Loading...
computer Fraud and Abuse Techniques
Quiz by Valentina Indica
Customize this quiz to suit your class
Instantly translate to 100+ languages
Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.
Give this quiz to my class
5.1 Personal data Personal data is any data that relates to you and your identity. This includes data such as: •Name •Address •Telephone number •Email address •Bank details •Medical records •Salary •Political opinions You should be very careful about revealing any of your personal data! By revealing personal data to another, especially online, you are exposing yourself to dangers such as identity theft, fraud, bullying and blackmail. These types of dangers can be issues that arise as a result of revealing more personal thoughts and feelings to those that can use them against you. It is a more sinister viewpoint to take, but the moment you reveal any personal data to another, you are providing them with the potential to harm you or your identity. This isn't to say you should never speak to another, especially those unknown online, just understand how to recognise a danger and how to keep your identity secure. To keep yourself safe in your daily life, you are likely to have been taught to take measures such as locking doors, not talking to strangers and not venturing into unsafe areas. However, when many people go online, they relax their safety measures, perhaps because they are in the comfort of their own home, so do not think anything negative will happen. Many people that use the internet are genuine, but knowing how to detect the few that aren't is important. There are several guidelines for you to be aware of to keep your personal data confidential: •Have strong passwords set on any account that holds personal data. Stronger passwords include characters, numbers and symbols and are not a recognisable word. •Encrypt (scramble text so that it cannot be read without a decryption key) any personal data that you store on your computer. •Have a firewall present, scanning incoming and outgoing data from your computer system. •Regularly scan your computer with preventative software, such as an anti-virus package, that is used to identify a virus on a computer and remove it. •Make use of any biometric devices (devices that measures a person's biological data, such as thumbprints), that are built into technology. •Only visit and provide data to websites that are a trusted source. •Do not open any email attachments from a sender you do not recognise. •Check the URL attached to any link requesting data to see if it is genuine. •Be cautious about any pictures or opinions that you post or send to people. •Remove data about your location that is normally attached to your photos and videos that you may post, such as geotags. •Do not become friends on social networking sites with people you do not know. •Set all the privacy controls to the most secure setting that are available on social media accounts. •Report and block any suspicious user. •Use a nickname or pseudonym when using the internet for entertainment, for example, playing games. •If it is possible, use a virtual private network (VPN), an encrypted connection that can be used to send data more securely across a network. The ways in which some of these guidelines can be used in more detail will be explored throughout this chapter.Revealing personal data can lead to threats like identity theft, fraud, bullying, and blackmail. 1.Identity Theft Definition: Identity theft occurs when someone steals your personal information and uses it without your permission. This can include your name, Social Security number, or bank details. Example: If someone gets your Social Security number, they could open a credit card in your name and run up bills that you would have to pay. 2.Fraud Definition: Fraud is when someone deceives another person to gain something of value, like money or personal information. This is often done through lies or tricks. Example: A person might call you pretending to be from your bank and tell you that you need to confirm your account details. If you give them your information, they may steal your money. 3. Bullying Definition: Bullying is when someone repeatedly hurts, threatens, or picks on another person. This can happen in person or online (cyberbullying). Example: If someone sends hurtful messages or spreads rumors about you on social media, that’s a form of bullying. 4. Blackmail Definition: Blackmail is when someone threatens to reveal harmful or embarrassing information about you unless you give them something they want, usually money or favors. Example: If someone takes a private photo of you and threatens to share it unless you pay them, that’s blackmail. Summary Identity Theft: Stealing personal information for illegal use. Fraud: Deceiving someone for personal gain. Bullying: Repeatedly hurting or threatening someone. Blackmail: Threatening to expose information unless demands are met. Understanding these terms helps you recognize and protect yourself from potential dangers in both real life and online. If you see any signs of these actions happening, it’s important to talk to a trusted adult or authority figure. There are several guidelines for you to be aware of to keep your personal data confidential: •Have strong passwords set on any account that holds personal data. Stronger passwords include characters, numbers and symbols and are not a recognisable word. •Encrypt (scramble text so that it cannot be read without a decryption key) any personal data that you store on your computer. •Have a firewall present, scanning incoming and outgoing data from your computer system. firewall : a security measure that can be implemented to monitor traffic