Preface xi A book and a web site xiii About the Author xiv Introduction xv Organized crime discovers the Internet xvi Hackers out of the open and into the shadows xviii Information leaks you can’t control xix Summary xx CHAPTER 1: Personal information - risks and impact of exposure 1 Information you should protect 2 Dangers of the internet 4 Some people are at more risk than others 8 Information people share on Social Networks 10 CHAPTER 2: Make it safe at home 12 Introduction 13 Secure physical documents and devices 14 Know your malware 17 Implement anti-virus scanning 21 Implement a backup strategy for your systems and data 22 Use firewalls to keep intruders out 28 Lock down your home network 31 Filter undesirable internet content with a HOSTS file 33 Choose your DNS provider 37 Make your system a less vulnerable target 38 Get smart about passwords 43 Use encryption 51 Protect physical ports on your computer 55 Keep your software up to date 57 Keep your system clean and running smoothly 59 Select a browser and security add-ons 61 CHAPTER 3: Security while out and about 66 Be vigilant when on the go 66 Take precautions on public (WiFi) networks 67 Don’t do anything important on public computers 68 Use Virtual Private Networking (VPN) 70 CHAPTER 4: Plan ahead 73 Make your computing devices repair ready 73 Prepare for computer disposal 74 Prepare for loss or theft 76 CHAPTER 5: Ignorance is risk, not bliss 79 Browser and URL fundamentals 79 Links on a page 84 Phishing attacks 85 Phony alerts 88 Important Frequently Asked Questions (FAQs) 90 Better ways to share files 91 Opt out on background checks 95 CHAPTER 6: Highest risk activities 99 Perils of Social Networking 99 viii Contents Using webmail and email 103 Gaming and gambling online 107 Sharing files on and off-line 108 Investing on and off-line 111 Viewing adult content on-line 115 CHAPTER 7: Medium risk activities 117 Using the classifieds on-line 117 Participating in auctions on-line 119 Finding a date on-line 126 Buying health care products on and off-line 129 Seeking debt relief on and off-line 133 Job hunting on-line 136 CHAPTER 8: Lowest risk activities 138 Using search engines 138 Banking on-line 139 Shopping on-line 140 Voice communications 143 Following the news 144 Accessing entertainment and education 145 CHAPTER 9: Call to action 146 Setup your system 147 Plan for emergency data access 151 Teach your children well 161 Perform scheduled maintenance 163 Perform scheduled account and credit monitoring 165 Create your security calendar 167
Best Presentation about Computer Security Protect yourself, because no one else can A new e-book, available now at amazon.com
About this book Introduction A book and a web site
Introduction - in this presentation, we will: Frighten, Enlighten, Entertain, and hopefully . . . Inspire you to stop being apathetic about security So that you, and your family members can use the internet with greater confidence and safety Specifically, we will: Recommend specific technical solutions for improved protection of personal data assets Identify security and privacy risks Identify the best means of avoiding threats entirely Provide something you can implement as soon as you get home.
A book and a web site Website 564738.com This slide presentation Additional resources e-book Detailed information related to each slide Additional insight and guidance Inexpensive (no printing, distribution, inventory, etc.) Live links to software, etc.) Available everywhere If in print, 200 pages long Read more than 1 million Kindle e-books on your PC or Mac with a free reader app from Amazon. You do not need a physical e-reader to read an e-book. Click on this link: (for the PC reader)
1. The Internet new normal Introduction Organized crime discovers the Internet Hackers out of the open and into the shadows Information leaks you can’t control Summary
1.1 Introduction Windows XP, once the most wide spread personal computer Operating System, was released in August of 2001. Security features were limited and could only be implemented by trained IT professionals in large organizations. The Internet was young. Security protocols didn’t yet exist, so there was no buying and selling going on. The few web sites that existed were largely static. Apple was struggling to compete with the Microsoft and Intel There were no e-book readers, tablet computers, or smartphones Over the next decade, along came … great changes, and not all for the better.
1.2 Organized crime discovers the Internet 65% of 70,000 participants in a recent survey had been personally victimized by cybercrime. Only 44% reported the crimes to law enforcement No faith that anything will be done if they do report it. Don’t want to spend even more of their time filling out forms Don’t want others to know they were victimized because they think it makes them look weak or stupid
Growth in malware In the first three months of 2011, PandaLabs said it had identified an average of 73,000 new malware strains each day, a 26% increase from the same period the previous year Visiongain research shows that the number of mobile malware more than doubled in 2011 from 2010 with over 200 new variants in the first half of 2011 alone, out of a total of 800 since 2003. By 2016, Visiongain expects that almost every employee will have a smartphone that supports e-mail, can access the internet and install a variety of applications.
