Spam, Scam, and Slam Ira Goldstein – igoldstein@siena.edu Department of Computer Science Siena College

Agenda Defining Terms Malware Personal Information Questions

Who? Image by Vincent Diamante https://www.flickr.com/photos/70857039@N00/2255718951 Some rights reserved

Sockpuppet An online identity created and used for purposes of deception.

What Is… SPAM

Spam, Scam, and Slam Unsolicited Commercial E-Mail Defraud Malware Nigerian (419) Stock “Great” Deals Lottery Phishing Malware

© 2010

RECEIVED A DIFFERENT ACCOUNT FROM YOUR NEXT OF KIN to claim your fund valued $10.7 millions dollars

Do Not Feed The Trolls Some rights reserved by tripu www.flickr.com/photos/tripu © 2010

Social Engineering Goal: Your Information Phone Call Physical Access Phishing Spear Phishing

Phishing E-Mail or Instant Message Cast A Wide Net “Remember Me?” Verify or Update Information A Problem With Your Account/Computer

Spear Phishing Your Name Local News Your School Image CCSA by Michel van Eupen http://commons.wikimedia.org/wiki/File:Bushcraft_speervissen.jpg © 2010

What Is… Malware

What Is Malware? Malicious software  malware Any computer program designed to surreptitiously enter a computer, gain unauthorized access to data, or disrupt normal processing operations

What Does Malware Rely Upon? User Rights File Attributes Bugs, vulnerabilities Zero Day Escalation of Rights End User Behavior

Types of Malware Vector Computer virus Computer worm Trojan horse Activity Bot Mass Mailing Remote Attack (DDoS) Cryptocurrency Mining Spyware Rootkit Backdoor

Computer Viruses Self-replicating program Attaches itself to a legitimate file Exchange infected files CDs or Flash Drives Email attachments

Computer Worms Self-replicating program Self-distributing program Mass-mailing worm Internet worm

Trojan Horse Malware disguised as legitimate software Usually tricked by some form of social engineering to install Not able to self-replicate

Some Malware Symptoms Performance Problems/Crashes Unexplained Computer Behavior Antivirus or firewall protection is unexpectedly disabled Home Page Hijacking Search Engine Hijacking Pop up Advertisements Scareware

Passwords

Password Something that enables one to pass or gain admission: as a spoken word or phrase required to pass by a guard a sequence of characters required for access to a computer system - Merriam-Webster On-Line a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource One Factor

Password Do’s UPPER And lower Case Digits Special Characters Passphrase Wwtg2Dn! Longer Can Help Periodically Change

Password Don’ts Share Reuse Write Down Store Easily Guessed Dictionary Names Mascot/Pet

Passwords in the News More than 70% of people would reveal their computer password in exchange for a bar of chocolate Most Common 4%: password 2nd Most Common (1.5%): 123456 20% of Users: One of 5,000 Passwords

Personal Information

Data Privacy Data Leakage Protect Confidential Data Personally Identifiable Information Financial Data Trade Secrets

Location Data Cell Towers SSID GPS

Google Dashboard https://www.google.com/settings/dashboard Manage Google Data Location Data

SSID Database wigle.net

Tips Keep Your Operating System Updated Use Anti-Virus Software Keep it up to date! Regular Scans Use a Firewall

Questions