Sunteți pe pagina 1din 68

Yashwantrao Chavan GEN 121

Maharashtra Cyber Security


Open University

GEN121: CYBER SECURITY

GEN121: Cyber Security Page 1


Yashwantrao Chavan Maharashtra Open University, Nashik

Vice Chancellor : Dr. Deelip Mhaisekar


SCHOOL OF CONTINUING EDUCATION SCHOOL COUNCIL

Dr. Rajendra Vadnere Shri. Ashwin B. Sonone Shri Rajendra Katore


Director Associate Professor U.K.Metal Indutries
School of Continuing Education Film and Television Insti. Pune MIDC,Ambad,Nashik
Y.C.M. Open University, Nashik
Dr.Surya Gunjal Mr. Goyanka Shankar Mr. P.V. Patil
Deputy Director, District
Director Country Head Vocational & Training
School of Agricultural Science WOW Factors India Pvt.Ltd. Center, Nashik
Y.C.M. Open University, Nashik New Delhi
Dr. Jaydeep Nikam Dr. Pramod Khandare Mrs. Jyoti Shetty
Professor Asst. Professor Principal
School of Continuing Education School of Computer Science S.P.More College, Panvel (E)
Dr.Sunanda More Dr.Abhay Patil Mrs. R. R. Gujar
Associate Professor Assistant Professor Assistant Professor
School of Science& Technology School of Health Science School of Continuing Education
Prof. Ram Thakar
Assistant Professor
School of Continuing Education
Y.C.M. Open University, Nashik

Developed by :

Quick Heal Publications


603,Mayfair Towers,
Wakdewadi,Shivajinagar,
Pune411005
COURSE CO-ORDINATOR

Prof. Ram Thakar


Assistant Professor
School of Continuing Education
Y.C.M. Open University, Nashik

PRODUCTION

Shri. Anand Yadav


Manager, Print Production Centre, YCMOU,
Nashik

2016, Yashwantrao Chavan Maharashtra Open


University First Published : Aug. 2016
Published by : Dr. Dinesh Bhonde, Registrar, Y. C. Maharashtra Open University, Nashik 422 222.

GEN121: Cyber Security Page 2


GEN121:Cyber Security

Contents
Unit 1: Introduction to Cyber Security ................................................................................................... 4

Unit 2: What is Data Privacy? ................................................................................................................ 9

Unit3: Computer Security Threats ........................................................................................................ 13

Unit 4: Online Scams & Frauds ............................................................................................................ 20

Unit 5: What is Phishing? ..................................................................................................................... 25

Unit 6: Ransomware ............................................................................................................................. 30

Unit 7: How to Keep Your Kids Safe Online ....................................................................................... 33

Unit 8: How to Avoid Getting Addicted to Facebook .......................................................................... 38

Unit 9: Dos and Don'ts of Internet Security .......................................................................................... 44

Unit 10: What is Browser Sandbox Protection? ................................................................................... 50

Unit 11: Gmail Security ........................................................................................................................ 52

Unit 12: Mobile Device Security .......................................................................................................... 55

Unit 13: Tips and Tricks on Securing Your Android Devices .............................................................. 60

Unit 14: Top 10 Web Hacking Techniques of 2014 ............................................................................. 64

GEN121: Cyber Security Page 3


Unit 1: Introduction to Cyber Security

Dangers in the cyber world


Concerns regarding internet
Internet problems families and kids face
Cyber bullying
Inappropriate content
Malicious files
Sexual predators
Keeping kids safe
How Quick Heal can help

The internet has become a part of everyday life for all of us, even children. They use
it for a variety of reasons such as school projects, homework, games, activities and
connecting with their friends. Adults use the internet for socializing, shopping, browsing,
watching movies, playing games, for work-related issues and many more reasons. The
internet has made life faster and easier due to the ready availability of a vast ocean of
information at the touch of a few buttons. However, as helpful and useful as it is, this virtual
world also has another side; one that we need to protect ourselves and children from.

Kids, in all their innocence, can stumble upon sites that they are not supposed to. This
can be text, images or videos that are graphic or violent in nature. Another concern is the
people that prowl the internet and prey on small children, like sexual predators. Yet another
issue is cyber bullying.Adults can also have unpleasant experiences on the internet. Scams,
thefts, phishing and bullying in any form are serious issues that any unsuspecting person can
become a victim of.

This is where cyber security comes into the picture. Protecting oneself,our near and
dear ones, children and private information is quite a natural need and desire. Everyone wants
to feel secure, be it virtually or in real life. Cyber security aims to do just that. Cyber security
is also known as IT security or computer security. It is related to computers and other
machines on which the internet can be accessed, and also to the data that is posted or
exchanged virtually.

Today, owing to our growing dependence on the internet, this branch of security has
become very important. It has certain rules that need to be followed regarding the kind of
information you put out on the internet. It also helps you identify malicious programs and
people that can cause you some kind of harm. It is also inclusive of protective measures for
both adults as well as kids, to prevent the occurrence of any untoward or unfortunate
incidents.

GEN121: Cyber Security Page 4


Dangers in the cyber world

The dangers that are lurking in the virtual world can be in the form of many things –
people, software, images, text, and so on. Something that may not impact an adult may have
another effect altogether on a child. Adults can suffer financial loss due to scams, or
compromise of their personal information due to viruses. Here are some examples of the
dangers of the cyber world.

For kids –

 Violent images
 Pornographic images
 Sexual predators
 Cyber bullying

For everyone –

 Viruses
 Spyware
 Frauds and scams
 Misuse of personal information
 Hacking

These problems can occur at any time without our knowledge. Most times, we don’t
realize that something has gone wrong until after something bad happens. Hence, it’s best to
have knowledge of these dangers beforehand, so that you can be prepared and prevent
yourself from becoming a victim.

Concerns regarding the internet

It is safe to say that any person’s main concern regarding the internet is, first and
foremost, the safety of their family and children. The second is the safety of their personal
information. Parents are most concerned when their kids become regular users of the internet.
Children are innocent and don’t understand the flip side of the internet, which is why they
can fall prey to a host of issues.

Common concerns of parents –

• What sites their kids are accessing.


• Who their kids are talking to.
• What they are doing online.
• How to keep their kids safe online.
• How to teach their kids about internet safety.
GEN121: Cyber Security Page 5
• How to teach their kids to make smart choices while using the net.
• How to initiate a discussion about the same.

We all access the internet in either of the following ways –

 Laptop
 Tablet
 Personal computer
 Cell phone
 Video game consoles (multi-player games)

Due to so many sources, it is especially difficult to constantly keep a track of what


children are doing on the internet. Hence, it is best to take preventive measures and ensure
that they know about cyber security beforehand.

Potential online issues

There are many problems that adults and children can encounter online. Here are some
common and broad examples.

• Cyber bullying
• Malicious files
• Inappropriate content
• Sexual predators

Let us discuss these in brief.

Cyber bullying

Cyber bullying means bullying a person using technology, such as cell phones, tablets,
computers or any other medium. This bullying is virtual in nature, using the internet as a
means to be mean to or trouble a person. The following are some methods of cyber bullying.

 Publicly posting or forwarding private texts or embarrassing images of a person.


 Manipulating or tricking a person into giving out private or secretive information and
then making it public by posting on a social networking platform or forwarding to
others.
 Spreading rumours that can hamper a person’s public image.
 Stealing passwords and blackmailing someone by threatening to misuse their account.

Malicious files

Malicious files are those that, once accidentally downloaded on your computer, can
spread through the machine and wreak havoc with the system. The problems can range from
a total wipe out of your data to your machine being hacked. These files can eitherbe

GEN121: Cyber Security Page 6


independent programs, or they can be attached to some common software that many people
download, which is usually freely available. Viruses and spyware can infect your computer in
the following ways –

 Downloads
 Emails
 Peer-to-peer networking
 Infected websites

Inappropriate content

Sometimes, kids can accidentally stumble upon sites hosting content or images that are
not appropriate for them to read or view. This can happen if the child clicks on a wrong link
or misspells a URL. Viewing or reading such content can have a more serious impact on kids
than we think. Inappropriate content can be in the form of the following –

 Violent images
 Graphic images
 Sexually explicit images or content
 Hate speeches
 Impressionable text

Sexual predators

There are people who use the internet for the wrong purposes, one of them being preying
on young children. There are cases of children being kidnapped, molested or hurt by people
that they interacted with on the internet, who initially pretended to be someone else, or
someone kinder, and gained their trust through words. Some of the characteristics of sexual
predators are as follows –

 These people pretend to be children or kind adults who are sweet and understanding.
 They trick children into revealing personal information about them or their family.
 They can lure young children or teenagers into meeting them in person.

Ensuring kids’ safety

Basic measures

Although accidents can always happen and it is human nature to make mistakes,
prevention is still better than damage control. There are some simple ways and basic ways to
ensure that kids always have a safe and happy internet experience. These methods are easy to
incorporate, and are preventive in nature. These are some basic tips that lay down the rules
regarding internet surfing for kids. They help ease out any potential future problems. Here
they are.

GEN121: Cyber Security Page 7


 Parents can locate the computer in a central area of the house, where they spend most
of their time. This can be the living room or kitchen, or even the hall if the woman of
the house is a home-maker.
 It’s always good to discuss the use of the computer in every home. Explaining to
children what the computer is used for at home, and is not allowed automatically sets
boundaries for them.
 Parents can put a time limit on the number of hours of permitted internet access for
their children. For example, two hours a day for few days a week, or three hours on a
weekend. It can be anything the parents deem fit.
 Monitoring children’s internet use is important. Keeping a watch on what he/she is
doing, the sites they visit, the people they talk to and the games they play lets them
know that the parents are aware of their activities.
 Parents must also ask their children to tell them immediately if they encounter any
problem like bullying or inappropriate content. Letting them know that an adult is
always keeping a watch makes them comfortable and puts them at ease.

These measures will help parents keep a track of their children’s online activities. As
parents are always looking out for their child’s best interest, their involvement is of utmost
importance. Small kids do not understand the gravity of the problems that the internet houses.
Hence, parental involvement and intervention is the key to ensuring their virtual safety.

Parental control

Parental control is another feature that helps parents keep a track of what their kids do
online. It has a helpful feature where adults do not need to constantly keep a watch or be
around the child when he/she is online. Here are some of its other features –

 Parents can decide which sites are allowed and which are inappropriate. Accordingly,
they can prevent access to specific sites.
 Parents can set a time limit for the number of hours their kids spends online. They can
also set a schedule for what time of day their children can access the internet.
 It is important for parents to ensure that the parental control feature is so fool proof
that a teenager cannot hack it and disable it.

The parental control feature is available in some antivirus software, like Quick Heal. This
means that parents can remain worry-free about their children encountering trouble while
using the internet.Apart from that, maintaining a basic level of internet security and being
aware of the possible dangers of the internet is also important. As the internet is a global
phenomenon and everyone uses it, the gravity of the importance of cyber security becomes
that much higher.

GEN121: Cyber Security Page 8


Unit 2: What is Data Privacy?

Data privacy
Data privacy concerns
Common sources of data
Brutal data breaches of 2014
Indian scenario
IT Amendment Act, 2008
Data protection – Do’s and Don’ts

We post and store a lot of data on the internet and our computers. This data is both public and
private in nature. The data that we share on social networking sites is called public data. Data
like passwords, bank details and information and other financial data are private in nature,
and are hence kept secret. Protection and privacy of our personal data is important, and an
area of concern for everyone. In this chapter, we will discuss all about data privacy and its
various aspects. Let us begin with the basics.

What is Data Privacy?

Data privacy is concerned with the safety and security of data that is stored on any piece of
technology. It is actually the relationship between the collection and distribution of digitally
stored and shared data.

The main catch of data privacy is sharing certain portion of the data without giving out
personally identifiable information. This information can be personal or sensitive in nature,
and can cause a person some serious damage if it falls into the wrong hands.

There are many sources of information and data. Here are some of the common examples –

• Healthcare and hospital records


• Financial institutions’ records
• Financial transactions – passwords, logins and credit/debit card information
• Residential address
• Geographic records – locations
• Location based services – checking in from a location
• Mobile and desktop applications
• Browsers – browsing history and login data
• Television viewing records

Different types of confidential data

GEN121: Cyber Security Page 9


There is certain type of data that is meant to be confidential. There are some safety measures
that we undertake to protect this data, which must also be confidential. These are some
common examples of confidential data –

• Internet data – emails, browsing history, passwords, personal chats


• Medical records – medical history, insurance policies, physical or psychological
conditions
• Financial data – credit/debit card numbers or pins, financial transactions, debts, assets,
stocks
• Location data – banks visited, travel activity, sales force movements, addresses
• Television, educational or political data

This is the kind of information that we do not want anybody to know. Sometimes, we may
even keep changing/updating this data on a regular basis just to be on the safe side, in case
anyone may have come to know about it. Since we are talking about data confidentiality, let
us see three cases of data breach of three large scale organizations in the year 2014.

Major data breaches of 2014

Here are three of the most brutal breaches of data that took place in 2014. These incidents
caused considerable damage to the companies, and also resulted in huge monetary payments
in the form of losses.

eBay (May 2014)

 Email addresses, encrypted passwords and other sensitive data of over 145 million
users was stolen.
 The information also included physical and geographical addresses of the users.
 Thankfully, none of the data regarding financial transactions and operations was
compromised.
 After the breach, eBay urged all its users to change their passwords.

JP Morgan Chase (July 2014)

 The computer systems of this financial giant were breached by hackers.


 It is said that the bank neglected an upgrade of one of its network servers with a
recommended dual password scheme.
 The hackers stole the login credentials of one JP Morgan Chase employee.
 They made the information of over 76 million households and 7 million small
businessespublic.
 This information included their addresses, email ids and more.