Growth in malicious web sites In the first quarter of 2011, an average of 8,600 new bad sites per day were recorded In addition to websites with bad reputations, included in this chart are sites that host malware, potentially unwanted programs, and phishing sites Source: McAfee Threats Report: First Quarter 2011
1.3 Hackers out of the open and into the shadows Hackers used to code for fun and notoriety among peers They gained notoriety because others noticed their work Recently, hacking has become a way to earn a living – through criminal profit – off the backs of others Malware writers now add stealth features to their programs The objective: for you to never know (until it is too late)
1.4 Information leaks you can’t control In your files at home (paper) In your wallet or purse On your computer On external storage devices On your smart phone In your memory In the air Somewhere in the Internet cloud? Data under your control With your employer With the government and utilities With your credit providers With places you shop (in person or online) With your health-care providers With your insurance company With your ESP (Email service provider) and SNP (Social network provider) With your DNS and Search providers And everyone else they share it with, intentionally or otherwise Not
1.5 Summary Climate change anotherinconvenienttruth Internet Crime
2. Personal information risks Introduction Information you should protect Dangers of the Internet Some people are more at risk than others Information people share on social networks
2.1 Introduction Protection Avoidance The is no such thing as 100% protection You do not have to spend much money to get good protection Protection is a fallback. Avoidance is the first line of defense
2.2 Information you should protect With your credit or debit card data, thieves can purchase products and services. If they have your PIN code (that goes with your card data), they can withdraw cash from your account . With your Social security number, home address, and date of birth, they may be able to obtain a drivers license replacement and open new accounts in your name. They can then run up the charges, and disappear. With your bank login credentials, they can transfer money out of your accounts. With your email account log-in credentials, they can read all your stored mail, send spam to your contacts, and potentially reset your passwords at various accounts such as your bank, your social network , your shopping sites, etc.
2.3 Dangers of the Internet Malware, particularly keyloggers, installed on the computer. These can steal your identity by capturing the keys you press and the screens you see. Misconfigured peer-to-peer apps. If a user configures P2P applications like Limewire to share too large a portion of the file system, such as all of My Documents, then other users on the network can see anything you put there. Phishing attacks, and increasingly , targeted phishing attacks. Targeted attacks are called spear phishing, in which the attacker uses some prior knowledge of you to tailor the phishing e-mail to what you would expect in a real one. Unsolicited offers that sound too good to be true. Such offers, like Nigerian-type scams, rely on human weaknesses. Card skimmers installed by criminals on ATMs and other card reading devices, including credit card readers. These are devices which install over the reader appear to be part of the machine. When you insert your card the skimmer reads it and records the information on it.
2.4 Some people are more at risk than others Do you have bank accounts, brokerage accounts, credit and/or debit cards? Do you have on-line accounts with bank and/or stores? Do you use Social Networking web sites and/or have an e-mail account? Do you use a bank card at stores or cash machines? Do you own a computer and/or smart phone and perhaps travel with one or both? Do you store any financial (or account login) information on any of these devices? Do you have family, friends and business associates contact information stored in your address book? Have you created secure back-ups of your information? Do you update your backups regularly? Have you provided your loved ones with a means of accessing your information in an emergency? Are in you in an important position at work that would make you a target? Then you will benefit from this presentation
2.5 Information people share on social networks Too much – here are types: Service data – what you give to sign up Disclosed data – what you post Entrusted data – what you post on others’ pages Incidental data – what others post about you Behavioral data – what the site observes about your behavior Derived data – what can be derived from a combination of the above (such as who are your friends, what does the group “like” or “dislike”
What you are risking if your data is stolen Your money Your reputation Your job Your health Your time Your families’ well being And more . . .
And, what is your disaster recovery plan?
