04 secure the human
•Télécharger en tant que PPTX, PDF•
1 j'aime•1,819 vues
The document discusses various ways that cybercriminals exploit computer and internet users. It details real-life cases such as malvertising that embeds malicious ads on websites, clickjacking that tricks users into revealing information, oversharing of personal information on social media, internet addiction, data collection addiction, credit card theft scams, and parcel delivery scams where criminals gain users' trust and steal money. The goal is to educate users on how to secure themselves from such threats by changing their mindsets and increasing education on technology security practices.
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à 04 secure the human
Similaire à 04 secure the human (20)
Plus de Ministry of Education Malaysia
Plus de Ministry of Education Malaysia (20)
Dernier
Dernier (20)
04 secure the human
- 1. Copyright © 2014 CyberSecurity Malaysia Secure the Human
- 2. 2 The bad guys are constantly looking for weaknesses of their prey in order to successfully execute their malicious activities on the internet. In this session, we’ll examine real life cases on how cybercriminal, scammers and hackers exploiting the computer and internet users. Wait no more. Secure the Human! Introduction Copyright © 2014 CyberSecurity Malaysia
- 3. 3 Goals Application, Operating System and Hardware are addressed by technology solution User needs to change their mindset & education on technology security “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology” - Bruce Schneier Copyright © 2014 CyberSecurity Malaysia
- 4. 4 Objectives Personal Information Malvertising Survey Scam Clickjacking Oversharing Personal Life Facebook Threats Internet Addiction Dataholic Credit Card Theft Scam Parcel Delivery Scam Copyright © 2014 CyberSecurity Malaysia
- 5. 1) Our Personal Information You Your Children Your Siblings & Relatives Your Friends Your Office Mate 5 Spouse Interested Party
- 6. Copyright © 2011 CyberSecurity Malaysia 6 2) Malvertising Online security experts have called for greater efforts to protect internet users, amid rising concerns that adverts on popular websites are being used by criminals as a way to target unsuspecting web users.
- 7. Copyright © 2011 CyberSecurity Malaysia 7 3) Free T-Shirt Scam Copyright © 2011 CyberSecurity Malaysia 7
- 8. Copyright © 2011 CyberSecurity Malaysia 8 Other Type of Scam Copyright © 2011 CyberSecurity Malaysia 8Copyright © 2011 CyberSecurity Malaysia
- 9. 9 4) Clickjacking Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly not harmful web pages Copyright © 2014 CyberSecurity Malaysia
- 10. Copyright © 2011 CyberSecurity Malaysia 10 International News http://www.thefacebookinsider.com/2011/05/the-osama-bin-laden-effect- facebook-scams-and-hoaxes-rise/
- 11. Copyright © 2011 CyberSecurity Malaysia 11https://addons.mozilla.org/en-US/firefox/addon/noscript/ NoScript - Firefox Addon
- 12. 12 5) Oversharing Personal Life
- 13. 13 Be Careful What You Say Copyright © 2014 CyberSecurity Malaysia
- 14. 14 Misleading Knowledge Sharing Copyright © 2014 CyberSecurity Malaysia
- 15. 15 Online Personal Diary Copyright © 2014 CyberSecurity Malaysia
- 16. 16 Oversharing Location Copyright © 2014 CyberSecurity Malaysia
- 17. 17 List of Empty Homes Looking for Empty Houses
- 18. 18 6) Facebook Threats Social Engineering attacks (clickjacking) Malware Attack (koobface) Privacy Setting (Information Leakage) Oversharing Information Human Behaviour & Social Interaction Copyright © 2014 CyberSecurity Malaysia
- 19. Copyright © 2011 CyberSecurity Malaysia 19 Weird Story - Modern Witchcraft
- 20. 20 Fight Club Copyright © 2014 CyberSecurity Malaysia
- 21. 21 Cyber Casanova Copyright © 2014 CyberSecurity Malaysia
- 22. Copyright © 2011 CyberSecurity Malaysia 22 What Anuar Zain Says About Social Networks http://mstar.com.my/hiburan/cerita.asp?file=/2010/12/12/mstar_hiburan/201012111447 55&sec=mstar_hiburan
- 23. 23 7) Internet Addiction Internet addiction or, more broadly, Internet overuse, problematic computer use or pathological computer use, is excessive computer use that interferes with daily life. Copyright © 2014 CyberSecurity Malaysia
- 24. 24 Internet Addiction Categories Games Addiction behavioural addition on online gaming vulnerable groups: teens root cause: extra excitement, multiplayer impact: malnutrition, not enough sleep symptom: non-stop gaming activities Chatting Addition behavioural addition on chat application vulnerable groups: teens root cause: loneliness, trust, comfort impact: malnutrition, not enough sleep symptom: non-stop chatting activities
- 25. 25 Another Categories Copyright © 2014 CyberSecurity Malaysia
- 26. 26 Local News Copyright © 2014 CyberSecurity Malaysia
- 28. Copyright © 2011 CyberSecurity Malaysia 28 Measure Your Addiction http://www.netaddiction.com/resources/internet_addiction_test.htm
- 29. 29 8) Dataholic Information Overloaded Information Collection Interesting Information Copyright © 2014 CyberSecurity Malaysia
- 30. 30 Dataholic Definition Copyright © 2014 CyberSecurity Malaysia
- 31. Copyright © 2011 CyberSecurity Malaysia 31 Mobile Internet Devices Laptop Table PC Smartphone
- 32. Copyright © 2011 CyberSecurity Malaysia 32 Location, Location, Location
- 33. Copyright © 2011 CyberSecurity Malaysia 33 Deep Trouble
- 34. 34 9) Credit Card Theft Scam credit card service scam cloned credit card victim’s money Everyone who has credit card. Malicious website which provide services and ask for card information. Cloned credit card will be sold in the underground market. Victim and victim’s bank will bear the losses. Copyright © 2014 CyberSecurity Malaysia
- 35. Copyright © 2011 CyberSecurity Malaysia 35 Is My Credit Card Stolen? http://ismycreditcardstolen.com/
- 36. Copyright © 2011 CyberSecurity Malaysia 36 Raising Awareness
- 37. Copyright © 2011 CyberSecurity Malaysia 37 Underground Cybercrime Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. http://kingpin.cc/
- 38. Copyright © 2011 CyberSecurity Malaysia 38 Local News http://www.mmail.com.my/content/16159-malaysian-hub-credit-card-fraud
- 39. Copyright © 2011 CyberSecurity Malaysia 39 International News http://www.haveeru.com.mv/english/?page=details&id=22461