Sony Pictures (November 2014)

 More than 1000 GB of data was stolen.


 Screeners of yet-to-be-released movies were leaked.

GEN121: Cyber Security Page 10


 Contact details of Hollywood celebrities were made public.
 Employee salaries, internal communication records and other sensitive data were also
leaked.
 Cost to Sony Pictures for damage control – over $100 million.

This goes on to show that even data of such large scale businesses and corporations can be
compromised, putting further stress on the importance of data security and privacy.

Data privacy scenario in India

India has a high incident of data breach and hacking, being ranked as the third highest source
of such malicious activity worldwide. This has given rise to some serious security issues with
regards to data privacy. Here are some more statistics –

 About 69% of the total targeted attacks are aimed at big scale organizations and
enterprises.
 Nearly 4 out of 10 attacks were targeted towards non-conventional service providers
like hospitality industry or personal services.
 India is called the ‘spam capital of the world’, with about 9.8% of spam zombie
incidents occurring here. A spam zombie is like a zombie sent through a spam mail. A
computer zombie is a computer that has been attacked by a hacker or a virus when
connected to the internet. This zombie can make the computer perform any kind of
malicious activities like making the computer slow, giving the attackers access to the
data or opening apps and programs that you do not intend to use.
 In 2014, over 95,000 reported incidents of phishing, spamming, website intrusions,
malicious software etc. were recorded by CERT-In (Indian Computer Emergency
Response Team). These statistics were just up to the month of September!

Owing to all these alarming statistics regarding breach of data privacy and compromise of
personal or sensitive data, the Information Technology Amendment Act, 2008 was founded.
It laid down rules regarding data protection and privacy, and the consequences and liability in
case of a breach. Here are some features of the IT Amendment Act –

 This Act deals with the issues of data protection in India in an in-depth manner.
 It says that where a body corporate possesses handles or deals with sensitive personal
information of any person, it shall be liable to compensate such person in the event of
breach of such information.
 This Act is applicable only WITHIN the territories of India, not outside.
 Its provisions also apply to data that is outsourced to India. Basically, it applies to
data that is stored, handled or possessed within Indian borders.

GEN121: Cyber Security Page 11


Protecting your data – Do’s and Don’ts

When it comes to protecting your data privacy, there are some things that you should
take care of. Here are some dos and don’ts to ensure protection and privacy of your
personal data.

 Set stronger passwords. They should have uppercase and lowercase letters,
numbers and special characters.
 Take regular backups of your data.
 Review app permissions thoroughly before allowing an app access to your
machine.
 Be selective and careful about what you post online, about yourself or other
people.
 Use a 2-step verification process for all your online accounts.
 Protect all your devices like your cell phone, laptop and tablet, with
passwords. This will prevent strangers from getting access to them in public
situations, should such an event arise.
 Always log out of websites or accounts once you are done. Staying signed in
can create a problem if the device is stolen or hacked.

 Do not trust unsolicited or suspicious mails or messages.


 Avoid Wi-Fi networks that are not secure (public networks).
 Do not share your full name, date of birth, phone numbers or residential
addresses unless absolutely necessary.
 Do not post your phone numbers or addresses on public forums.
 Do not entertain emails or messages from unknown sources that ask for
personal information or money. Ignore these completely. Trust your instincts.
 Do not conduct any banking or other financial transactions like shopping on
public Wi-Fi networks. This can allow hackers to steal your financial data, like
account or credit/debit card numbers.

Data privacy and security are important issues that need to be dealt with care.
Sensitive data in the wrong hands can wreak havoc in a person’s life. This is why
security and protection of your data must not be taken lightly. You must also exercise
caution regarding what data you put on the internet.

GEN121: Cyber Security Page 12


Unit3: Computer Security Threats

Basics of computer security


Consequences of ignoring computer security
Threats to a computer
How bad guys harm your computer
How to secure your computer

What is computer security? The words ‘computer’ and ‘security’ together are quite self-
explanatory. In simple words, computer security is the safety of your computer. To put it into
a proper definition, ‘it is the protection of computing systems and the data that they store or
access’.

Computer security, hence, involves the safety and protection of the machine or device that
you are using, along with the data that is stored on it (photos, documents) and accessed from
it (mails, accounts). Computers are not made to protect your data by default, and hence you
must do it for yourself. Software cannot protect itself, and networks can be better protected
than software using antivirus and firewall security.

Why secure your computer?

There are many reasons why you need to protect your computer. The obvious one is to
protect the data that is stored on the computer, which is important, sensitive or personal. Here
are some of the primary reasons for computer security;

• To prevent theft of, or damage to, hardware.


• To prevent theft of, or damage to, information that is stored or accessed.
• To prevent disruption of internet service.

Areas of concern

There are some key areas of concern regarding securing of data. This means that the data can
be accessed only by certain people, and not by others. The following are some of the
concerns –

• Data confidentiality – The data and its resources are not open for public viewing and
access, and available only to authorized personnel.
• Data integrity – Only authorized users can modify the data.
• Data availability – The data should be available to the users when they need it.
• Data authentication – The identity of the user should be verified by the computer
system before access to the data is given.

GEN121: Cyber Security Page 13


Consequences of ignoring computer security

Ignoring computer and data security can come at a dear price. Here are some of the after-
effects of the same –

 Loss of confidential data


 Loss of data productivity
 Identity theft
 Compromise of data integrity
 Loss of access to computer or networks and stored data
 Lawsuits
 Employment termination

It is always better to be watchful and aware of any dangers rather than paying a greater price
later on. To avoid any of the above situations, it is best to take precautions to protect your
computer from hacking and viruses.

Types of computer security threats

Interruption

 An important feature or asset of the system becomes unavailable or unusable, or gets


lost.
 This type of threat has an impact on the availability of data.
 It can lead to destruction of machine hardware.
 It can cut a communication line within the network, causing chaos.
 It can also disable the file management system.

Interception

 In interception, a feature or asset of the machine becomes compromised by a third


party.
 This party gains access to the machine, compromising the confidentiality of the
information.
 They can wiretap the machine and get all the data that they want. They can copy all
the files and programs that they want.
 This can lead to your data being used in the wrong way or against you.

Modification

 In this type of threat, a third party can not only gain access to an asset, but also tamper
with it.
 This compromises the integrity of the information.
 The consequences can range from anything between changing the values in a
program, to altering it so that it functions differently.

GEN121: Cyber Security Page 14


 The third party can also modify the messages that are being transmitted in the
network.

Fabrication

 In this kind of threat, a third party inserts fake or bogus objects or programs into a
system.
 This compromises the authenticity of the data.
 The third party can insert spurious or fake messages into the data stored on a network.
 They can also add records to an existing file.

Hardware and software

 Hardware threats include deliberate or accidental damage to the machine.


 Software threats include deletion, alteration or damage to a program/s, software or
data.
 Backups of the most recent versions of software are more susceptible to attacks.

Data

 Data involves files and programs.


 The main concerns regarding security of data are about its availability, secrecy and
integrity.
 Statistical analysis (like brute force guessing – guessing a person’s details using
various combinations) can lead to determination of an individual’s data, threatening
its privacy.

These were some of the threats to a computer system and its hardware. Now let us see the
various methods that attackers can use to harm your computer and data.

How bad guys harm your computer

Social engineering

Social engineers are hackers who prey on the psychology of people, tricking them into
revealing personal information. Some methods that these people use to trick their victims and
get information out of them are phone calls, social media, etc. The three common types of
attacks used by social engineers are phishing, baiting and pretexting. These are described in
brief below.

Phishing

Phishing involves sending emails creating fake stories that invoke a sense of urgency or pity
in people. They are written in such a believable manner that the victim may end up sending
their personal details to the hackers.

GEN121: Cyber Security Page 15


 Phishing mails try and obtain personal information such as names, addresses, bank
details, social security numbers, etc.
 They use embedded links so that a person who clicks on one URL is redirected to
another website that looks legitimate and authentic, but is actually malicious.
 The hackers can also use threats to create a sense of fear or alarm in people. This can
lead a person into divulging private information about him or herself.

Pretexting

This is a more direct form of obtaining personal/sensitive information or data from victims.
‘Pretexting’ means creating a false pretext as a way to interact with the intended victims, so
as to obtain some information from them.

 Pretexting involves actual interaction with the victims.


 In this method, the criminals create false background stories and situations. They trick
the victims into believing that they are somebody else. It aims at creating a false sense
of trust in the victim.
 The attackers may claim that they need some information about the victim to confirm
his or her identity. They may offer some fake award or job or something similar,
asking the victims to give their information for the same.

Baiting

Baiting is similar to phishing, the only difference being that the attackers offer something for
free to the victim – like a free download or extra data. Downloading something from such a
malicious program can give the attackers access to the victims machine and data.

Reverse social engineering attack

This type of hacking attack has three steps – sabotaging a network, creating a problem and
then offering a solution.

First, the attacker may send a malicious mail or file to the victims, corrupting their networks.
Then the attacker will send a mail to the victims telling them that their machines are
compromised, thus invoking a sense of fear. They will then advertise themselves as someone
who is there to assist with this problem. They offer to fix the ‘bug’ for you, but instead get a
window into your computer.

This gives them complete access to your data, either directly or through a back door. The
attackers can then steal or modify whatever data that they want.

Virus

A virus is a malicious program that can attach itself to your network if you click on a URL
sent by an attacker, download something from the internet or conduct any similar activity. A

GEN121: Cyber Security Page 16


virus is a replicating program, meaning that once it is in your machine, it goes on spreading
from file to file, slowly infecting the entire system.

Worm

A worm is a malware program similar to a virus. However, it does not need to attach itself to
a file in your system. It is an independent, standalone malware that replicates itself
throughout your system without the assistance of any files. It finds a security malfunction or
loophole on the machine to gain entry into the network.

Trojan

A Trojan horse is a program which appears harmless, but is embedded with a malicious code
or program. Once a Trojan horse is run, it downloads onto your system, and then executes its
actual purpose of doing the intended damage on your machine. This can range from ruining
one particular file, to opening a backdoor for the attackers to your network.

Ransomware

Ransomware, as the name suggests, is a malware that uses ransom to obtain information from
the victim. The attacker encrypts the entire system or particular data, making it inaccessible
to the user. The victim is asked to pay ransom in some form such as money or sensitive,
personal information. Until such ransom is paid, the attacker does not decrypt the computer
data.

Spyware

Spyware is a malicious program that spreads throughout your computer and conducts
irritating or wrong activities. It can host advertisements on your computer, make changes to
your browser settings, affect your network and make your computer slow down or crash. It
can also access your personal information without your knowledge and host it elsewhere.
Most times, a spyware is difficult to find and fix.

Rouge antivirus

A rouge antivirus is also known as a scareware. It generally appears as a popup on your


screen, disguising itself as a legitimate antivirus, firewall or Windows program. It tricks the
victim into downloading software that is useless yet dangerous to the machine. This gives the
attacker a direct access to your computer and all your data.

Rootkit

A rootkit is a program or a collection of programs that helps malware and viruses hide from
sight, making them difficult to be detected by antivirus software. However, a rootkit is not
dangerous in itself.

GEN121: Cyber Security Page 17


Now that you know the types of malicious programs and software that can harm your
computer, let us move on to tips and steps for better securing your machine.

How to secure your computer

Patch and update

Keep your computer on automatic software and operating system updates. A machine that is
not patched with preventive security updates is more susceptible to attacks.

Install security software

Install antivirus or firewall software on your computer. The software scans your machine and
updates itself on a regular basis.

Stronger passwords

Keep passwords that are a mix of various characters that include upper and lowercase letters,
numbers and alphanumeric characters. A strong combination of passwords makes it more
difficult to crack.

Regular backups

Back up all yourcomputer data on a regular basis. Having a backup of all the data on an
external storage device will ensure that, in the event of a machine hack or attack, you have a
copy of the data with you. This will help you retrieve it as and when needed.

Physical access

When you are using your machine in a public space and need to leave it unattended,
ALWAYS log out of your accounts and lock your machine. Try not to leave it unattended in
the first place. Leaving a machine unattended or unlocked in a public space is dangerous.

Use the internet safely

Do not entertain mails that are unsolicited or from unknown senders. Do not open any
attachments or click on any links that are included in such mails. Trust your instincts, not the
mail. If it seems suspicious, it probably is. Also, do not download free software from adware
or shareware sites, as these are untrustworthy and can be dangerous.

Protect sensitive data

Remove any sensitive data from the files on your hard drive, and keep an external backup of
it elsewhere. This is also recommended when you are selling or recycling your computer.
Make sure that no personal or sensitive information is left on the machine. This is an
important measure for preventing identity theft and misuse of your sensitive information.

GEN121: Cyber Security Page 18


Use desktop firewalls

Some computers like Macintosh and Windows come with inbuilt desktop firewall protection
as a part of their operating software. These firewalls scan your computer regularly and protect
your machine.

Use secure connections

When you are travelling and use on-the-go internet connectivity or public Wi-Fi connections,
it makes your data vulnerable to threats and attacks. Hence, always use a secure network with
remote connectivity and secure file transfer options.

These were some of the precautions to take for protecting your computer. Computer security
is extremely important if you want to protect your data from falling into the wrong hands.
Remember, it is always better to be safe than sorry.

GEN121: Cyber Security Page 19


Unit 4: Online Scams & Frauds

Brief background
Remember this...
Internet – A lucrative scamming business
Types of online scams
Actions and reactions against scams

You must have heard or read about many cases where a person’s money, identity or personal
information was stolen via the internet. There was also a big furore regarding the Nigerian
scam, where a lot of people were unsuspectingly robbed of their money, again, using the
internet. You may come across pages hosting job adverts, free downloads and such offers
while working on the internet. Most of these, if not all, aren’t what they claim to be. They are
fake ads meant to scam you or defraud you into giving out some information that is then used
to harm you.