3. Make it safe at home Introduction Secure physical documents and devices Know your malware Implement anti-virus scanning Implement a backup strategy for your systems and data Use firewalls to keep intruders out Lock down your home network Filter undesirable Internet content with a HOSTS file Choose your DNS provider Make your system less vulnerable Get smart about passwords Use encryption Protect physical ports on your computer Keep your software up-to-date Keep your system clean and running smoothly Select a browser and security add-ons
3.1 Introduction Protect Avoid Monitor Maintain
A safety analogy If you want to reduce driving risk: Learn the rules Read / Take a course Learn how to drive safely Get qualified instruction Develop safe driving habits Take protective measures Don’t drive recklessly Wear seatbelts Get a safer car Perform regular maintenance If you want to reduce Internet risk: Learn the rules Read / Take a course Learn how to use the web safely Get qualified instruction Develop safe internet use habits Take protective measures Don’t “surf & click” recklessly, Buy a safer computer or OS Make your computer/network safe, Perform regular maintenance
Maintenance is required Regular maintenance Clean it regularly (wash & wax) Change fluids (oil, coolant, etc.) Check for wear (brakes, tires, etc.) Replace worn parts (tires, brakes, etc.) Regular maintenance Clean it regularly (clear cache, etc) Update software & virus definitions Monitor credit and financial accounts Replace outdated hardware and software
Older products time has passed No seat belts No head restraint No airbags Poor crash protection Drum brakes Narrow tires Poor headlights Insufficient power for crash avoidance Less dependable Old = less safe to drive
Newer products with improved features Newer = Built-in safety features Improved seat belts Head restraints Surround airbags Better crash protection Anti-lock brakes Wider tires Better headlights More power for crash avoidance More dependable
Stronger protection for the Internet age User account control Randomized memory Greatly improved security features Aftermarket add-ons Easier to implement Free or low cost Less often targeted
After market add-ons to increase safety Additional and alternative OS utilities Alternative browsers and browser add-ons
Software selection criteria Has won many awards The right price ($0 !!) Or, provides unique function
3.2 Secure physical documents and devices Shred receipts instead of throwing them out Make copies of very important documents Store originals in a safe box at the bank (with the exception of your will – store a copy at the bank) Store copies (and will original) in a fire safe at home Keep your file cabinets locked You might also store a recent backup of your computer data (on a portable disk drive) in one or both locations.
3.3 Know your malware A chosen target (OS, browser, etc) is studied for weaknesses. A program (virus, trojan, etc) is designed to attack (exploit) identified flaws. The program is developed, tested and deployed. Phishing is a special type of malware It is not software. It is a communication (e-mail, phone call, etc.) designed to attack human weaknesses (trust, ignorance etc.) To a limited degree, it can be avoided through filtering The best defense is behavioral change (knowledge, skepticism, investigation)
Malware targets This chart shows the continued the trend of malware authors heavily exploiting weaknesses in both Adobe Flash and PDF technologies. Malicious exploits of Adobe products (more than 36,000 in 1Q2011) topped the number of malicious exploits of Microsoft Office products by a wide margin. Adobe products have become the clear target of choice of malware authors because of Adobe’s wide deployment footprint. 11/9/2011 – Adobe announced it plans to stop development of its Flash player software for mobile browsers, saying it will focus its efforts on HTML 5. Source: McAfee Threats Report: First Quarter 2011 1st Quarter 2011 – Much more malware is developed to exploit flaws in Adobe products
3.4 Implement anti-virus scanning Most AV products scan new files downloaded to your computer for known malware. You can add an additional product to monitor running programs for unusual behavior.
3.5 Implement a backup strategy Accounts and login credentials Family photos (digital, of course) Music library Videos (personal and commercial) Documents and Spreadsheets Email, browser bookmarks, and everything else! And, don’t forget the value of your time spent trying to recover from a loss When the inevitable day comes that your hard drive crashes, your data will be gone if you haven’t prepared A 1TB drive, dedicated to backups costs less than $100 Backup is your most important protection
3.6 Use firewalls to keep intruders out A firewall ensures intruders cannot directly access your system through the internet. If connected to the internet via your home router, ensure the NAT firewall is enabled. If connected directly to broadband, or via a public network, ensure your software firewall is enabled.
3.7 Lock down your home network Secure your local network, your computers, and your smartphones Start with your router: Change the log-in credentials from the default Ensure you set a strong password If you have wireless, enable encryption with a strong encryption key and turn off ID broadcasting Use an alternative DNS provider Ensure the NAT firewall is enabled
3.8 Filter undesirable internet content The HOSTS file is a text file that maps hostnames to IP addresses. Every device that accesses the internet can use a HOSTS file. Your browser resolves an address by checking first for an entry in a HOSTS file (if it exists) and then via the active connection’s DNS servers.