- 40. 40 10) Parcel Delivery Scam chatting email notification parcel delivery website money mule Find the victim and gain the trust. Parcel scam begins with parcel delivery stuck for custom clearance. Verify the scam with the tracking code in the website Fees need to be paid to the local banks and money mule will transfer to the cyber criminal Copyright © 2014 CyberSecurity Malaysia
- 41. 41 Chatting Hi Hi A/S/L? I’m Edward from England Oh I’m 35, Liza from KL Sweet! Single? Yeah, sort of … Find the victim and gain the trust. Cybercriminal Victim Copyright © 2014 CyberSecurity Malaysia
- 42. 42 Chatting (cont’d) I’m in love with you I know. I love u too! I’d like to come to Malaysia and marry you! Next Month Oh really? I’m going to send you some gifts + cash How Sweet! After few months of romantic moments Cybercriminal Victim Copyright © 2014 CyberSecurity Malaysia
- 43. Copyright © 2011 CyberSecurity Malaysia 43 Email Notification From: Pro-Link International Express Courier <southeastasia@plinkcourier.com Date: Tue, Apr 20, 2010 at 9:23 AM Subject: Parcel Withheld Pending Clearance. To: LIZA Date: 20th April, 2010. Tracking Code: 1438312582 Dear Valued Customer, With reference to the delivery of your package, we wish to bring to your notice that your package has been placed on hold by the Malaysian customs for some reasons which happened to violate the shipping policies. As the goods arrived Malaysian custom check point, the Malaysian custom detected that currency notes were included in your parcel.
- 44. Copyright © 2011 CyberSecurity Malaysia 44 Email Notification (cont’d) Thereby, certain commissions must be paid as customs duty via us which is for the immediate clearance of your package. In the mean time, the reference of tracking on the status of your package is "pending", which is in accordance with the mode of operation in the courier sector for financial delivery. We have already taken order number for this package from the custom. You are required to follow all instructions to be given to you to facilitate the release of your package. To do this, you are required to pay the required charges listed below for the immediate release of your package. Upon confirmation of payment, your package will be delivered to your address above in less than 24 business hours. Outstanding Charges: Administrative .........................RM 2,550.00 Clearance.............................. RM 1,500.00 TOTAL = RM4, 050.00 A total of 4, 050.00 Malaysian ringgit has been charged.
- 45. Copyright © 2011 CyberSecurity Malaysia 45 Parcel Delivery Website
- 46. Copyright © 2011 CyberSecurity Malaysia 46 Parcel Delivery Website - Enter the Tracking Code
- 47. 47 Parcel Delivery Website - DNS Lookup Domain Name: PLINKCOURIER.COM Registrar: ONLINENIC, INC. Whois Server: whois.onlinenic.com Referral URL: http://www.OnlineNIC.com Name Server: NS1.MESRADNS.NET Name Server: NS2.MESRADNS.NET Status: clientTransferProhibited Updated Date: 15-apr-2010 Creation Date: 15-apr-2010 Expiration Date: 15-apr-2011 Copyright © 2014 CyberSecurity Malaysia
- 48. 48 Local News Cybercriminal Victim Copyright © 2014 CyberSecurity Malaysia
- 49. 49 Summary Personal Information Malvertising Survey Scam Clickjacking Oversharing Personal Life Facebook Threats Internet Addiction Dataholic Credit Card Theft Scam Parcel Delivery Scam Secure the Human Copyright © 2014 CyberSecurity Malaysia
- 50. Copyright © 2013 CyberSecurity Malaysia 50
Notes de l'éditeur
- Welcome! This lesson will highlight the 10 basic online safety so that the computer users will take precaution steps while surfing the internet and log in safely to the online services. In Secure the Computer lesson, we learnt on how to secure our computer whereas in this lesson, we will learn on how to secure the computer user - the weakest link in the any security defenses. It is expected that We have secured our computer by employing the security tips in Secure the Computer. We are connected to the secured networks for the internet access Note: The computer user means YOU not the other person. Please be serious about this lesson! Now, lets learn on how to secure the computer users.
- Once we connected to the internet, we are susceptible to the malicious attackers from the internet. The malicious attackers are constantly looking for technology-oriented and user-oriented flaws in order to compromise our computers. The technology-oriented attacks are based on the flaws that exist in our hardware, software and application whereas the user-oriented attacks are more focused on the luring the computer users into the traps. We will examine in this lesson on user-oriented attacks such as phishing, clickjacking and many more that haunted computer users on cyberspace. Therefore computer users need to be educated in types of attacks i.e. user-oriented attacks. In addition, we need to understand behavioural impact to our life as well. To know about the about hacker, computer crime and wanted lists, please refer to these links Hacker - http://en.wikipedia.org/wiki/Hacker_(computer_security) Computer Crime - http://en.wikipedia.org/wiki/Cyber_criminals List of Hackers - http://en.wikipedia.org/wiki/List_of_hackers Wanted Cyber Criminals - http://www.fbi.gov/wanted/cyber
- Bruce Schneier once said, “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology”. It is very true! In the nutshell, the malicious attackers view two types of attacks in terms of technology-oriented attacks (hardware, software, application) such as Win hacking, PDF exploits user-oriented attacks (computer user) such as phishing, clickjacking However, technology-oriented attacks (hardware, software, application) are addressed by the technology solution such as patch update, antivirus protection and firmware updates whereas user-oriented attacks (computer user) is not protected by technology solution except education on security mindset and cyber safety. This lesson is aimed to secure the computer users against user-oriented attacks by malicious attackers and possible behavioural impacts on internet usage. Important Note: Please change our perception that having password and antivirus are good enough!