Online scams or online frauds, as the names suggest, are the type of crimes where the
offender develops a scheme to defraud a person and wrongfully gain access to his or her
property, money, personal data or such important information, using the internet. The
criminal gets in touch with victims directly or indirectly using media such as emails, ads, etc.

Online scams usually follow a pattern of appearance. For instance, the offer that you are
seeing on your screen says that it is for a “limited period”, “very attractive”, and that you are
a “chosen customer”. Or it may use some sad story to tug at your heartstrings, making you
feel bad so that you “donate” and “help”. Remember – if there is a scam out there in the real
world, then it’s only a matter of time before it arrives on the internet.

Internet – A lucrative scamming business


With the growth of anything good, bad things also come to the forefront. As technology has
advanced, most of us depend on the internet for our work and other important things. As
useful as it is to millions of people around the world, it also gives the bad guys a chance to try
and exploit it. Here are some of the reasons why internet scams are profitable money-making
options for fraudsters.

New users

• Millions of people use the internet on a daily basis. As of 2014, the number of internet
users was 3 billion, which is about 40% of the world’s population. And this number is
increasing with time.
• Statistics suggest that all over the world, 8 new people join the bandwagon of internet
users every second.

GEN121: Cyber Security Page 20


• Scammers consider new users as potential victims, since these people tend to be
unaware of the various tricks that scammers can use to defraud them.

Hidden Identity

• It is very easy to be anonymous on the internet. Anyone can be totally unknown,


without an identity, and use the internet regularly.
• It is also very easy to use fake identities on the net. Fake photos, job profiles,
locations and contact information can be found in high numbers. What’s more, it is
also quite easy to create such fake profiles. All it takes is some typing and a little
time.
• According to some stats, it is believed that 1 out of every 10 internet profiles is fake.
The catch is that most of the time, it is very difficult or even impossible to
differentiate a fake profile from a real one. This gives scammers an advantage.

Ease of operations

• It is very easy to do so many things using the internet. Shop, order groceries, find
information, work, interact with people – almost all our real life tasks can now be
done virtually.
• Frauds and scams also become easier using the net, as the threat of having their face
seen and recognized is eliminated for the criminals. The tedious effort of creating
false identities also vanishes.
• These people can sit in the comforts of their home and do a lot of damage with
minimal work. Little knowledge of technology and a devious mind are all it takes.

Money saver!

Internet scams or frauds are very reasonable and non-expensive. See for yourself.
• Cost of internet connection – Affordable
• Sending emails – Generally free
• Creating a social profile – Completely free
• Maintaining a website – Affordable

Popular online scams

There are some famous scams that stormed the internet over time, preying on people’s mind
and emotions. Here are some classic examples.

GEN121: Cyber Security Page 21


Fake ads on online classifieds or auction websites

• These are very common scams, typically involving high-priced luxury items. Here is
an example of the same.
• The scammer puts up a fake ad for a luxury item like a car, an antique or something
similar, quoting a very low selling price.
• Then he demands a ‘processing fee’, citing reasons such as ease of paperwork and
other formalities.
• Once this payment is made, the scammer disappears with the money. He ceases all
contact with the victim, and does not respond to any form of communication.

WhatsApp Calling invitation scam

• You may get a WhatsApp message that says –


“Hey, I’m inviting you to try WhatsApp calling. Click here to activate now -
*link*”
• Once you click on the link, you will be redirected to a page that will ask you to invite
10 friends so that you can activate the feature.
• Once you invite 10 friends and click on the ‘Continue’ button, it will take you to a
page where you will be required to take a survey.
• If you click on the ‘Take Survey’ button, the subsequent page will ask you to
download an app. Downloading this will help the scammer get money, but you won’t
be getting any WhatsApp calling on your phone. You have been duped.

LinkedIn phishing email scam

• LinkedIn users got an email from ‘LinkedIn Support’, which looked very authentic. It
claimed that there had been some ‘irregular activity’ in their account, and said that
they needed to download a compulsory security update.
• It asked users to download an HTML file that was attached to the mail.
• On downloading the file, the user was redirected to a page that looked like the
LinkedIn login page, but was in fact, fake.
• Once the users entered their login details, these details were sent to the scammers,
who used it to hack into people’s accounts.

Work from home scam

• These types of scams are, obviously, targeted towards people who are unemployed
and currently looking for a job.

GEN121: Cyber Security Page 22


• The fake ad displays attractive offers such as ‘earn more than 2 lakhs a month’ and
‘work at your convenience’. These ads are posted on job websites, social networking
sites or sent through emails.
• There is usually a demand for a registration fee from people who register. This is how
the scammers take the victims’ money and disappear.

Nigerian fraud

• This is one of the most well-known and publicized scams in the world, because it
claimed many victims worldwide. This is an organized crime ring that executes the
scam via email.
• This fraud takes up almost 7% of the world’s total spam mail. It has cost victims
across the world more than $12 billion!
• The mail is sent to many people, assuring them of a large sum of money if they assist
in the transfer of an even larger amount. The wording and composition looks
authentic and genuine.
• It tries to manipulate a victim into trusting the fraudsters by saying things like ‘if this
is acceptable to you’.
• Victims who respond are asked to pay an amount up front, which the scammers take
and disappear, ceasing all contact with the victims.

Online romance scams

• These scams play on the psyche of people. Scammers create fake profiles, trapping
people in their lies and deceit.
• The scammers can go to personal levels, such as sharing ‘personal’ information and
giving gifts.
• These ‘relationships’ can last for years together to gain the victims’ trust.
• Soon enough, the scammers start asking the victims for money for ‘family problems’,
‘paying off a debt’, ‘starting a business’ or ‘medical problems’. Once they get the
money, they disappear for good.
• Apart from monetary loss, victims can also suffer from depression and mental trauma.

How to be safe

It is very important that you know what information to give out and what not to, to avoid
becoming victims of online scams. Also keep yourself updated about the kinds of scams that
are happening around the world. Trust your instinct, it never lies. If you feel that something
looks fishy, then DO NOT convince yourself otherwise. Read on to know about some
precautions to take to prevent becoming victims.

NEVER give out the following –


GEN121: Cyber Security Page 23
 Your name
 Your current residential or office address
 Your contact numbers
 Your date of birth
 Your school name
 Information about future trips or outings
 Any personal or contact information

The most important thing to remember is –


NEVER give out your PASSWORD to ANYBODY!!

Your password is a very valuable piece of information. If any wrong person gets a hold of
your password, then it can compromise your account and any valuable and sensitive
information that it contains.

Here are some other precautionary measures –


 Always check your bank and credit card statements for any discrepancy.
 Block your cards if they get stolen, and immediately change your pin if you find any
doubtful activity.
 Report any such suspicious activity to your bank.
 Contact the Cyber Crime cell and any other local law enforcement authority.

The importance of protecting yourself against online frauds and scams cannot be stressed
enough. It is extremely crucial that you keep yourself and your information safe from the bad
guys out there. They prey against the weak and vulnerable. Hence, you need to be safe and
take the best possible precautions.

GEN121: Cyber Security Page 24


Unit 5: What is Phishing?

What is social engineering?


What is phishing?
Famous phishing attacks
Types of phishing attacks
Identifying a phishing attack
Tips to avoid a phishing attack

Online frauds and scams are on the rise, what with technology and the internet making
malicious activities so easy. In this chapter, we will talk about a method of scamming using
emails and text messages, known as phishing. This method typically plays on the human
psyche, manipulating people into giving out information voluntarily. Let’s begin with the
basics, from where phishing originates, known as social engineering.

What is a social engineering attack?

Social engineering is when the perpetrator manipulates the victim into giving out some
personal information, whether knowingly or unknowingly. The information can be sensitive,
financial or similar in nature. Attackers usually pose as someone else, impersonating
someone that the victim may trust.

For example, the attacker can hack into a company’s network from outside, and then come to
the office pretending to be from tech support. This way, the company will give out its
confidential information, trusting the attacker. In this way, a malicious outsider now has
access to your private data.

Social engineering can be called as hacking into a person using trickery or psychological
manipulation. Most of the time, the victims don’t find anything fishy and end up trusting the
attacker. Now let’s move on to phishing.

What is phishing?

Phishing is a form of ‘virtual’ social engineering that uses technology instead of personal
contact. It is a criminal activity that attackers use to steal personal information from people.

In phishing, scammers use fraudulent techniques to acquire private information such as


financial data, passwords, credit card details or such other personal information by pretending
to be a trustworthy person or business.

Some ways of carrying out phishing scams –

 Emails
 SMSs
GEN121: Cyber Security Page 25
 Voice over IP (VoIP) calls

For instance, in November 2013, customer information of more than 110 million people was
stolen using a phishing attack on a subcontractor account. It also included credit card records.

In September 2014, over 100 million shoppers of more than 2000 home depot stores became
victims of personal and credit information theft as a result of a phishing attack. This stolen
data was even put up online for sale!

Types of phishing attacks

Let’s discuss some of the common types of phishing attacks in brief.

Spear phishing – This is a type of phishing where the scammer tracks you online and follows
your activity. He then sends you an email claiming to be a person or company you know. The
salutation is personal, like ‘Hi Steve’ or ‘Hello Julie’. This is done to make you develop trust
towards the sender. The mail then asks you for some personal data like your login details,
credit card numbers or similar things. Most people will not suspect that something is wrong,
and end up giving the attacker their details. This only ends in unpleasantness, of course.

Clone phishing – As the name suggests, clone phishing uses cloning to create a legitimate
looking malicious email. In this scam, a genuine email that has already been sent to people is
taken as the basis for the phishing mail. This genuine email must contain an attachment or
link that the scammers can use. The content and recipients addresses are taken and copied
into another email. The attachment or link is replaced with a fake and dangerous version. It
is made to look like a resend of the same mail, but contains links that can give your data or
computer into the hands of the attackers.

Whaling – Whaling is like any other phishing email, but is directed towards top executives or
government officers who handle important or sensitive information. Scammers refer to this
type of activity as ‘reeling in the big fish’. Hence, the term ‘whaling’. Attackers create a fake
mail that takes the receiver to an authentic looking website that is actually malicious. They
can also keylogging, spyware or malware to gain access to the victim’s machine or data.

Voice phishing – Voice phishing, also known as ‘vishing’, is a combination of ‘voice call’
and phishing. The attackers call up selected victims, announcing some fake contest or reward.
They then ask for the victims’ personal details, usually financial. Most of the time, people
end up trusting such scams and divulge their private details to the attackers. What happens
next, we all know.

SMiShing – In this form of phishing, the attacker sends a text message/SMS on your phone.
The SMS asks you to follow a given link or call/text a given number and provide some
personal information about yourself. If it doesn’t ask for any personal information, then the
attacker at least gets some money every time you send an SMS.

GEN121: Cyber Security Page 26


These were the common types of phishing attacks, which is proof that attackers and
fraudsters are everywhere. They have covered all the aspects of technology, which is why it
is very important that we safeguard ourselves everywhere in the virtual world.

GEN121: Cyber Security Page 27


Identifying a phishing attack

There are some ways to identify a phishing mail, and differentiating it from a genuine one.
Most phishing mails have these factors, making them stand out from the rest. These are as
follows.

Generic greeting – The greeting is very vague and non-specific. Something like an informal
‘Hello’ or casual like ‘Hi ABC’ is commonly seen.

Fake sender’s address – The sender’s address, the address that shows in the sender’s section,
is always fake. If you read it carefully, then it may seem off. Always read the sender’s
address.

False sense of urgency – Phishing mails are formulated in such a way that the wording aims
to invoke a sense of urgency in the reader. This can be done by creating a fake threat, asking
the user to give out some personal information to prevent such a threat from becoming a
reality. A threat can be like – “kindly reset your password as there has been some suspicious
activity on your account. If you don’t, then your account will be permanently blocked.”

Unusual URLs – Phishing emails always contain attachments or links that users are supposed
to open or download. These URLs may look weird or out of place. First of all, read the name
of the link or attachment. Secondly, preferably do not open such URLs. Type them manually
in the search bar. Companies never ask for information of such sensitive and personal nature
via email, SMS or call.

Fake webpages – Phishing emails can also be created in such a way that they look like
authentic websites. They are complete with a logo, letterhead and authentic looking words
and designations.

Grammatical errors – Phishing emails contain spelling and grammatical errors many times.
These mistakes are a sure shot way of knowing that the email may not be genuine. Most
times, they are placed in such a way that they are difficult to spot.

Tips to avoid a phishing attack

There are ways to protect yourself from becoming a victim of a phishing attack. The primary
and most important tip is to be aware and read unsolicited mails carefully before opening any
links or attachments. Here are some more.

 Do not entertain unsolicited mails, calls or texts.


 Remember, your bank will never ask you for your financial or account details through
mails or texts. They will normally call you to the bank or send an authorised letter.
They will also not ask you to send any information on an urgent basis.

GEN121: Cyber Security Page 28


 Always call up your bank or friend or any other supposed sender in the mail,
confirming whether they have in fact sent that mail and it is not fake.
 Don’t click on links or URLs that are included in the mail. Type the URLs manually
and see whether the page really exists. This is because clicking the link in the mail
can redirect you to a fake page. Typing it in a new browser window will tell you if it’s
real or not.
 Never fill and submit any forms that come with mails. Scammers can hack into your
accounts using only your name and email address.
 Always update your system and browsers, and keep them patched. Updates normally
have firewall or security features that come with them. Also get a good antivirus
program installed.
 Check your bank statements thoroughly and properly. Report any suspicious activity
to your bank.
 Always check whether a website is secure or not. The URL of a secure website begins
with “https” instead of “http”. Secure sites also have a lock symbol at the top, next to
the URL address. Clicking on this lock icon will show you the certificates that prove
the authenticity of the websites.

