cyber scam

cyber scam

Cyber security: Spam,Scams,Frauds and identity Theft


 Spam, online scams and frauds, identity theft and issues related to online purchases are a serious issue in the online world. Navigating the Web while avoiding these threats can be a challenging task.

myself rakesh panda is here with the topic cyber scam 

Spam refers to unsolicited bulk messages being sent through email, instant messaging, text messaging or other digital communication tools. It is generally used by advertisers because there are no operating costs beyond that of managing their mailing lists. It could also take place in chat rooms, in blogs and more recently within voice over internet conversation (such as Zoom). Beyond being a simple nuisance, spam can also be used to collect sensitive information from users and has also been used to spread viruses and other malware.

Online identity theft is the theft of personal information in order to commit fraud. This can happen through your email account but can also be a result of online purchases or other situations where you give out sensitive information such as your credit card information.

A related concern is identity spoofing, in which the victim is impersonated on social networking sites such as Instagram or Twitter. Identity spoofing may also involve spoofing someone’s Internet Protocol (IP) address (the unique number associated to your computer as you surf the internet). The purpose of identity spoofing on social networking sites can range from a simple prank to more serious attacks aimed at shaming or hurting someone’s social networks. Internet Protocol spoofing is used by hackers to cover their tracks or to gain access to places normally closed to them.

Risks relating to online shopping can include overspending or receiving items that do not match their description once you have already paid for them (or not receiving any item at all). Scammers sometimes offer deals that are too good to be true, selling things that are counterfeit, stolen, damaged or that just don’t exist. Even a lot of legitimate online shopping sites have hidden costs that make what you’re buying more expensive than you thought it would be, like shipping and duty charges.





UNDERSTANDING SPAM

EMAIL SPAM

Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Spam can be sent by real humans, but more often, it is sent by a botnet, which is a network of computers infected with malware and controlled by a single attacking party . Apart from email, spam can also be distributed via text messages or social media.

Most people find spam annoying but consider it an inevitable side effect of using email communication. While spam is annoying -- it can choke email inboxes if not properly filtered and regularly deleted -- it can also be a threat.

Email spam senders, or spammers, regularly alter their methods and messages to trick potential victims into downloading malware, sharing data or sending money.

Spam emails are almost always commercial and driven by a financial motive. Spammers try to promote and sell questionable goods, make false claims and deceive recipients into believing something that's not true.

The most popular spam subjects include the following:

  • pharmaceuticals
  • adult content
  • financial services
  • online degrees
  • work-from-home jobs
  • online gambling
  • cryptocurrencies


INSTANT MESSANGING (IM) OR TEXT MESSAGE SPAM


SPIM are spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, ViberTelegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware.

Most apps have built-in filters that block messages from unknown sources. However not all of them have this as the default setting, which means that you might still fall victim to this problem. Which is exactly what SPIM relies on to win its small victories.

HOW INSTANT MESSAGING SPAM WORKS

Every SPIM has its spimmer. The spimmer’s goal is to spread an unsolicited message to as many users as possible. The best way to spread that message is to “borrow” their victim’s identity and spam the users from their buddy list.

Spimmers hack into their victims’ profiles by sending an instant message with a link that has a malicious code buried in it. Here’s what happens next:

  1. When the victim clicks the link, they basically give away their identity on that IM platform to the spimmers
  2. The spimmers then use the identity to send unsolicited commercial messages to users on their victims’ buddy lists
  3. Some users from the buddy list click on a malicious link and the cycle continues

Another scenario is that a link is sent to a funny video hosted on a phony website designed to look like a popular social network. If you’re not savvy to these tricks, you’ll enter your credentials and effectively give away your account to a cybercriminal.

There’s also a less insidious way spimmers conduct their IM spams – They create software bots that generate innumerable throwaway accounts on instant messaging software. Once they do, Once this is done, they go in rapidly-fire mode and  send countless unsolicited messages to as many accounts as possible.

Of course, not all SPIM is evil. Most of it is just annoying commercial spam from companies without the moral compass and business shrewdness to know better.

COMMENT SPAM

Why on earth would a spammer use your blog to target a search engine? Let’s start from the beginning. Several years ago, Google pioneered a search technique called PageRank. Basically, in addition to looking at the content of the page being indexed, Google also takes into account who links to the page and what those links say. This technology meant Google was very good at returning relevant results, making it the most popular search engine today. Because their ranking system relies so heavily on PageRank, people sometimes game the system using a technique called “Google Bombing.”

google bomb is when a large number of different websites link to a page with the same link text to influence the ranking of that page for a search term.

This brings us back to the spammers. A spammer might have a site that sells “mydrug” and wants to be at the top of search results for “mydrug” on Google. They leave comments on hundreds or thousands of weblogs linking to their site with the link text “mydrug.” They don’t really care if you see their google bomb text—in fact they’d rather you didn’t in case you decide to delete it! They just want the search engine to see it when they index your page.

