View
218
Download
2
Category
Tags:
Preview:
DESCRIPTION
eTwinning: Internet Safety 14's
Citation preview
We’re glad you’re reading the “Internet Safety 14’s” eBook. This has been the result of the work of the pupils in the eTwinning project “Internet Safety &
Digital Footprints”. In this projects the pupils have been investigating issues related to internet safety like cyberbullying, trolling, identity theft, etc. During
this project some partners delivered workshops at their schools during Safer Internet Day 2013. All results are bundled in the eBook, or can be found on the
website.
Scams, hoaxes and cookies
1. what is a Hoax or scam?
A Hoax is an act of deception, it is designed to trick people into doing something they might normally wouldn’t do or accepting something as genuine knowledge. Their initial intent was for use of practical jokes through the use of the internet, but like so many things it quickly evolved into something greater. Today the most common use for a Hoax is to rip people off or even stealing their entire identity. But even although a lot of Hoaxes are harmful in many ways, there are also a few hoaxes that are intended in doing the exact opposite of harming the receiver, they try to sensibilitate the receiver in certain dangers or try to make sure that certain social situations are known to a broad public. A lot of these modern day hoaxes are most of the time send by e-mail, usually filled to the brim with pictures and flashy pieces of text, yet when the people click on anything they see the truth behind it (this is only with the hoaxes that are intended as practical jokes). The harmful hoaxes don’t have this mechanism and are solely used for personal gain and or financial accounts. As scam is roughly the same as a harmful hoax, only the scam produces more legitimate sources and are more professional. They look in fact so real that most people wouldn’t see the difference between a general commercial and a scam. A scam is only used for financial or personal gain, they generally don’t ask for your personal information or bank accounts.
2. A few examples of hoaxes and scams:
Some of you might have come across a few scams yourself already. They are sent to almost everybody who has an e-mail account. A few of these scams and hoaxes are:
- The chainmail - A mail from an unknown person who claims to know you - An commercial for an unknown product - Personal information request - A free product give-away in replacement of an old or expired product -
Most chainmail’s: are pretty innocent, they usually just ask you to send the e-mail to other people in exchange for a girlfriend, the happiest day of your life,…. Some actually trick people into pressing alt F4 which turns of your pc. A mail from an unknown person who claims to know you actually is a virus in disguise: never open them for when you click them you haul in the virus. An commercial for an unknown product: It could also be a virus but most of the time it’s a trick to get a lot of money from an unknowing person who thinks he/she really will get something in return. Personal information requests: are imposters who will ask for your personal data. Data that might be requested ranges from Bank accounts to identities to even just usernames and passwords. A free product give-away in replacement of an old or expired product: also send a virus when opened by the receiver.
3. What can you do to counter hoaxes and scams?
It is not hard to check if the mail that has been send is a real ad or a scam/hoax, a few things you could do are:
- Check the company out by typing the name into the googlesearchbar and check the site out
- Don’t give away your information to anybody, unless you are sure that person is to be trusted (so in general to someone you know really well) and if you still need to send the information, send it through a live chat room, not through e-mail.
- DO NOT reply to any e-mails asking for personal information. - Read the e-mails carefully, they usually contain a hint to the fact that it is real or
fake(most of the time in the small letters). - Lotteries from a foreign country are, most of the time, scams or hoaxes to -
There are a few programs who scan the e-mails to check if they are real or not. Although you shouldn’t rely on them and it is hard to find one that is good or not a virus itself. The best method to counter hoaxes and scams is still to clear those e-mails and close the messages immediately. Delete all e-mails from people you do not know. If you get an e-mail from a friend with a weird title or a different writing style ask those people if the send that e-mail. And never ever send the e-mail to someone else! We cannot stress this enough. This way the scam/hoax just continuous on, and this way the creator of the hoax or scam doesn’t have to do anything to continue stealing information from people. A lot of antivirus systems also help protect you from these hoaxes, although the creators of these hoaxes are always developing new methods of getting around these antivirus systems.