Filtering affects advertisers The HOSTS file can be used instead of a browser based ad blocker. Advertisers hate ad blocking, but you will love it. Your favorite ad supported website will lose revenue from your visit
3.10 Make your system less vulnerable Windows 7 is hard to hack if the user doesn't have “administrator” rights. The computer administrator account should be used only to: Make system wide changes Install, upgrade, repair, or back up the operating system and components and to Install maintenance. Use an account which does NOT have “Administrator” authority
Remove Windows services you don’t use Each unnecessary service provides a hacker an additional target to exploit Remove what you don’t need – like tablet, or gadget support Control Panel – Programs – Programs and Features
Eliminate script runtimes you don’t use Required for many web pages to function Can be selectively controlled with “white listing” Required for most smartphones Common language for hacker code Can potentially be removed from computers Two common computer scripting languages with similar names Both require interpreters to run
Don’t jailbreak your phone Jailbreaking is the term that describes the process of modifying a device so its owner can download and install unauthorized software. If you jailbreak your iPhone you remove most of the Apple’s security protections — 80% to be exact — and are vulnerable to attacks. By design, a jailbroken smartphone allows software to run as "root,“ giving hackers automatic access to everything on the device.
Beware which apps you install Virus infected apps Apps obtained from file sharing sites are very often infected Unofficial apps markets are more likely than official ones to host infected apps. The Android market is more likely to contain infected apps than the Apple apps store. Rooted or Jailbroken phones are more susceptible to viruses. Apps with poor security Many smartphone apps store passwords and other sensitive user data on the phone in cleartext. Apps are rushed to market without sufficient testing.
3.11 Get smart about passwords You CAN create a strong password that is easy to remember Consisting of at least one from each category: UPPER CASE LETTERS Lower case letters 1234567890 (numerals) &^%$#,.)! (special characters) Examples: D0g………. C1t.,.,.,.,.,.,.,.,., Longer is better: Phone and computer: 6+ characters Websites: 12+ characters Eliminate password fatigue: Use a Password Manager Establish a secondary email for password resets
People and passwords Basic problems with people and passwords/encryption keys: Long passwords and keys with random characters are often too hard to remember. We don’t like typing long, complex passwords or keys. We cannot remember more than a few passwords/keys, so we reuse the same ones over and over. All reasons to use a Password Manager
3.12 Use encryption Data encryption allows us to protect data even when we cannot control who has access to it High security = good algorithm + strong key (longer = stronger) You can encrypt data for communication and for storage. You can encrypt an entire storage device, a folder, or a single file. Unlike simple password protection, which can be cracked, if you forget an encryption key, you cannot retrieve the data without a brute force attack.
Encrypting communication To protect your log-in credentials when using wireless networks, public networks, or public computers. Used by banking and most shopping websites, but less often by others. You should also use it for your e-mail and Social Networking, especially when you are not on a safe network. Cannot protect against keyloggers!
Encrypting stored data You can encrypt an entire storage device, a folder, or a single file. Full drive encryption is good, but has some drawbacks A computer repair technician will need to test successful system startup All users would need the encryption key as well Folder or file level encryption provides needed “granularity” Windows 7 also provides EFS to encrypt all of a users files.
3.13 Protect physical ports on your computer Malware can enter your computer through any physical storage device such as CD/DVD, USB storage devices, and memory cards (such as an SSD card from your camera). The solution is to turn off “Autorun” or use a free utility to do so Scan external devices for malware before copying files or running programs.
Warning about cell phone charging kiosks Recharge you smart phone with your wall plug transformer Recharging using the USB connector may not be safe. A free charging kiosk could be configured to read most of the data on your phone, and perhaps even install malware.
3.14 Keep your software up-to-date Ensure the latest security updates are installed to maintain protection against the latest threats. Apply maintenance to your OS (operating system), browser, browser plug-ins, anti-virus, etc. Windows users turn on Windows update Update malware signatures database daily Example free tools to check for updates: Secunia PSI (personal software inspector) Qualys Browser check FileHippo update checker
3.15 Keep your system “clean” Ccleaner, is a widely popular and free tool from Piriform software It improves system security by clearing cookies and other potentially security compromising files from the browser cache. It also improves system performance by cleaning up temporary files left by numerous applications and by correcting errors and optimizing the registry
3.16 Select a browser and security add-ons Browser choice OS dependant Firefox with add-ons has top notch security Open source Free Large user base Very large number of add-ons
Riot gear for your browser Recommended security add-ons Script blocker Flash blocker Ad blocker Pop-up blocker Password management Cookie management Safe surfing tool (site ratings) Update checker Other, as required
4. Security while out and about Introduction Be vigilant when on the go Take precautions on public (WiFi) networks Don’t do anything important on public computers Use Virtual Private Networking
4.1 Introduction Think Security Use all protective measures at your disposal
4.2 Be vigilant when on the go Keep your guard up Physical device security for laptops, smart phones, storage devices Public network and public computer security
4.3 Take precautions on public networks Be cautious when using any of the following: Any unsecured wireless (WiFi) network Any secured wireless network that you don’t trust. Hotel or other wired networks ( e.g. in room) If you must, then take these kinds of precautions: Ensure your software firewall is enabled. Use only HTTPS and use a VPN if possible. Use one-time log-ins or virtual card numbers if you have made arrangements in advance.