into and out of a computer and prevent external users gaining unauthorised access to a computer system. A firewall is a security measure that helps protect a computer system by monitoring and controlling the traffic that comes into and goes out of the system. Think of it as a barrier between your computer and the outside world. It prevents unauthorized users from accessing your computer while allowing authorized traffic to pass through. •Regularly scan your computer with preventative software, such as an anti-virus package, that is used to identify a virus on a computer and remove it. Anti-virus: software that is used to identify a virus on a computer and remove it •Make use of any biometric devices (devices that measures a person's biological data, such as thumbprints), that are built into technology. biometric devices: Unique physical characteristic of a person that can be used by a computer for identification purposes. https://www.aratek.co/news/biometric-devices-definition-and-examples Biometric devices are tools that use unique physical characteristics of a person for identification purposes. This means they can recognize who you are based on features that are unique to you. Here are some examples of biometric characteristics: Fingerprint Recognition, Facial Recognition, Voice Recognition •Only visit and provide data to websites that are a trusted source. •Do not open any email attachments from a sender you do not recognise. •Check the URL attached to any link requesting data to see if it is genuine. •Be cautious about any pictures or opinions that you post or send to people. •Remove data about your location that is normally attached to your photos and videos that you may post, such as geotags. Geotag: an electronic tag that assigns a geographical location A geotag is an electronic tag that assigns a specific geographical location to a piece of information, like a photo or a video. Geotags can help people understand where a photo was taken or where an event occurred, making it easier to organize and find information based on location. •Do not become friends on social networking sites with people you do not know. •Set all the privacy controls to the most secure setting that are available on social media accounts. •Report and block any suspicious user. •Use a nickname or pseudonym when using the internet for entertainment, for example, playing games. •If it is possible, use a virtual private network (VPN), an encrypted connection that can be used to send data more securely across a network. Virtual private network (VPN) : an encrypted connection that can be used to send data more securely across a network A Virtual Private Network (VPN) is a special way to connect to the internet that keeps your information safe. Imagine you are sending a secret message to a friend. You want to make sure no one else can read it while it travels. A VPN helps you do just that! It creates an encrypted connection, which means it turns your message into a code that only your friend can understand Example: Public Wi-Fi Safety: When you use public Wi-Fi, like in a café, your data can be easily accessed by hackers. If you connect to a VPN while using that public Wi-Fi, your data is encrypted, making it much harder for anyone to steal your information. How is personal data collected? There are several ways that an unauthorised person can try and collect your data. These include: •phishing •smishing •vishing •pharming. Phishing Phishing is when a person sends a legitimate looking email to a user. The email contains a link to a website that also looks legitimate. The user is encouraged to click the link and to input personal data into a form on the website. The email could also simply ask the user to reply to the email with their personal data. The user is tricked into giving their personal data to a source that they believe is legitimate. However, both the email and the linked website are from a fake unauthorised source. The personal data that is input is then collected by an unauthorised person. This person can then use this data for criminal acts, for example, to commit fraud or steal the person's identity. Intimidation has become a common feature of phishing emails, threatening the user that they must click the link and rectify a situation immediately, or there will be a further issue. The aim of a phishing attack is to steal the user's personal data. Figure 5.1: Phishing. A real-life example of phishing PayPal have been the subject of several different phishing emails. Users receive an email that looks as though it has been sent from PayPal, as it has the PayPal branding. The email normally warns of an issue such as unexpected activity on their account, or that some kind of verification of their account is required. The user is then asked to click a link to log into their account and resolve the issue. The link takes them to a webpage that looks like the PayPal login page. If the user inputs their login details into this page, they will not be taken to their account. It is often at this stage that the user may realise that the email and webpage are fake. However, they have already given the unauthorised person their PayPal login details. Figure 5.2: An example of a phishing email claiming to be from PayPal. How to recognise phishing There are several guidelines to be aware of regarding emails to avoid being subjected to phishing. These include: •Don't even open an email that is not from a sender that you recognise or a trusted source. •Legitimate companies will never ask you for your personal data using email. Be immediately suspicious of any email that requests your personal data. •Legitimate companies will normally address you by your name. Be suspicious of any