There are many bad guys on the internet, who are waiting for a chance to prey on you.
Technology has made this much easier and even cheaper. Hence, it is all the more important
that you remain vigilant and report anything fishy. Remember, ignoring a crime is as bad as
committing it. Report to the authorities, and always be sure by double checking with your
bank before sharing any details by email. Timely precautions will ensure that you have a
happy and safe virtual experience.

GEN121: Cyber Security Page 29


Unit 6: Ransomware

What is ransomware?
How does it operate?
A timeline of ransomware
A background
Some famous attacks in history
Preventing an attack – Do’s and Don’ts

In this chapter, we are going to discuss another type of malware known as ransomware. What
can you understand from the name? It has the word ransom in it, meaning withholding
something valuable of a person and demanding something for its release. Ransomware can be
called a virtual ‘kidnapping’. It is commonly classified into the category of a Trojan.

In ransomware, the attacker hacks into the machine or network of a victim, and takes control.
He can do a variety of actions like encrypting important files, displaying threatening
messages or taking possession of sensitive data. He then asks the victim to give something in
return, mostly money, in order to get back control of the data or machine. The ransom usually
involves electronic transfer of money.

How does Ransomware operate?

Ransomware operates like a Trojan. It enters the system like a typical computer worm virus,
throughdownload of some malicious software or a breach in the system’s security. It can also
come with other malware, and is automatically dropped or downloaded onto the computer on
download of such malicious software. It can also be sent as an attachment with spam mails.

Once the malicious program gets downloaded onto your machine, it gets to work. It encrypts
important files on your computer with a password or refuses to grant you access to your data.
It may also display threatening messages asking you to do something in order to regain
control of your machine.

Ransomware through the ages

There are mainly two types of ransomware – encrypting and non-encrypting. However, with
time and progress, the types of ransomware have also evolved, becoming more and more
sophisticated. The following is a timeline of ransomware as it has evolved with the
advancement of technology.

SMS ransomware – In this type of ransomware, the malicious Trojan program locks the
victim’s computer screen, preventing access to the machine completely. The screen that
appears instead displays a message that asks the user to ‘send this SMS to this number’ after
which he/she will receive the code to disable the lock. Each SMS that is sent helps the
attacker earn money. Rebooting the computer does not help, causing many people to send the
GEN121: Cyber Security Page 30
SMS. This is a type of non-encrypting ransomware as it only locks the screen, but does not
encrypt any files.

Winlockers – In this variant of ransomware, the full computer screen is locked. The ‘lock’
page takes up the entire screen, blocking everything. The message displays a ransom demand
of some form to regain control of your machine. This is also a type of non-encrypting
ransomware.

A famous example of non-encrypting ransomware was Reveton. It locked the victim’s


computer, displaying a message that the machine was used for some unlawful activity. It also
claimed to be locked by some law enforcement agency. The victim has to make a payment
using bitcoins or some specified method, within a time limit, to regain control of the machine.

File encryptors – This ransomware locks selected files on a victim’s computer. These can be
files containing sensitive or personal information. The message that accompanies the lock
screen asks the victim to pay a certain amount of money within a certain amount of time. It
also includes a threat saying that failure to pay will result in the files being destroyed
permanently. This is, of course, an encrypting ransomware.

Cryptolocker is a famous encrypting ransomware. It encrypts certain files in the machine,


which contain sensitive or important information. The victim is asked to pay up within a
given time limit, failure of which will cause the files to be destroyed.

Preventing a ransomware attack

It is always best to take precautionary measures rather than preventive ones when it comes to
a computer or system attack. Here are some dos and don’ts that you should keep in mind to
prevent becoming victims of a ransomwareassault.

Do This

 Update your machine software regularly.


 Installa good antivirus software, like Quick Heal,that has a variety of features
covering a wide spectrum of issues.
 Do not download anything from random websites, even if it is free and seemingly
harmless
 Browse only secure websites; look for the “https” in the website address.
 Remove, disable or rename any default system accounts.
 Enforce stronger passphrases on your machine.
 Implement account lockout policies, so that in case of a breach, your accounts cannot
be hacked.
 Monitor all administrative accounts that are created by third parties. Be careful what
information you give out.
 Keep a regular backup of all your data.
 Report any suspicious activity or ransomware attack to the authorities.

GEN121: Cyber Security Page 31


 To unlock and remove the ransomware, consult your antivirus provider. Do not pay
the attackers!

Avoid This

 Do not click on banners and links or open attachments if you don’t know where they
have come from.
 Do not take your cyber security for granted.
 Never install or run software that you do not know or trust.
 Never pay the attacker in case of an attack. Report the crime!

Ransomware is just like any other form of kidnapping, illegal and wrong. And if you give in
to the attackers’ demands and pay the ransom, then they will get more encouragement to do it
over and over again. However, if they know that you are not someone to get scared and give
in, but will report to the authorities and fight back, then you will not only be bringing them to
justice, but saving future potential victims as well. Report the crime to the concerned people;
do not ignore it or pay the attackers. And never get scared. Remember that you have all the
right to protect your data.

GEN121: Cyber Security Page 32


Unit 7: How to Keep Your Kids Safe Online

Introduction
How kids use the internet
Online threats
Cyberbullying
Inappropriate content
Sexual predators
Viruses, spyware, phishing and scams
What you can do
Basic precautions
Parental control
Dos and don’ts

Technology has developed by leaps and bounds in the last two or three decades. So much so
that nobody back then would have guessed that it would grow this much, this fast. Most of us
have grown upwith the growth of technology. We have seen its development from the very
first inventions to all the latest models. And then there are those who are born during this
technology age –kids. Kids today have grown up with smartphones, laptops and tablets, like
we grew up with toys. They know how to entertain themselves online without the help of
adults. They know where the songs are, where the cartoons are and which sites are the best
for games. They also know how to download, store, delete and format data on devices.

Hence, it comes as no surprise that kids of today’s generation are more adept with technology
and the internet than their parents. They are active on social sites, gaming sites, songs sites
and much more. This makes it difficult for parents to constantly keep a track of their kids’
online activities, thus making it hard to keep the child safe from any danger.

The internet is full of people, good and bad, helping and harming. Kids, in all their
innocence, tend to trust people more and hence more vulnerable. This makes them easier
targets for sexual predators. Another issue, bullying, is common among kids as it is. Now,
cyber bullying has become the new worrisome issue, making parents all the more concerned.
In this chapter, we will discuss the dangers that the internet poses for children, and how to
protect them from it.

What do kids do online?

Children use the internet for various reasons. These include studies, school projects,
extracurricular activities, virtual learning, socializing and having fun. Here are some online
activities that kids undertake.

 Playing multi-player games.


 Instant messaging or chatting with friends.
 Creating profiles on social networking sites to connect with old friends, make new
friends and talk to current friends.

GEN121: Cyber Security Page 33


 Viewing videos of songs, informative videos and watching movies.
 Downloading music, movies, games, apps and more.
 Uploading their music, photos, art, videos and more.
 Undertaking research for a school project or homework.
 Reading articles that help with studies.

Kids use the same devices that adults use to browse the internet. These are –

 Smartphones
 Tablets
 iPads
 Laptops
 Computers
 Video game consoles

The dark side of the internet

Every coin has two sides. Similarly, everything in this world has a good and a bad side. The
same goes for the internet. As useful and important as it is in our lives, it can also cause you
or your loved ones harm, financial, mental or emotional, if proper caution is not maintained.
Here are some problems that kids can encounter when using the internet.

• Coming across violent, graphic, disturbing or impressionable images, videos or text.


• Coming across adult-rated images, content or text.
• Downloading files with viruses, spyware or other malicious programs.
• Becoming victims of phishing or such other scams.
• Coming in contact with sexual predators.

These are some common dangers that the internet poses for children. This is because children
are innocent and do not understand that there are people out there that can cause harm even
though they appear to be invisible. This is why keeping children safe is extremely important.
Let’s discuss these above problems in a little detail first, so that you have a brief idea of what
they are and how to identify them.

Inappropriate content

Sometimes, kids can spell a link or website name wrong and accidentally come across
content that is inappropriate for them. This can be text, images or videos that are graphic,
violent, sexually explicit or impressionable. Impressionable content can be in the form of
opinionated or biased articles, hate speeches or crimes against people of a particular race,
religion or colour. This can influence children in the wrong way.

GEN121: Cyber Security Page 34


Cyber bullying

Cyber bullying means bullying a person using the internet. For example, spreading rumours
about a person by sending text messages to other people; posting or sending threatening or
hurtful messages on someone’s profile or inbox; circulating sexually suggestive photos of
someone, or posting similar messages using someone’s account; hacking into a person’s
account and sending messages to people; hurting people’s feelings by impersonating other
people and lying; taking and spreading unflattering or embarrassing photos of someone on
the internet. Cyber bullying is very damaging, and can cause a person to take drastic steps
such as hurting themselves. Hence, it must be reported immediately.

Malicious files

Malicious files are those that can cause harm and damage to your computer if they are
downloaded. These files are in the form of viruses, worms, Trojans, spyware, malware,
scareware, etc. Malicious files can penetrate your system in the following ways –

• Downloading unknown or untrusted software.


• Clicking on links or opening attachments in unsolicited emails.
• Through peer-to-peer networking.
• Visiting and downloading from infected websites.

Sexual predators

These are dangerous people who prowl the internet, preying on vulnerable children and teens.
They use many means to trick children into meeting them or giving out personal information.
They may pose as small kids and befriend other kids. Or they may also pose as adults who
understand the child’s problem and offer a false sense of support. This way, they get kids to
trust them and provide any kind of personal information, or even run away from home or
meet these predators.

Now that you have a brief idea of the dangers that the internet houses for children, let’s now
discuss some precautionary methods to keep children safe online.

How to keep kids safe online

One of the ways that parents can monitor kids’ internet usage and time is by installing
parental control software on the computer. Many antivirus software like Quick Heal offer
good parental control features to help parents control what their kids do online and keep them
safe. Of course, nothing is ever fool-proof, but it is an excellent preventive measure as a start.
There are three types of parental control – hardware, traditional and mobile. Let’s learn about
them in brief.

GEN121: Cyber Security Page 35


Hardware-based parental control

In this type of parental control, parents can refer to the user guide that comes with the internet
router (modem) to change its settings and enable web filtering. This way, they can block
whichever sites they don’t want their kids to visit. However, this method is tedious and also
difficult to configure when there are various users. Plus it does not offer detailed options like
software-based parental control does.

Traditional parental control

This is the software-based method. Many antivirus and computer protection software, like
Quick Heal, offer this feature. Parents can block sites which they consider inappropriate, and
can even set a time limit on the number of hours their kids spend online. What’s more, they
can also decide at what time of the day the internet can be accessed. The software should be
so strong that even a smart teenager cannot hack and disable it.

Mobile parental control

These apps are more effective than hardware-based controls with respect to monitoring
activities. They also offer more features and greater control. Some also have the geo-location
feature which alerts the parents if the child leaves the designated safety zones. These apps
ensure the ultimate safety of children.

Basic precautions

Besides enabling the parental control feature, there are also some other basic precautions that
parents can take to protect their kids from the dangers of the internet. These are preventive
measures that help to avoid problems, at least to some extent.

 Parents can let their kids know what behaviour is and isn’t acceptable on their part
when they are using the internet. Kids must be taught that that talking to unknown
people, giving out personal information anywhere or saying nasty things about anyone
is wrong.
 Winning their trust. Parents can ask their kids to tell them immediately if they see or
read something that disturbs them, or if anyone hurts them in any way. It is a way to
let them know that their parents are there to support them and won’t get angry at
them.
 Giving kids a set time limit for browsing the net, and putting restrictions on what sites
are and aren’t allowed helps lay down some boundaries.
 Parents can keep the PC or other devices in an area that they frequent, like the living
room or the kitchen. This way, will know that their parents are around and watching.
 It is important to for parents to undertake research before buying any device or new
technology. Making sure that they have complete information of what they are buying
and in what ways it can be used helps greatly.
GEN121: Cyber Security Page 36
 It is highly important to report to the concerned authorities on seeing anything
suspicious or inappropriate or harmful. Not doing anything to stop a crime is as bad as
the crime itself.
 It is important that parents get involved in what their kids are doing, and respect their
interests. This way, kids also become more accepting of their parents’ rules.
 Taking away a child’s internet usage does not do any good. On the contrary, it can
make children more rebellious and prone to rule breaking.
 Parents should keep an eye, but not go posting messages on their kids’ profiles. It can
make kids them feel embarrassed and want to block their parents. This only causes
them to distance themselves from adults.
 It’s always smart to put up a mix of parental controls. More variety, more security.
However, parental involvement is ultimately more effective than any kind of
technological security.

Ensuring that kids are safe when they use the internet will ultimately result in them having a
happy and fulfilling browsing experience. As kids do not know about the dangers out there, it
is extremely important to keep an eye on them as they cannot protect themselves and become
easy victims. Keeping them safe online will help them explore the wonders of the internet.

GEN121: Cyber Security Page 37


Unit 8: How to Avoid Getting Addicted to Facebook

Fun Facebook Facts


The good and bad side of Facebook
Security risks
Email scans
Malware threats
Privacy
Untrusted apps
Safe networking tips
How to overcome Facebook addiction?

Who doesn’t know about Facebook? A large number of people use this social networking site
to connect with their friends, put up pictures, play games and socialize. Facebook allows a
user to create a profile for free, where they can add people as their friends, play multiplayer
games and get in touch with new people. It is an interactive platform that allows people to tell
their friends what they are up to, and know what their friends are up to as well.

