Online FraudThe use of the Internet to illegally obtain money from someone by deception

Examples:Goods not delivered after payment has been madePurchases made with stolen credit cardsLoan scamsMoney transfer fraudDating fraudHoliday fraudDomain name scamsInternet auction fraud

Identity TheftUsing key pieces of personal information in order to impersonate someone else's identity

True NameOpening a new credit card, bank account, mobile phone account using someone else’s identity

Account TakeoverThe imposter uses personal information to gain access to the person's existing accounts

Phishing emails are one common way of getting holdof personal details

ProtectionIn order to protect against online fraud and identity theft, people can:

Avoid giving out personal informationNever respond to emails from banks or other financial organisations asking for login detailsShred any receipts, statements or letters with financial information and name/addressInstall anti-virus software and keep it up-to-dateInstall a firewallSet browser security to the highest setting

Spyware A type of malware Can be hidden in freeware / shareware downloads or passed via

peer-to-peer file sharing Installed on a computer without the knowledge of the owner (like

a Trojan horse)

Spyware Collect’s the owner's private information

email addresses Passwords Websites visited Credit card details

Signs may be a different home page, different browser bar or pop up ads

Anti spyware software can remove spyware

Keylogging A keylogger is a type of surveillance software Records every keystroke you make to a log file Records instant messages, e-mail, passwords, credit cards,

websites visited, emails Could be used in industrial or political espionage User is unaware of keylogging Can be a type of spyware Can be a legitimate program used to monitor employee

productivity Malicious keyloggers can be removed by anti virus software

Phishing Fraudulent email or website Claim to be legitimate companies but are fake Intention is to get the individual to reveal personal information,

such as passwords and credit card numbers, online

PhishingPhishing emails and websites can be identified by:Poor grammar and spelling

PhishingPhishing emails and websites can be identified by:Poor quality graphicsPoorly designed / poorly laid out email or web siteRequesting account login or sensitive data

PhishingPhishing emails and websites can be identified by:Generic email, addressing the recipient as customer or member

PhishingPhishing emails and websites can be identified by:Actual link does not match the link text

PhishingPhishing emails and websites can be identified by:Unrelated links (e.g. other product advertisements)Incorrect informationIncorrect sender email domain

Denial of Service AttacksAn attack on a network that is designed to bring the network to its knees or to a stop by flooding it with useless traffic

Known as DoS attack

Flood services - occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop

Crash services - takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

Distributed DoS Attacks

Distributed DoS AttacksAttacker – one or more people instigating the DDoS attack

Zombie – A computer running the attack, hides the identity of the attacker. Many zombies recruited from all over world each taking a small part in attack

Victim – The recipient of the attack

Distributed DoS AttacksAttacker uses software to instigate the attack:

Client – client software installed on the attacker computer used to launch attack

Daemon – program running on the zombie computer responding to commands from the client software. Typically installed by virus, trojan horse or worm.

Purposes of DDOSFinancial – victim required to pay a ransom, or loses business through downtime

Malicious – hackers take down websites as a badge of honour

Political – attack on party or government websites

Hacktivism – hackers taking down a website to make a statement

Personal – someone who has a grudge against an organisation

Impact of DDOS