Cyber Stalking, Fraud, Abuse CSCE 201. Reading Required: Chapter 3 from textbook Interesting: ...
-
Upload
abner-russell -
Category
Documents
-
view
217 -
download
0
Transcript of Cyber Stalking, Fraud, Abuse CSCE 201. Reading Required: Chapter 3 from textbook Interesting: ...
Cyber Stalking, Fraud, Abuse
CSCE 201
Reading
Required: Chapter 3 from textbook
Interesting: Dwyer, Hiltz, Passerini, Trust and privacy concern
within social networking sites: A comparison of Facebook and MySpace, http://csis.pace.edu/~dwyer/research/DwyerAMCIS2007.pdf
Internet Safety
Technical vulnerabilities Software, hardware, applications Assurance Usability
Non-technical vulnerabilities Fraud Scam Social engineering Stalking
Why Internet Fraud?
How Internet Fraud Works?
Investment offers Email News letter
Common Schemes Outrageous sum of money Asks for small amount to be invested
Check US Secret Service bulletin, http://www.sec.gov/investor/alerts
Why would a stranger trust and reward you?
FROM THE OFFICE OF MR.MOHAMMED BELLO.CHIEF ACCOUNTANT NIGERIA NATIONAL PETROLEUM CORPORATION (NNPC),FEDERAL SECRETARIAT IKOYI, LAGOS-NIGERIA REQUEST FOR URGENT CONFIDENTIAL BUSINESS RELATIONSHIP
Dear Sir/Madam.
I,on behalf of my other colleagues from different federal government of Nigeria owned parastatals decided to solicit your assistance as regards transfer on the above-mentioned amount into your account . This fund arose from over-invoicing of various contract awarded in our parastatals to certain foreign contractors sometime ago.We as holders of sensitive positive positions in our various parastatals were mandated by the federal government to scrutinize all payments made to certain foreign contractors and we discovered that some of the contracts they executed were grossly over-invoiced either by omission or commission.
Also we discovered that the sum of us$33.5M [thirty three million five hundred thousand U.S. Dollars only] was lying in a suspense account, although the foreign contractors were fully paid their contract entitlement after the execution the said contracts.…
We are therefore, soliciting your assistance so that the remaining amount of U.S.$28.5M Can be speedily processed and fully remitted into your
nominated bank account. On successful remittance of the fund into your account, you will be compensated with 30% of the total amount for your assistance and services.So far, much have been said and due to our sensitive positions, we cannot afford a slip in this transaction, neither can we give out our identity, as regards our respective offices , but where relationship is established and smooth operation commences, you will be furnished with all you deserve to know.…
Yours Faithfully,Mr. Mohammed Bello,NNPC Chief accountant.
Investment Advise
Biased advertisement Investment news letters – must disclosed if paid
advertisement (but they don’t always do so) Pump and dump
Purchase worthless stock Artificially inflate stock prices Sell at high price
US Securities and Exchange Commission, http://www.sec.gov/investor/pubs/pump.htm
How to Avoid InvestmentFraud?
Consider source Verify claims Research the company Beware of high-pressure tactics Be skeptical Research investment opportunity
How about Internet pyramid-scheme?
Source: Wikipedia, https://en.wikipedia.org/wiki/Pyramid_scheme
Auction Fraud
US Federal Trade Commission Types of frauds
Failure to sent merchandise Sending something of lesser value Failure to deliver in timely manner Failure to disclose all relevant facts Bidding frauds:
shill biddingbid shieldingbid siphoning
Identity Theft
US department of justice, http://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud
“ Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. ”
It is a CRIME!
Methods of Identity Thefts
Social engineering Phishing Social network Technical (break-ins, RFID readers,
communication compromise, web application insecurity)
How do you accept social network connection requests?
Social Relationships
Communication context changes social relationships
Social relationships maintained through different media grow at different rates and to different depths
No clear consensus which media is the best
Internet and Social Relationships
Internet Bridges distance at a low cost New participants tend to “like” each other
more Less stressful than face-to-face meeting People focus on communicating their
“selves” (except a few malicious users)
Privacy in Social Networks
Current support for security is limited Common Access Categories: Public, Group
Membership, “Friend” No support for differentiating relationship “closeness” “Friend” connections must be symmetric, unlike reality
Users often do not use existing security features Hard-coded into the system Owners have system dependent access categories
Security & Privacy Issues
Malware exploiting social networks Malicious banner ads Adware Phishing attacks’ Customizable scripts
Facebook’s attempt: make visible relationship actions to entire social group
Everyone reading everyone’s shared information
Behavioral Profiling
SN users: post personal information for friends, family, and … the World
Data Mining applications pattern of behavior Misuse of information:Identity thefts, Scam,
Phishing Risk of third party applications!
Facial recognition of friends of friends Relationships Targeted advertisement Marketing tools
Privacy?
SN and privacy issues in early research stage Users tend to give out too much information Privacy thresholds vary by individuals What are the long term effects?
How can we prevent to become victimes?
Lack of LegislationLack of Legislation
Reactive procedures Not addressed improper acts Lack of technical expertise of legal personnel
Ethics vs. LawEthics vs. Law
Law Ethics
Formal, written document Unwritten principles
Interpreted by courts Interpreted by each individual
Established by legislatures Presented by philosophers, religious, professional groups
Applicable to everyone Personal choice
Priority decided by court Priority determined by individual
Court makes final decision No external decision maker
Enforceable by police and courts
Limited enforcement
Next Class
Secure online activities