However, there have been instances where people have gone into depression because of using
Facebook too much, people have killed themselves after being humiliated on Facebook and
people have gotten into arguments over ‘unfriending’, unwanted tagging or some such
reasons. Stalking someone on Facebook because they won’t talk to a person in real life is also
very common.

Facebook has made it easy for us to constantly be in touch with others; maybe too easy. It has
also caused people to bask in the attention and ‘likes’ that their photos and updates get. This
leads to a lot of people constantly posting something, and constantly going online to see how
many likes it has received. Not getting the desired likes fast enough can actually send people
into a mode of depression and self doubt.

In this chapter, we will be talking about the Facebook addiction that seems to have taken over
mankind, and also the dangers that this otherwise wonderful website possesses. But first, let’s
read some interesting facts about Facebook.

Fun Facebook Facts

 Facebook is mainly blue in colour because the founder, Mark Zuckerberg, has red and
green colour blindness.
 He donated $1 Billion to charity, making him the highest donor in 2013.
 Also, you can’t block him on Facebook!
 More than 600,000 hacking attempts are made on Facebook accounts each day!
 Facebook earns more than $5 from every US user, on an average.
 People check Facebook from their smartphones on an average of 14 times a day. Also,
1 out of 3 people feel dissatisfied with their lives after visiting their Facebook
profiles.

GEN121: Cyber Security Page 38


 People over the world have been hurt or murdered for unfriending someone on
Facebook.
 Facebook has been banned in China since 2009.
 About a third of the divorce filings in US in the year 2011 contained the word
Facebook.
 A British woman was sentenced to 20 months in prison for creating fake profiles and
sending abusive messages to herself!

Quirky, isn’t it, the impact that a website can have on millions of people? There are many
pluses of being on Facebook, but there are quite a few downsides as well. Since its inception,
Facebook has risen steadily in popularity. Let’s see the good and not-so-good side of this site.

 Facebook has helped us reconnect with old friends and people that we have lost
contact with over time.
 It helps us keep in touch with friends and loved ones who are far away from us.
 On the flip side, people get addicted to Facebook, checking it multiple times a day
and getting upset if they don’t get the number of likes that they want.

Security risks of Facebook

Being a site that is used by millions of people worldwide on a daily basis, Facebook
definitely poses some risks. These can range from data security to trolling. Let’s see some of
these issues.

Privacy

Information privacy is the right a person has regarding storing, sharing and displaying their
personal information on the net. Remember that the thing about the cyber space is that once
you put something out there, it stays there forever. Even if you delete it, someone else might
have copied it before.

Information about you that is present on the internet comes from various sources. That which
you post, that which others post about you and that which social networking sites collect
about you and distribute, are all present for people to see.

One very pertinent threat that we often do not realize is other people keeping a tab of what
you post on the net and using it against you. For instance, posting your itinerary or program
for travel on Facebook or other social sites is like an indirect invitation for a thief to come
and burgle your house.

Social issues

You must have heard of many instances where people have lodged complaints against
another person for stalking and harassing on Facebook. An ex boyfriend or girlfriend
constantly posting something or sending text messages of a negative nature on someone’s

GEN121: Cyber Security Page 39


Facebook wall are very common instances. Parents posting messages or photos on their
children’s Facebook wall are considered to be embarrassing and uncool by kids.

Cyberbullying and writing hurtful things that can adversely affect a person are also common
when so many people are present on one forum, but only virtually, making them untouchable.
There was a case in India a few years ago where a heartbroken young girl committed suicide
after her ex boyfriend wrote ‘Happy Independence day’ on his Facebook wall, just hours after
their breakup. Similarly, a teenage girl in the US killed herself after being harassed and
cyberbullied by two boys on Facebook, who happened to be her friends. They posted hurtful
messages in her inbox and called her names.

Kids can also become victims of emotional abuse or sexual predation, because these days it is
difficult to tell the good people from the bad apples on the internet.

Frauds

The more information of yours that is out there, the more scope there is for someone to scam
you. The various types of frauds and scams that people can become victims of are, identity
theft, social engineering, financial fraud, romance scams, etc.

Malware attacks

Malware is another common security threat that is rampant on Facebook. Here are some
examples of how a malware can attack your computer.

• Malicious advertisements.
• Posts on wall, inbox and chat messages containing malicious links, with
accompanying messages that incite curiosity in the reader.
• Spam mails pretending to be from Facebook admins, having alarming content that
scares users into clicking on the included links or URLs.
• Random messages claiming to be old or recent friend or follow requests that incite
curiosity in a person.
• Malicious URLs that have been renamed and given shorter names so that they appear
genuine. The user does not know where the link leads until he/she clicks on it. For
example – http://bit.ly/12f/TJ is a malicious URL that has been renamed.
• Asking for likes and views on fake pages hosting exciting offers.
• Messages from ‘friends’ asking for some sort of help in an emergency, for example –

“My wallet has been stolen and I’m stuck out of town. Please send me some
money.”

“Your friend is in a serious emergency and needs to be rescued. Send him


some money by clicking here.”

GEN121: Cyber Security Page 40


• Another example of a malware worm is koobface, which was aimed at users of social
networking sites such as Facebook, Twitter, Skype, Yahoo, MySpace, Gmail, etc. It
infected the users’ computers and took control of the machine and system.

Untrusted Apps

Untrusted apps are those that ask you for unnecessary permissions when you download
them. For example, a dictionary or gaming app does not need access to your camera,
gallery, email contacts, geographical location, etc. If you allow Facebook apps an access
to your profile, then they can start misbehaving. For example, posting updates on your
friends’ profiles and timelines, something you would not otherwise do. The only thing
you can do is remove the individual posts, or remove the app itself.

Safer networking – Some tips

Do you know who can see the information that you put online? Everybody. Your friends,
family, their friends and family, old and current colleagues, old, current and potential
employers, teachers, colleges, schools, universities, customers, prospective customers,
competitors, cyber criminals, thieves, hackers and Government agencies. Everybody who
is out there can see what you put in cyber space. Anyone who may have anything that can
cause harm to you or your loved ones, such as sensitive or embarrassing information,
photos or videos, can also upload it on the net to defame you. News spreads very fast on
the internet, and once it’s out there, damage control becomes extremely difficult. Here are
some tips to keep in mind to ensure that your networking experience is a safe one.

 Use strong passwords that are a mix of characters and thus difficult to crack.
 Provide minimal information about yourself. Do not give out your addresses,
phone numbers, etc.
 Go through the privacy and safety settings of your account and customize them
according to your preference.
 Don’t allow third party apps to access your information. Read their permissions
before allowing.
 Filter what you post online. Never post photos or updates that can get you into
trouble later. Never abuse anyone virtually, or post anything controversial or
biased.
 If you have given a false reason for skipping work to take a day off for enjoyment,
then keep that in mind before posting anything on Facebook. It can be viewed by
your boss and colleagues.
 Do not post anything about your employer and company unless you are authorized
to do so.
 Parents should supervise what their children are doing on networking sites and
who they are talking to.

GEN121: Cyber Security Page 41


 Do not click on ads, links or similar suspicious things. Also be weary of friend
and follow requests and strange text messages. Always check out the page or
profile if you can, otherwise avoid accepting them.
 Do not click on too many ads or URLs. You do not want to increase the risk of
infecting your computer.
 Use Google’s inbuilt security features that automatically block ads and pop-ups.
These also warn you about small links and suspicious URLs. Additionally, get a
good antivirus, like Quick Heal, to add extra security that may go through the
inbuilt security features. Too much security is never a bad thing.
 Type your name in Google once in a while and see what pops up, just as a
precautionary measure. If there is anything bad there, you’ll know.

Facebook addiction – Signs and Solutions

Now that we know all about Facebook and its various advantages and risks, let’s get on with
our main agenda – Facebook addiction and how to deal with it.

Signs that you are addicted to Facebook

Over sharing of photos and videos-be it of self or something/someone else.

Constantly posting updates about where you are, what you are doing, thinking, feeling,
eating, etc.

Checking your Facebook profile as soon as you get some free time.

Being too concerned about your social image. Always posting something that will boost your
social presence and make people like your photos and updates.

Spending hours on Facebook, browsing through it or posting some recent activity.

Always being in a mad rush to add more and more friends, even if it is people you do not
know.

Compromising on spending time with family and friends in real life, and not living life out
there, to be more active on Facebook.

Quitting the addiction

Here are few ways to quit the Facebook addiction and get on with real life. Mind you, just
like any other addiction, this may not be easy too. However, it isn’t very difficult either.

 First, admit that you have a problem and want to change it. Without this acceptance,
the entire exercise is pointless.
 Track your Facebook usage over a day or a week. Keep a diary log, as this will be
easier.

GEN121: Cyber Security Page 42


 Once you know how much time you spend online each day, make a list of offline
activities that you can do in these hours instead. For example, reading, listening to
music, going out, pursuing a hobby, etc.
 Think of how Facebook can benefit you offline. For instance, you can actually meet
those friends that you socialize with online! Or, you can do a course in photography to
post better pictures on your wall. Alternately, you can travel!
 Once you have taken a note of all these things, strengthen yourself mentally and take
action!
 Do not go on Facebook for a day or a few days. Plan out how you want to start.
 Keep your PC and internet off, and turn off all notifications on your phone.
 Keep your phone away from you or leave it at home and go out. Distract yourself.
 Disable your Facebook profile for a few days if you can. This will be more effective.
 When you engage in something else, something fun or interesting or mentally
challenging, you will realize that you are having fun even without Facebook.

Facebook is a boon and a bane. It can propel people to great heights, or kill their careers or
reputation due to recklessness. It can also cause people to become victims of frauds and
scams, but that seems to be a part and parcel of using the internet. They key to making the
most out of Facebook is to use it in moderation and with discretion. Too much of something
is seldom good, but if used properly, can give you excellent rewards.

GEN121: Cyber Security Page 43


Unit 9: Dos and Don'ts of Internet Security
Types of online threats and precautions
Basic internet security tips

As discussed before, the various uses of the internet include socializing, working, watching
videos, shopping, conducting financial and banking transactions, buying and selling items,
getting information, listening to or uploading music, the list can go on and on. These days, we
use the internet for anything and everything that it can be used for, mainly because it makes
our life easier.

The internet has made our lives faster and more efficient. Plus, it has also made tedious or
complex tasks simpler. For instance, getting your passport renewed would take days of
planning and hours of standing in line at the passport office before. Now you can go online,
fill out a form, get a date and time for reporting and even get a list of the documents required.
This drastically cuts down the time you spent previously.

Just like you, there are millions of other people on the internet, who can see you like you can
see them. So when it feels great to get 200 likes on a photo that you upload, it can be equally
devastating to find some embarrassing information about yourself, posted by someone else,
also getting hundreds of views. You never know who views your information. On the flip
side, there are some elements of the internet that can cause you grievous harm if you are not
careful. These include scammers, fraudsters, thieves, sexual predators, people who have some
grudge against you, etc.

In this chapter, we are going to discuss the various types of threats that you are vulnerable to
when you go online, and how you can protect yourself against these. We will also discuss
some basic tips that you should keep in mind when it comes to internet security.

Types of online threats and precautions


The internet is full of possible threats that can harm you, your computer or your personal
information. Hence, it’s always best to know about these so that you can be better prepared to
face them. Here are some of the common online threats –
• Hacking
• Phishing
• Spyware
• Viruses, worms and Trojans
• Adware
• Spam
• Freaks attacks

Let’s discuss about these in brief, and see what precautions to take to avoid them.

GEN121: Cyber Security Page 44


Hacking

Hacking is the act of accessing a person’s computer and their information without their
permission. It is a criminal activity. In a hacking attempt, a sophisticated program infiltrates a
person’s computer when the victim clicks on a link or downloads an attachment sent by the
hacker. The program then performs its function, accessing the information that it is supposed
to. Hackers use this information to blackmail victims for financial gains or for other
malicious purposes.

How to protect against a hack attack

• Use sophisticated security software.


• Use a strong firewall to make your computer extra secure against hackers.
• Always update your OS and antivirus software on a regular basis. Outdated software
is more prone to hacking attacks.
• Let your antivirus software scan your machine regularly. It can find and
remove/quarantine infected files.

Phishing

Phishing refers to a criminal activity that uses social engineering to steal a person’s
information. Social engineering means interacting with the victim directly or indirectly and
tricking them into revealing personal information. The scammers pretend to be someone else
and gain the victims’ trust to obtain information such as passwords, financial details, etc.
There are various types of phishing, which are –

Spear phishing – This is a type of phishing where the scammer tracks you online and follows
your activity. He then sends you an email claiming to be a person or company you know. The
salutation is personal, like ‘Hi Steve’ or ‘Hello Julie’. This is done to make you develop trust
towards the sender. The mail then asks you for some personal data like your login details,
credit card numbers or similar things. Most people will not suspect that something is wrong,
and end up giving the attacker their details. This only ends in unpleasantness, of course.

Clone phishing – As the name suggests, clone phishing uses cloning to create a legitimate
looking malicious email. In this scam, a genuine email that has already been sent to people is
taken as the basis for the phishing mail. This genuine email must contain an attachment or
link that the scammers can use. The content and recipients addresses are taken and copied
into another email. The attachment or link is replaced with a fake and dangerous version. It
is made to look like a resend of the same mail, but contains links that can give your data or
computer into the hands of the attackers.

GEN121: Cyber Security Page 45


Whaling – Whaling is like any other phishing email, but is directed towards top executives or
government officers who handle important or sensitive information. Scammers refer to this
type of activity as ‘reeling in the big fish’. Hence the term ‘whaling’. Attackers create a fake
mail that takes the receiver to an authentic looking website that is actually malicious. They
can also keylogging, spyware or malware to gain access to the victim’s machine or data.