email that addresses you as ‘Dear Member' or ‘Dear Customer'. •Legitimate companies will send an email that uses their domain name. If you hover your mouse over the sender's name, it will show the email address that the email is sent from. If this does not look legitimate, for example, does not contain the correct domain name, then it is probably fake. For example, if the sender's email is user@paypal1.com rather than user@paypal.com, this is from an incorrect domain name. •Legitimate companies are protective of their professional reputation and thoroughly check any communications. They will make sure that all information given is grammatically and correctly spelt. Be suspicious of any email that contains bad grammar or spelling mistakes. •A link in an email from a legitimate company will also normally contain the domain name of the company. You can sometimes hover over the link, or right click and inspect the link, to see the address of the URL that is attached. If the URL does not contain the domain name, or also contains typical errors such as spelling mistakes, then be suspicious of this. PRACTICAL ACTIVITY 5.02 Ask a friend or a member of your family if they have ever received an email that they believed was a phishing email. Ask them how they identified it was phishing. Ask them if they know all of the given guidelines for identifying phishing emails. Smishing Smishing (or SMS phishing) is a variant of phishing that uses SMS text messages to lure the user into providing their personal details. The user is sent an SMS text message that either contains a link to a website, in the same way that phishing does, or it will ask the user to call a telephone number to resolve an urgent issue. The same advice can be followed for smishing as given for phishing. The user must question at all times any links that are sent from an unknown or suspicious user. It is advisable that if a user believes the message may be legitimate, to type in the domain name for the legitimate company website into their web browser, rather than following the link in the message. Users should block any numbers that they believe are suspicious to prevent any further risk of smishing from that number. Figure 5.3: Smishing. Vishing Vishing (or voice phishing) has the same aim as phishing, to obtain a user's personal details. The user receives a telephone call that could either be an automated system or could be a real person. An automated voice could speak to the user and advise them that an issue has occurred, such as there has been suspicious activity regarding their bank account. The user may then be asked to call another number, or just to simply press a digit and be directed to another automated system. This system will ask them to provide their bank account details to resolve the issue. The bank account details have then been obtained by the unauthorised user and can be used to commit a crime against the user. The automated system could be replaced by a real person who will try to do the same thing. They will try to convince the user that there has been an issue with an account they have and to provide the log-in details or PIN for the account to verify who they are so the issue can be resolved. The precaution to take for vishing is that no company will ever call you and ask you to provide any log-in details or PIN details over the telephone. They may ask you to provide other personal information, and if you are in doubt that the person on the other end of the phone is legitimate, it is always advisable to put the phone down and call the company back on a legitimate number that you may already know or can obtain. Figure 5.4: Vishing. Pharming Pharming is when an unauthorised user installs malicious code on a person's hard drive or server. The malicious code is designed to redirect a user to a fake website when they type in the address of a legitimate one. The fake website is designed to look like the legitimate one, to trick the user and make sure they are not aware that their request has been redirected. The user will then enter their personal details into the fake website, believing it is the legitimate one, and the unauthorised person will now have their personal data. A common technique used in pharming is called domain name server (DNS) cache poisoning. This technique exploits vulnerabilities in the DNS and diverts the internet traffic intended for a legitimate server toward a fake one instead. The unauthorised user needs to find a way to install the malicious code on the computer. They often hide the malicious code in an email attachment or link. When the user opens the email attachment or clicks the link, the malicious code is downloaded also. Figure 5.5: Pharming. The aim of a pharming attack is also to steal a user's personal data. A real-life example of pharming In 2007 50 different companies all over the world were subject to a pharming attack, these included PayPal, eBay, Barclays bank and American Express. Over a three-day period, hackers managed to infect over 1000 PCs a day with a malicious pharming code. When users who had been infected visited the websites of the different companies, they were redirected to a legitimate-looking version of the site that was designed to steal their personal data. The original email, containing the malicious code, was set up to look like a shocking news story. Users were encouraged to click a link in the email to find out more information. The code was downloaded when the user clicked the link. This was quite a sophisticated attack that required legitimate looking websites to be set up for a large number of companies. It is not known how much money the hackers were able to retrieve as a result. How to prevent pharming