4. What are the dangers of a scam and or hoax?
There are a lot of dangers from these hoaxes and scams, going from small things like a password from a site you use (youtube, facebook,….) to things of personal value or great importance (pin-codes, Id,….). The biggest problem about the hoaxes and scams are that you never know what the hoax or scam steals from you. The creators of these hoaxes and scams are sending so many viruses these days that people are starting to ignore these alerts, most of the viruses from hoaxes and scams are still small but these people will also not notice when larger and more dangerous than those smaller previous viruses.
5. Cookies, what are they and what do they do?
Cookie, it’s a message given to a web browser by the web server. The browser stores the
message in a text file. The message is send back to the server each time you visit the site,
the browser will send the text file back.
There are 2 kind of cookies, the session cookies and the persistent cookies.
A session cookie(also called a transient cookie): a cookie that is erased when the user
closes his web browser. The cookie is in the temporary memory of the browser and does not
save when the browser closes. These cookies are safe, they don’t collect information from
the user his computer. They will store information in the form of a session identification that
doesn’t personally identify you.
A persistent cookie(also called a permanent cookie or stored cookie): a cookie that is stored
on the user’s hard drive, these expire after a time that’s set in the cookie file, or when the
user deletes the file. They are made to collect identifying information about the user(web
surfing behaviour or user preferences, …). The persistent cookies carries personal
information and are more dangerous than the session cookies.
6. The danger from cookies.
There are 2 cookies, first-party and third-party. First-party cookies are placed on your
computer by
the website that you visit; they are generally used by the websites you visit to identify your
computer, especially on return visits to the same site. Third-party cookies, the most
problematic of the two types, are placed on your computer by a party other than the website
you are visiting--for instance, a third-party advertising company that wants to keep track of
where you shop and what you buy. Third-party cookies are the primary source for online
identity theft through cookies.
Also Third-party cookies can track all the websites you visit every time. They can contain any
of the information you enter on any website. Because of that these cookies not only have
information about which sites you visit, but they might also contain user name, password and
bank or credit card account information. Cookie thieves or cookie hijackers tap into the
cookie files and steal the information.
7.How can I prevent cookies from saving on my computer?
You can disable cookies in various web browsers, but this is not always the best thing to do.
Some websites need those cookies to function, also the first-party cookies are not
dangerous.
Another thing you can do is delete the cookies on your hard disk. And don’t give sites
personal information, the site can’t save the personal information in the cookie. If you don’t
trust the website than just don’t fill anything in on the website.
If you want to delete your cookies.
For Windows Me, Windows 98, Windows NT or Windows 95 then cookie folder is in one of
these locations:
C:\Windows\Cookies\
C:\Windows\Profiles\<username>\Cookies…
If you have Windows XP or Windows 2000 then cookie folder is in this location (note that on
your PC it can be on other drive instead of drive C):
C:\Documents and Settings\<username>\Cookies\
Please be careful some “cookies” are no cookies and Windows and Internet explorer use
them all the time, deleting those can make problems in IE and Windows.
Email Scams
1. What is a email scam or Phishing?
Phishing is the act of attempting to acquire information such as usernames, passwords, and
credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy
entity in an electronic communication. Communications purporting to be from popular social
web sites, auction sites, online payment processors or IT administrators are commonly used
to lure the unsuspecting public. Phishing emails may contain links to websites that are
infected with malware. Phishing is typically carried out by e-mail spoofing or instant
messaging, and it often directs users to enter details at a fake website whose look and
feel are almost identical to the legitimate one. Phishing is an example of social engineering
techniques used to deceive users, and exploits the poor usability of current web security
technologies. Attempts to deal with the growing number of reported phishing incidents
include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and (according to its creator) the first
recorded use of the term "phishing" was made in 1995. The term is a variant
of fishing, probably influenced by phreaking and alludes to "baits" used in hopes that the
potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in
which case their financial information and passwords may then be stolen.
2. Damage caused by phishing
The damage caused by phishing ranges from denial of access to e-mail to substantial
financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2
million computer users in the United States suffered losses caused by phishing, totaling
approximately US$929 million. United States businesses lose an estimated US$2 billion per
year as their clients become victims. In 2007, phishing attacks escalated. 3.6 million adults
lost US$3.2 billion in the 12 months ending in August 2007. Microsoft claims these estimates
are grossly exaggerated and puts the annual phishing loss in the US at US$60 million. In
the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled
to GB£23.2m in 2005, from GB£12.2m in 2004, while 1 in 20 computer users claimed to have
lost out to phishing in 2005.