Know the network your using Smartphone users – be aware You may be accessing the web through your cellular provider, or through an available public wireless network If you omit using https, thinking you are not on a WiFi network and that you are protected, you may be wrong. Ensure your phone will not automatically connect to available free WiFi Use only HTTPS to access important sites. Otherwise, you login credentials might be stolen
4.4 Don’t do anything important on public computers Don’t access any important sites See #1 If you must, then take these precautions: Run an online scan (see options below) to check for malware. Follow instructions for using public networks http://quickscan.bitdefender.com/
4.5 Use Virtual Private Networking A VPN is an encrypted “tunnel” between two endpoints - a private network that works across a public network, like the Internet. VPNs are used by organizations to provide secure access to internal networks by off-site employees and business partners For a fee, you can sign up for a VPN service to use when needed
5. Plan ahead Introduction Make your computing devices repair ready Prepare for equipment disposal Prepare for loss or theft
5.1 Introduction Some things have to be prepared for in advance When S#!T happens, you’ll have a fall back plan
5.2 Make your computing devices repair ready Have a special limited authority user account for the repair person Your critical files should be encrypted If possible Your browser cache should be cleared Your free space should be wiped
5.3 Prepare for equipment disposal Data remains on a storage device until it is overwritten. Deleting a file or “emptying the wastebasket” does not overwrite the data. Doing so only removes index pointers. To ensure data cannot be recovered, it must be “wiped” or “erased” – meaning that it must be completely overwritten with other (random) data. Free add-on tools are available for this purpose. Simply reformatting a drive does NOT erase the data. To erase all the data on a drive requires a special utility that you must boot from external media (CD or DVD drive, USB stick, etc)
5.4 Prepare for loss or theft Know what you carry with you Know whom to call or notify Ensure your sensitive information is encrypted Keep your backups current Evaluate remote wipe and tracking applications for use
6. Ignorance is risk Introduction Browser and URL fundamentals Become a link guru Phishing targets you, not your computer Phony alerts Some FAQs
6.1 Introduction Pay close attention to this topic It is VERY important
6.2 Understand browser and URL fundamentals Encrypted communications using Secure Sockets Layer (SSL)
New ways to force browsers to be safe A Firefox add-on which reviews all HTTP requests from the browser to sites on a whitelist and changes them to appropriate HTTPS requests
Browser cache security Cache and cookies
6.3 Become a link guru
Don’t believe the text, check the link
6.4 Recognize phishing attacks Phishing targets you, not your computer Can occur through any communication medium In person, by phone, thru email and social networking Often unsolicited Rule #1: Always be suspicious Rule #2: If in doubt, check it out Phishing is a way of attempting to acquire sensitive information by masquerading as a trustworthy entity.
Phishing – a real example
6.5 Recognize phony alerts What is scareware? Realistic but phony “security alerts.” These programs are called “scareware” because they exploit a person’s fear of online viruses and security threats Though the “alerts” look like they’re being generated by your computer, they actually sent through your browser They load as pop-ups in your browser, but are designed to look like normal non-browser windows All kinds of bad things could happen if you fall for the scam What to do when you see such an alert? Close your browser immediately (On windows, use Alt+F4)
6.6 Use better ways to share files A good many tools are available for this purpose The most amazing is Dropbox Share/sync data amongst your own computing devices Share with named others Hundreds of other creative uses
6.7 Opt-out on background checks Limit your sharing to avoid too much being made available Removal / burial takes lots of effort on your part You must go to each data aggregator and follow the instructions for opt-out Only way to remove public data from view Write to your congressman – why don’t Americans have better data privacy laws?
6.8 Frequently asked questions Can I get a virus just by visiting a webpage, even if I don’t click on anything? Yes, a script can execute when the page is first loaded. Using a script blocker will provide some protection in case you did visit. Can I get a virus from clicking on an image (like in Google image search)? Yes, the image can contain a link to a malicious web site – see #1. Can I get a virus by visiting a website I deem safe? Yes, especially if you clicked on a link in a message/email that was not first examined (it may be a bogus site). Also, a legitimate web site could have been hacked, in which case it is no longer safe (at least temporarily). Can I get a virus from a PDF file, Excel spreadsheet, or Power point presentation, or Word document that I downloaded? Yes, A PDF file can imbed an exploit of a flaw in your PDF reader Likewise, Word, Excel, and Power point support scripting languages. When you load a document that contains scripts, if scripts are not turned off, they will run.
