Internet Fraud

1
Internet Fraud

• Can you be safe on the Internet?
• Bob Samson

2
The Disclaimer
Marriott Vacation Club International (MVCI)
disclaims liability for any personal injury,
property, or other damages of any nature
whatsoever, whether special, indirect,
consequential, or compensatory, directly or
indirectly resulting from the publication, use
of, or reliance on this course material. In
issuing and making this course available, MVCI is
not undertaking to render professional or other
services for or on behalf of any person or
entity. Nor is MVCI undertaking to perform any
duty owed by any person or entity to someone
else. Anyone using this course material should
rely on his or her own independent judgment or,
as appropriate, seek the advice of a competent
professional in determining the exercise of
reasonable care in any given circumstance.
3
What will be covered today

• What is really happening on the Internet today?
• Five areas causing most of the problems
• Some good habits
• Some necessary habits
• Wrap up

Internet
4
The state of affairs today
We are at war!
5
Your Greatest Threats!
ltltlt From the Inside
From the Outside gtgtgt
6
The Internet War Machines

• From the Inside
• Accidental downloading of malware
• Falling for email con artists
• Purchasing dangerous products
• Giving away your data
• From the Outside
• Viruses, worms, Trojan software
• Key Stroke Logging
• Bogus email extensions
• Web bugs, cookies, pixel tags

7
Meet the enemy Its You

• Do you
• Sign up for free software?
• Browse unscrupulous websites?
• Open email attachments with dangerous extensions?
• Join YouTube, mySpace, Zanga, Bebo, or Facebook?
• Use Free Email services like Gmail, Hotmail or
  Yahoo?
• Fall for a phish?
• Want to get rich quick?
• Respond to surveys?
• Enter contests?
• Every day, people just give away
  their personal
  information.

8
What exactly is going wrong?

• Trickery and slight of hand
• Misrepresentation
• Greed
• Outright theft
• Aggregation of data

9
5 problem areas you need to watch

• Know your Computer is Safe
• Know how to spot a Phish
• Know your URLs
• Know your Email Extensions
• Know that you are followed wherever you Browse
  the Internet

10
Is your computer safe?

• Building fences and walls
• Firewalls and routers
• Looking for the breaches
• Virus scanning
• Spyware and Rootkits
• Key Stroke loggers
• Locking your doors and windows
• Wireless Networks
• Keeping up with the criminals
• Updating of Application Software

11
Whats a deadly Phish?
It is not the Lion Fish
12
Example one of a phish
13
Example two of a phish
14
Example three of a phish
Spaces are not permitted
15
So how do you catch a phish?

• No legitimate business ever asks for Personal
  Information via email (no exceptions)
• A clue a threatening or urgent message with
  concern for your security
• Never call a phone number in the email to verify
  its authenticity
• Never click on a link within an email and enter
  personal information
• Never think you are smart enough to figure out if
  the email is real
• Never trust a website linked via an email

16
Too good to be true?

• Lets look at a few examples
• Check fraud and Nigerian Scams
• Lotteries (that you did not play in)
• Watch what you buy

You Win!
17
Check Fraud The Nigerian Scam
18
The Lottery Scam
19
Watch what you buy

• Cheap drugs
• Internet Auction sites
• Know your https
• Sell your soul for a bottle cap

20
Time to learn something
This is the address bar It displays a
URL Universal Resource Locator
21
Can you find the URL scams?

• https//web-ao-da-us.citibank.com/cgi-bin/
• http//online.da.us.citibank.com.businesssupport.r
  u/
• http//www.kolemsveta.oz/www.citibank.com/index.ph
  p
• https//onlineservices.wachovia.com/
• http//ww3.nationalgeographic.com/
• http//secure-signin.ebay.com.ttps.us/
• http//www.latam.citibank.com/uruguay/
• http//24.130.75.227/mymbna/mbna/login/
• First, find the real web site URL (Universal
  Resource Locator)

22
Know your forward slashes

• https//web-ao-da-us.citibank.com/cgi-bin/
• http//online.da.us.citibank.com.businesssupport.r
  u/
• http//www.kolemsveta.oz/www.citibank.com/index.ph
  p
• https//onlineservices.wachovia.com/
• http//ww3.nationalgeographic.com/
• http//secure-signin.ebay.com.ttps.us/
• http//www.latam.citibank.com/uruguay/
• http//24.130.75.227/mymbna/mbna/login/
• Tip Look for the first / after the http// or
  https//

OK
Scam
Scam
OK
OK
Scam
OK
Scam
23
What about email attachments?

• Can you spot a safe attachment?
• .ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl,
  .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js,
  .jse, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst,
  .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .url,
  .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .app, .fxp,
  .prg, .mdw, .mdt, .ops, .ksh, .csh, .ceo, .cnf,
  .htm, .html, .mad, .maf, .mag, .mam, .maq, .mar,
  .mas, .mat, .mav, .maw, .mht, .mhtml, .scf, .uls,
  .xnk
• What about .doc, .pdf, .zip
• Or .bmp, .jpg, .tif
• One of the latest cyber crime techniques is the
  use of videos to install malware (malicious
  software) and/or Trojans just by watching the
  video

Deadly
Could Be Deadly
Usually Safe
24
How data thefts occur

• Malicious software (malware) is placed on your
  computer via an email attachment, deceptive
  website, freeware
• Your logins or passwords are captured, your
  Outlook Address Book is stolen
• Your on-line bank accounts are raided
• Messages are sent under your name to those in
  your address book
• Besides email, beware of eCards
• Your friends/contacts are compromised and the
  cycle continues
• Computers, yours as well as your friends, are
  under the control of criminals (zombies sending
  more phishing attacks to others)

25
Your browser is a tattletale

• Cookies
• Search Engines
• Aggregators
• Free email
• How web sites track you

26
Some good habits for kids

• Children
• Keep the computer in a public space
• Disable administrator rights
• Monitor Social Networks
• Disable the feature in email that allows
  attachments

27
Some good habits for adults

• Adults
• Be very, very, very, very careful with email
• Use a virus scan program
• Update your software programs per manufacture's
  recommended schedules
• Never respond to any email solicitation with the
  entry of passwords, credit cards or other
  sensitive personal information (never)
• Think twice about online services such as
  banking, bill paying or investment management
  services
• Stay off of untrustworthy websites
• Dont use free software, shareware
  or browser add-ons

28
Some necessary habits for everyone

• Use strong passwords
• Change passwords (every 3 months)
• Think about encryption
• Back up regularly

29
So are you worried?

• You should be!
• Cyber crime is very real today, a multi-billion
  dollar industry
• Cyber crime can destroy a persons reputation, it
  can destroy a nations infrastructure
• The new currency of crime is DATA!
• So what should you do?
• Knowledge should be your first weapon of choice