The stance adopted by the UK banking body APACS is that "customers must also take
sensible precautions ... so that they are not vulnerable to the criminal." Similarly, when the
first spate of phishing attacks hit the Irish Republic's banking sector in September 2006,
the Bank of Ireland initially refused to cover losses suffered by its customers (and it still
insists that its policy is not to do so), although losses to the tune of €11,300 were made good.
3. How do you recognize a phishing-mail?
Mostly a phishing-mail is very recognizable:
the mail mostly emphasizes that it's urgent and that it's important that you need to
reply very fast
-The mail threatens to lose information when you don't reply
- In the mail it mostly asks for user data and/or passwords
-The mail is often written in sloppy Dutch or sloppy English
-The sender looks very important, but it isn't
-Mostly the mail is unpersonnaly adressed to you like "dear customer"
-They mostly use wrong internet adresses in this kind of mails
Keylogging
1. What is a keylogger?
Keystroke logging, more often called keylogging, is the action of recording (or logging) the
keys struck on a keyboard, typically in a covert manner so that the person using the
keyboard is unaware that their actions are being monitored. It also has very legitimate uses
in studies of human-computer interaction. There are numerous keylogging methods, ranging
from hardware and software-based approaches to acoustic analysis.
2. Effect of keylogging
The effects of keylogging software can be devastating. From accounts on sites such as
skype and Facebook being hijacked to credit card and bank account numbers being stolen, a
keylogging program can basically be a catalyst for full scale identity effect.
3. Countermeasures
The effectiveness of countermeasures varies, because keyloggers use a variety of
techniques to capture data and the countermeasure needs to be effective against the
particular data capture technique. For example, an on-screen keyboard will be effective
against hardware keyloggers, transparency will defeat some screenloggers - but not all - and
an anti-spywareapplication that can only disable hook-based keyloggers will be ineffective
against kernel-based keyloggers.
Also, keylogger software authors may be able to update the code to adapt to
countermeasures that may have proven to be effective against them.
Anti keyloggers
Anti keylogger is a piece of software specifically designed to detect keyloggers on a
computer, typically comparing all files in the computer against a database of keyloggers
looking for similarities which might signal the presence of a hidden keylogger
Live CD/USB
Rebooting the computer using a Live CD or write-protected Live USB is a possible
countermeasure against software keyloggers.
Anti-spyware / Anti-virus programs Many anti-spyware applications are able to detect some software keyloggers and quarantine,
disable or cleanse them. However, because many keylogging programs are legitimate piece
of software under some circumstances.
Network monitors Network monitors (also known as reverse-firewalls) can be used to alert the user whenever
an application attempts to make a network connection. This gives the user the chance to
prevent the keylogger from "phoning home" with his or her typed information.
Automatic form filler programs Automatic form-filling programs may prevent keylogging by removing the requirement for a
user to type personal details and passwords using the keyboard.
One-time passwords (OTP) Using one-time passwords may be keylogger-safe, as each password is invalidated as soon
as it's used.
Security tokens Use of smart cards or other security tokens may improve security against replay attacks in
the face of a successful keylogging attack, as accessing protected information would require
both the (hardware) security token as well as the appropriate password/passphrase.
On-screen keyboards Most on screen keyboards (such as the onscreen keyboard that comes with Windows XP)
send normal keyboard event messages to the external target program to type text.
Keystroke interference software Keystroke interference software is also available.These programs attempt to trick keyloggers
by introducing random keystrokes, although this simply results in the keylogger recording
more information than it needs to.
Speech recognition Similar to on-screen keyboards, speech-to-text conversion software can also be used against
keyloggers, since there are no typing or mouse movements involved.
Handwriting recognition and mouse gestures Also, many PDAs and lately tablet PCs can already convert pen (also called stylus)
movements on their touchscreens to computer understandable text successfully.
DDOS-Attack
1. What is DDOS?
‘A distributed denial-of-service attack or DDoS attack is an attempt to make a machine or
network resource unavailable to its intended users. Although it generally consists of the
efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a
host connected to the Internet.
