© FIPCO 2013 1 More about the Digital PickPocket November 2, 2013 Preventing Abuse in Technology & not so technical People Ken M. Shaurette, CISSP, CISM, CISA, CRISC, IAM FIPCO Director IT Services
Dec 24, 2015
© FIPCO 2013 1
More about the Digital PickPocketNovember 2, 2013
Preventing Abuse in Technology & not so technical People
Ken M. Shaurette, CISSP, CISM, CISA, CRISC, IAMFIPCO Director IT Services
© FIPCO 2013 2
• Spyware Hardware or software that “spies”, via the Internet, on what you are doing, captures activity without your knowledge, usually for advertising/marketing purposes. Spyware can also gather information about e-mail addresses, passwords and credit card numbers.
• VirusA program that secretly attaches itself to other programs and when executed causes harm to a computer. A type of malicious code.
• TrojanA destructive program that masquerades as a benign application. Unlike viruses, Trojan horses may not replicate themselves but they can be just as destructive. Listening devices.
Definitions
© FIPCO 2013 3
Definitions (continued)• KeyLogging • Hardware or software that captures everything you type.
• PhishingA recently released Gartner survey reports that 57 million Americans likely have received fraudulent e-mails that appear to be from trusted legitimate businesses and attempt to persuade the recipients to visit bogus websites where phishers can steal their personal information.
• FirewallAn application or hardware device installed either on your pc or between your pc and the internet that allows you to monitor and block unwanted traffic.
• SkimmingStealing information usually with a hardware deviceInstalled on an ATM or any card reader.
© FIPCO 2013 4
Identity theft & fraud facts Nearly 10 million Americans a year are victims
Victims lose an average of $1,820 to $14,340
Victims spend an average of $851 to $1,378 in expenses dealing with their cases.
38 – 48% of victims discover the theft within 3 months of it starting
Source: Federal Trade Commission and the Identity Theft Resource Center
© FIPCO 2013 5
Motives
• Money• Politics• Personal Recognition• Identity Theft• Knowing They Can• Pranksters
© FIPCO 2013 6
Our Information is worth a few bucks in the Underground Economy
http://www.youridentitysafe.com/internet-identity-theft/34what-is-your-identity-worth
© FIPCO 2013 8
Consumer ScamsVery persuasive person or an forceful email:•someone you know is in trouble and needs your help; •you won a big, big prize, but you have to pay a fee before you can collect it; •You sold something and they send too more money than you were asking;•you can get a government grant, but you need to pay some fees •and many other variations.
© FIPCO 2013 9
November 1, 2013
• Imagine getting a phone message like this: (or email)This is the Civil Investigations Unit. We are contacting you in regards to a complaint being filed against you, pursuant to claim and affidavit number D00D-2932, where you have been named a respondent in a court action and must appear… Please forward this information to your attorney in that the order to show cause contains a restraining order. You or your attorney will have 24 to 48 hours to oppose this matter… Call 757-301-4745.
http://www.consumer.ftc.gov/blog/haunted-phantom-debt
© FIPCO 2013 10
What to Do ?Know your rights! •Ask the debt collector to provide official "validation notice" of the debt. Hang up if they won’t provide!!•Fake? Ask for name, company, street address, and telephone number. Then, confirm that the collection agency is real. •Do not provide or confirm any bank account, credit card or other personal information over the phone (or in an email) until you have verified the call. •Don’t ever send it in an unsecure email!!
© FIPCO 2013 11
What to Do ?Know your rights! •Banks and legitimate organization do not typically collect confidential information using email.•You can always go direct to the organization like your bank to make sure it is legitimate.•Be Cautious, Be Paranoid, Be Careful!!
© FIPCO 2013 12
What to Do ?Know your rights! •Check your credit report annualcreditreport.com or calling (877) 322-8228. •If the scammer has a great deal of personal information about you, be safe and place a fraud alert on your credit report.•File a complaint with the Federal Trade Commission if the caller uses threats. The Fair Debt Collection Practices Act prohibits debt collections from being abusive, unfair or deceptive.