SMART PHONE SPAM

Mobile phone spam is a form of spam (unsolicited messages, especially advertising), directed at the text messaging or other communications services of mobile phones or smartphones. As the popularity of mobile phones surged in the early 2000s, frequent users of text messaging began to see an increase in the number of unsolicited (and generally unwanted) commercial advertisements being sent to their telephones through text messaging. This can be particularly annoying for the recipient because, unlike in email, some recipients may be charged a fee for every message received, including spam. Mobile phone spam is generally less pervasive than email spam, where in 2010 around 90% of email is spam. The amount of mobile spam varies widely from region to region. In North America, mobile spam steadily increased after 2008 and accounted for half of all mobile phone traffic by 2019.[1] In parts of Asia up to 30% of messages were spam in 2012.

The lesser and geographically uneven prevalence of mobile phone spam is attributable to geographic variation of prevalence of mobile vs non-mobile electronic communications, the higher cost (to spammers) of and technological barriers to sending mobile messages in some areas, and to law enforcement in others. Today, particularly in North America, most mobile phone spam is sent from mobile devices that have prepaid unlimited messaging rate plans. While the rate plans allow for unlimited messaging, in reality the relatively slow sending rate (on the order of magnitude of 1/s) limits the number of messages that may be sent before an abusing mobile is shut down.


SECURITY TIPS

Create a Secure, Unbreakable Password

The strongest passwords are random strings of letters, numbers, and special characters. Unfortunately, most people have a hard time remembering them, so we recommend using pass phrases instead of passwords. They should be easy to remember, but difficult for other people to guess. To create a pass phrase, take a sentence (or a line from a song, etc.) and then replace some of the letters with numbers and special characters. You should also use some capital letters and you can also use spaces if you want. For example, the phrase “The color of my car is red” can be translated to “ThE co10R Of mY C@r i$ R3D”.

Do Not Share Your Password

It is important to remember to never share your password with anyone for any reason. Do not store your password on your computer in clear text files. If your passwords are written down on a piece of paper, make sure it is protected and stored in a secure area. Do not type your password while someone is watching you. Finally, do not log in with your password and then let someone else use your account - you are responsible for anything that happens on your account.

Never Send Your Personal Information Through Unsecured Internet Connections

It is important to remember to never send any personal information, such as passwords, credit card numbers, social security numbers, driver's license numbers, etc., through unsecured Internet connections. Sending your personal information in emails, through instant messages, posting it in chat rooms, etc. is dangerous and susceptible to being intercepted or harvested.

Install and Use Anti-virus & Anti-spyware Software

Remember to install anti-virus & anti-spyware software and make sure that it updates and scans for viruses & spyware regularly. This will help to keep your computer safe from viruses and spyware and help to safeguard your personal information. There are a variety of free anti-virus products that may be found online.

Update Your Operating System

Remember to regularly update your operating system with the latest security patches, updates, and drivers. This will help to prevent against viruses and other security breaches.

Do Not Use or Create Illegal Copies of Software

Do not use or make illegal copies of software. During the process of "cracking" the software, security vulnerabilities can be created. A good example of this is a "cracked" version of Windows. Once "cracked", it no longer requires a CD Key during installation, so the same copy can be installed many times by many different people. "Cracked" versions of Windows can not get updates though, so the operating system quickly becomes dated and vulnerable to being attacked or catching viruses.

Properly Dispose of Personal or Sensitive Information

Always dispose of personal or sensitive information in a secure manner by using a shredder, disk wiping utility, or other means of permanently destroying information.

Back Ups

Always make sure that your data is backed up properly on another type of media, such as an external hard drive, USB flash drive, CD/DVD, or a UTEP-approved storage utility, etc. Also, try to store your backups in a different location than the original data, so if something happens, one copy will be safe.

Use a Surge Protector

Use a surge protector to protect your computer. A spike in voltage can easily damage a computer and cause the loss of data, time, and money.

Always remember that the data you are working with may belong to other people. Protect and maintain all sensitive data, and keep in mind the privacy of all individuals since you have access to their personal information.

419 SCAMS

 419 Scam

This scam, also known as the advance fee scam, starts with an email from someone who claims to need your help moving money out of another country. The catch is that you must provide some money up front, supposedly to cover a transfer fee, with the promise of receiving a small fortune when the task is complete.[10] Victims of this fraud typically lose thousands of dollars.[11]

Chain letter scams

Chain letter scams involve sending an email to a large list of contacts which prompts them to forward it to their own contacts and so on. In the email, you are asked to send a small amount of money to a certain number of contacts and to add your name to the contact list. This supposedly guarantees that in the end a large amount of money will come back your way. The problem with this is that it is a modern-day version of a pyramid scheme: only the original senders ever make any money. Chain letter scams of this nature are illegal in most countries, including Canada and the U.S.

Postal forwarding/reshipping scam

In this scam, you are asked, either through emails or online job postings, to receive and then reship goods for a foreign company. The goods that come your way, however, are usually stolen or acquired through credit card fraud, making you an accessory to the scammers’ crimes.