DoS: Is a software that makes your computer send (empty) packages.
DDoS: is a software that let other computers send (empty) packages.
Both causing the server or devise to crash or slow down.
2. Dangers of DDOS
Slowing down the server or devise to an unmanageable speed.
Permanent damage of the hardware or shutdown due to overheating.
Automatic shutdown of the server or computer.
Bad reputation for public servers if they don’t work.
3. How to stop one?
Updating your firewalls and downloading anti-ddos programs.
Traffic counter that count’s the amount of data/files send to the server, and sends a message
when the counter goes over the maximum.
By using a VPN (Virtual private network).
For servers and websites you can use Cloudflare.
Phishing
1. What is phishing?
Phishing is an attempt to acquire information like
usernames or password but also credit card information
this is done through various ways. One of the most
common ways is by email. The email is made through an
email spoofer so it contains the email address of a
company that is well known. In the email will most likely
contain a link to a website which contains malware or
another kind of virus or spyware. Another way is to make
an identical website from a popular company but with a
slight difference in the website address or a fake website
address made with the use of JavaScript.
2. Dangers:
The phisher can use the information gathered to access accounts you use on the internet
and can make changes to them and in the worst case scenario he can access your bank
account or other financial accounts and make transactions without you being aware of. He
can also use your identity to commit fraud.
3. Countermeasures & preventions:
If u know u are a victim from a phishing attempt make sure to change all you passwords and
report it. Forward phishing emails to spam@uce.gov, to the company impersonated in the
email and the local police. You also may report phishing emails to
reportphishing@antiphishing.org, http://www.ic3.gov/default.aspx.
Don’t click on links in emails unless u are certain they won’t harm your computer in any way.
Make sure you have turned on your web browser anti-phishing filter is turned on, but don’t
rely too much on it, search for an alternative program or see if your anti-virus has one.
Identity theft
Identity theft is a form of stealing someone's identity in which someone pretends to be
someone else by assuming that person's identity, typically in order to access resources or
obtain credit and other benefits in that person's name. The source of identity theft and online
fraud. Such authorization cannot provide a legal basis for national legislation subjecting to
tax the value added theft of goods from a tax warehouse.
Addictions and Who's vulnerable.
What is it?
Wikipedia says that Internet addiction has a specific name: “Internet addiction disorder (IAD), or, more broadly, Internet overuse, problematic computer use or pathological computer use, is excessive computer use that interferes with daily life.”
That's a general idea, but if we go deeper, there are different subcategories inside this Internet addiction disorder: • Cyber-Relationship Addiction: Addiction to social networking, chat rooms, and messaging to the point where virtual, online friends become more important than real-life relationships with family and friends. • Net Compulsions: Such as compulsive online gaming, gambling, stock trading, or compulsive use of online auction sites such as eBay, often resulting in financial problems. • Information Overload: Compulsive web surfing or database searching, leading to lower work productivity and less social interaction with family and friends.
How can you be vulnerable?
It is so easy to fall in each of these addictions, because it is easy to access to this websites or download the required software. Everybody that uses internet is vulnerable to become an addict. Everybody can create a Facebook account, and there is no problem with that, but it isn't so easy to erase it, or even log out. Also happens with the rest of websites, where you enter at some hour, and then the times goes faster. It will be too late when you realize you spent all the evening doing nothing. Internet gambling (as online poker) is also incredibly, you just go to a website, push a button admitting that you are of legal age (it does not have to be true) and, maybe, download some software to start playing. If you have a credit card, you can also lose your money quickly. It happens in shopping and auctions websites also, but without you have to download any software. Measures to prevent it It is very important to control the time spend and how we act in the Internet (if your eyes hurt, it's time to leave it). You have to be careful with online relationships, even if we believe we know the person we spoke to quite well, we can never be completely sure that we can trust him/her. Also, we must not forget our real-life relationships, and take care of them. We must put real care in the money we spend online. Never buy more than necessary (write the expenses on a paper near your keyboard helps a lot) and, if we are adults and we are sure that we want to play online (gambling), keep in mind the risk you run, control costs and time invested. Finally, here is a gold rule: If you have been connected to the internet a while and do not know what to do now, turn off your computer and do something else.