Voice phishing – Voice phishing, also known as ‘vishing’, is a combination of ‘voice call’
and phishing. The attackers call up selected victims, announcing some fake contest or reward.
They then ask for the victims’ personal details, usually financial. Most of the time, people
end up trusting such scams and divulge their private details to the attackers. What happens
next, we all know.

SMiShing – In this form of phishing, the attacker sends a text message/SMS on your phone.
The SMS asks you to follow a given link or call/text a given number and provide some
personal information about yourself. If it doesn’t ask for any personal information, then the
attacker at least gets some money every time you send an SMS.

How to protect against a phishing attack

• Never click on links or download attachments from unsolicited emails, especially if


they are asking for financial information or some form of payment.
• If the email claims to be from your bank, then type in the URL manually and check.
Clicking on the link may redirect you elsewhere.
• Always call up your bank and cross check whether the mail is really from them.
Financial institutions normally do not ask you to send personal financial details via
email.
• Check whether the site you are on is secure. It will have an ‘https’ extension.
• Never respond to SMS or voice phishing. Do not give out any information and contact
the authorities immediately.

Spyware

Spyware is a type of malware that enters a person’s computer unknowingly and steals
valuable data like login details, passwords and financial details. It can enter the victim’s
computer through web pages where it is present and infiltrates when the user accesses the
page or downloads some free software.

One popularly known spyware is keylogger, which tracks the keystrokes made by a person on
the keyboard. This way, each password that you type gets recorded with a third party.

GEN121: Cyber Security Page 46


How to protect against a spyware attack

• Check that your Antivirus software has spyware protection installed in it.
• Keep your antivirus and firewalls regularly updated.
• Use virtual web based keyboards when you are making online financial transactions.
This way, what you type is not tracked.
• Don’t rely solely on the keywords provided by your OS. They are not effective
against keyloggers.

Virus, worm and Trojan

A virus is a program that is malicious. It enters your computer and replicates, infecting one
file after another.

A worm is an independent program that does not need a file in order to replicate and infect
the system. A worm does not infect existing files, but instead replicates itself throughout your
machine.

A Trojan horse is a malicious program pretending to be a useful program. Hence, when a user
downloads it, it opens a backdoor to your computer for hackers and attackers.

How to protect against these attacks

• Keep your system and antivirus software updated.


• Get a strong firewall.
• Do not download software just because it’s free and apparently useful, or click on
links or attachments from unknown mail addresses.
• Scan external devices like pen drives before allowing them access to your machine.
• Run antivirus scans on a regular basis.

Adware

Adware means ‘advertising related software’. This type of software automatically displays or
downloads advertisements, banners and pop-ups when you are using the internet. You may
have seen random ads coming up or sliding into the screen when you are browsing. These can
be very irritating.

How to protect against an adware attack

• Never download software that you don’t need or that appears unsafe, just because it is
free.

GEN121: Cyber Security Page 47


• If a download screen or window appears randomly when you are doing something
else, then close it or ignore it. Do not download anything.
• Do not click on any advertisements or pop-ups that display free merchandise or such
enticing offers.
• Use a pop-up blocker and ad-block on your machine.

Spam

Spam is the unsolicited mail that is sent to many people from an email address. It often takes
up space in your account and can be quite irritating. Spam mails are often those that are sent
for promotional purposes, or those that are used to spread malicious software like viruses and
worms. Here are some examples of popular spam attacks –

 Stranded traveller scam


 Work from home scam
 Nigerian scam
 Email lottery scam
 Astrology/psychic scam

How to protect against spam attacks

• Check if your antivirus has an email security feature.


• Report unknown or unsolicited mail as spam.
• Delete all spam mail.
• Do not publish your email address on public sites.
• Do not respond to spam mails.
• Do not open any attachments, click on any links or fill any forms that come with these
mails.
• Create accounts with secure sites such as Gmail and Yahoo mail, which provide spam
filters.

Freak attacks

A freak attack is one where attackers hack web browsers by intercepting and cracking them.
The browsers that are most vulnerable are Android and Apple Safari. The attackers steal
sensitive data like login details, passwords and financial information.

Basic internet security tips


 Keep long passwords that are combinations of various characters. Never keep the
same or similar password for various accounts.
 Always keep your antivirus and firewall on and updated.

GEN121: Cyber Security Page 48


 Do not access websites that require passwords, or conduct financial transactions on
public networks, like public WiFi or net cafes.
 Do not install software or apps from unknown sources or sites. Also do not download
free software because it’s available.
 Never download attachments or click on links included in mails from unknown
senders.
 Never click on links that appear to be from your bank. Call your bank instead.

Internet security is very important, because it includes safety of everything – you, your data
and your money. It is not to be taken lightly. Having knowledge about these threats will help
you detect them before you or someone else becomes a victim.

GEN121: Cyber Security Page 49


Unit 10: What is Browser Sandbox Protection?

Understanding the web browser


Internet threats
Web based attacks
What is browser sandbox?

All of us use the internet every day. And to browse various sites, we use software
applications like Google Chrome, Internet Explorer, Mozilla Firefox, Safari, Netscape and
many more. These applications are called web browsers or internet browsers.

To be more specific, a browser is used for obtain, retrieve, present and send information
resources on the World Wide Web. Any information source has a specific Uniform Resource
Locator/Identifier, which is commonly known as a ‘URL’ or ‘URI’. A URL identifies the
source of the information, meaning the location where it is posted on the net, and from where
it has been taken. Without a browser, you cannot access the internet, because these
applications are specifically designed for this purpose.

Internet threats

These days, it is very difficult to spot the threats that lurk on the internet. Even a supposedly
safe looking site can be riddled with malicious programs hiding in plain sight, just waiting to
infiltrate your machine and harm it, or worse, access your information.

Many times, you do not need to even download or click on anything on the website. Simply
visiting it can cause a malicious program to get into your computer. These days, criminals
have become very tech savvy. Each time a security feature comes up; they find a way to hack
it. Well-known sites which are used by millions of people every day, like SnapChat and eBay
for instance, have been hacked. The data on these sites can be put up on public forums or
misused by the criminals for their personal gain. Hence, do not be under the impression that
only lesser-known sites are vulnerable to being hacked. It can happen at any time, to anyone.

Signs of possible PC infection

If a virus or other harmful file enters your computer, it can wreak havoc with the system.
There are some signs that you will find odd, which must be watched out for. Here are a few –

• Computer begins to misbehave.


• Apps or programs randomly open up, or shut down when you are using them.
• Your default browser gets changed abruptly. For example, you are using Chrome and
the next day, Internet Explorer has been set as your default browser without warning.
• Blinking ads and pop-ups start appearing on your screen when you are browsing.
• Ad pages open on new tabs when you click on a link on a site you are using.

GEN121: Cyber Security Page 50


• Clicking on links navigates to an entirely different page with an advertisement that
doesn’t allow you to exit easily.
• Your social media account starts showing activities such as app usage or liking pages
that you actually have not liked.

This kind of behaviour on the part of your PC is a sure sign of infection. This brings us to the
main point of concern. One malicious file which accidentally enters your PC while you are
online can cause the rest of your computer system harm offline.

So what is the solution to this problem? The answer is browser sandboxing. Let’s now see
what this feature is all about in detail.

Browser sandbox – What it is

We all must have played in a sandbox as kids. It is a shallow, square-shaped box that is filled
with sand to a certain height, in which kids play. It is an enclosed box, which is an
independent environment where kids can play whatever sand games they want.

Similarly, a browser sandbox is a virtual environment that is created by your computer for
browsing the internet. It runs the web browser in this environment, isolating it from the rest
of the computer system. This sandbox is like a protective wall in which your browser runs.
Hence, it protects your PC from the above mentioned dangers that your browsing activity can
result in.

Now let’s take a look at the highlights of this security feature.

• Once you activate the sandbox, it will take your browser into a virtual environment.
• When you download a file or software from your browser, it remains isolated in the
sandbox environment and does not reach your system.
• The advantage of this feature is that if by chance any malicious file also gets
downloaded, then it also remains confined in the virtual environment. This protects
your PC.
• Another good feature about the sandbox is that when you close your browser,
whatever changes have been made to that environment get deleted automatically.
Hence, when you open the browser next time, the virtual environment is brand new
and safe, and not affected by any malicious files.

The browser sandbox security feature is available with antivirus software. For example,
Quick Heal antivirus comes with an inbuilt browser sandbox feature which protects your PC
against the dangers of browsing. Along with this, keep your operating system, antivirus and
firewall updated, and do not open or download files or software that is unsolicited or free.

Extra precaution is never a bad thing. Hence, it is best to purchase an antivirus that comes
with most of the security features, like Quick Heal. A complete package offers more
protection without causing you any extra effort.

GEN121: Cyber Security Page 51


Unit 11: Gmail Security

What is Gmail?
Importance of Gmail security
Gmail security features
How to secure your Gmail account
Interesting facts and cases

Gmail is search engine giant Google’s email service. Launched in April 2004, it became an
instant mega-success. It was the first email service that provided 1GB of data storage, which
was much, much greater than ANY of the popular email service providers of the time. Apart
from that, it offered features such as instant search, keyword search, threaded messages and
many more options.

Gmail is a cloud based service, which means that it provides you with massive storage for all
your data. If you delete a document that you had downloaded from an email in your Gmail
account, then you can simply re-download it from the email. Plus, you can store your photos,
documents and videos as well. This is because Google currently offers 15GB of space to
share between your Gmail accounts, your Google Drive and your G+ Photos. So much space!

Owing to all these awesome features, it is no doubt that Gmail is one of the most widely-used
email services in the world. It comes as no surprise that it has over 400 million users today.
Why not, considering the number of activities you can get done using one account!

Gmail security – Importance

Where there is information, security is important. Given all the data storage that Gmail offers,
protection of your stored data is also important. The information and messages in your Gmail
account are stored, meaning that they are always present in virtual space. Hence, it needs to
be kept safe. The different types of data that can be present on Gmail is as follows –

 Bank details
 Account numbers
 Salary information
 Personal information
 Photos and videos
 Private messages
 Professional information
 Information about other people

Another reason why it is important to secure your Gmail account is that many people use the
same combinations of usernames and passwords for various accounts. This increases the risk
factor because, if one account is hacked, then all the others are vulnerable too.

Gmail security features

GEN121: Cyber Security Page 52


Gmail provides some amazing in-built security features that added to its popularity when it
was launched. This helps give additional protection to your machine and network. Some of
the popular features are highlighted below.

Attachment scanner

We all send and receive emails and messages with attachments in them. These attachments
can be of text documents, PDFs, audio and video files, etc. Many times, these attachment
files can get corrupted while emailing, or right from the beginning. If Gmail detects a virus in
the attachment, then it rejects the message. It displays a notification to the user about the
same. Attachments that have viruses cannot be downloaded in Gmail.

Spam filter

There are three features of the spam filter. These are text filter, blacklists and client filter. In
the text filter, common spam words like ‘free’, ‘get’, ‘call’, ‘buy’, ‘meet’ etc. are tracked and
the incoming mail is automatically sent to the spam folder. In the blacklist feature, Google
maintains a list of previously blacklisted email id’s and their mails. These are directly put into
the spam folder. In the client filter feature, Gmail keeps a record of client identity and history
to block any harmful mails they send. These filters are in-built features. You can even set
your own filters.

HTTPS

Gmail uses an encrypted https connection, which means that it is a secure connection. This
means that when you are accessing and using your account, no one can infiltrate and seize
control of it.

Steps to secure your Gmail account

We will now give you some steps to better secure your Gmail account. Follow these
instructions as per the steps given.

1. Log in to your Gmail account.


2. At the top right hand corner, you will see a small circle that is either blue in colour or
has a photo (if you have uploaded one).
3. Click on that circle, and a small box will drop down. In that box, click on the ‘My
Account’ button.
4. Among the various tabs, there will be one about security checkup. Click on the ‘Get
Started’ option under ‘Security Checkup’.
5. There will be two fields on the screen, namely ‘Recovery Phone’ and ‘Recovery
Email’. In the first one, enter any of your active mobile numbers. In the second one,
enter another email address of yours that is in use. This will help Google reach you if
there is any unusual activity on your account.

GEN121: Cyber Security Page 53


6. Click on ‘Done’ and then move on to the ‘Check your recent activity’ section. Go
through the page and check whether the activity displayed is correct and click on
‘Looks Good’. Otherwise click on ‘Something Looks Wrong’, and Gmail will give
you the option of changing your password.
7. The next section is ‘Check your account permissions’. This displays the permissions
that various apps have to your phone. You can choose to remove permissions to apps
that you don’t want. Then click on ‘Done’.
8. Once your security settings are updated, click on ‘Continue to account settings’.
9. Here you will see a 2-step verification option. In a 2-step verification, Google sends
you a verification code either via text or voice call. There is also an option to ask
Google not to send a code for sign-ins from a particular machine. This way, if
someone else tries to log in to your account from any other computer, they cannot!

Here are some extra steps to further secure your Gmail account.

 Set strong passwords. A strong password is long, and a combination of upper and
lower case letters, numbers and special characters.
 Do not use the same password for multiple accounts. If you are having trouble
remembering all the passwords, then tell these to a few trusted people who will
remind you in case you forget.
 Preferably do not turn on the auto-respond option, because it replies to any and all
emails without discriminating. If it replies to a spam mail, then your account becomes
vulnerable to attack.
 Especially avoid turning on vacation auto responders with your address or other
information.
 Never stay signed in when you are done. Always sign out of your account.
 Get antivirus that offers cloud-based email security. For example, Quick Heal.

Did you know?

