online_safety_instructor_guide.doc - Transmission Project

Document Sample
online_safety_instructor_guide.doc - Transmission Project Powered By Docstoc
					                                               Online Safety
                                             Instructor Guide

About this Course

The Internet is full of opportunities to connect with friends, communicate with family, find information,
and more. Like any activity, using the Internet poses benefits as well as risks. This course will help you
identify and avoid risky Internet behavior, how to protect your computer, and how to ensure your
privacy and identity is kept safe.


Students should have a good understanding of how to browse the Internet, how to use e-mail, and how
to use a computer (using a keyboard and mouse).

Course Preparations

Course Outline

Day I – Online Safety Hazards

    I. Introductions - Why are students taking the course? What do they want to learn?
    II. Major threats
           a. Malware, viruses, Trojans, etc
                    i. What do they do? Programs/code that is installed on your computer and does
                       one or a few of the following things:
                           1. Deletes important files
                           2. Logs everything you type and sends it to a hacker (keystroke logger)
                           3. Hijacks your computer, turning it into a “zombie” to do the hacker’s
                               bidding, including using it to infect other computers
                           4. Copies your personal information (searches for important documents
                               such as taxes, bank statements that might be on your computer) and
                               gives it to hackers
                           5. Tricks you into providing personal information such as credit card, bank
                   ii. How to prevent?
                           1. Don’t get them in the first place by following safer internet practices
                           2. Free software tools
           b. Social Engineering
                    i. What is it? People persuading you to give up your personal information
                       voluntarily – they then use this information to steal your identity/money
                   ii. How to prevent?
                           1. Learn how to identify social engineering traps
                           2. Never give personal information to anyone over the internet
                           3. Be suspicious of any unsolicited phone calls or email
                         4. People can pose as people in authority or as your friends and family,
                            especially over the internet where you cannot see/hear them – never
                            give out personal information, passwords, etc out over the internet (the
                            police, your bank, etc will NEVER ask you for this information online)
                         5. When in doubt, ask friends and family for guidance. Never feel
                            pressured into giving out information online.
III. Internet Browsing
         a. Number one rule: if it’s too good to be true, it is!
         b. Passwords
                   i. Why are good passwords important?
                          1. A password that is easy to guess could compromise your
                          2. A password that is never changed increases likelihood of account being
                               hacked eventually
                          3. A password used for multiple accounts means that if one account is
                               hacked (like your e-mail) it means hackers could get into your other
                               accounts too
                  ii. Password tips
                          1. The longer, the better.
                          2. Use numbers, symbols, capital and lowercase letters.
                          3. Do not use personal info (your name, date of birth) in the password
                          4. Do not use dictionary words or easy numbers like your address, 12345,
                               etc in your password
                          5. Use a phrase
                          6. Afraid you’ll forget all of your passwords? Use a base password and
                               customize it or each site. Ie, p455w0rdgmail, p455w0rdwellsfargo, etc
                          7. Use a different password for each account
                          8. Change your passwords often (at least once a year, preferably more
                               often, especially for sensitive accounts such as online banking)
         c. Nicknames
                   i. On the internet, you often have to create nicknames – make sure these do not
                      compromise personal info or make you vulnerable to social engineering
                  ii. Nancy1188WOakStreet as a nickname / e-mail address gives too much
                      information out – now someone could have your address and use it (sell it, steal
                      your identity, etc)
                 iii. Using the same nickname on multiple sites means people can tie all of your
                      accounts together (just by doing a quick search) and potentially stalk you or
                      piece together personal information.
         d. Risky sites
                   i. Types of risky sites: “free” downloads, free money, adult material, quiz sites, etc
                  ii. Sites that pose as legitimate sites: for example, typing the wrong URL or clicking
                      the wrong URL from a search (difference between and
                 iii. Why are they dangerous? Collect personal information (either by force via
                      malware or coercing you to voluntarily submit) and use it to advertise to you,
                      spam you, steal your identity/banking information.
                 iv. How to avoid risky sites:
                          1. If you know the URL of a site, type it instead of searching to prevent
                               clicking on a bad link.
                       2. When searching, ALWAYS check the link address – if it looks fishy, don’t
                          click on it (example: a site about national parks whose address says
                          something about free movies is very fishy)
                       3. - free tool – type in URL to check safety
       e. Banking