- In this lesson, we will investigate the user-oriented flaws that plague among majority of computers. Some of these flaws can be solved just having password and antivirus alone but the computer users ought to understand the implication of these flaws. Besides that the computer users need to be aware on the social and behavioural implication of excessive the internet usage. The objectives of this lesson are to highlight the importance of personal information in cyberspace to introduce the new threat vector - malicious advertisement to understand how survey scam attack works to understand how clickjacking attack works to learn the implication of oversharing information to hightlight the Facebook Threats to understand the implication of social and behavioural of excessive internet use to expose on how scam works (credit card theft and parcel delivery scam) By the end of this lesson, we will realize that password and antivirus are not enough for our security defense. Secure the Human!
- Our greatest asset is our personal information. Most of personal information disclosure cases happened due to our personal information have been uploaded by some else on the internet. It could be in the form of pictures, videos , SMS, MMS, email, instant messaging and other sensitive documents. Inevitably, other people are hold our personal information i.e. our spouse, our kids, our siblings, our friends and our office mate. They could upload our information on website, blogs, social media such Facebook, Flickr etc. Question: How much internet know about us? To know how much know about us, we could do the following steps Google Search - search for this keyword “Your Full Name” or “Your Name” “Organisation” People Search - search your name by using pipl website (http://pipl.com/) Additional Notes: Remember to use your full name, just your name or your nickname and organisation could be your company, university or school. Find any information about you in website, blogspot, Facebook, Twitter, Flickr, Youtube etc
- Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto our computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements, because both Adobe PDF and Adobe Flash are widely used by the most of the Internet population, and highly targeted through a wide range of security vulnerabilities. To block any advertisement on website, we can use this online ads blocker Online Ads Blocker - http://adblockplus.org/en/ Additional information Online Ads Case Study - http://thenextweb.com/dd/2011/12/06/ads-the-death-of-user-experience-on-cnn-forbes-mashable/ Malicious advertising - http://www.usatoday.com/money/industries/technology/story/2011-10-31/corrupted-ads/51048084/1
- If we come across any post on Facebook walls that says “GET A FREE facebook T-SHIRT”, please Ignore it. This is the other type of social engineering attack to capture user data. The malicious attackers have created the fake web page resemble with Facebook user interface. If we fall to this “GET A FREE facebook T-SHIRT” trap, the malicious attackers are asking us to complete specific steps in order to be able to receive our T-shirt. STEP 1 The malicious attacker will first ask us to share their page on our wall, so that our friends can also participate this offer. STEP 2 We will be asked to join their group, so that they can repeatedly spam our Facebook Inbox with their offers. STEP 3 The malicious attacker will ask us to Register For their Free T-shirt. If we do register to this offer, the malicious attackers have just collected our personal details Congratulation! Now the malicious attackers be able to use our personal information to register any website or spam our email account with their scam offers. To know more about this scam - luring the users for free t-shirt, Facebook Free T-Shirt Scam - http://research.zscaler.com/2011/09/facebook-free-t-shirt-scams-take.html
- In case we are curious to know how many people visit our Facebook profile, hold our curiosity. The app 'My Total Facebook Views' which has been another Facebook scams. The rogue application attempts to trick Facebook users to click a malicious link that tells the number of people who visited their profile. Upon clicking the link, users are asked to fill out a survey and grant them access to their personal information Additional References 'My Total Facebook Views' Scam Spreads On Facebook http://www.huffingtonpost.com/2011/01/21/my-total-facebook-views-scam_n_812410.html Want to know your total Facebook views? Beware scam spreading virally http://nakedsecurity.sophos.com/2011/01/20/my-total-facebook-views-scam/
- Clickjacking is a malicious tactic of tricking internet users into revealing confidential information or taking control of their computer while clicking on seemingly harmless website. The flaws found across a variety of browser and platform, clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. Malicious attackers are targeting Facebook platform due to the size of total user base - to increase the odds of successful attacks. According to a statement from Facebook, the attack used bait links to trick users into launching script that cut and pasted JavaScript code into the URL, "causing them to unknowingly share this offensive content. Facebook has taken steps to shut down the malicious websites used in the attack, and said that it has reduced their frequency—but didn't say that the attack was over. Additional references Facebook "clickjacking" spreads across site http://www.bbc.co.uk/news/10224434 Viral clickjacking 'Like' worm hits Facebook users http://nakedsecurity.sophos.com/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/ When a Facebook friend gets Clickjacked, what should you do? http://nakedsecurity.sophos.com/2011/03/25/clickjacked-on-facebook/
- A link which claims to point to a video of the death of Osama bin Laden has been spread virally across Facebook today, just hours after the death of the Al Qaeda leader. The messages, posed as updates on Facebook users' walls, claim to point to banned video footage of Osama bin Laden's death. STEP 1 Clicking on the link takes us to a Facebook page which urges us to like and share the link with our Facebook friends, before we can watch the "shocking" footage. STEP 2 However, sharing the link with others just helps spread it further across the social network, and instead of a shocking video we are requested to complete before we can watch the footage. STEP 3 The scammers earn money every time a survey is completed, and that's why they want us to share the link with others. Congratulation! We have been duped!