Did you know that Google Drive offered 2GB of free storage to users who did a quick
security checkup of their account? This offer lasted till February 17th, 2015. This is how
seriously Google takes account security.

Did you know that Google did a statistical analysis of leaked Gmail passwords in September
2014? It displayed the top 10 most common passwords, 10 most commonly used words in
passwords and also the percentage of users who used simple and complex passwords.

Protecting your email account is very important, because no one would want strangers to get
a hand on their personal or sensitive data. The best part about Gmail security is that you can
customize it according to your liking. Plus, Google also provides a lot of security features
from its side. So rest assured, you are guaranteed the safety of your account even when you
are away. Keep in mind the important tips and follow the instructions above to have an
airtight secure Gmail account.

GEN121: Cyber Security Page 54


Unit 12: Mobile Device Security

Introduction
Uses of mobile devices
Sudden popularity of mobile phones
Risks and threats
Ensuring security
How to secure your mobile

Cell phones have, over time, gone from becoming a luxury to a necessity. With the gradual
increase in popularity, almost everyone has cell phones today. These days, every person in
the house has their own mobile. Stats show that there are more mobile phones in the world
than the total global population, and that number is increasing 5 times faster than the number
of people! Cell phones have made life much easier. In the earlier days, communication was
limited, and finding a phone to contact someone in case of an emergency was also time
consuming.

Cell phones enable a person to call anyone at anytime from anywhere. Fast connectivity has
ensured that information is transmitted quickly, saving time and effort. It is also very useful if
someone falls into trouble or faces any danger, as they can quickly call for help from their
cells. Social networking apps like WhatsApp and Hike help people keep in touch with each
other on a regular basis at a small cost. Photo sharing apps, shopping apps, GPS, YouTube
and many more apps and features are also available on cell phones, making computers
obsolete to some extent. Everything can be done from a cell phone, no matter where or when.

Owing to this advancement, cell phones have also become more and more tech savvy. They
have advanced inbuilt features, faster speed, lighter weight, sleeker look and greater storage
capacities. Mobiles are used for a lot of purposes. People also conduct financial transactions,
sending emails and checking bank information from their mobiles.

All these factors taken into consideration, the issue of mobile security has started to gain
more and more importance in today’s day and age. In this chapter, we will discuss the various
uses of cell phones, the risks and threats that accompany using these devices and how you
can secure your phone from these risks and threats. But first, let’s see the various uses of a
cell phone.

Uses of cell phones

Almost all the cell phones that are made today are smart phones. Here are some of their uses
and functions.

 Making and answering calls.


 Sending text messages.
 Sending emails.
 Sending messages via messengers like WhatsApp and Hike.
 Accessing social networking websites.
 Putting reminders.
 Scheduling appointments.
GEN121: Cyber Security Page 55
 Setting to-do lists.
 Downloading and playing games, both online and offline.
 Storing documents, PDFs and other files.
 Listening to/downloading music and watching videos.
 Shopping, banking, paying bills and making other payments online.
 Using GPS for directions and finding locations.
 Taking, storing and editing pictures and videos.

Taking all this into consideration, let’s now make a list of all the different types of data that is
generally stored in a cell phone.

 Contact numbers
 User names
 Passwords
 Cookies
 Location data
 Browsing history
 Device and network connection names
 Personal information
 Financial information
 Application information
 Confidential information
 Important documents
 Transaction history

Given that so much of sensitive and personal information is stored on phones, it is very
important to ensure its security. The thing about phones is that unlike laptops and tablets,
these devices are small in size and are forgotten behind by people very often. They can also
be hacked and opened quite easily. This is indeed quite dangerous. When it comes to phone
security, the three things that you need to keep safe are –

• Phone data
• Phone applications and programs
• The phone itself

Now that it is established that phone security has three main aspects, let us now see the risks
and threats associated with cell phone usage.

Cell phone use – Risks and Threats

Risks

Portable data storage – The data that you store in your phone is carried around with you. It is
not kept in a physically safe place. Hence, it can be accessed by anyone if your phone gets
lost or stolen.

Wireless connections – Accessing public Wi-Fi connections to access internet on your phone
is risky. You cannot say if anyone is using the same connection to track your internet activity,
and getting access to your passwords, login and financial details.
GEN121: Cyber Security Page 56
Third party apps – Downloading apps from the internet is a very common occurrence.
Millions of downloads take place every day, and new apps are launched periodically. Before
installing an app, read the permissions that it is asking for. Some apps ask for access to your
gallery, contacts, GPS, location, email id and other things. Decide whether you want to allow
that app access to particular data and then proceed further.

Threats

Malware – Just like the case is with computers and laptops, mobile phones are also
susceptible to viruses, worms, Trojans and spyware. These malicious programs can steal
personal and sensitive data from your phone, including login and financial details. They can
also rack up huge long distance call charges, steal your balance and collect your data. These
programs can affect a cell phone in the same way as a computer.

Eavesdropping – This does not just mean someone sitting next to you listening in on your
conversation. Data that is sent out from your phone, like financial or login details, is not
encrypted most of the time. This means that it can be viewed by other people if you are using
an unsecure wireless internet connection like a public Wi-Fi. This makes your data vulnerable
to being stolen and misused.

Unauthorized access – Suppose you forget your phone somewhere or lose it, or someone
picks up your phone when you are not looking. It is not extremely difficult to hack into a
phone. Most phones have pattern or pin locks, while many can open with a simple screen
swipe. Anyone can hence access your data even when they are not authorized to. This also
leads to compromised data availability and integrity. Your data can be misused in many
different ways if the phone has been stolen with that intention.

Theft or loss – Phones are small devices that are quite susceptible to being forgotten. It has
happened to all of us at some point of time, that we left our phone behind, at a public place,
in a taxi, at the gym, at a friend’s place or such other locations. In many instances, by the
time the person realizes that the phone is missing and goes back to find it, it has disappeared.
Swanky or plain, finding an unattended or forgotten phone is like finding treasure for a thief.
If the person manages to unlock your phone, then all your personal and sensitive data is
compromised.

Unlicensed or unmanaged apps – Apps that we download on our phone are also vulnerable
because they possess many loopholes that can be used by criminals to their advantage, even
though we may not understand these risks. Apps always ask for permissions to access certain
data on your phone. Many times, the advertisements that accompany the app also get the
same permissions. Unlicensed applications are even more risky, because their source and
credibility is doubtful. Always read the permissions that the app is asking for before you
allow installation. Also keep updating the apps regularly. Most of them update themselves
automatically, while many ask for permission. Allow these updates to keep your phone safe
from hacking.

GEN121: Cyber Security Page 57


Methods to handle mobile security

Now that we know that various risks and threats that are associated with using cell phones,
let’s now see the three basic methods to manage the security of your phone. These are –

Authentication
Encryption
Filtering

Authentication

Authentication is the process of verifying whether someone’s identity is what it is claimed to


be. This is why users set passwords like face recognition, voice recognition, pins or patterns
to lock their phones, so that no one else can open it. Only the user, who knows the unlocking
method, can access the phone. In this manner, the phone also indirectly authenticates the
identity of the user. Mobile phones are not password enabled by default. It needs to be set by
the user, and hence becomes unique to each user. It is always pertinent that you keep your
phone locked using one of the options provided by your phone.

Encryption

Encryption is the process of converting readable data into a format that cannot be understood
by unauthorized users. Those who are authorized to access the data know how to decrypt it
into readable format. In short, encryption means encoding. Many cell phone devices have
self-encryption features. It does not affect the way the user uses the phone. Encryption helps
keep phones safe by securing the data that is stored on them or transmitted from them.
Intruders cannot access sensitive information that compromises the security of the device. It
makes viewing important data difficult, without proper authentication.

Filtering

Filtering is the process of separating the authentic and safe apps, mails and sites from the
unsafe ones. It is a process of removing the threats that a phone can face due to web
browsing, accessing mails, downloading apps and opening attachments. Mobile phones
generally lack this feature by default. It comes with certain antivirus and phone protection
software. Many times, sites and attachments contain viruses or other malware that can harm
your phone. The antivirus software protects your phone form attacks by such malicious
programs.

Steps to make your mobile more secure

GEN121: Cyber Security Page 58


Now that you know how to maintain the security of your mobile, let’s discuss some steps to
make it more hack proof and safe.

 Set a strong lock on your phone, like a PIN or a password. Never use
the simple swipe lock.
 Change your settings to automatic screen lock.
 Regularly backup all your phone data.
 Install a phone security and antivirus app like Ultimate Protection,
Lookout, etc. There are many such apps available. Do a little research before choosing
one. You can also go for phone antivirus software like Quick Heal. Such software has
many features that cover the entire security system of your phone.
 Turn on data encryption in your phone’s settings. This won’t affect
your phone usage, but will certainly help protect your sensitive and important data
from criminals.
 Turn on the location settings. In the event that your phone gets lost or
stolen, this will help you track its geographical location.
 Always read app permissions carefully before downloading. If you feel
that a certain app is asking for access to data that it does not need to know, and then
find an alternative if possible. If you need the app no matter what, then make sure that
the security settings on your phone are strong.
 In your security settings, there will be an option for apps from
unknown sources. It is up to you to turn it on or off. Many times, such apps are
required. However, read user reviews and find out more about the app before you
download it.
 If your phone has a remote wipe setting, then enable it. You can wipe
the entire data from your phone if it gets lost or stolen. This can be done from
anywhere, and will keep your phone’s data from being misused by others.
 Finally, if your phone is misplaced or stolen, then report it to the
authorities immediately. They can help trace, lock or shut off the device. Hence, even
if you cannot get it back, you can be rest assured that it is not being misused.

All these steps are to ensure the security of your personal phone and the protection of all the
data that is stored on it. There is also something known as Mobile Device Management
(MDM), which includes apps that are used by enterprises to protect devices that are
connected to their corporate network. There is an administrator who is authorised to manage
and control these devices. MDM solutions help to manage, monitor and secure mobile
devices that are on the corporate network. It blocks malicious messages and websites from
infiltrating the network.

Mobile phone security is very important as these small devices are easier to attack and hence
more vulnerable as well. Besides that, they also have most of our personal data stored in them
as we carry them with us everywhere, which is why ensuring the protection of this data is
mandatory. It is always best to take precautionary steps than risk loss and misuse of our data.

GEN121: Cyber Security Page 59


Unit 13: Tips and Tricks on Securing Your Android Devices

The mobile revolution


Fast facts
Mobile – The new PC
Risks and threats to Android phones
Mobile malware facts
Mobile safety tips

Mobile phones have revolutionized over time, with millions of handsets in use today.
Statistics show that there are more mobile phones in this world than there are people, and that
this number is set to increase. Mobiles have gone from being luxuries and items of pride for
owners to something that almost every person owns in a household.

Stats show that in the year 2016, the number of smartphone shipments to India is expected to
increase by 8.5%. The smartphone sector will see a large increase in our country, higher than
in many others. Among the urban Indian crowd, more than 50% of the users access internet
multiple times a day, with more than 70% using it frequently for social networking. Mobile
phones are changing the way people live their lives, conduct their business, conduct financial
transactions, do work-related activities, study and socialize. Let’s see some interesting stats
and facts about mobile phones.

• 5.9 billion people out of the total global population of 7 billion are cell phone users.
• This makes the global percentage of cell phone owners 87%.
• Android OS is currently dominating the cell phone market, with more than 85% of the
market share.
• 30% of the total population of cell phone users live in China (1220 million) and India
(920 million).
• Users spend an average of 7 minutes a day on composing, reading and sending emails.
• An average of 27 minutes is spent daily on conversation.
• About 40 minutes a day are spent browsing the internet and using apps. However, it
feels like this number could be higher.

Mobiles – The new PCs

Most people store more personal data on their phones than on their PCs. It can be safely
assumed that smartphones are replacing PCs steadily. Remember that the more data that you
store on your phone, the more there is for cyber criminals to hack and misuse. The more apps
and new features that people use the larger area criminals find to attack. If cyber criminals get
a hold of your data- your personal, financial or professional life can be badly damaged. Not
just phone and personal security, but even your privacy is put at risk.

GEN121: Cyber Security Page 60


• Did you know that more than 30% apps have access to your identity information,
more than 20% can access your exact geographical location and more than 5% have
access to your SMSs and MMSs?
• More than 70% of smartphone users do not protect their phones with passwords. More
than 50% use banking or financial apps, while at least 1in 4 people store their bank
and financial data on their phones.
• More than 30% people store their official login and password details on their phones,
while more than 60% do not log out of apps at all.
• More than 35% people use shopping apps on their phones, while more than 60%
access their work emails and connect to the company network using their private
mobiles.
• At least 3 out of 10 people carry information on their phones that is sensitive and
personal, and which no one else should have access to.
• Additionally, more than 50% people access public Wi-Fi networks to access internet
on their phones, even though it is not safe.

All these actions are risky, and they can harm your privacy and data security greatly. Users
must be very careful when using their phones, because even though the mobile device is
private, the internet is not. And anyone can manage to access your mobile through it if you
are not careful.

Threats to mobile security

Now that we have seen the risks that your phone and stored data can face if you are not
careful, let us now see the outside, third party threats to your mobile phone, your information
and your privacy.

Spyware – This is a malicious program that infiltrates a device’s network, collects sensitive
information and sends it to the attacker.

Phishing – Takes the victim to a genuine looking fake site and asks him/her to give out some
personal information. This is typically done through emails containing malicious attachments
or links.

App stores – Copies of genuine apps infected with malicious viruses or other malware are
placed in official app stores and made available for download.

Exploitation – Taking undue advantage of phone Operating Systems that are not patched with
antivirus and security apps by the user. The attacker can always find a vulnerability or
loophole in an unprotected or poorly protected device.