Now for some Do’s and Don’ts that will keep you out of trouble when you are doing the following things on the Internet: Social networking E-mail Gaming Sharing files Investing Viewing adult content Classifieds Auctions Health care Debt relief Finding a date Finding a job Safe and Unsafe Behaviors Search Banking Shopping Voice over Internet News Entertainment and education
You must know where the holes are to avoid them
7. Highest risk activities Introduction Perils of Social Networking Using webmail and e-mail Gaming and gambling on-line Sharing files on and off-line Investing on and off-line Viewing adult content on-line
7.1 Introduction In the HIGH risk category are activities that involve: Unsolicited communications (potential for phishing) Addictive and/or expensive forms of entertainment Opportunity for oversharing Frequent occurrence of infection (lots of malware)
7.2 Perils of Social Networking The more you share, the more privacy you give up. SN sites make money selling your information to advertisers Information you supply for one purpose will invariably be used for another and there’s a good chance it will be used against you Facebook has made it difficult to control privacy settings Social Networks are replacing email as the favored method of phishing, spamming, and malware distribution. Always use caution when clicking on a link or opening an attachment. “Be careful that what you write does not offend anybody or cause problems . . . the safest approach is to remove all useful information. “ Scott Adams
What Consumer Reports says about SN Stop doing these things now on Social Networking sites: Using a weak password Listing a full birth date. Show only the month and day, LIE about the year, or provide no birthday at all Overlooking useful privacy controls - Limit access for almost everything that is posted on a profile, including photos and family information. Leave out contact information Posting a child’s name in a caption. If someone else does, delete it by clicking “Remove Tag” Mentioning being away from home. Doing so is like putting a “rob me” sign on the door. Be vague about the dates of vacations or trips Being found by a search engine. To help prevent strangers from accessing a profile, go to the Search section of Facebook’s privacy controls and select “Only Friends for Facebook” search results. Be sure the box for Public Search isn’t checked Permitting youngsters to use Facebook unsupervised
7.3 Using webmail and e-mail The importance of protecting your e-mail is underrated Reasons to use use Gmail vs. your local ISP, or other providers Reasons to use an e-mail client vs. webmail (web based e-mail) Why use the Thunderbird mail client (on Windows at least) Multi-platform, open source, portable version available Robust functionality, large user base Good add-ons for security. Ability to sync directly with the iPhone using Birdiesync, thereby avoiding going through (and storing contacts on) Gmail. vs.
A few important email tips Use BCC (Blind Carbon Copy) Especially important if you send forwards Turn off HTML display for default viewing You can see the real URLS for links Avoid “Web bugs” that verify the validity of your address Turn off mail preview, unless you have done #2
7.4 Gaming and gambling on-line Three (3) dangers unique to online gambling: The potential for fraud over the Internet Children's access to gambling sites An increase in gambling addictions Many games contain chat rooms where players meet other gamers. This is the perfect place for online predators to hang out. For the above stated reasons, filtering programs should be used to help block or limit (to a time period for example) children's access to online gaming and especially gambling sites Playing games on the internet is a very popular activity. Gambling, where players win or lose real money, is only one of many types of games available Medical professionals are beginning to recognize online gaming as a real addiction
7.5 Sharing files on and off-line File sharing websites, being so popular, are often infested with malware Any files downloaded have the potential of being infected, and should be scanned – perhaps with at least two different anti-malware tools Ensure your file sharing software is not making public any folders or files from your system that you did not intend to share File sharing activity is often monitored by governments or organizations representing copyright holders – be aware of the risk you are taking by sharing materials owned by others
7.6 Investing on and off-line Always seek advice from someone you trust before you invest a dime Do not stay on the phone with someone asking for money Never judge a person’s integrity by how they sound Always do research on investment opportunities before participating Check for reports of similar scams Check out the offering party with the better business bureau and government agencies Ask tough questions, expect straight answers Be suspicious if you have trouble retrieving your principal or profits Watch out for anyone who plays on your fears or pressures you for a decision
7.7 Viewing adult content on-line Fact: Visitors to these sites experience the highest incidence of malware infections