- NoScript addon for Firefox is developed by Giorgio Maone and is available for free from the Mozilla. NoScript blocks active scripts from websites unless you specifically allow that site. For example, if we visit google.com, scripts from google will be blocked. To unblock a site, simply click the NoScript options button in the bottom right corner of the browser and select "Temporarily allow sitename". Never select 'Allow Scripts Globally' as that would be defeating the entire purpose of NoScript. On some pages, we may need to temporarily allow more than one site. Always be sure we are only allowing the legitimate third party sites that are required. For example, when viewing a video on YouTube, you'll need to temporarily allow both youtube.com and ytimg.com. To download NoScript Addon for Firefox, please visit this website - https://addons.mozilla.org/en-US/firefox/addon/noscript/
- No one can deny that social networking has changed the way we communicate to the rest of the world. Social networking sites allow users to share ideas, activities, events, and interests within their virtual community networks. On the flip side, social networking sites such as Facebook and Twitter have opened a door to a host of problems that literally never existed before. The constant flux of personal information being uploaded on these sites has resulted in people constantly trying to keep up with the virtual community. People are so excited about being open they forget that spending time on these websites makes your personal information available for the entire world to see. Implication of Oversharing Personal Life on Social Networking Sites Oversharing Facebook posts that can cause you physical harm or robberies Oversharing that can cause you humiliation and embarrassment Oversharing can cause your children humiliation and embarrassment Oversharing can cost you a job Example - Charlie's losing on Twitter (New York Post, December 11,2011) Charlie Sheen’s cellphone went into a meltdown after he accidentally tweeted his personal phone number while trying to direct-message Justin Bieber to call him. The tiger-blooded actor had yet another trademark “#winning” moment when he mistakenly tweeted his private digits to his 5 million Twitter followers over dinner at Michelin-starred restaurant Guy Savoy in Vegas last week. The former “Two and a Half Men” star — hoping to send a private message to Bieber to get him to call — sent out the message, “310-954-7277 Call me bro. C,” and followers quickly retweeted the message.
- Something exciting, disappointing or resenting moment happens in our life, and the first thing many of us do is update our status Facebook. Certain posts or status updates can reveal a lot more information than us probably want, to people we never intended to share it with. As a general rule, refrain from posting things online that we will regret later. To know more cases on the implication of oversharing personal information, check these out The Perils of Oversharing on Facebook http://blogs.wsj.com/digits/2009/08/21/the-perils-of-oversharing-on-facebook/ Facebook felon! Thief posts crime photos, gets caught http://www.thegrio.com/news/facebook-felon-thief-posts-crime-photos-gets-caught.php
- Blogger is a free service for communication, self-expression and freedom of speech. However, we are not expected to simply upload the content by ignoring certain morale value and abusing the principle freedom of speech to justify our self expression on the internet. Snippet from Blogger Content Policy Illegal activities: Don't use Blogger to engage in illegal activities or to promote dangerous and illegal activities. For example, don't author a blog encouraging people to drink and drive. Otherwise, we may delete your content. Also, in serious cases such as those involving the abuse of children, we may report you to the appropriate authorities. If Google find that a blog does violate their content policies, Google will take one or more of the following actions based on the severity of the violation: Put the blog behind a 'mature content' interstitial Put the blog behind an interstitial where only the blog author can access the content Delete the blog Disable the author's access to his/her Blogger account Report the user to authorities To know more about term of service, privacy and content policy, please refer to these website Google's general terms and conditions- http://www.google.com/accounts/TOS Google Privacy Policy -http://www.google.com/intl/en/privacy/ Blogger Content Policy - http://www.blogger.com/content.g
- Personal information disclosure can be found in the personal blogs. Oversharing means providing more personal information than is absolutely necessary. Typically done when two or more people are blogging and commenting each other about details of their personal life that supposed to be PRIVATE. Just imagine the whole world could read our blog posts, comments, pictures and videos. With these information, the followers could profile our life, known associate, emotional state etc. By developing this profile, the bad guys could develop their ‘social engineering’ attack against us without we realizing it. Question: Do we disclose any personal information in the blog? Remember that there is other people holds our personal information as well. To know more about this news headline , please read this website http://www.hmetro.com.my/articles/Izaharuspergi/Article
- Pleaserobme.com is a website that uses Twitter's search functionality to show location-based messages. Their goal is to raise awareness about the potential risks of location-awareness and over-sharing. They had intended to display how dangerous it is to share one's precise location over the Internet. The site takes its information from posts by users on Twitter who have revealed their address and say when they are not at home. Here’s how they describe the problem created by check-ins and the purpose of the site: “The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the Internet we’re not home. It gets even worse if you have ‘friends’ who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the Internet.. Now you know what to do when people reach for their phone as soon as they enter your home. That’s right, slap them across the face.” To know about this website, please refer to these website: PleaseRobMe website http://pleaserobme.com/ PleaseRobMe website reveals dangers of social networks http://news.bbc.co.uk/2/hi/technology/8521598.stm Location Privacy https://www.eff.org/wp/locational-privacy
- Going out of town? Most of us who tweet have been known to share that little tidbit of news with our followers, especially if that out of town journey is to a conference or event where we’re likely to meet other Twitterers. Well, we might want to rethink those tweets about our location away from home. Another website with similar goals i.e. raising awareness on information sharing I can stalk u - http://icanstalku.com/ Think before you post!
