Cyber Crime Awareness

CYBER CRIME AWARENESS!

Fraud, extortion, damage to reputation, service disruption and identity theft are growing categories of cyber crime. Becoming victims of fraudulent schemes cost investors, companies and consumers more money each year - while they at the same time are eroding confidence in the online environment. 

Despite the threats of fraud, viruses, and hacking that are becoming more targeted, there is an alarming lack of awareness among businesses about the threat posed. We see the rise of tailored Trojans aimed at customers of specific banks, dubbed spear phishing attacks, and we are witnessing increasing awareness of the value of individuals' identity.

Internet criminals are stronger than ever and seek to take advantage of Internet's unique capabilities, by sending email scams worldwide within a few seconds, or by posting Web Site information which is access able from anywhere in the world, in order to carry out various types of fraudulent schemes. With so much money being moved on Internet today, cyber criminals are getting greedy and smarter. 

Child pornography, sexual exploitation, stalking, e-commerce related crimes as fraud and pyramids, fake Web Sites, stock manipulation, identity theft, are some of the fraudulent schemes on Internet today. 

However, these are not the only kinds of crimes, - hacking, denials of service and various methods of fraud are on the lists of daily reported schemes. Most cases involving hacking - also called cracking - involve the penetrator gaining root access to a server (usually one belonging to a company) in order to steal identities by extracting personal identification information, credit information, financial information, valuable intellectual property, client information, or sales records from a company's database. Some hackers might be hired by a business to destroy a competitor's website or his good reputation. And instead of robbing banks or post offices - hackers can break into a bank's computer system and transfer money over electronic payments systems. 

An active criminal culture has been located on Internet the last years with criminals exchanging advanced tools and information. There are online criminal communities on Internet. They co-operate, there are no boundaries in the worldwide use of Internet, and they use chat rooms, valves acts of tips and rent malicious software tools (malware) or hire skilled criminals. At low cost and low risk - with profit in return - cyber crime has become attractive for fraudsters. Some victims are naive and let themselves being easily cheated - while others are skeptical - however, even a low response rate can guarantee the fraudsters profit since the crime is carried out automatically at high speed, reaching a large number of victims at the same time. People need to be reminded - that just because something appears on Internet, and no matter how impressive a Web Site looks - it does not have to be true!

The absence of viruses and virus alerts are not entirely due to better security, it is mainly because the cyber criminals are now creating malware for cash. As more companies and individuals are using Internet for commerce, the increased financial throughput allows more scope for criminal activity. Businesses should always be on the guard for viruses. The goal of many cyber criminals is to infect thousands of computers. Trojan Horses, Worms and Bots can be created within minutes by hackers who have a range of tools to use. However, very little of this is new technology, it is all easy-assembly kits, but they have become specialized in their sectors. 

The reality is that no business is safe. With the explosive growth of Internet, and e-commerce in particular, cyber criminals try to present fraudulent schemes in ways that look as much as possible like the goods and services that the vast majority of legitimate e-commerce merchants offer. In the process, cyber criminals not only cause harm to consumers and investors, but also undermine consumer confidence in legitimate e-commerce and the Internet. It can sometimes be difficult to tell the difference between a reputable seller and a fraudster, but you can take precautions and be on the alert.

It is a never-ending battle against cyber crime. To combat these threats, we need to focus on security. On smart security.

MAJOR THREATS

Distributed Denials of Service - DDoS Attacks

DDoS - Distributed Denial-of-Service attack is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.

Unlike single source attacks, the attacker comprises a number of host companies - which in turn - infect thousands of other computers. Infected host computers, called Zombies or Bots, start flooding the victim's web site with requests for information, by creating a vast and continuous stream of data which overwhelms the target web site and prevent it from providing any service.

DDoS Attacks are a global threat - and in reality every business is at risk. DDoS Attacks are launched from thousands of computers around the world. It is estimated to be 10,000 attacks worldwide every day. There have already been cases where organized criminals have threatened - blackmailed - businesses with DDoS Attacks. Such threats can bring even the largest companies to their knees. 

The businesses` lack of understanding for the threats of DDoS Attacks has resulted in widespread failure to implement the necessary preventive technology. All businesses online should implement the necessary preventive measures to mitigate the threat of DDoS attacks.

SOCIAL ENGINEERING

Social Engineering is the general term for the methods cyber criminals use to manipulate people into performing actions or divulging confidential information.

PRETEXTING is the act of creating and using an invented scenario to obtain information from a target, usually over the telephone. It regularly involves some prior research and the use of pieces of known information (Birthday, Social Security Number, last bill amount) in order to establish legitimacy. This technique is often used to trick a business into disclosing customer information, to obtain telephone records, utility records, banking records and other information. The fraudsters can use this information to establish even greater legitimacy for their planned actions.

SPAM (Junk or Bulk Mail).. A spam is an unsolicited commercial or bulk email, also called junk- or bulk mail. Spam often contains advertisement for service and products. Generally, these spam emails refer to multiple identical messages sent simultaneously. The people who send the spam are violating the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN SPAM). 

Do not open these spam mails or the links you often are being encourage to click on - instead you should these delete spam when you receive them. Install a filter against spam, so most of them can be sorted out and placed under »deleted items« automatically.

Even though some spam emails contains a function and/or a link to a Web Site for you to unsubscribe and for being removed from their mailing list, do not use this offer when the spam email is unsolicited and the sender is unknown, as they in fact always are! The function or link may have quite another function than unsubscription. 

