Ch.9.3 Helpdesk: Threats to Your Digital Life_sc
What should users do if they get a popup threatening them that their system is at risk and that they need to buy a particular product to ensure its protection?
Close the popup and make sure your operating system and anti-virus software are up to date. Scan your entire system for viruses.
Adware is software that displays sponsored advertisements in a section of your browser window or as a pop-up box.
It's considered a legitimate, though sometimes annoying, means of generating revenue. Learn how to use the web browsers' built-in pop-up blockers. This will reduce the occurrence of annoying pop-ups a great deal
Social Engineering
- Never reply directly to any e-mail asking you for personal information. - Don't click on a link in an e-mail to go to a website. Instead, type the website address in the browser. - Check with the company asking for the information and only give the information if you're certain it's needed. - Never give personal information over the Internet unless you know the site is secure. Look for the closed padlock, https, or a certification seal such as Norton Secured to help reassure you that the site is secure.
Social Engineering
- Use phishing filters. The latest versions of Firefox, Chrome, and Edge have phishing filters built in, so each time you access a website, the phishing filter checks for the site's legitimacy and warns you of possible web forgeries. - Use Internet security software on your computer that's constantly being updated.
What is a virus?
A computer virus is a computer program that attaches itself to another computer program and attempts to spread itself to other computers when files are exchanged.
worms and viruses
A computer virus is one type of malicious software program (also called malware) that disrupts or destroys existing programs and networks
identity theft
A crime that involves someone pretending to be another person in order to steal money or obtain benefits
Hackers
A hacker is anyone who unlawfully breaks into a computer system—either an individual computer or a network. There are different types of hackers, depending on their intent: - Black-hat hackers break into systems to destroy information or for illegal gain. - White-hat hackers (or ethical hackers) break into systems for nonmalicious reasons, such as to test system security vulnerabilities or to expose undisclosed weaknesses. They believe in making security vulnerabilities known either to the company that owns the system or software or to the general public, often to embarrass a company into fixing a problem. - Grey-hat hackers are a bit of a cross between black and white—they often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.
polymorphic virus
A virus that can change its own code or periodically rewrites itself to avoid detection
stealth virus
A virus that temporarily erases its code from the files where it resides and hides in the active memory of the computer.
Malware is software that has a malicious intent. There are three primary forms of malware: adware, spyware, and viruses.
Adware and spyware are not physically destructive like viruses and worms, which can destroy data. Most malware consists of intrusive, annoying, or objectionable online programs that are downloaded to your computer when you install or use other online content such as a free program, game, or utility.
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
Is it safe to click on links that come in email from companies you know?
No, it is not safe. It is a better practice to go to the website yourself and login there.
Is a virus the only way cyber criminals can steal a person's identity?
No, you need to protect yourself in many situations, such as when you use public Wi-Fi, when you respond to email and you should also have a strong anti-virus program installed and updated.
What Viruses Can You Get from the Internet?
Once you have a virus, they use many methods to avoid detection by antivirus software: - A polymorphic virus changes its own code or periodically rewrites itself to avoid detection. Most polymorphic viruses infect a particular type of file such as .EXE files, for example. - A multipartite virus is designed to infect multiple file types in an effort to fool the antivirus soft-ware that is looking for it. - Stealth viruses temporarily erase their code from the files where they reside and then hide in the active memory of the computer. This helps them avoid detection if only the hard drive is being searched for viruses. Fortunately, current antivirus software scans memory as well as the hard drive.
Pharming
Pharming is much more insidious than phishing. Phishing requires a positive action by the person being scammed, such as going to a website mentioned in an e-mail and typing in personal information. Pharming occurs when malicious code is planted on your computer, either by viruses or by your visiting malicious websites, which then alters your browser's ability to find web addresses. Users are directed to bogus websites even when they enter the correct address of the real website. You end up at a fake website that looks legitimate but is expressly set up for the purpose of gathering information.
Phishing
Phishing (pronounced "fishing") lures Internet users to reveal personal information such as credit card numbers, Social Security numbers, or passwords that could lead to identity theft. The scammers send e-mail messages that look like they're from a legitimate business such as a bank. The e-mail usually states that the recipient needs to update or confirm his or her account information. When the recipient clicks on the provided link, they go to a website. The site looks like a legitimate site but is really a fraudulent copy that the scammer has created. Once the e-mail recipient enters his or her personal information, the scammers capture it and can begin using it.
