INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION - PowerPoint PPT Presentation

INTERNET & FAMILY SAFETY 10 TH SYRO-MALANKARA CATHOLIC CONVENTION STAMFORD, CT 2018 AUGUST 2-5 PRESENTED BY: JOHN P VARGHESE

AGENDA • Cyber Threat • Email • Malicious Code • Device • Social Engineering • Social Network • Improper Usage • Examples of Data Breeches • Phishing • Resources • Password • Q&A 2

2017 STATISTICS • According to the FBI Internet Crime Complaint Center (IC3) 2017 Internet Crime Report : • 300,000 complaints logged • $1,400,000,000 losses reported 3

CYBER THREAT • Cyber Threat is a malicious actor seeking to compromise a system – computer, tablet, mobile home, smartwatch, smart speaker, appliances and other IoT devices. • Damage can range from taking your device offline to stealing your passwords and identity. 4

MALICIOUS CODE • Malicious code (commonly knows as malware) is software intentionally designed to disrupt the normal operation of a computer. • Examples: • Malware could encrypt your computer without your knowledge, then require ransom be sent to the attacker’s anonymous bank account • Innocent “flashlight” app can access your mobile phone address book and spams your family, friends and business • Download apps only from trusted sources. 5

SOCIAL ENGINEERING • An attacker manipulates a person into disclosing sensitive information, or grants the attacker unauthorized access • Example: • Sharing password to an imposter IT technician who may steal sensitive information • Be cautious of anyone requesting personal information, especially by phone or email • Verify the identity of the person/organization and reason for request 6

IMPROPER USAGE • Intentional or unintentional action to share personally identifiable information (PII), such as DOB & SSN • Installing “bootleg” software from an unknown source that may have malware embedded • How to protect your data: • SSL • Encryption 7

PHISHING • A scheme that mixes social engineering with digital communication to lure victims into providing information • Spear phishing is a more advanced; it utilizes knowledge about target individuals to deceive them • What should I do? • Do not respond to the email, click on any link, or download any attachment • Confirm the source if known; do not call phone number listed 8

PHISHING – CONT’D • Characteristics of a phishing email: • Generic or no greeting • Hello, Sir, Madam • To Whom It May Concern • Fake email address • no-reply@irs.com, warning@chasebank.com • Threatens dire consequences or promises reward • Please reply immediately to prevent legal actions against you • Free Amazon Prime or Costco Membership • “Complete this survey and you will be automatically entered into $100 Apple gift card drawing” 9

PHISHING – CONT’D • Characteristics of a phishing email (cont’d): • Sense of urgency • “Your refund may be delayed…” • “Click here immediately to confirm {John or Jane Doe} travel plan.” • “Click here to prevent automatic deductions.” • Asks for sensitive information • “What is the best number to reach you in the evening?” • “Please input your password here to validate compliance and security?” • “I’ll ship the instructional manual to your home. What is your address?” 10

PHISHING – CONT’D • Characteristics of a phishing email (cont’d): • Fake or deceptive web links (URLs): • http://www.nymcu.org.ru/ • www.cnn.cn (not the new site cnn.com) • www.gooogle.coom (extra “o” in name) • Misspellings and/or non-standard grammar 11

PASSWORD • Make your password difficult (strong) • Google Password Generator • Random words, numbers and special characters • Memorize instead of writing it down • Never share your password • Remain mindful of people around you (public areas, cafes, libraries, etc.) 12

EMAIL • Follow these guidelines to keep your family safe and secure when using email: • Don’t reply or forward suspected phishing or chain emails • Be cautious of every email, especially if the source in unknown (unsolicited emails) • Don’t click on suspicious links in email • Don’t open or download attachments from unsolicited emails; especially ending in “.exe” • Explain attachments when including them in emails • Create subject lines that are clear, concise and relevant • Don’t respond to emails requesting personal information (i.e. passwords, address, names of children or other family members, bank or retirement accounts, driver’s license, etc.) 13

EMAIL CONT’D • An example of an email scam: • The message claims to be from a hacker who’s compromised a victim’s computer, knows their previously used passwords, and has used the victim’s webcam to record a video. • The emails contain threats and demands of payment or the victim’s purported video will be released to the public. • The hacker demands payment via PayPal, cryptocurrency, bank wire transfer, credit cards, etc. 14

DEVICE • Update OS and web browser on computer and mobile device • Keep anti-virus and anti-malware software up to date (MS Defender, McAfee, Symantec, Norton, Avast, Malwarebytes, etc.); term license renewals • Carry your flash (“thumb”) drive with you; do not share; scan for viruses; encrypt your drive (if possible) or lock it with password if sensitive information is stored • Download mobile apps from trusted source only; do not grant unnecessary permissions • Use firewall feature on your Wi-Fi router and change the standard password – set up guest account on home Wi-Fi router 15

SOCIAL NETWORK • Refrain from posting personal or sensitive information • DOB, location, vacation plans, children’s school, work hours, new purchases, etc. • Take advantage of security options provided by social networking services and periodically evaluate those options • Careful presenting your personal views and sharing links • Careful sharing photos and tagging individuals 16

SOCIAL NETWORK – CONT’D • How to protect yourself: • Limit the information; may affect your future employment or finding a partner • Social network exists in public domain • Evaluate your settings • Third-party sharing • Be way of fake social medial profiles • Does your child have a social media account? • Facebook, Twitter, WhatsApp, Instagram, Snapchat, LinkedIn, Pinterest, G+, Vine, etc.? • How do you monitor it? 17

EXAMPLES OF DATA BREACHES • Yahoo – 3 billion user accounts • JP Morgan Chase – 76 million accounts • eBay – 145 million • OPM – 22 million employees • Equifax – 143 million • Sony’s PlayStation Network – 77 million • Target – 110 million • Anthem – 78.8 million • TJX Companies – 94 million credit cards • RSA Security – 40 million employees • Uber – 57 million • VeriSign - undisclosed 18

RESOURCES • USA.gov • https://www.usa.gov/online-safety • US-CERT • https://www.us-cert.gov/ncas/tips/ST06-003 • https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf • https://www.us-cert.gov/ncas/tips/ST04-014 • FBI • https://www2.fbi.gov/publications/pguide/pguidee.htm • Google • https://www.google.com/safetycenter/ • Norton • https://www.nortonsecurityonline.com/security-center/15-social-networking-safety-tips.html 19

QUESTIONS & ANSWERS • Thank you for participating • If you want a copy of this presentation please visit: www.stthomascatholic.church and click LINKS 20