                i. NEVER click on a link from an e-mail to get to your online bank account.
                   ALWAYS type the address into the URL bar / use a bookmark.
               ii. Change your password frequently
              iii. Monitor your account for suspicious activity
       f. Shopping
                i. Use legitimate sites only (use siteadvisor to double check)
               ii. Only use your credit card, never your debit card (and NEVER send payment in
                   the mail or by a transfer)
       g. Social media
                i. Be careful about what information you give out – the more information you
                   provide, the easier it is for hackers to steal your identity
               ii. Only “friend” people you know in real life.
       h. Advertisements
                i. Activity: identify all the ads on the page
               ii. Ads help keep the internet free, but beware, because many ads are for
                   illegitimate websites or scam services
              iii. Never click on ads that promise something for nothing (you are the #100th
                   visitor to this site, click here for freebie)
              iv. Install an ad blocker on your internet browser (we’ll go over this later)
IV. E-mail
       a. Password tips (see above)
       b. Spam
                i. Spam: unsolicited e-mail (can be from random people or from people you know)
               ii. Examples:
                        1. blatant ads
                        2. random people often from Russia asking to be in a relationship
                        3. Nigerian princes wanting to give you money
                        4. chain letters of “cute” images or jokes
                        5. someone posing as a bank asking you to confirm/change your password
              iii. Why it’s dangerous
                        1. Can contain viruses (programs, or even embedded in images)
                        2. Can contain links to phishing sites that will pose as legitimate
                            stores/banks/email sites and ask for your personal information or
                        3. Annoying
                        4. Take up space (bandwidth and room on servers/your computer)
              iv. Tips
                        1. Never forward spam
                        2. Report spam to your Internet Service Provider or e-mail provider
                        3. Never open an e-mail that looks like spam – just opening it can infect
                            your computer
                        4. NEVER email passwords or credit card information
       c. Attachments
                 i. Why it’s dangerous
                         1. Attachments from friends and family can contain images, documents,
                             etc – but scammers also send attachments that can contain viruses
                         2. Attachments that look safe (like images) can contain code that will
                             infect your computer
                ii. Tips
                         1. Only open attachments from people you trust
                         2. Even when opening attachments from friends and family, if it looks like
                             a program (.exe or some unfamiliar extension) don’t open it
                         3. Never install anything that was sent to you via e-mail, they are almost
                             always malware (even if it says it’s an anti-virus program)
       d. Other Top Email Scams
                 i. Work-from-home scam: offers big pay for doing something menial like stuffing
                    envelopes. Often you have to buy all of your supplies, resulting in a net loss.
                ii. Weight loss scams: ads for miracle weight loss cures
               iii. Foreign lotteries: you just won the lottery in France! Except you’ve never even
                    been to France, and they want you to pay $1000 in fees.
       e. Report spam:
       f. Etiquette
                 i. Never forward spam
                ii. Use BCC instead of CC or FWD when sending to many people – otherwise, you
                    expose emails
               iii. Never send your (or anyone else’s) private information in an email
               iv. Be cautious; people can forward your e-mail. Never send anything that you
                    might later regret.
                v. Exercise caution when meeting anyone you meet/talk to exclusively online.
V. Popups
       a. Popups are internet browser windows that suddenly appear while you are on the
          internet. Sometimes, they are safe, other times they are scams or ads.
       b. Top popup scams:
                 i. Ads for “free prizes” – always scams, you are never the 1 millionth visitor to the
                    website, they just want your personal information.
                ii. Ads for adult content – hoping to lure you to click on them, but will often take
                    you to a phishing site or virus download
               iii. Popups that look like they are from your computer – often look like anti-virus
                    notices or Windows notices (but look closely, they will be inside an internet
                    browser window. Almost always link you to malware.
       c. Protect yourself
                 i. Close the window by clicking the “X” button / red x button. Never click on a
                    button inside the popup
                ii. Exit the browser entirely to get rid of the popup.
VI. Downloads
       a. Free software, movies, etc are great, but always make sure the source and the content
          is legitimate. When you save a file to your computer, you are taking a big risk.
       b. Top download risks:
                 i. Downloading a copyrighted movie or music file that you did not have to pay for
                    – often contain viruses, and can get you sued by the MPAA
                     ii. Downloading “free” software – you may see ads for free antivirus software, free
                         screensavers, etc – but often these are viruses in disguise. Ask yourself: why is
                         it free? How do the creators seek to benefit? Is this software legitimate?
            c. Protect yourself
                      i. Only download software that you know is legitimate and safe. Do a search
                         asking “Is ___ software safe?”
                     ii. Never download copyrighted materials without paying for them/from an illegal
    VII. Wrap up, final questions