Scareware Scareware is a type of malware that downloads onto your computer and tries to convince you that your computer is infected.
Pop-ups, banners, or other annoying types of messages will flash on your screen, saying frightening things like "Your computer is infected with a virus ... immediate removal is required." You're then directed to a website where you are told to buy fake removal or antivirus tools.
Pharming
Reroutes requests for legitimate websites to false websites
anti-virus software
Software for blocking malicious -bad programs, such as viruses or malware, from harming your computer.
What Viruses Can You Get from the Internet?
Some viruses are hidden on websites in the form of scripts. Scripts are small programs that are executed without your knowledge when you enter a site. Scripts are often used to perform useful, legitimate functions on websites such as collecting name and address information from customers. However, some scripts are malicious and can infect your computer with a virus.
Phishing Scam
Spoofed email and website in order to trick a person into providing private information
Antivirus Software
The best defense against viruses is to install antivirus software, which detects viruses and protects your computer and files. Antivirus software scans files when they're opened or executed. If it detects either a virus signature (portions of virus code) or a suspicious activity (like a macro or script being launched), it stops the execution of the file and notifies you it has detected a virus.
Spyware Spyware is an unwanted piggyback program that usually downloads with other software you install from the Internet and that runs in the background of your system.
Without your knowledge, spyware transmits information about you, such as your Internet-surfing habits, to the owner of the program so that the information can be used for marketing purposes.
Worms
Worms are slightly different from viruses in that they attempt to travel between systems through network connections to spread their infections. Whereas viruses infect a host file and wait for you to execute that file before they spread, worms can run independently of host file execution and are much more active in spreading themselves.
multipartite virus
designed to infect multiple file types in an effort to fool the antivirus software that is looking for it
antivirus software
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
How Could a Hacker Get to Your Personal Data?
Data travels through the Internet in small pieces called packets. The packets are identified with an Internet Protocol (IP) address, in part to help identify the computer to which they are being sent. Once the packets reach their destination, they're reassembled into cohesive messages. A packet sniffer is a program that examines each packet and can read its contents. A packet sniffer can grab all packets coming across a network—not just those going to a certain computer. For example, a hacker might sit in a coffee shop and run a packet sniffer to capture credit card numbers from people using the coffee shop's free wireless network. Wireless networks are vulnerable to this type of exploitation if encryption of data wasn't enabled when the networks were set up.
Trojan horse
Even if you stay home all the time, hackers might use your computers as a staging area for mischief. To commit widespread computer attacks, for example, hackers need to control many computers at the same time. They might use a program to install other programs on computers. This is called a Trojan horse. It is a program that appears to be something useful, like a game or a screen saver, but while it runs it does something malicious in the background without your knowledge.
Identity Theft
Identity theft occurs when a thief steals personal information such as your name, address, Social Security number, birth date, bank account number, and credit card information and poses as you in financial or legal transactions. Theft of personal data such as bank account numbers and credit/debit card numbers is of most concern to individuals because this information is usually used for fraudulent purposes. Many victims of identity theft spend months, or even years, trying to repair their credit and eliminate fraudulent debts.
If a Microsoft Excel file is all garbled, could it have a virus?
It could be a virus, but it could also be another problem, such as a corrupt file.
Identity Theft
You can have your identity stolen without ever using a computer, in fact. Be careful with personal information. Thieves use many tactics: - Stealing purses and wallets, in which people often keep personal information such as their ATM PIN codes - Stealing mail or looking through trash for bank statements and credit card bills - Posing as bank or credit card company representatives and tricking people into revealing sensitive information - Installing skimming devices on ATM machines that record information, such as account numbers and passcodes Most commonly your identity can be compromised if you store sensitive information (like credit card numbers) with a company and their databases are hacked. Pay attention to news reports of these "data breaches." If you are affected, companies often respond by offering a year or so of free credit monitoring service.
Antivirus Software
You can then delete or repair the infected file. Unfortunately, antivirus programs can't always fix infected files, so you should keep backup copies of critical files just in case.
pharming attack
uses a zombie farm, often by an organized crime association, to launch a massive phishing attack