8. Medium risk activities Introduction Using the classifieds on-line Participating in auctions on-line Buying health care products on and off-line Seeking debt relief on and off-line Finding a date on-line Finding a job on-line
8.1 Introduction In the MEDIUM risk category are activities that involve: Potential for getting scammed, if you don’t follow avoidance advice Potential for wasting money on worthless products
8.2 Using the classifieds on-line Today there are over 700 local Craigslist sites in 70 countries Unfortunately, Craigslist has also become a venue for supporting prostitution The best way to deal with people you meet on Craigslist is to stay completely local There are many ways that scammers operate on Craigslist, but there are also common sense ways of avoiding most of them if you sell or purchase items from the site The most common Craigslist scam is the fake check Another common scam is to obtain your personal information to use for illegal purposes. Use of escrow companies (owned by the scammer) for payment are now becoming a popular Craigslist scam
8.3 Participating in auctions on-line Always carefully check the feedback on the seller you're considering buying from. Ask the seller for a phone number and verify it Beware of buyers who insist on wire transfers as the only form of payment they’ll accept For big-ticket items, use a legitimate online escrow service that will hold the payment until you receive what you’ve ordered If you receive an overpayment as a seller, don't cash it but instead ask for the exact purchase price Don’t ever give out your social security or driver’s license number—a legitimate seller wouldn’t ask Be skeptical if the price sounds too low There are many scams at online auctions. The most common are fake cashiers checks, shady escrow services, overpayment schemes, wire transfer schemes and second chance schemes TIPS
8.4 Buying health care products on and off-line Websites or ads for pills or other products that make some pretty big promises. Sellers may claim to offer products that will cure a serious condition like arthritis, diabetes, Alzheimer’s disease, multiple sclerosis, cancer, and HIV-AIDS Dieting and weight loss products promise that you can lose weight without exercising or changing how you eat. Products may be called “scientific breakthroughs” or the ads may use scientific-sounding words like “thermogenesis,” or safe-sounding words like “natural.” Most of these unregulated products are useless, and at best a waste of money. Others are flat-out dangerous to your health. Don’t trust a website just because it looks professional or has success stories from “real people.” What looks like an online pharmacy could be a front for a scammer or identity thief Before you think about trying a health product, ask your doctor about it
8.5 Seeking debt relief on and off-line The first warning sign of a predator is anyone who wants money from you in order to help save you money. Just because an organization says it is “nonprofit” does not guarantee that its services are free or affordable Don’t use any agency but those who are: On the list of the U.S. Department of Justice’s U.S. Trustee Program approved credit counseling agencies, or An agency provided by the National Foundation for Consumer Counseling
8.6 Finding a date on-line According to datingsitesreviews.com, there are 54 million singles in the United States and 5.5 million (10%) of those use dating services Online Dating Magazine estimates that 120,000 U.S. couples who marry each year met online The Better Business Bureau in the US said in 2009 they received 2,660 complaints about dating services, and the number has been rising Experts warn on-line daters to look out for their financial as well as physical safety when using the sites You should not trust the profile you find of someone on a dating web site. You can use the Internet to investigate your next date Don’t ever send money to someone you have never met in person
8.7 Finding a job on-line As internet crime has increased, there has been a rise in scams involving unauthorized money transfers from hacked online bank accounts by “money mules,” which are people hired through work-at-home scams to help cyber criminals overseas launder money Scams are rampant everywhere, but sadly, criminals are specifically targeting those looking for jobs You should never have to pay for a job or give money upfront to get one Pay attention to email addresses. A legitimate company will not use a hotmail.com or gmail.com mail server Do your research. Investigate a potential employer and read about popular online job scams Guard your personal information. Contact the HR department of a hiring company to ensure they are for real before providing personal details
9. Lowest risk activities Introduction Using search engines Banking on-line Shopping on-line Voice communications on-line Following the news on-line Accessing entertainment and education on-line
9.1 Introduction In the LOW risk category are activities that involve: Visiting sites you regularly go to Visiting sites that offer secure communications
9.2 Using search engines Popular search topic = opportunity for criminals Avoid porn or anything else that is popular and you will avoid many malicious websites. Criminals create sites that use popular search keywords to draw traffic. Even an Image search can take you were you don’t want to go.