Day II – Protecting yourself

    I. Questions from last time, review
    II. Free software tools and websites
              a. Adblock Plus -
                        i. For most browsers (but not IE)
                       ii. Can interfere with some video sites (but not youtube)
              b. Anti-malware tools and scanners
                        i. Windows Defender - - basic
                           scanner and removal
                       ii. Malwarebytes - - another basic scanner and
                           removal tool, you have to do the scans manually, they aren’t automatic
                      iii. Spybot SD - – scans for and removes adware
                           and spyware, automatic but can slow down older computers
              c. Safer internet browsers
                        i. Firefox - – free, simple, similar but less complicated
                           than Internet Explorer
                       ii. Google Chrome - – free, is a bit different from
                           other browsers in the arrangement of features
                      iii. Safari - - free, not just for Macs
                      iv. Internet Explorer is generally the least safe browser. If you have the option,
                           always install one of the three options above.
    III. In the real world
              a. Free wifi and using the internet in public
                        i. Free wifi hotspots mean anyone can be on them – even bad guys who can easily
                           monitor what you send over the internet
                       ii. Hotspots also attract social engineers, bad guys who watch over your shoulder
                           while you type passwords etc
                      iii. Limit secure transactions while on public/free wireless connections (ie banking)
                      iv. Only use SECURE websites while on wifi connections (indicated by a lock symbol
                           while browsing)
                       v. Watch your back while using the internet in public.
                      vi. Never connect to a network labeled “computer to computer network,” this is
                           not an internet hotspot. It is another computer trying to connect with yours. If
                           you allow this connection, you risk viruses, Trojans, etc.
              b. Shredding important documents
                        i. When disposing of documents with your personal information (e-mail, social
                           security number, bank account info), shred them
                ii. When disposing of documents containing passwords, shred them
      c. Sharing your e-mail or using a social media account
                 i. Only network with people you trust
                ii. Learn how to block people – contact your e-mail provider/social media account
                    provider or do a simple search for “how to block people on ___” (facebook,
          , gmail)
      d. Using public or shared computers
                 i. Limit banking/tax/other secure transactions while on a public computer.
                    Assume the public computer might be compromised.
                ii. When logging into e-mail or any site, make sure not to check the “Remember
                    me” or “Keep me logged in” box. Otherwise, the next person who uses the
                    computer will be able to access your account.
               iii. Don’t type sensitive information if other people can see it on your screen.
      e. Using a smartphone
                 i. Smartphones are essentially computers with a different interface; the rules and
                    tips for using the internet and e-mail still apply.
                ii. Use caution when connecting to public or free wifi hotspots
               iii. Limit banking and shopping transactions while on a smart phone
               iv. Don’t download apps unless you trust the source and have done a google search
                    to make sure the app is legitimate.
      f. Meeting people you met online
                 i. Exercise extreme caution when meeting anyone you have only met online.
                    Examples include people you met on a dating site, meeting a seller on Craigslist
                ii. NEVER meet an online friend for the first time at your own home or theirs.
                    ALWAYS meet in a public, well lit place. Always tell someone where you are
                    going and when you will return.
IV. What to do if your e-mail, computer, or online account has been compromised
      a. Isolate your computer
                 i. Disconnect your computer from the internet by unplugging the Ethernet cable
                    or disabling the wifi
                ii. By disconnecting from the internet, you prevent the spread of the virus and
                    prevent hackers from extracting any more personal info from your computer
      b. Changing passwords
                 i. Get to a safe computer (a friend’s, a library computer, etc) and change the
                    passwords to your online banking account, e-mail account, and any account that
                    might contain sensitive information