Online third party app repositories – These are the apps or software that comes up as ads or
pop-ups when you are browsing, offering free download and a host of other features. These
apps can cause harm to your device and data.

GEN121: Cyber Security Page 61


Worm, virus and Trojan – A worm is a malicious file that replicates itself and spreads
through the device. A virus is a bad program that goes on affecting file after file in the device.
A Trojan is a safe and genuine looking program that actually causes damage to the device
network when it is installed.

Man-in-the-middle attacks – This attack gets its name because the attacker acts like a middle
man, intercepting all the information coming to and going from the mobile phone by
eavesdropping. The attacker then uses the information to his/her advantage.

Wi-Fi snooping – The attacker can use an unsecure public Wi-Fi network, that is used by
many people to access internet from their phones and computers to watch the victim’s
activity and gain access to login and password information.

Direct attacks – These include social engineering attacks like voice phishing and SMS
phishing, where the attacker contacts the victim directly and tricks him/her into giving out
personal information.

Some facts about mobile malware

The following are some stats and facts about mobile malware, related specifically to Android
OS. Read on.

• Malware that targets the Android OS has risen by 600% since 2012.
• 99% of the new malware that is released into the market targets Android devices.
• Samples of Android malware have grown by 800% in the last few years.
• There are more than 7000 malicious apps present in third-party online stores today.
• One of the newest malware to hit Android, known as Simplocker, came into public
view in June 2014.

Tips to secure your Android device

Now that you have an idea of how vulnerable Android devices are from the above
paragraphs, let’s now see some basic tips and precautions to keep your devices secure and
your data protected.

 Always put a pin or password lock on your phone.


 Keep a regular backup of all your data on an external storage device or another
machine.
 Check your phone’s security settings and do not modify them. Keep them strong.
 Disable the auto-connect to Wi-Fi option. Your phone will ask you each time before
connecting to any nearby Wi-Fi network.
 Install apps only from trusted sources. Never download suspicious, un-trusted and
non-credible apps.
 Read and understand all app permissions before proceeding with the app download.

GEN121: Cyber Security Page 62


 Install a security app that allows remote wiping and remote location information. This
will help in the event of loss or theft of your phone.
 Always clear out your old phone of all your data before reselling or recycling it. Reset
the settings as well.
 Always report theft or loss of your mobile phone.
 Keep your OS and security apps regularly updated.
 Always log out of apps or sites, especially banking, email and shopping sites.
 Preferably avoid SMSing or emailing personal or financial information.
 Don’t open attachments or click on links from unsolicited or spam mails.
 Never root your phone.

Keeping your phone and data safe and ensuring its security is your responsibility, as a user
and as an owner. A lost or stolen phone can cause you a lot ofmental trauma and difficulties.
Hence, precaution is always better than damage control.

GEN121: Cyber Security Page 63


Unit 14: Top 10 Web Hacking Techniques of 2014

Major computer hacks of 2014


How hacking attacks are carried out
How Facebook accounts are hacked
Dos and Don’ts of internet security

Hacking can be said to be an illegal or criminal act of accessing another person or website’s
sensitive, personal or user information without authorization, with the intention of misusing
the information or causing some sort of harm to the victim. Hackers use a variety of
malicious programs to get their hands on another person’s private information. These
programs can be in the form of viruses, malware, worms, Trojan, spyware, etc.

Sometimes, hackers can also use a technique called social engineering, wherein they make
direct contact with the victims whilst pretending to be someone else. They gain the victim’s
trust and then trick him/her into divulging personal, financial, login and other kinds of
information. Hacking can happen anywhere and anytime, which is why precaution and
security are of paramount importance.

Whenever a new update or security feature comes up, there are always some tech savvy
hackers waiting to find and exploit some loopholes in it. Hence, there is always that slight
risk of someone getting a backdoor to your system and network and laying their hands on
your information. In this chapter, we will see some of the major hacking attacks that 2014
saw, along with how these attacks are carried out.

Major computer hacks of 2014

The year 2014 saw some of the biggies like eBay, Dominos and SnapChat have their sites
and systems hacked and their data compromised. Let’s see what really happened.

iCloud

In August 2014, hackers got a hold of more than 500 photos of celebrities, most of whom
were women, with many of those pics having nudity, and posted it on a public website. These
images were then copied and reposted on many more public photo and image websites by
other users. The photos were stolen from one of Apple’s cloud sites, iCloud. Hackers
apparently used phishing and brute force guessing methods to trick or guess the logins and
passwords of the accounts. This attack received a lot of flak on the grounds of being a serious
privacy violation. It is also believed that some of those photos were later edited, as many of
the celebs who were depicted in them questioned their authenticity. It is also believed that
other personal information like calendars, text messages, address books and other data may
have also been stolen.

eBay

GEN121: Cyber Security Page 64


Between February and March 2014, hackers stole about 145 million user login and password
details of the online buying and auction giant eBay. The hackers first got a hold of the
employee login information of some employees, after which they hacked into the user
accounts. On the bright side, there was no fraudulent activity recorded, although the hackers
could know when a user was live on the site and contact them with false deals or offers.
eBay’s password system is known to be one of the more secure ones, as the passwords are
encrypted and ‘salted’, meaning that an additional random character is added to them. It is
still a mystery as to how such a large scale breach was conducted.

SnapChat

SnapChat is a photo sharing app that is used by millions of people across the world. In
January 2014, about 98,000 photo and video files belonging to thousands of SnapChat users
were posted online on a public platform. However, this move was temporary and the data was
later taken down. Apparently, the phone numbers of the users and their contacts were also
displayed. SnapChat, however, claimed that it was not their server that was hacked, but one
that belonged to a third-party app where the photos and videos were stored.

Dropbox accounts

Hackers apparently got a hold of the login and password details for about 7 million Dropbox
accounts in late 2014, and displayed some of this information on other sites. However,
Dropbox claimed that their server was not hacked, and that the breach was on account of
some third party applications that users had given permission to, to access some account info.
The hackers even promised to display more usernames and passwords if they were paid
ransom of bitcoins! Dropbox urged its users to change their passwords, and the ones
displayed publicly were expired deliberately.

Massive account hack

Around August 2014, a Russian group hacked 1.2 billion usernames and passwords of
numerous sites, both big and small. Some believe that the attackers merely hacked into any
and all online accounts that their victims used. The names of the hacked sites are not released.
Most of the sites are leaders in their respective industries, making this one of the most
arbitrary and massive scale attack so far.

P.F. Chang’s restaurant

Around June 2014, restaurant chain P.F. Chang’s became the victim of credit card and
payment information hacking attack. It was alerted by the United States Secret Service after
they found credit and debit card numbers for sale on some underground websites. The
restaurant got actively involved in the investigation, and brought in manual card machines for
accepting payments until the regular machines were checked. The restaurant also urged
people to regularly check their financial statements for any unusual activity, and started a
blog with regular updates about the investigation to keep customers in the loop.

US Office of Personnel Management

GEN121: Cyber Security Page 65


The United States Office of Personnel Management (OPM) was hacked, and records of over
20 million people were compromised. The attack, which began in early 2014, was detected in
April 2015. The data that was compromised included social security numbers, names,
addresses, dates and places of birth. Detailed records of security clearance related information
were also stolen. There was also information related to Government employees and other
people who had undergone background checks. This attack is touted to be one of the largest
breaches of Government information in US history.

Evernote and Feedly

Evernote and Feedly were hacked by attackers using a DDoS attack, wherein they bombarded
the server from outside, making it shut down and thus being unavailable to legitimate users.
They then demanded ransom money from the site for getting back usage. However, Feedly
assured its users that its server was not hacked and that their data was safe.

Domino’s pizza

In June 2014, pizza giant Domino’s was in for a rude shock. A hacking group, which called
itself the Rex Mundi, hacked into its French and Belgian branches and captured data of more
than 600,000 customers. The group asked for a huge ransom amount in exchange for not
misusing that information. However, Domino’s refused to cave and did not pay them the
money. They instead took other steps. Customers were urged to change their passwords and
report any suspicious financial activity to the authorities.

How hacking attacks are made possible

Suppose a criminal wants to break into a bank and steal a lot of money. What do you think he
will do first? Think about the bank’s security mechanisms and features. He will then try to
find a loophole in the system, or try and find a way in which he can disable the system. A
hacking attack works pretty much in the same way. The attacker tries to find a bug in the
server’s security and protection features, so that he/she can use it to their advantage. The
attacker then infiltrates the system and takes control. Let us see some popular examples of
software bugs that were misused by hackers.

The Heartbleed Bug – This was a bug found in OpenSSL software. This software is used to
protect important communication from eavesdropping. The bug enabled anyone on the
internet to read the system memory of those protected by the vulnerable and faulty bug.

TweetDeck hack – Twitter’s popular tweeting tool TwitterDeck was temporarily taken down
after a bug was found in it. The hack caused pop-ups to jump up on users’ screens, which was
quite irritating. However, it is believed that leaving the bug unfixed could have also resulted
in the hacker getting a hold of user accounts.

Facebook notes to DDoS a server – Whenever people create notes in Facebook, they can give
links to images that they wish to put. Ideally, Facebook downloads this image only once and
caches it. However, if the image has many parameters, then it can cause the images to
download each time someone opens that note to read. This bombards the server and shuts it
down due to overload.
GEN121: Cyber Security Page 66
Browser-based botnets – In this type of attack, the attacker creates the botnet by creating a
fake online ad. As ads that are hosted on sites allow running of the Java script, the attacker
can create a malicious Java script that can bring thousands of browsers to the targeted site
using the ad. This can cause the server to shut down due to overload.

Misfortune cookie – A bug was found in softwareRomPager, which was a part of the internet
routers made by a company called AllegroSoft. The bug allowed attackers to send a simple
http cookie file to the router, and it would destroy the data and give control to the attackers.
They could then control the compromised machine’s webcams, connected devices, and even
change the DNS server settings.

Timing attack on Google docs – In this method of attack, the hacker can know which Google
user has the right to view which document. Although this is not an imminent threat at the
moment, it can be irritating as it takes a longer time for documents to load because of this.

How a Facebook account can be hacked

Hundreds of attempts are made to hack Facebook accounts on a daily basis. This is done
using a variety of malicious and unlawful methods and techniques. Here are some of these
techniques.

Phishing – Sending a mail claiming to be from the Facebook admin. It states that there has
been unusual activity on your account and that you must change your password or log in
again. This way, the hacker gets your details.

Keylogger – This is a malicious program that can trace the keystrokes that a user makes on
the keyboard. It then transmits the data to the attacker, who can now hack into your account.

Password stealer – This is a program that can be downloaded from the internet. It steals
passwords from all the net browsers that the victim is using. This way, the attacker can get
the login details of any and all accounts that the victim is using, be it social sites, email sites
or banking sites.

Session hijacking – Just like there are cookies on every site we visit, there are cookies for
when we log into a site as well. Cookies help the site trace a user’s browsing history on the
site, and even their location and other details. Facebook uses an authentication cookie to
authenticate a user when he/she logs in. A hacker can steal this cookie and use it to log into
your account. Thus, the attacker hijacks the authentication cookie during a login session.

Side jacking using FireSheep – FireSheep was a Mozilla Firefox extension. It can be used to
steal a victim’s login details, but only if the victim and the attacker are using the same Wi-Fi
network at the same time.FireSheep can track and intercept unencrypted cookies for sites,
using which the attacker can obtain login details for the victims Facebook and other accounts.

Mobile phone hacking – If the attacker gets a hold of the victim’s phone, then he can
download some spyware into the phone, and then access the victim’s login details and
Facebook profile.
GEN121: Cyber Security Page 67
DNS spoofing – DNS stands for Domain Name Service. It is used for domain name
resolution, or to convert a domain name (site name) to an IP address. An attacker can create a
spoof of a site’s IP address and create an authentic looking page as well, so that users do not
realize that they have been redirected to a malicious version. The attacker can then steal the
login credentials of the victims. This is, however, not easy to do.

Man in the Middle attack – In this type of attack, the attacker and victim needs to be using the
same internet network. The hacker hacks into the network and intercepts all outgoing data
from the victim’s device. He then uses it to hack into the victim’s accounts. Neither the site
nor the victims realize that their communication has been intercepted.

USB hacking – The hacker creates certain malicious programs in a USB drive or pen drive.
These programs steal passwords from whichever computer they are connected to. Once the
attacker connects the USB to the computer, the programs on it will steal passwords and other
login data. This requires the attacker to be physically present at the machine. It cannot be
done virtually.

Botnet – A botnet is a group of computers that have been infected with a malicious program.
Once they are hit, they all become zombies and can be controlled by the remote commanding
computer. This way, an attacker can hack and control a number of computers with one simple
program.

Dos and don’ts of internet security

 Keep long passwords that are combinations of various characters. Never keep the
same or similar password for various accounts.
 Always keep your antivirus and firewall on and updated.
 Do not access websites that require passwords, or conduct financial transactions on
public networks, like public WiFi or net cafes.
 Do not install software or apps from unknown sources or sites. Also do not download
free software because it’s available.
 Never download attachments or click on links included in mails from unknown
senders.
 Never click on links that appear to be from your bank. Call your bank instead.

See how smart criminals have become lately? You can never tell how someone will find a
way around a rule, regulation or security feature and manage to do something immoral and
unlawful. Hence, it is best to be aware of these issues so that you are not left bewildered and
confused if something like this ever happens.

With this, we conclude the eBook. We hope that you now have a good idea of the importance
of cyber security in everyday life. We also hope that your knowledge base regarding the
dangers of the internet has increased, and that this will help you in the future if any untoward
incident arises. Remember, prevention is better than damage control, and always report a
crime if you see it. Do not ignore. Stay aware, stay safe.

GEN121: Cyber Security Page 68