- Now, lets examine the common Facebook Threats. 1) Social Engineering Attack - Clickjacking Certain malicious websites contain code that can make our browser take action without our knowledge or consent. Clicking on a link on one of these websites might cause the website to be posted to our Facebook profile, for example. Don't click on strange links, even if they're from friends, and notify the person if we see something suspicious 2) Malware Attacks - Koobface Koobface is a computer worm that targets Facebook and other social networking websites. It spreads on Facebook by sending messages and making wall posts on behalf of the infected user. These messages contain a link, which will prompt us to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses our Facebook account to continue posting this malicious link on our behalf, thus spreading the virus. 3) Social Engineering Attack & Human Behaviour, Social Interaction Attack - Spammy Wall Posts, Inbox Messages, and Chat Messages When criminals gain access to a Facebook account, they usually post spammy comments on friends’ Walls, or send spammy messages through Inbox or Chat. These messages ask us to click on a link and often try to entice us by claiming there’s a new photo or video of us somewhere on the Internet that we need to check out. The link then takes us to a phishing site that asks us to enter our login information, or a malware site that prompts us to download malicious software.
- (Continued from previous page) 4) Social Engineering Attack & Human Behaviour, Social Interaction Attack - Spammy Groups and Pages Spammers sometimes create groups and Pages that claim we'll win a prize or gain access to special Facebook or application features if we first invite all of our friends. These groups and Pages may even ask us to copy code into our browser address bar to automatically send invitations or suggestions. Be wary of groups and Pages with offers that seem too good to be true, especially if they ask us to provide personal information on another site or spam our friends with invites in order to qualify. 5) Social Engineering Attack & Human Behaviour, Social Interaction Attack - Money Transfer Scams Scammers sometimes post status updates, or send Inbox or Chat messages, from a friend’s account claiming that the friend is in some difficult situation and in need of money. These messages ask us to help by wiring funds through a money transfer service. Never send money without first verifying the story through some other means, such as by talking to the person over the phone. 6) Social Engineering Attack - Fake Notification Emails Spammers and scammers sometimes send phony emails that have been made to look like they’re from Facebook or another reputable website. These emails can be very convincing, and the “From:” field can even be spoofed to include “Facebook” or “The Facebook Team.”
- (Continued from previous page) 7) Social Engineering Attack & Human Behaviour, Social Interaction Attack - Chain Letters and Messages from Phony Facebook Employees We might occasionally see a status update or message making some claim about Facebook and urging us to take an action. Examples include: Facebook is becoming overpopulated. Facebook is going to start charging money. Certain users have special access to profile information. Facebook is selling our data. 8) Human Behaviour, Social Interaction Attack & Oversharing Information - Facebook Overshare Facebook Overshare is a reaction to increasingly inappropriate information shared on Facebook. The most common stuffs we overshare personal photo, stories, videos private comments personal thoughts 8) Privacy Setting on Facebook - Information Leakage Privacy settings are something that many Facebook users are regularly confused about. Get the information we need to control our sharing on Facebook http://www.facebook.com/help/privacy
- Fleeced of RM7,000 by cyber Casanova By R.S.N. MURALI KUALA TERENGGANU: A cyber Casanova cheated a manager of RM7,000 after making her believe that they were in love. The “Englishman” and the 43-year-old woman from Kemaman had been “chatting” and exchanging photos on the Internet since Nov 2. A few days ago, he told her that he wanted to send her some gifts and needed money. The woman, thinking that the relationship was real, banked in the money into an account. In her police report yesterday, the woman said she was under the impression that the “foreigner genuinely loved me, based on the correspondence and pictures posted to me.” She said she received an e-mail from him saying that he wanted to courier some expensive gifts to her. She deposited the money into an account, only to find out later that she had been duped. State acting commercial crime chief Deputy Supt Ab Rahim Ab Razak said the bank account number was registered in Malaysia. In another case, a pensioner was duped into believing that he had won RM20,000 in a lucky draw. DSP Ab Rahim said the 60-year-old victim received a short messaging service (SMS) text on Sunday informing him of his win. The victim followed the directives and deposited RM1,010 as processing fee into an account. He waited and waited for another SMS which never came. Source: The Star Online - http://thestar.com.my/news/story.asp?file=/2008/11/13/nation/2535961&sec=nation
- Further Readings Good-Bye to Privacy? - http://www.pcworld.com/article/196787/goodbye_to_privacy.html Criticism of Facebook - http://en.wikipedia.org/wiki/Criticism_of_Facebook
- The Internet provides a constant, ever-changing source of information and entertainment, and can be accessed from most smart phones as well as tablets, laptops, and computers. Email, blogs, social networks, and message boards allow for both public and anonymous communication about any topic. But how much is too much Internet usage?
- Internet Addiction, otherwise known as computer addiction, online addiction, or internet addiction disorder (IAD), covers a variety of impulse-control problems, including: Cybersex Addiction – compulsive use of Internet pornography, adult chat rooms, or adult fantasy role-play sites impacting negatively on real-life intimate relationships. Cyber-Relationship Addiction – addiction to social networking, chat rooms and messaging to the point where virtual, online friends become more important than real-life relationships with family and friends. Net Compulsions – such as compulsive online gaming, gambling, stock trading, or compulsive use of online auction sites such as eBay, often resulting in financial and job-related problems. Information Overload – compulsive web surfing or database searching, leading to lower work productivity and less social interaction with family and friends. Computer Addiction – obsessive playing of off-line computer games, such as Solitaire or Minesweeper, or obsessive computer programming.
