January CFCPA by Y3fkBC36


									      Internet Fraud
Can you be safe on the Internet?
            Bob Samson
   The Disclaimer

Marriott Vacation Club International (MVCI) disclaims
liability for any personal injury, property, or other
damages of any nature whatsoever, whether special,
indirect, consequential, or compensatory, directly or
indirectly resulting from the publication, use of, or
reliance on this course material. In issuing and making
this course available, MVCI is not undertaking to
render professional or other services for or on behalf of
any person or entity. Nor is MVCI undertaking to
perform any duty owed by any person or entity to
someone else. Anyone using this course material
should rely on his or her own independent judgment
or, as appropriate, seek the advice of a competent
professional in determining the exercise of reasonable
care in any given circumstance.
     What will be covered today

• What is really happening on the Internet today?
• Five areas causing most of the problems
• Some good habits
• Some necessary habits
• Wrap up
The state of affairs today
   Your Greatest Threats!

                       <<< From the Inside

From the Outside >>>
     The Internet War Machines

• From the Inside:
   – Accidental downloading of malware
   – Falling for email con artists
   – Purchasing dangerous products
   – Giving away your data
• From the Outside:
   – Viruses, worms, Trojan software
   – Key Stroke Logging
   – Bogus email extensions
   – Web bugs, cookies, pixel tags
     Meet the enemy – It’s You

• Do you:
   – Sign up for free software?
   – Browse unscrupulous websites?
   – Open email attachments with dangerous extensions?
   – Join YouTube, mySpace, Zanga, Bebo, or Facebook?
   – Use Free Email services like Gmail, Hotmail or Yahoo?
   – Fall for a phish?
   – Want to get rich quick?
   – Respond to surveys?
   – Enter contests?
• Every day, people just give away
  their personal information.
     What exactly is going wrong?

• Trickery and slight of hand
• Misrepresentation
• Greed
• Outright theft
• Aggregation of data
     5 problem areas you need to watch

1.   Know your Computer is Safe
2.   Know how to spot a Phish
3.   Know your URLs
4.   Know your Email Extensions
5.   Know that you are followed wherever you Browse the
     Is your computer safe?

• Building fences and walls
    – Firewalls and routers
• Looking for the breaches
    – Virus scanning
    – Spyware and Rootkits
    – Key Stroke loggers
• Locking your doors and windows
    – Wireless Networks
• Keeping up with the criminals
    – Updating of Application Software
What’s a deadly Phish?
Example “one” of a phish
Example “two” of a phish
Example “three” of a phish

                        What do you think?
                        Good or bad?

             are not
     So how do you catch a phish?

• No legitimate business ever asks for Personal
  Information via email (no exceptions)
    – A clue: a threatening or urgent message with
      concern for your security
• Never call a phone number in the email to verify its
• Never click on a link within an email and enter personal
• Never think you are smart enough to figure out if the
  email is real
• Never trust a website linked via an email
      Too good to be true?

Let’s look at a few examples:
• Check fraud and Nigerian Scams
• Lotteries (that you did not play in)
• Watch what you buy
Check Fraud & The Nigerian Scam
The Lottery Scam
      Watch what you buy

• Cheap drugs
• Internet Auction sites
• Know your https:
• Sell your soul for a bottle
             Time to learn something

     This is the
   “address” bar
 It displays a URL
Universal Resource
     Can you find the URL scams?

• https://web-ao-da-us.citibank.com/cgi-bin/
• http://online.da.us.citibank.com.businesssupport.ru/
• http://www.kolemsveta.oz/www.citibank.com/index.php
• https://onlineservices.wachovia.com/
• http://ww3.nationalgeographic.com/
• http://secure-signin.ebay.com.ttps.us/
• http://www.latam.citibank.com/uruguay/

First, find the real web site URL (Universal Resource
            Know your forward slashes

 O     • https://web-ao-da-us.citibank.com/cgi-bin/
       • http://online.da.us.citibank.com.businesssupport.ru/
Scam   • http://www.kolemsveta.oz/www.citibank.com/index.php
 O     • https://onlineservices.wachovia.com/

 O     • http://ww3.nationalgeographic.com/
       • http://secure-signin.ebay.com.ttps.us/
 O     • http://www.latam.citibank.com/uruguay/

Scam   •

       Tip: Look for the first “/” after the http:// or https://
                     What about email attachments?

                • Can you spot a safe attachment?
    Deadly         – .ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe,
                     .hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc,
                     .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .url,
                     .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .app, .fxp, .prg, .mdw,
                     .mdt, .ops, .ksh, .csh, .ceo, .cnf, .htm, .html, .mad, .maf,
                     .mag, .mam, .maq, .mar, .mas, .mat, .mav, .maw, .mht,
                     .mhtml, .scf, .uls, .xnk
Could Be Deadly    – What about .doc, .pdf, .zip
 Usually Safe      – Or .bmp, .jpg, .tif

                   – One of the latest cyber crime techniques is the use of
                     videos to install malware (malicious software) and/or
                     Trojans just by watching the video
     How data thefts occur

• Malicious software (malware) is placed on your computer via
  an email attachment, deceptive website, freeware
• Your logins or passwords are captured, your Outlook Address
  Book is stolen
• Your on-line bank accounts are raided
• Messages are sent under your name to those in your address
    – Besides email, beware of eCards
• Your friends/contacts are compromised and the cycle
• Computers, yours as well as your friends, are under the control
  of criminals (zombies sending more phishing attacks to others)
            Your browser is a tattletale

• Cookies
• Search Engines
• Aggregators
• Free email
• How web sites track you
                      You enter your name,
You inquire about a                             You inquire about
                       address, etc. for a
  type of cancer                                treatment options

 Web Site A
                       Web Site B               Web Site C
  Medical                                                                           Aggregator
                      Wig Purchase            Info on Cancer
 Website on                                                                      determines you
                      over Internet             Treatments
  Cancer                                                                            might have
                                                                                    cancer and
                                                                                     sells your
                                                                                 information to a
                                                                                  drug company

                                             Aggregator Sells Your Information
     Some good habits for kids

• Children
   – Keep the computer in a public space
   – Disable administrator rights
   – Monitor Social Networks
   – Disable the feature in email that allows attachments
     Some good habits for adults

• Adults
   – Be very, very, very, very careful with email
   – Use a virus scan program
   – Update your software programs per manufacture's
     recommended schedules
   – Never respond to any email solicitation with the entry of
     passwords, credit cards or other sensitive personal
     information (never)
   – Think twice about online services such as banking, bill
     paying or investment management services
   – Stay off of untrustworthy websites
   – Don’t use free software, shareware
     or browser add-ons
     Some necessary habits for everyone

• Use strong passwords
• Change passwords (every 3 months)
• Think about encryption
• Back up regularly
     So are you worried?

• You should be!
   – Cyber crime is very real today, a multi-billion dollar
   – Cyber crime can destroy a person’s reputation, it can
     destroy a nation’s infrastructure
   – The new currency of crime is DATA!
• So what should you do?
   – Knowledge should be your first weapon of choice

To top