Identity theft

Data theft

The internet provides innovative ways for people to steal personal information and to commit fraud. Thieves can obtain your information in several different ways, such as spreading viruses that install key loggers (programs which record everything you type) on your computer to discover your passwords, usernames and credit card numbers.

Many online businesses store personal information about customers and shoppers on their websites so that it can be used for quick and easy service when a customer returns to the website. While convenient, this also provides another way for personal information to be accessed. For example, in 2018, MyFitnessPal experienced a data breach that resulted in around 617 million customer accounts leaked and information offered for a price on compromised websites like Dream Market. Following the breach, MyFitnessPal, owned by Under Armour, urged customers to change passwords regularly, review accounts for suspicious activity, be cautious of “unsolicited communications” and to avoid downloading links from suspect materials. Their acknowledgement went on to claim they did not know who had breached the system and would update the software to prevent it from happening again.Unfortunately, only one breach is enough for consumers to lose faith in the security of a company that stores their personal information.

Identity theft can go beyond criminals using personal information for monetary gain. This information may also be used to obtain legal documents such as a driver’s licence, health care, social insurance number and passport. This was the case for Gerber Guzman in 2014, who was arrested and detained twice for long periods of time because his identity had been stolen six years prior and there was a warrant out for his name regarding drug charges. Yarina Hernandez, Guzman’s wife, fought very hard to get him out of prison and stated, “they told us it wasn’t going to happen again and fast forward six years later, and it’s still happening!”


Website/browser hoaxes

Typosquatting

Typosquatting involves setting up false, scam or malicious websites with Web addresses that are very similar to popular sites, in the hopes that users will navigate to them by typing them in accidentally. To avoid this, bookmark the sites you use often (using the “Bookmarks” or “Favorites” function in your browser) rather than typing them in the address bar.

Mousetrapping

Mouse trapping is a technique used by online marketers to ‘trap’ users on a malicious site. The website can disable your “back” button or bombard you with multiple popup windows. After a certain amount of time you may be able to leave but in some cases you may have no other choice but to restart your computer.

Pagejacking

Pagejacking occurs when a search engine misdirects users to a false copy of a popular website. Once there, users are usually directed to new pages that contain advertisements and offers. In some cases, these sites may be malicious or contain inappropriate material such as hate content or pornography.

Pharming

Pharming redirects users from legitimate sites to fraudulent sites that track the information that is entered such as credit card numbers, banking information and usernames or passwords. To do this, ‘pharmers’ send out a virus that causes computers to associate a legitimate domain name with a fraudulent website. Some pharmers, however, attack the website’s server rather than individual computers, so that every visitor is sent to a malicious version of the site.








Conclusion

Organizations are finding themselves under the pressure of being forced to react quickly to the dynamically increasing number of cybersecurity threats. Since the attackers have been using an attack life cycle, organizations have also been forced to come up with a vulnerability management life cycle. The vulnerability management life cycle is designed to counter the efforts made by the attackers in the quickest and most effective way. This chapter has discussed the vulnerability management life cycle in terms of the vulnerability management strategy. It has gone through the steps of asset inventory creation, the management of information flow, the assessment of risks, assessment of vulnerabilities, reporting and remediation, etc


- by RAKESH PANDA


Comments

Post a Comment

Popular posts from this blog

SUICIDE RATES IN INDIA

Image
                                                         SUCIDE RATES IN INDIA Hello this is tanmayee nayak i am here with somes thoughts which i like express it with my blog . so i chooesd the topic  "SUCIDE RATES IN INDIA". Killing oneself is, anyway, a misnomer. We don't kill ourselves. We are simply defeated by the long, hard struggle to stay alive. When somebody dies after a long illness, people are apt to say, with a note of approval, "He fought so hard." And they are inclined to think, about a suicide, that no fight was involved, that somebody simply gave up. This is quite wrong.” In most countries suicide mortality increases with age. In India, the opposite happens. The suicide rate among young adults aged 15-29 is more than three times the national average. This makes us a country with one of the highest suicide rates among youth ...
Read more

Mistreatment of scared cows

 Hello, I tanmayee nayak am a student of btech cse. Here I am with my blog on topic mistreatment of scared cows. For many Hindus, who make up nearly 80 percent of India's 1.3 billion strong population, the cow is a sacred animal. In Hindu mythology, the animal is depicted as accompanying several gods, like Shiva, who rides on his bull Nandi, or Krishna, the cowherd god. In ancient Hindu texts, the cow appears as "Kamdhenu" or the divine cow, which fulfils all desires. Its horns symbolize the gods, its four legs, the ancient Hindu scriptures or the "Vedas" and its udder, the four objectives of life, including material wealth, desire, righteousness and salvation. Modern cow protection groups, also known as "Gau Rakshak" in Hindi, subscribe to this version, hailing the cow as a divine being that deserves protection. The cow protection group "Gau Rakshak Dal Haryana" refers to ancient texts and scholars, claiming that the cow is like a mother and...
Read more