- Facebookaholics : 1. when wakes up, whenever has a free period, gets home from school, after dinner, in between homework, before going out bed, checks their facebook 2. when 300 friends seems too few 3. when 50% of your friends you haven't seen in a year, and another 25% you've never met ever 4. when you are a member of over 30 groups and constantly check to see if anyone has made a new one 5. when you look at the clock and see that you have spent 4 hours looking at peoples facebook profiles 6. when you check the clock again, and you've spent another 2 hours after that "just finishing up" 7. when you talk to someone who doesn't like facebook, you are shocked, appalled and immediately begin to try to convert them 8. when you see someone you haven't seen in a long time, but decide just to check their facebook to find out anything going on with them 9. when you finish your homework at 10, but don't go to bed till 2 10. when you are a member of a club called "facebook addicts," "facebookaholics," "facebookers anonymous," or some variation Source: http://www.urbandictionary.com/define.php?term=Facebookaholic
- Another local news about Facebook addiction Ketagihan Facebook http://www.bharian.com.my/bharian/articles/KetagihanFacebook/Article/index Ketagihan laman sosial maya http://www.kosmo.com.my/kosmo/content.asp?y=2010&dt=0405&pub=Kosmo&sec=Rencana_Utama&pg=ru_01.htm Isteri ketagih laman sosial http://www.hmetro.com.my/myMetro/articles/Isteriketagihlamansosial/Article/index_html
- Facebook Addicts - one who is more obsessed with checking their wall posts, comments, chatting with people, liking statuses, taking social interview questions, playing Farmville, quoting song lyrics, laughing at inside jokes, putting up pictures of themselves with gang signs, randomly adding people they've never actually met but have 20 mutual friends, "curiously reading" other people's profiles, or poking people than actually getting work, homework, or a social life in order to live. Millions of Americans have an Internet addiction of some sort, according to Dr. James Mol, a psychologist for Providence Behavioral Health. Although issues specifically with Facebook haven’t been studied, most health professionals will tell you their patients are bringing it up. There are no universally accepted rules to diagnose a Facebook addiction, but there are a few common behaviors to keep in mind if you think your social networking has turned into a social dysfunction. You are losing sleep because of it. That could be because you lost track of time or are staying up late using Facebook. You spend more time on Facebook than you intend. “Just a basic definition of any addiction is that the person is spending more time doing it than they intended to or would like,” Mol said. You become obsessed with old loves. “Maybe a person becomes so fond of the idea of reconnecting with an old love that they leave their current relationships,” Mol said. You ignore work or responsibilities in favor of Facebook. That goes for office jobs and stay-at-home parents. Neglect is a major problem when it comes to addiction. The thought of logging off leaves you in a cold sweat. “It can be very distressing to think about letting go or disengaging,” Mol said.
- The following test measures one's internet addiction level. A person addicted to internet feels the need to spend a lot of time online. The internet addicted likes virtual life better than real one, he/she progressively loses contact with reality and starts avoiding responsibilities and duties. Take the test now! Further Reading The Internet Addiction Test is the first validated and reliable measure of addictive use of the Internet - http://www.netaddiction.com/articles/InternetAddictionTestResearch.pdf
- "Information overload" is a term popularized by Alvin Toffler in his bestselling 1970 book Future Shock. It refers to the difficulty a person can have understanding an issue and making decisions that can be caused by the presence of too much information. The general causes of information overload include: A rapidly increasing rate of new information being produced The ease of duplication and transmission of data across the Internet An increase in the available channels of incoming information (e.g. telephone, e-mail, instant messaging , RSS reader, social media) Large amounts of historical information to dig through Contradictions and inaccuracies in available information To know about information overload, please refer to this website- http://en.wikipedia.org/wiki/Information_overload
- The first reason of dataholic is the available of information management tools on the internet Social bookmarking is a method for Internet users to organize, store, manage and search for bookmarks of resources online. Unlike file sharing , the resources themselves aren't shared, merely bookmarks that reference them. (refer to Social Bookmarking - http://en.wikipedia.org/wiki/Social_bookmarking) Social news website is a type of website that features user-submitted stories that are ranked based on popularity. Users have the opportunity to comment on posts, which are also ranked by others. Since their emergence with the birth of web 2.0, these sites can be used to news, entertainment, support, discussion, debate, etc. (refer to Social News - http://en.wikipedia.org/wiki/Social_news) A wiki is a website whose users can add, modify, or delete its content via a web browser using a simplified markup language or a rich-text editor. Wikis are typically powered by wiki software and are often created collaboratively by multiple users. (refer to Wiki - http://en.wikipedia.org/wiki/Wiki) Information is everywhere!
- The second reason of dataholic is the availability of mobile devices on the marketplace. A mobile device is a small, hand-held computing device, typically having a display screen with touch input and/or a miniature keyboard and less than 2 pounds (0.91 kg). (refer to mobile device - http://en.wikipedia.org/wiki/Mobile_device) A smartphone is a high-end mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a contemporary feature phone. Modern smartphones typically also include high-resolution touchscreen, web browsers that can access and properly display standard web pages rather than just mobile-optimized sites, and high-speed data access via Wi-Fi and mobile broadband. (refer to smartphone - http://en.wikipedia.org/wiki/Smartphone) A tablet computer, or a tablet, is a mobile computer larger than a mobile phone or personal digital assistant, integrated into a flat touch screen and primarily operated by touching the screen rather than using a physical keyboard. It often uses an onscreen virtual keyboard, a passive stylus pen. (refer to tablet computer - http://en.wikipedia.org/wiki/Tablet_computer) A mobile Internet device (MID) is a multimedia-capable mobile device providing wireless internet access. They are designed to provide entertainment, information and location-based services for personal use, rather than for corporate use. They allow 2-way communication and real-time sharing. An MID is larger than a smartphone but smaller than an Ultra-Mobile PC (UMPC). They have been described as filling a niche between smartphones and Tablet PCs . (refer to mobile internet devices - http://en.wikipedia.org/wiki/Mobile_internet_device)
- The third reason of dataholic is the availability of wireless data network provided by Internet Service Providers. The Mobile Web refers to the use of Internet-connected applications, or browser-based access to the Internet from a mobile device such as a smartphone or tablet computer connected to a wireless network . (refer to the mobile web - http://en.wikipedia.org/wiki/Mobile_Web)
- If there is tons of information need to be absorbed, we’ll find any time available in our life including just before going to sleep. Don’t do this at home!