Who´s vulnerable
At first we need to define what the vulnerability is. Vulnerability is a failure or a weak point in the source code of a program, application, operating system, etc… that could be used to involve de integrity, availability, etc… In general terms a vulnerability allows when you use a determinate exploit (program that is used to attack), the failure in the program allow that a malicious user could execute any code or malicious command and this can take the control of the program.
There are lots of vulnerabilities in the net, and this vulnerabilities can involve to all the people. First of all if we don´t have an antivirus we will be in risk because this is a vulnerability constant. We must install an antivirus and a firewall to protect de PC and protect us. Then we can found different risks on the net who can affect to different groups of people. The kids are a big group that have lots of risks. One of the risks come from paedophiles who can contact with them from social networks, chats or similar sites. Other risks is that a people who need money can kidnap the kids using the information that the kids upload to the net and then request money to release them. Other group of people in risk are the gambler addict, the can waste/lose a lot of money betting in different pages or playing cards or similar things. This group is vulnerable by a sickness not by a failure in a program. Other group in risk are older people who don´t became familiar with new technologies and can be scam by burglars with fake pages or fake advertisements. But there are some risks which can affect to all the people like trojans or spyware that can investigate us or stole information which install in our computer when we download things from not secure pages. In conclusion all the people is vulnerable from different questions, when we enter on the net independently of the age. We can protect us but always we will stay in danger.
Links
Scams, hoaxes and cookies
what is a Hoax or scam? http://www.wisegeek.org/what-is-a-hoax.htm http://www.fbi.gov/scams-safety/fraud/internet_fraud/ http://www.securitysupervisor.com/security-q-a/online-security/263-what-is-scam http://www.dhs.gov/internet-hoaxes http://www.slate.com/articles/life/longform/2013/01/manti_te_o_and_other_internet_hoaxes_a_longform_collection.html What can you do to counter a hoax or scam? http://www.scamdex.com/ http://www.consumer.ftc.gov/articles/0060-10-ways-avoid-fraud http://www.artscams.com/ http://www.scambusters.org/stopscammers.html What are the dangers of a hoax or Scam? http://www.symantec.com/connect/articles/virus-hoaxes-and-real-dangers-they-pose http://articles.winferno.com/antivirus/virus-hoax/ http://www.boardofethics.org/education/internet-fraud-the-dangers-you-as-a-new-unsuspecting-user-are-exposed-to-online http://www.net-security.org/secworld.php?id=10166 examples: http://www.hoax-slayer.com/latest-information.html http://www.hoax-slayer.com/ http://www.dogbreedinfo.com/internetfraud/scamemailexamples.htm what is a cookie? http://www.webopedia.com/TERM/C/cookie.html examples http://www.webopedia.com/TERM/C/cookie.html http://www.webopedia.com/TERM/S/session_cookie.html http://www.webopedia.com/TERM/P/persistent_cookie.html
Email scams & Keylogger
Examples of email scams:
http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm
YouTube video:
http://www.youtube.com/watch?v=Q0e-pPfITts
Watch if the email scam free is:
http://www.scamomatic.com/
Scamfilter:
http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP6jbYCFc
JZ3godkwoAGg
Examples of email scams:
http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm
YouTube video:
http://www.youtube.com/watch?v=Q0e-pPfITts
Watch if the email scam free is:
http://www.scamomatic.com/
Scamfilter:
http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP6jbYCFc
JZ3godkwoAGg
Links email scam:
http://nl.wikipedia.org/wiki/Phishing
http://www.zdnet.be/phishing/45727/wat-is-phishing-/
https://admin.kuleuven.be/icts/info/phishing
Links keylogger:
http://nl.wikipedia.org/wiki/Keylogger
http://www.mget.nl/hoe-verdedigen-tegen-keyloggers.html
http://gamecreator.hubpages.com/hub/Why-Keyloggers-are-extremely-dangerous
Phishing
http://www.internet-safety-solutions.com/phishing-prevention.html#phishingpreventionguidelines
http://nl.wikipedia.org/wiki/Phishing
http://www.onguardonline.gov/phishing
http://www.ogone.be/nl/Contact/Phishing%20Attack.aspx
http://www.us-cert.gov/report-phishing
Recommended