© FIPCO 2013 13
You and everyone that you share your private information with should protect it as much as
possible within reason
© FIPCO 2013 15
Signs of trouble Bills that do not arrive as expected
Credit card statements from a company you did not open a credit card
• Open all mail, even if you think it’s just a credit card offer because it could be a statement.
Denials of credit for no apparent reason
Calls or letters about purchases you did not make
© FIPCO 2013 16
Oshkosh police warned residents in April to be aware of card-skimming devices that have been used on local ATMs.
© FIPCO 2013 17
Protecting from Skimming
• Some tips to identify an ATM skimming device.
CLICK HEREhttp://www.youtube.com/watch?v=WYMUA8umUz8
© FIPCO 2013 19
Guessing PasswordsCybercriminal Methods
There is brute force technology, but guessing can be much easier and much more successful. Dictionary attacks, common words.
© FIPCO 2013 20
If your computers are not secureWays To lose Personal Info
If your computer hasn’t been patched since the Bears won a Super Bowl (1985) – You might be a hackers prime target.
© FIPCO 2013 21
By having weak wireless networksWays that you lose it:
If you or the people that configured your wireless think that WAP is the way that Elmer Fudd talks about a Rabbit - You might get hacked.
© FIPCO 2013 22
Give me your SSN#
• If you use Facebook and overshare, you probably already have.
CLICK HEREhttp://www.youtube.com/watch?v=28-9DyxgZuk&feature=youtu.be
© FIPCO 2013 23
Trick us
Cybercriminal Methods
If you believe clicking on that email that says someone has a naked picture of your wife/husband….. FBI Comment!!
© FIPCO 2013 24
Malicious Codes (Spyware, Keyloggers, Backdoors, etc)
Cybercriminal Methods
Can / Do you download anything and everything you want without concern for the validity of the website you get it from? Poisoning!
© FIPCO 2013 25
Preventing Phishing…..
• We’ve all received the email telling us we’ve won the lottery or to help someone from Nigeria. How to recognize a Phish!
CLICK HEREIdentitytheft.info: Phishing
http://www.identitytheft.info/internetsecurity.aspx
© FIPCO 2013 26
Use Strong Password Mechanism THINK PASSPHRASE
Ways to protect yourself and others:
Preach Ken’s Golden Rule: “Handle all Data you work with like data about yourself or your family and you will handle it well.
© FIPCO 2013 27
Secure your home computers and networks like you secure your home!
Ways to protect yourself and others:
“Make Security Part of You and Your Organizations DNA!!”
© FIPCO 2013 28
What are some ways to identify a compromised computer
SLOW
Unusual & Unexpected
Activity
Network Activity
© FIPCO 2013 29
Personal Protection• Personal Firewall• Install and/or update antivirus software.• Update antivirus signatures on a regular
basis. Running updates once a day is recommended since new viruses and exploits are released daily.
Numerous Free Solutions:– AVG: free.avg.com – AVAST: www.avast.com– TrendMicro: www.trendmicro.com
© FIPCO 2013 30
Anti-Spyware• Use anti-spyware software…. - helps keep
unwanted software off of your PC and detect software.. installed without your knowledge.
• Update signatures on a regular basis.• Spyware scan all your files on a weekly basis.
Running a weekly "Full Scan," will help catch any malicious software that may not be actively in use.
© FIPCO 2013 31
Patch Management• Keeping your operating system and browser
up to date!• Periodically check your operating system's
vendor for updates. Microsoft Update….
© FIPCO 2013 32
Browsing and Computing Habits• Before entering personal information
(social security number, account number, credit card number, etc.) check for the following on the web page: https://
• Closed lock either by the address or down in the bottom frame of your browser.
• Some browsers use a color coding in the address bar to let you know if the page is properly secured.
© FIPCO 2013 33
A Little Payback
Where to report a scam if you think you’ve been had!
www.ic3.gov
Scamming the Scammershttp://www.youtube.com/watch?v=aOM1Bsbq3Uk