- Credit card theft scam is based on social engineering technique that lure the users to enter their personal details to the phishing website. The credit card theft scam comprises four stages i.e. the scammer will target the potential victims who have credit cards and participating in online shopping the potential victims will lure to the phishing website that require personal details in order to process alleged services once the potential victim fill in the personal details, the phishing website will deny the transaction and immediately sell the information to underground market to clone the credit cards then the cloned card will be used to perform the online transaction and victim /bank will bear the losses.
- The site is to be designed for techies wanting to do their non-techie friends a favor by teaching them a lesson in trust. In the words of the site developers - “The purpose of this site is to educate users about the dangers of phishing.“ The social engineering tactic has been used with simple statement to lure the visitor to fill their credit card details i.e. “If you fear your credit card info has been stolen, enter it here and you can find out for free. Avoiding fraud has never been easier!” Question: Can our password and antivirus save us on this kind of attack?
- Things you can do to protect yourself: Only enter sensitive information on sites you trust. Amazon.com, Barnes & Noble, etc. Look at the address bar. Just because a website looks like Amazon.com, that doesn't mean it isAmazon.com. Make sure the address bar shows the domain name you expect. A common phishing trick is to have a domain like amazon.com.not.ru, which steals your credentials when you try to log in. The actual domain in this example is "not.ru," but people often only check to see if "amazon.com" is anywhere in the address bar. E-mails from phishers are usually addressed to a generic user. At best they will have your e-mail address in them. Real e-mails from websites you use will contain more substantial information about you. For example, PayPal has a policy of always putting your PayPal username in correspondence. If asked for your password by e-mail or phone, do not give it out. The only place you should enter your password is a login form. Do not use a debit card for online commerce. In the United States, debit card fraud is much more harmful than credit card fraud. For credit cards, you have a longer period of time in which you can flag a purchase as fraudulent. Also, a credit card is billed to you, while a debit card purchase immediately takes money out of your checking account. (source: http://ismycreditcardstolen.com/check.html)
- Book Excerpt: Kingpin — How One Hacker Took Over the Billion Dollar Cyber Crime Underground “the new book by Wired.com senior editor Kevin Poulsen tells the story of Max Vision, a white hat computer hacker who turned to the dark side. Among other things, Max stole credit card data — “dumps” — on millions of consumers, which he sold in bulk to a card counterfeiter named Chris Aragon. In this excerpt, a new discovery gives him a chance to expand his operation” Source: http://www.wired.com/threatlevel/2011/02/kingpin-excerpt/
- THE MALAYSIAN LINK IN CREDIT CARD FRAUD Jan 7, 2009: Nine Malaysians were arrested in Queensland, Australia after authorities uncovered a syndicate that may have stolen millions of dollars from personal bank accounts. The syndicate created hundreds of counterfeit credit cards implanted with stolen account details to purchase gift cards and luxury goods. Jan 13, 2009: A Malaysian man wanted in the United States for credit card fraud amounting to US$150 million (RM540 million) was arrested by Thai authorities and US Secret Service agents in Nonthaburi on the outskirts of Bangkok. Local media reported that the 43-year-old man had a warrant of arrest issued by a US court for illegal possession of a data access device, hacking into computers and stealing data. Thailand's Crime Suppression Division police chief Supisal Pakdinaruenar said the man was a prominent member of a credit card fraud gang operating in the US for the past three years and was believed to have fled to Thailand to evade arrest. He was arrested in a house in the Pak Kret district where he was staying with his Thai wife. The group is believed to be involved in stealing credit card transaction data from people patronising major restaurants and retail outlets like TJX, Wal-Mart and Office Depot, and selling the information to other groups making counterfeit cards. (More story, visits http://www.mmail.com.my/content/16159-malaysian-hub-credit-card-fraud)
- Three Maldivians, one Malaysian arrested in Rf3.5 million credit card fraud case Three Maldivians and one Malaysian man has been arrested by the Maldives Police Service on charges of using fake credit cards to purchase Rf3.5 million worth of goods from shops, Police have said. At a news conference held at the Maldives Police Service building, the Head Inspector of the Criminal Investigative Department’s Commercial Crime Unit, Ismail Athif, said that it was the biggest credit card fraud case in Maldivian history and that the four men had been arrested on the 25th of last month. The investigation had been launched during September last year. Police identified those they had arrested as Mohamed Shafraz, 28, of H. Nooranmaage; Mohamed Thamdheen, 21, of Olhuthereyge in Gaafu Dhaalu atoll Thinadhoo; Ahmed Saad, 22, of H. Senaa and the Malaysian man named Thakuyiddin bin Hashim, 33. Police said that they were still looking for three other Malaysians living in Malaysia and two Sri Lankan men in connection to the case. Police did not reveal any additional information regarding them. “This is a fraud case unlike any that has happened in Maldives before,” Athif said. “They had used the fake credit cards to buy a lot of goods from different shops. The total cost is estimated at Rf3.5 million.” (Source:http://maldiveslive.blogspot.com/2008/04/three-maldivians-one-malaysian-arrested.html)