PERSONAL SPAM. Most Internet Users have learned to recognize and immediately get rid of spam emails that daily dump into their mailboxes. Unfortunately, the spammers do not give up so easily and create new methods of avoiding both the spam filters and our ability to recognize the spam. Internet security companies believe that with the advanced technology spammers use, we may soon receive personal spam automatically adjusted to our interests and user habits on Internet. Their new methods increase their chances to avoid the spam filters, and not at least - the receiver might find the title of the spam email so interesting that he decides to open it. 

The tendency already today is that junk email can combine email addresses selected from different Web Sites with some content from these pages, in order to catch our interest.

It is not unusual that a Web administrator can receive a camouflaged spam with the title »Reporting error on the Web Site«. Of course, it is natural that an email with this title will get his attention. Junk email, generated from your personal interests and User habits on the Web, will in the future be guaranteed more attention than today's spam. 

CHAIN LETTERS: Hoaxes and Urban Legends. There are very few people who have never received a chain letter by email! But what do you know about Chain Letters?

Even if you receive a seemingly harmless and innocent Chain Letter from a good friend or from an organization that urge you to forward it to as many as possible, remember that they may have negative repercussions if you forward them; - you will be spreading hype, and very often unnecessary fear, by forcing people you know to waste time sifting through the message and possibly taking time to verify the information. There are two types of Chain Letters:

HOAXES. Can be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. And it can be a scam with a content that convince users to send money or personal information.
 
URBAN LEGENDS. Can be designed to redistribute and also warn people of a threat, or claim to be notifying important information, or suggest that they sign something that will be submitted to an organization or a group, or promise the users that they will be rewarded for forwarding the message. 

Be cautious when you receive a hoax or and urban legend, especially when they have these characteristics:

• Something tragic will occur if you do not forward the chain letter to others by email
• Your dreams will come true if you forward it to others by email
• Offers instructions or attachments claiming to protect you from viruses
• Claiming it is not a Hoax!
• Contain misspellings or the logic is contradictory
• Urging you to forward the email to others
• Informing that it has been forwarded to others multiple times, and proves it by showing a tail of names

SPOOF EMAILS AND WEB SITES

PHISHING - IDENTITY THEFT AND FRAUD. Some Internet Fraud schemes also involve Identity Theft - called Phishing - the wrongful obtaining and using of someone's personal data in ways that involves fraud or deception, typically for economic gain.  

Spoofers has become increasingly sophisticated and made it incredibly difficult to detect fraudulent emails. One method spoofers use in their attempts to commit fraud and identity theft, is to send out emails - pretending it is from a popular company or Website - with a copy of this Website attached to the spoof email.

SCAM is a fraudulent business scheme (email), sent by a scammer (the sender) 

EMAIL FRAUD SCAM. The key to reducing the effect of this type of email, is awareness, education and vigilance. We encourage you to be cautious when responding to any email request for personal information! Do not read them. Do not open any attachments. Delete all Scam emails. 

Fraudsters that send out such emails hope that you will respond to their mail and follow their instructions - by sending them sensitive personal information, bank and credit card numbers, order goods and services, sign up for membership, fill in forms attached to their mail, or click on an attached link to a Web Site they are referring to.

MALICIOUS CODE - includes code such as Viruses, Worms, and Trojan Horses. Although some people use these terms interchangeably, they have unique characteristics:

VIRUS is a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer. A computer virus cannot spread to another computer without human assistance. Most viruses do damage, whether to your files, your registry, or even your hardware. Viruses are hard to detect, easy to propagate, and difficult to remove. Your computer can pick up a virus when you copy a seemingly normal file from a diskette or download it from the Internet.

WORM is similar to a Virus, and a self-replicating malware. The difference between a Virus and a Worm is that the Worm is a stand-alone program. It attaches itself to emails, infiltrates the computer system, copies itself many times, and fills up the memory and disk space, and crash the computer. 

TROJAN HORSE is a program that appears legitimate - but it performs illicit activity when it is run. It contains and conceals harmful codes. It is used by cyber criminals to locate password information or to make a system more vulnerable to future entry. It can also destroy programs or data on your hard disk. A Trojan Horse is similar to Virus - except that it does not replicate itself, but stays in the computer doing its damage or allowing somebody from a remote site to take control of your computer. Trojan often sneaks around attached to free games or other utility on Internet.

ROOTKITS AND BOTNETS. Beware of Hidden Threats as Rootkits and Botnets. You may become a victim without even realizing it.

BOTNETS is a type of Remote Control Software, specifically a collection of software robots, which run autonomously, and it can be hidden on your computer without your knowledge. The Botnet˙s originator can control the group remotely. It way be included in a larger software package or installed by a hacker who has taken advantage of the vulnerability of your computer, or maybe convinced you to download a program which contained this malware. Botnets can be used to sending spam remotely, installing more spyware and other illicit purposes.  

ROOTKITS is a collection of tools (programs) that enable administrator-level hidden access to a computer or computer network. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. Rootkits are not necessarily malicious, but they may hide malicious activities such as spyware. The hacker may be able to access information, monitor your actions, modify programs, and perform other functions on your computer before being detected. 

If there is a rootkit on your computer or an attacker is using your computer in a Botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem. If you believe that you are a victim, consider contacting a trained system administrator

As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer.

SPYWARE is a computer program which can be installed on personal computers (usually without the permission from the owner) and has the purpose of collecting information and sending it back to another source - usually an Internet marketing or pornographic website.

Be wary of downloading software on websites you cannot trust. And do not download software from email scams that offer you downloadable software. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else.

When your computer suddenly starts to work slowly - the reason may be that you are running newer and larger software on an older computer. All you need to do then is to replace or upgrade a particular component. But slow performance can also be caused by other processes or programs running in the background - and you may be experiencing a denial-of-service attack, or you have spyware on your computer.