                ii. Make sure your new passwords are secure (review yesterday’s info on choosing
                    a password)
               iii. If you cannot log in to an account, it might be compromised by hackers.
                    Immediately try to recover the password or alert the bank/email account
                    provider so they can help you recover your account.
      c. Alerting authorities
                 i. If your bank account has been hacked, call the bank and freeze your accounts
                    immediately. Check for unauthorized purchases. They will send you new
                    ATM/credit cards with new account numbers in a few days. Dispute any
                    unauthorized purchases.
      d. Removing viruses or Trojans
                  i. Use a free scanner to search for and remove the virus. Do this while
                     disconnected from the internet.
                 ii. Usually scanners “quarantine” viruses and then allow you to delete the virus
                     files. Make sure the virus is actually deleted and not just “quarantined.”
                iii. Virus scanners categorize and label any malware they find. If the scanner finds a
                     Trojan, it is highly recommended that you reinstall your operating system
                     (Windows/Mac OSX), because trojans often leave undetectable back doors open
                     in your system, leaving you vulnerable to reinfection.
                iv. Adware / tracking cookies are usually harmless, they just take up space. These
                     bits of code help advertisers display the most relevant ads. They are not
                     viruses, just clutter. Most scanners will remove these, too.
                 v. After you remove a virus, reboot your computer and do another full scan. This
                     is important, because many viruses go into hiding and then re-emerge upon
       e. Reformatting and reinstalling
                  i. If your system has a trojan or scanners are not able to remove the virus, or if the
                     virus seems to be recurring, reinstalling the operating system is the only way to
                     ensure the safety of your system.
                 ii. Most computers come with an installation disk – reinstalling the operating
                     system is a course all on its own, so you may need help with this step.
       f. Prevention
                  i. When you have removed viruses, make sure to practice safe internet use
                 ii. Don’t worry, anyone can get a virus.
V. Social Engineering
       a. Avoiding social engineering tactics
                  i. Ignore high pressure sales tactics. You don’t need to act “now,” or decide
                     quickly – those are just tricks to get you to miss signs that point to scam.
                 ii. Do a search for any new website/company/product – if it is a scam, you should
                     see negative reviews or warnings in the first couple of search hits.
                iii. Grammar and spelling errors in e-mails or on websites typically point to scams.
                iv. Is the e-mail or website asking you for passwords, social security numbers, etc?
                     Delete/close it immediately. Banks, for example, should never ask you for your
                     credit card number. Gmail will never ask you for your e-mail password.
                 v. Never click on e-mail links. Even if it looks like a link to, it could
                     be a link to a totally different phishing site. Always type the address into the
                     URL bar.
                vi. Always ask: why would a stranger be talking to me? If a complete stranger
                     suddenly writes you a love letter or pleas for your help in saving his family
                     fortune, it is always a scam. How did they get your e-mail? Why did they pick
                     you? If it seems unlikely, it probably is a scam.
               vii. Be aware of emotional tactics. Scammers will try to bait you by playing to your
                     emotions and good will (pretending to be someone in need, or even pretending
                     to be your family member writing you from a bogus e-mail address).
              viii. Never download anything/click on an attachment from someone you don’t
                ix. Never forward or read chain letters.
                x. Anything “free” in exchange for your personal information is almost always not
                     worth it.
        b. Support
                 i. Always seek the advice of family and friends before meeting someone you met
                     online, making a large purchase online, or sending large amounts of money
                     online to a business or individual.
                ii. Always do an online search to confirm that a business, product, or offer is
               iii. Places to ask for help:
                          1. Ripoff Report
                          2. Better Business Bureau
                          3. Internet Crime Complaint Center
VI. Final thoughts, questions, further help