All of the guidelines to avoid being subjected to phishing are also relevant for recognising pharming. There are also several other precautions that can be taken to check for pharming attacks. These include: •Have a firewall installed and operational. A firewall monitors incoming and outgoing traffic from your computer. It checks this traffic against set criteria and will flag and stop any traffic that does not meet the criteria. A firewall could detect and block suspicious traffic, such as a malicious code trying to enter your system. •Have an anti-virus program installed that is designed to detect malicious pharming code. You need to scan your computer on a regular basis to check for any malicious code. It is advisable to set up an automatic scan on a daily basis at a time when your computer will normally be switched on. •Be aware when using public Wi-Fi connections. A hacker could look to directly access your computer and install the malicious code if you are connected to a public Wi-Fi connection. It is often advisable to use a VPN when using public Wi-Fi. This will help shield your internet activity and personal details from a hacker, making it more difficult for them to access your computer. Smishing can also be used as a form of pharming. A user is sent a link, that when they click is designed to download malware onto their mobile device. Therefore, it is advisable to have security software installed on your mobile and also scan it regularly to detect any presence of malware.Understanding the Features of Finance: A Guide for Newbies Finance is a broad field that involves managing money, including activities such as investing, borrowing, lending, budgeting, saving, and forecasting. As a beginner, understanding the basic features of finance is crucial. This guide will relate these features to blockchain technology, cryptocurrency, and decentralized finance (DeFi). 1. Basic Financial Concepts Investing: Putting money into assets like stocks, bonds, or real estate with the expectation of earning a return. In the blockchain world, this translates to investing in cryptocurrencies like Bitcoin, Ethereum, or various DeFi projects. Borrowing and Lending: Traditional finance involves banks and financial institutions providing loans. In the DeFi space, platforms like Aave and Compound allow users to borrow and lend cryptocurrencies without intermediaries. Budgeting: Planning how to allocate your income to cover expenses, save, and invest. Using blockchain technology, you can utilize smart contracts to automate budgeting and savings processes. 2. Blockchain Technology Blockchain is a decentralized ledger that records transactions across multiple computers. It is the technology behind cryptocurrencies and has several key features: Transparency: All transactions are recorded on a public ledger, making them visible to anyone. Security: Cryptographic techniques ensure that data on the blockchain is secure and tamper-proof. Decentralization: No single entity controls the blockchain, reducing the risk of centralized control and failure. 3. Cryptocurrencies Cryptocurrencies are digital or virtual currencies that use cryptography for security. They operate on blockchain technology and offer several advantages: Lower Transaction Costs: Sending money across borders is cheaper with cryptocurrencies compared to traditional banking methods. Accessibility: Anyone with an internet connection can access cryptocurrencies, promoting financial inclusion. Ownership and Control: Users have complete control over their funds without relying on banks. 4. Decentralized Finance (DeFi) DeFi is a movement that uses blockchain technology to recreate and improve traditional financial systems in a decentralized manner. Key features of DeFi include: Smart Contracts: Self-executing contracts with the terms directly written into code, enabling trustless and automated transactions. Liquidity Pools: Users can provide their assets to a pool and earn interest or rewards, promoting liquidity in the DeFi ecosystem. Yield Farming: A strategy where users move their assets between different DeFi platforms to maximize returns. 5. Applications in DeFi and Blockchain HaloFi Save: A platform that leverages blockchain technology to help people save money efficiently and securely. It encourages users to save larger amounts for longer durations, offering higher interest rates compared to traditional banks. Non-Custodial Savings: Users have full control over their funds, reducing the risk of losing their money to institutional failures or fraud. Access to DeFi: Integrating with DeFi platforms like Moola Market, HaloFi Save provides additional opportunities to earn interest on savings, promoting financial growth and stability. Practical Example: A Farmer's Journey Imagine a farmer in a remote village in Africa. Traditionally, this farmer might not have access to banking services, making it difficult to save money, get loans, or invest in better farming equipment. With platforms like HaloFi Save, the farmer can: Save money securely and earn interest. Access microloans through DeFi platforms integrated with Celo. Participate in educational programs to learn more about blockchain and DeFi. Conclusion Blockchain technology, through platforms like HaloFi Save and initiatives by Celo Africa DAO, has the potential to drive significant social change by promoting financial inclusion, transparency, and access to resources. By empowering individuals and communities with the tools and knowledge to participate in the digital economy, blockchain can help address global issues and foster sustainable development.Computer110.31.b.17.C Topic: Reading/Vocabulary DevelopmentSTAAR English II High School 2014 - Past Paper