1 / 34

More about the Digital PickPocket November 2, 2013

More about the Digital PickPocket November 2, 2013. Preventing Abuse in Technology & not so technical People. Ken M. Shaurette, CISSP, CISM, CISA, CRISC, IAM FIPCO Director IT Services. Definitions. Spyware

tadeo
Download Presentation

More about the Digital PickPocket November 2, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. More about the Digital PickPocketNovember 2, 2013 Preventing Abuse in Technology & not so technical People Ken M. Shaurette, CISSP, CISM, CISA, CRISC, IAM FIPCO Director IT Services

  2. Definitions • Spyware Hardware or software that “spies”, via the Internet, on what you are doing, captures activity without your knowledge, usually for advertising/marketing purposes. Spyware can also gather information about e-mail addresses, passwords and credit card numbers. • VirusA program that secretly attaches itself to other programs and when executed causes harm to a computer. A type of malicious code. • TrojanA destructive program that masquerades as a benign application. Unlike viruses, Trojan horses may not replicate themselves but they can be just as destructive. Listening devices.

  3. Definitions (continued) • KeyLogging • Hardware or software that captures everything you type. • Phishing A recently released Gartner survey reports that 57 million Americans likely have received fraudulent e-mails that appear to be from trusted legitimate businesses and attempt to persuade the recipients to visit bogus websites where phishers can steal their personal information. • FirewallAn application or hardware device installed either on your pc or between your pc and the internet that allows you to monitor and block unwanted traffic. • Skimming Stealing information usually with a hardware device Installed on an ATM or any card reader.

  4. Identity theft & fraud facts • Nearly 10 million Americans a year are victims • Victims lose an average of $1,820 to $14,340 • Victims spend an average of $851 to $1,378 in expenses dealing with their cases. • 38 – 48% of victims discover the theft within 3 months of it starting Source: Federal Trade Commission and the Identity Theft Resource Center

  5. Motives • Money • Politics • Personal Recognition • Identity Theft • Knowing They Can • Pranksters

  6. Our Information is worth a few bucks in the Underground Economy http://www.youridentitysafe.com/internet-identity-theft/34what-is-your-identity-worth

  7. It’s worth a lot more to you and me An identity is stolen every 4 seconds

  8. Consumer Scams Very persuasive person or an forceful email: • someone you know is in trouble and needs your help; • you won a big, big prize, but you have to pay a fee before you can collect it; • You sold something and they send too more money than you were asking; • you can get a government grant, but you need to pay some fees • and many other variations.

  9. November 1, 2013 • Imagine getting a phone message like this: (or email) This is the Civil Investigations Unit. We are contacting you in regards to a complaint being filed against you, pursuant to claim and affidavit number D00D-2932, where you have been named a respondent in a court action and must appear… Please forward this information to your attorney in that the order to show cause contains a restraining order. You or  your attorney will have 24 to 48 hours to oppose this matter… Call 757-301-4745. http://www.consumer.ftc.gov/blog/haunted-phantom-debt

  10. What to Do ? Know your rights!  • Ask the debt collector to provide official "validation notice" of the debt. Hang up if they won’t provide!! • Fake? Ask for name, company, street address, and telephone number.  Then, confirm that the collection agency is real.    • Do not provide or confirm any bank account, credit card or other personal information over the phone (or in an email) until you have verified the call.  • Don’t ever send it in an unsecure email!!

  11. What to Do ? Know your rights!  • Banks and legitimate organization do not typically collect confidential information using email. • You can always go direct to the organization like your bank to make sure it is legitimate. • Be Cautious, Be Paranoid, Be Careful!!

  12. What to Do ? Know your rights!  • Check your credit report annualcreditreport.comor calling (877) 322-8228.   • If the scammer has a great deal of personal information about you, be safe and place a fraud alert on your credit report. • File a complaint with the Federal Trade Commission if the caller uses threats. The Fair Debt Collection Practices Act prohibits debt collections from being abusive, unfair or deceptive. 

  13. You and everyone that you share your private information with should protect it as much as possible within reason

  14. This includes: BANKS

  15. Signs of trouble • Bills that do not arrive as expected • Credit card statements from a company you did not open a credit card • Open all mail, even if you think it’s just a credit card offer because it could be a statement. • Denials of credit for no apparent reason • Calls or letters about purchases you did not make

  16. Oshkosh police warned residents in April to be aware of card-skimming devices that have been used on local ATMs.

  17. Protecting from Skimming • Some tips to identify an ATM skimming device. CLICK HERE http://www.youtube.com/watch?v=WYMUA8umUz8

  18. Ways that you lose Information: If you use weak passwords or PIN numbers

  19. Cybercriminal Methods Guessing Passwords There is brute force technology, but guessing can be much easier and much more successful. Dictionary attacks, common words.

  20. Ways To lose Personal Info If your computers are not secure If your computer hasn’t been patched since the Bears won a Super Bowl (1985) – You might be a hackers prime target.

  21. Ways that you lose it: By having weak wireless networks If you or the people that configured your wireless think that WAP is the way that Elmer Fudd talks about a Rabbit - You might get hacked.

  22. Give me your SSN# • If you use Facebook and overshare, you probably already have. CLICK HERE http://www.youtube.com/watch?v=28-9DyxgZuk&feature=youtu.be

  23. Cybercriminal Methods Trick us If you believe clicking on that email that says someone has a naked picture of your wife/husband….. FBI Comment!!

  24. Cybercriminal Methods Malicious Codes (Spyware, Keyloggers, Backdoors, etc) Can / Do you download anything and everything you want without concern for the validity of the website you get it from? Poisoning!

  25. Preventing Phishing….. • We’ve all received the email telling us we’ve won the lottery or to help someone from Nigeria. How to recognize a Phish! CLICK HERE Identitytheft.info: Phishing http://www.identitytheft.info/internetsecurity.aspx

  26. Ways to protect yourself and others: Use Strong Password Mechanism THINK PASSPHRASE Preach Ken’s Golden Rule: “Handle all Data you work with like data about yourself or your family and you will handle it well.

  27. Ways to protect yourself and others: Secure your home computers and networks like you secure your home! “Make Security Part of You and Your Organizations DNA!!”

  28. What are some ways to identify a compromised computer SLOW Unusual & Unexpected Activity Network Activity

  29. Personal Protection • Personal Firewall • Install and/or update antivirus software. • Update antivirus signatures on a regular basis. Running updates once a day is recommended since new viruses and exploits are released daily. Numerous Free Solutions: • AVG: free.avg.com • AVAST: www.avast.com • TrendMicro: www.trendmicro.com

  30. Anti-Spyware • Use anti-spyware software…. - helps keep unwanted software off of your PC and detect software.. installed without your knowledge. • Update signatures on a regular basis. • Spyware scan all your files on a weekly basis. Running a weekly "Full Scan," will help catch any malicious software that may not be actively in use.

  31. Patch Management • Keeping your operating system and browser up to date! • Periodically check your operating system's vendor for updates. Microsoft Update….

  32. Browsing and Computing Habits • Before entering personal information (social security number, account number, credit card number, etc.) check for the following on the web page: https:// • Closed lock either by the address or down in the bottom frame of your browser. • Some browsers use a color coding in the address bar to let you know if the page is properly secured.

  33. A Little Payback Scamming the Scammers http://www.youtube.com/watch?v=aOM1Bsbq3Uk Where to report a scam if you think you’ve been had! www.ic3.gov

  34. Key Take-Aways

More Related