What’s in a word or a cause Terms such as earthquake, Android, app store, Chicago Bears, UFC fight card, bracket, and Daytona 500 all match popular or timely events. Of the top 100 results for each of the daily top search terms: 1.2 percent of search results in the quarter led to a malicious site 49 percent of the terms led to malicious sites On average, each of these poisoned result pages contained more than two malicious links. Only two hours after the Japanese earthquake and tsunami struck, the first potential scam donation site was spotted. During the few next hours more than 500 malicious domains or URLs with the terms Japan, tsunami, or earthquake in their titles appeared. Most were created in association with spam campaigns, false news sites to distribute malware, and especially fake charity actions. This behavior will never go away. Source: McAfee Threats Report: First Quarter 2011
9.3 Banking on-line Don’t go to your banking site when using a public computer Avoid doing so on a public network, and take recommended precautions Close your browser and clear the cache. Reopen a new browser session, do you banking, and then exit again, clearing the cache Don’t open other web sites while in the same session Go there only from your bookmarks, preferably those stored within your password manager Confirm the address before entering your log-in credentials
9.5 Using voice communications on-line VOIP = Voice Over Internet Protocol Skype, the most well known service, is used world-wide Safe, except for file transfer features (viruses may be included)
9.6 Following the news on-line Most news reading has gone online, and advertising too Many more channels, including bloggers Perhaps good for the planet (fewer trees used for paper) Cause of further polarization of opinions – since you can choose to read only what you agree with
9.7 Accessing entertainment and education on-line Commercially produced content on-line Citizen produced content on-line – probably safe but for the content Educational institutions continue to resist the Internet
Web services – “cloud computing” Web based apps only make sense if you are on-line most of the time, and if your Internet connection is fast and reliable Web based apps provide a number of advantages Files are more easily shared and collaboration is easy The service provider provides app maintenance, and data backup You MUST, however, ensure your account password is strong You also should consider that data is often not encrypted Vs.
10. Call to action Introduction Setup your system Perform scheduled system maintenance Perform scheduled account and credit monitoring Teach your children well Prepare for emergency data access A look into the future of scams and security
10.1 Introduction If you are head of household, family data security is your responsibility If you are not, nag the person who is and offer to help Remember: Seek help from a nerdy family member, friend, or professional if you need it – but get it done
10.2 Setup your system Seek help from a nerdy family member, friend, or professional if you need it Determine if your existing computer supports the latest OS Get the gear (upgrades, external drives) Make the move (relocate static data to external drive) Back it up Get the tools (software) Install them Configure them Back it up again, and you are done with setup
10.3 Perform scheduled system maintenance Daily Update anti-virus definitions Weekly Run virus scan System backup Data backup Apply software maintenance Clean system Monthly Take a copy of backups to an off-site location
Data breaches are a risk you can’t control In the first 9 months of 2011, the nonprofit Privacy Rights Clearinghouse has tracked 313 corporate breaches involving nearly 23 million sensitive records, more than twice as much as for the whole of 2010.
Organizations you hope will protect your data Your data, in the hands of others With your employer With the government and utilities With your credit providers With places you shop (in person or online) With your health-care providers With your insurance company With your ESP (Email service provider) and SNP (Social network provider) With your DNS and Search providers And everyone else they share it with, intentionally or otherwise
10.4 Perform scheduled account and credit monitoring Daily Save charge and debit card receipts Weekly, bi-weekly, or monthly Compare debit and credit purchases to on-line records Note discrepancies and address Clean system Three times a year Obtain free copy of credit report and examine for mistakes and new accounts you did not open
10.5 Teach your children well They will not likely learn this in school Share what you have learned in this presentation and book They will make mistakes that an adult would know to avoid Over-sharing on Social Networks Bullying other children Being bullied by other children Predators Limit advertising, just like on TV Beware the impact of constant interruption on growth and performance
10.6 Prepare for emergency data access What if you have an accident, and: You end up in a coma? You end up dead? Does you family know: Where you bank? What insurance policies you have? Whom to notify? What your wishes are? Can they access accounts to pay bills: Do they know your log-in credentials? Do they have the keys to decrypt your data files?
What you need A Personal Affairs Record Everything your family needs to know to carry on A database with encryption: Store and encrypt the PAR information before syncing Choice of tool depends on your computer platform A data syncing service: Enables access to most current information Dropbox is a good, free service A means of emergency access: Your family can securely obtain encryption keys in an emergency
Your consolidated security calendar The technical stuff Backups Updating and cleaning Periodic review / replacement of security software The breach awareness stuff Monitoring financial accounts Monitoring credit Monitoring health care accounts The emergency access stuff Updates
10.7 A look into the future of scams and security Scams will increase Tough economic times Impact of globalization Volume will increase Sophistication will increase Security will be more difficult to implement More mobile devices Flood of untested apps Privacy will continue to erode Continued onslaught of social networks People willing to give up too much Inaction by government
End of presentation
About the author 30 years in the computer business Technical, sales, marketing, and executive positions Training development experience Advanced degrees in computer science and business Experience maintaining software for mainframes, minicomputers, personal computers, tablet computers, and smartphones – dealing with over a dozen operating systems