTube, mySpace, Zanga, Bebo, or Facebook?
– Use Free Email services like Gmail, Hotmail or Yahoo?
– Fall for a phish?
– Want to get rich quick?
– Respond to surveys?
– Enter contests?
• Every day, people just give away
personal information.
their
What exactly is going wrong?
• Trickery and slight of hand
• Misrepresentation
• Greed
• Outright theft
• Aggregation of data
5 problem areas you need to watch
1.
Know your Computer is Safe
2.
Know how to spot a Phish
3.
Know your URLs
4.
Know your Email Extensions
5.
Know that you are followed wherever you Browse the
Internet
Is your computer safe?
• Building fences and walls
– Firewalls and routers
• Looking for the breaches
– Virus scanning
– Spyware and Rootkits
– Key Stroke loggers
• Locking your doors and windows
– Wireless Networks
• Keeping up with the criminals
– Updating of Application Software
What’s a deadly Phish?
Example “one” of a phish
Example “two” of a phish
Example “three” of a phish
BAD!
What do you think?
Good or bad?
Spaces
are not
permitted
So how do you catch a phish?
• No legitimate business ever asks for Personal
Information via email (no exceptions)
– A clue: a threatening or urgent message with
concern for your security
• Never call a phone number in the email to verify its
authenticity
• Never click on a link within an email and enter personal
information
• Never think you are smart enough to figure out if the
email is real
• Never trust a website linked via an email
Too good to be true?
Let’s look at a few examples:
• Check fraud and Nigerian Scams
• Lotteries (that you did not play in)
• Watch what you buy
Check Fraud & The Nigerian Scam
The Lottery Scam
Watch what you buy
• Cheap drugs
• Internet Auction sites
• Know your https:
• Sell your soul for a bottle
cap
Time to learn something
This is the
“address” bar
It displays a URL
Universal Resource
Locator
Can you find the URL scams?
• https://web-ao-da-us.citibank.com/cgi-bin/
• http://online.da.us.citibank.com.businesssupport.ru/
• http://www.kolemsveta.oz/www.citibank.com/index.php
• https://onlineservices.wachovia.com/
• http://ww3.nationalgeographic.com/
• http://secure-signin.ebay.com.ttps.us/
• http://www.latam.citibank.com/uruguay/
• http://24.130.75.227/mymbna/mbna/login/
First, find the real web site URL (Universal Resource
Locator)
Know your forward slashes
O
K
• https://web-ao-da-us.citibank.com/cgi-bin/
Scam
• http://online.da.us.citibank.com.businesssupport.ru/
Scam
• http://www.kolemsveta.oz/www.citibank.com/index.php
O
K
O
K
Scam
O
K
Scam
• https://onlineservices.wachovia.com/
• http://ww3.nationalgeographic.com/
• http://secure-signin.ebay.com.ttps.us/
• http://www.latam.citibank.com/uruguay/
• http://24.130.75.227/mymbna/mbna/login/
Tip: Look for the first “/” after the http:// or https://
What about email attachments?
• Can you spot a safe attachment?
Deadly
Could Be Deadly
Usually Safe
– .ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
.hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
.msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .url,
.vb, .vbe, .vbs, .wsc, .wsf, .wsh, .app, .fxp, .prg, .mdw,
.mdt, .ops, .ksh, .csh, .ceo, .cnf, .htm, .html, .mad, .maf,
.mag, .mam, .maq, .mar, .mas, .mat, .mav, .maw, .mht,
.mhtml, .scf, .uls, .xnk
– What about .doc, .pdf, .zip
– Or .bmp, .jpg, .tif
– One of the latest cyber crime techniques is the use of
videos to install malware (malicious software) and/or
Trojans just by watching the video
How data thefts occur
• Malicious software (malware) is placed on your computer via
an email attachment, deceptive website, freeware
• Your logins or passwords are captured, your Outlook Address
Book is stolen
• Your on-line bank accounts are raided
• Messages are sent under your name to those in your address
book
– Besides email, beware of eCards
• Your friends/contacts are compromised and the cycle
continues
• Computers, yours as well as your friends, are under the control
of criminals (zombies sending more phishing attacks to others)
Your browser is a tattletale
• Cookies
• Search Engines
• Aggregators
• Free email
• How web sites track you
You inquire about a
type of cancer
You enter your name,
address, etc. for a
purchase
You inquire about
treatment options
Web Site A
Medical
Website on
Cancer
Web Site B
Wig Purchase
over Internet
Web Site C
Info on Cancer
Treatments
Aggregator
Aggregator Sells Your Information
Aggregator
determines you
might have
cancer and
sells your
information to a
drug company
Some good habits for kids
• Children
– Keep the computer in a public space
– Disable administrator rights
– Monitor Social Networks
– Disable the feature in email that allows attachments
Some good habits for adults
• Adults
– Be very, very, very, very careful with email
– Use a virus scan program
– Update your software programs per manufacture's
recommended schedules
– Never respond to any email solicitation with the entry of
passwords, credit cards or other sensitive personal
information (never)
– Think twice about online services such as banking, bill
paying or investment management services
– Stay off of untrustworthy websites
– Don’t use free software, shareware
or browser add-ons
Some necessary habits for everyone
• Use strong passwords
• Change passwords (every 3 months)
• Think about encryption
• Back up regularly
So are you worried?
• You should be!
– Cyber crime is very real today, a multi-billion dollar
industry
– Cyber crime can destroy a person’s reputation, it can
destroy a nation’s infrastructure
– The new currency of crime is DATA!
• So what should you do?
– Knowledge should be your first weapon of choice