INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION - - PowerPoint PPT Presentation

INTERNET & FAMILY SAFETY

10TH SYRO-MALANKARA CATHOLIC CONVENTION STAMFORD, CT 2018 AUGUST 2-5 PRESENTED BY: JOHN P VARGHESE

AGENDA

• Cyber Threat
• Malicious Code
• Social Engineering
• Improper Usage
• Phishing
• Password
• Email
• Device
• Social Network
• Examples of Data Breeches
• Resources
• Q&A

2

2017 STATISTICS

• According to the FBI Internet Crime Complaint Center (IC3) 2017 Internet

Crime Report:

• 300,000 complaints logged
• $1,400,000,000 losses reported

3

CYBER THREAT

• Cyber Threat is a malicious actor seeking to compromise a system – computer,

tablet, mobile home, smartwatch, smart speaker, appliances and other IoT devices.

• Damage can range from taking your device offline to stealing your passwords

and identity.

4

MALICIOUS CODE

• Malicious code (commonly knows as malware) is software intentionally

designed to disrupt the normal operation of a computer.

• Examples:
• Malware could encrypt your computer without your knowledge, then require ransom be

sent to the attacker’s anonymous bank account

• Innocent “flashlight” app can access your mobile phone address book and spams your

family, friends and business

• Download apps only from trusted sources.

5

SOCIAL ENGINEERING

• An attacker manipulates a person into disclosing sensitive information, or

grants the attacker unauthorized access

• Example:
• Sharing password to an imposter IT technician who may steal sensitive information
• Be cautious of anyone requesting personal information, especially by phone or

email

• Verify the identity of the person/organization and reason for request

6

IMPROPER USAGE

• Intentional or unintentional action to share personally identifiable information

(PII), such as DOB & SSN

• Installing “bootleg” software from an unknown source that may have malware

embedded

• How to protect your data:
• SSL
• Encryption

7

PHISHING

• A scheme that mixes social engineering with digital communication to lure

victims into providing information

• Spear phishing is a more advanced; it utilizes knowledge about target

individuals to deceive them

• What should I do?
• Do not respond to the email, click on any link, or download any attachment
• Confirm the source if known; do not call phone number listed

8

PHISHING – CONT’D

• Characteristics of a phishing email:
• Generic or no greeting
• Hello, Sir, Madam
• To Whom It May Concern
• Fake email address
• no-reply@irs.com, warning@chasebank.com
• Threatens dire consequences or promises reward
• Please reply immediately to prevent legal actions against you
• Free Amazon Prime or Costco Membership
• “Complete this survey and you will be automatically entered into $100 Apple gift card drawing”

9

PHISHING – CONT’D

• Characteristics of a phishing email (cont’d):
• Sense of urgency
• “Your refund may be delayed…”
• “Click here immediately to confirm {John or Jane Doe} travel plan.”
• “Click here to prevent automatic deductions.”
• Asks for sensitive information
• “What is the best number to reach you in the evening?”
• “Please input your password here to validate compliance and security?”
• “I’ll ship the instructional manual to your home. What is your address?”

10

PHISHING – CONT’D

• Characteristics of a phishing email (cont’d):
• Fake or deceptive web links (URLs):
• http://www.nymcu.org.ru/
• www.cnn.cn (not the new site cnn.com)
• www.gooogle.coom (extra “o” in name)
• Misspellings and/or non-standard grammar

11

PASSWORD

• Make your password difficult (strong)
• Google Password Generator
• Random words, numbers and special characters
• Memorize instead of writing it down
• Never share your password
• Remain mindful of people around you (public areas, cafes, libraries, etc.)

12

EMAIL

• Follow these guidelines to keep your family safe and secure when using email:
• Don’t reply or forward suspected phishing or chain emails
• Be cautious of every email, especially if the source in unknown (unsolicited emails)
• Don’t click on suspicious links in email
• Don’t open or download attachments from unsolicited emails; especially ending in “.exe”
• Explain attachments when including them in emails
• Create subject lines that are clear, concise and relevant
• Don’t respond to emails requesting personal information (i.e. passwords, address, names of

children or other family members, bank or retirement accounts, driver’s license, etc.)

13

EMAIL CONT’D

• An example of an email scam:
• The message claims to be from a hacker who’s compromised a victim’s computer, knows

their previously used passwords, and has used the victim’s webcam to record a video.

• The emails contain threats and demands of payment or the victim’s purported video will

be released to the public.

• The hacker demands payment via PayPal, cryptocurrency, bank wire transfer, credit

cards, etc.

14

DEVICE

• Update OS and web browser on computer and mobile device
• Keep anti-virus and anti-malware software up to date (MS Defender, McAfee, Symantec,

Norton, Avast, Malwarebytes, etc.); term license renewals

• Carry your flash (“thumb”) drive with you; do not share; scan for viruses; encrypt your drive (if

possible) or lock it with password if sensitive information is stored

• Download mobile apps from trusted source only; do not grant unnecessary permissions
• Use firewall feature on your Wi-Fi router and change the standard password – set up guest

account on home Wi-Fi router

15

SOCIAL NETWORK

• Refrain from posting personal or sensitive information
• DOB, location, vacation plans, children’s school, work hours, new purchases, etc.
• Take advantage of security options provided by social networking services and

periodically evaluate those options

• Careful presenting your personal views and sharing links
• Careful sharing photos and tagging individuals

16

SOCIAL NETWORK – CONT’D

• How to protect yourself:
• Limit the information; may affect your future employment or finding a partner
• Social network exists in public domain
• Evaluate your settings
• Third-party sharing
• Be way of fake social medial profiles
• Does your child have a social media account?
• Facebook, Twitter, WhatsApp, Instagram, Snapchat, LinkedIn, Pinterest, G+, Vine, etc.?
• How do you monitor it?

17

EXAMPLES OF DATA BREACHES

• Yahoo – 3 billion user accounts
• eBay – 145 million
• Equifax – 143 million
• Target – 110 million
• TJX Companies – 94 million credit cards
• Uber – 57 million
• JP Morgan Chase – 76 million accounts
• OPM – 22 million employees
• Sony’s PlayStation Network – 77 million
• Anthem – 78.8 million
• RSA Security – 40 million employees
• VeriSign - undisclosed

18

RESOURCES

• USA.gov
• https://www.usa.gov/online-safety
• US-CERT
• https://www.us-cert.gov/ncas/tips/ST06-003
• https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf
• https://www.us-cert.gov/ncas/tips/ST04-014
• FBI
• https://www2.fbi.gov/publications/pguide/pguidee.htm
• Google
• https://www.google.com/safetycenter/
• Norton
• https://www.nortonsecurityonline.com/security-center/15-social-networking-safety-tips.html

19

QUESTIONS & ANSWERS

• Thank you for participating
• If you want a copy of this presentation please visit:

www.stthomascatholic.church and click LINKS

20