- Waspada sindiket penipuan bungkusan melalui internet KUALA LUMPUR: Polis Diraja Malaysia hari ini mengingatkan orang ramai supaya berwaspada dengan sindiket penipuan bungkusan yang semakin berleluasa melalui Internet. PDRM dalam satu kenyataan di laman Facebook hari ini menjelaskan modus operandi sindiket berkenaan adalah dengan berkenalan dengan mangsa melalui laman sosial seperti Facebook, e-mel dan laman sembang dalam tempoh satu hingga empat bulan.Selepas persahabatan terjalin, anggota sindiket kemudian memaklumkan kepada mangsa bahawa bungkusan telah dihantar kepadanya sebagai barangan hadiah.Bungkusan itu dikatakan mengandungi barang perhiasaan, wang, emas dan disusuli dengan kiriman resit penghantaran melalui e-mel kepada mangsa. Menurut PDRM, mangsa kemudian akan dimaklumkan oleh sindiket bahawa bungkusan berkenaan ditahan oleh Kastam Malaysia. "Mangsa diminta menjelaskan beberapa bayaran kepada Kastam dan syarikat ejen dengan memasukkan wang ke dalam akaun yang akan diberikan oleh sindiket bagi tujuan menuntut bungkusan terbabit. "Mangsa yang terpedaya hanya sedar ditipu selepas membuat beberapa bayaran sebagaimana yang diminta oleh sindiket tanpa mendapatkan bungkusan itu," kata PDRM. Justeru itu PDRM menasihatkan orang ramai supaya sentiasa berhati-hati dan tidak mudah percaya dengan kenalan melalui Internet dan mengelak daripada menjadi mangsa kepada penipuan jenayah siber itu. - BERNAMA Source:http://www.bharian.com.my/bharian/articles/Waspadasindiketpenipuanbungkusanmelaluiinternet/Article
- Different names, same parcel scam KUALA LUMPUR: First, there was 'Greg Kennedy', then 'Clinton Morris' and 'James Mattson'. Now, a Mr John Miller has pierced the heart of another lonely woman in cyberspace in the 245th case of parcel scams this year. All the scammers were Nigerians posing as Britons and operating from here with local women as their accomplices. Federal Commercial Crime deputy director II Datuk Rodwan Mohd Yusof said the 245 women had lost a total of RM9.4 million to the fraudsters from January to April this year. He said 48 Nigerians and their accomplices have been caught over the past four months in connection with parcel scams that has left the authorities baffled over how easily some women are sucked into parting with their life savings. “It’s puzzling how these women, some of them professionals and well-educated, fall for such tricks easily despite such cases being highlighted in the media.” He said the well-publicised cases of 130 people charged and convicted for such crimes last year has not helped prevent more women from falling victims to the fraudsters. Source:http://www.mmail.com.my/content/72699-different-names-same-parcel-scam
- Nigerian men like to scam people, they invented UK addresses, European names, even Malaysian addresses to attract the victim. Don't be surprised, some of these Nigerians have Indonesian women friends, and they use their women friend's Maybank accounts. & claiming that these account belongs to the custom staff. Many of these Nigerian men pretended to be European guys and chatting with Asian girls online and after 2-3 months "online dating", these Nigerians will start scamming the desperate Asian women, by "sending" a parcel which "contains" a wedding gown, cash etc. This parcel scam also involves custom, parcel stuck at KLIA immigration, custom staff's Maybank account Interesting Story “Nigerian Parcel Scam Terbongkar Lagi! Saya kongsikan klip audio, rakaman perbualan di antara saya dan ahli sindiket Nigerian Parcel Scam dirakamkan pada jam 2.30 petang tadi menggunakan telefon bimbit dan dimuat naikkan dengan bantuan rakan, Sabil. “ From Mazidul Akmal Blog http://www.mazidulakmal.com/2011/05/nigerian-parcel-scam-terbongkar-lagi.html
- Email Notification indicates that the parcel has been withhold by Malaysian customs.
- Continued from previous slide.
- Fake parcel delivery website to convince the victim about the parcel has been arrived and withhold at Malaysia customs.
- If the victim enters the tracking code number which has been enclosed in the email notification, the fake parcel delivery website will display the parcel delivery record from origin location to destination. This record is a fake!
- This fake parcel delivery website usually up and running when the scammers have identified the potential victims. Believe it or not!
- Lawyerment Discussion Forum (Parcel delivery on hold at custom) “One of my friend was almost a victim. I didn't know that she was secretly dating a so-called "European" hot guy until the day she wanted to borrow 5K from me. This guy sent a few cheesy "model-looking" fake pictures to my friend, and claimed that was him. I told her straight that she had been scammed by that guy, I even told her that he must be a Nigerian. To prove my point to her, I tracked down the UK address that the Nigerian used, the address was a psychiatric hospital somewhere in UK, scary huh. I then called the local handphone number of the so-called "European" guy, and heard his voice through the phone, he didn't have European accent, he has Nigerian/ African accent. Trust me, I know because I had been staying in South Africa for a few years, there are lots of Nigerians there too. So I shouted at that guy over the phone and said "You are trying to scam my friend, m0r0n, you are not what you claimed to be, you are a bad African Nigerian, now tell all your fellows that I will report to the police now & make sure that all of you get busted as soon as possible. & with the Maybank account you provided to my friend, I will track down that account owner and make sure she goes to jail with you too.“ Source: (http://www.lawyerment.com.my/boards/article-Other_Laws_of_Malaysia-604.htm)
- In summary, we have learnt 10 common mistakes made by computer users. These mistakes can not be protected by password and antivirus due to the ignorance computer users made it happened! Remember these common mistakes! we forget that there is other people that close to us holds our personal information malicious attackers trick computer malicious advertising on legitimate website we tends to fall into survey scam due to just get free stuffs! we are lured by clicking the unknown link for the interesting news headlines we tends to share our personal life on social networking sites we know how to use Facebook but we do not know the threats associated with Facebook besides malicious attacks, there is other behavioural implication on internet usage i.e. internet addiction and dataholics we tends to fall into the phishing website that ask us to fill in our personal info we need to understand that there is cyber criminal out there on the internet that scouting the potential victims Even though we have the basic security protection on our computer, we need to educate ourselves to become cybersafety savvy to overcome user-oriented attacks such as phishing, clickjacking and parcel scam.