1. IM426 – BUSINESS CASES AND C ASE STUDIES IN MIS 11 – 13 March 2014 Compiled and/or Prepared by – Celeste Ng

2. C ASE 1 – F ACEBOOK U SED BY S CAMMERS FOR P ROFIT

3. T OP 5 SOCIAL MEDIA SCAM (1) “5. Chain Letters 連鎖信 You’ve likely seen this one before --... It may appear in the form of, "Retweet this and Bill Gates will donate $5 million to charity!“ 4. Cash Grabs 騙取現金 You just received an urgent request from one of your real friends who "lost his wallet on vacation and needs some cash to get home." So, being the helpful person you are, you send some money right away, …. But there’s a problem: Your friend never sent this request. In fact, he isn’t even aware of it. His malware-infected computer grabbed all of his contacts and forwarded the bogus email to everyone, waiting to see who would bite.” (Direct quote – source: http://us.norton.com/yoursecurityresource/detail.jsp? aid=social_media_scams ) http://us.norton.com/yoursecurityresource/detail.jsp? aid=social_media_scams

4. T OP 5 SOCIAL MEDIA SCAM (2) “3. Hidden Charges 隱藏收費 "What type of STAR WARS character are you? Find out with our quiz! All of your friends have taken it!" … so you enter your info and cell number, as instructed. …that’s interesting … but not as much as your next month’s cell bill will be. You’ve also just unwittingly subscribed to some dubious service that charges $9.95 every month. 2. Phishing Requests 網絡釣魚請求 "Somebody just put up these pictures of you drunk at this wild party! Check 'em out here!" … you click on the enclosed link, which takes you to your Twitter or Facebook login page. There, you enter your account info -- and a cybercriminal now has your password, along with total control of your account. 1. Hidden URLs 隱藏網址 Beware of blindly clicking on shortened URLs. You'll see them everywhere on Twitter, but you never know where you're going to go since the URL ("Uniform Resource Locator," the Web address) hides the full location. Clicking on such a link could direct you to your intended site, or one that installs all sorts of malware on your computer.” (Direct quote – source: http://us.norton.com/yoursecurityresource/detail.jsp?aid=social_med ia_scams) http://us.norton.com/yoursecurityresource/detail.jsp?aid=social_med ia_scams

5. O NLINE PAYMENT SECURITY (1) Anti-fraud measures “The first method is called AVS, or address verification service. This is the reason why every credit card form asks for your full address. This allows your shopping cart system to link the address entered by the user with what the credit card company has on file.” Another method is called CVV, and that is the security number printed at the back of the card. …. According to a study, asking for the full address and CVV number will decrease your conversion rate by up to 40%, which is huge.” study -------------Direct quote SOURCE: http://www.techrepublic.com/blog/security/making-online- payments-safe-from-fraud-conversion-rate-vs-security/9203 http://www.techrepublic.com/blog/security/making-online- payments-safe-from-fraud-conversion-rate-vs-security/9203

6. O NLINE PAYMENT SECURITY (2) Prevent fraud on online payments “Any modern shopping cart system should be able to track user behavior. [i.e.,] Is the user browsing through the site and then heading to the checkout page, or are you seeing a bunch of automated bots going straight to the checkout page without ever going to any other page? …. Sites like Amazon, eBay or PayPal all use advanced IP and geo tracking information as well. [e.g. IP address vs. card location checking, IP address vs. shipping address checking] … In the end most small businesses … either decide to outsource the process to someone else by using something like PayPal, CCbill, or Google Checkout, accepting the fact that they will have to pay a transaction fee for the convenience, or they try and implement their own process and quickly find themselves on the hackers’ most preferred sites” --------------- Direct quote SOURCE: http://www.techrepublic.com/blog/security/making-online- payments-safe-from-fraud-conversion-rate-vs-security/9203 http://www.techrepublic.com/blog/security/making-online- payments-safe-from-fraud-conversion-rate-vs-security/9203

7. C ASE 1 – F ACEBOOK U SED BY S CAMMERS FOR P ROFIT (1) The purpose of this case Is to increase social media users’ awareness of the potential fraudulent and scammer activities available in the social media Educate students the ethic issues and ethics required in the social media

9. C ASE 1 – F ACEBOOK U SED BY S CAMMERS FOR P ROFIT (2) outsmart= 智取 spam= 垃圾郵件 scam= 詐欺 Phishing= 網路釣魚 knockoff product= 仿冒產品 Spam scam= 垃圾郵件詐欺 premium-rate = 溢價率

10. C ASE 1 – F ACEBOOK U SED BY S CAMMERS FOR P ROFIT (3) Question 2 The possible reasons Facebook scam warning message was ineffective: Users do not usually read the warning message Users are overly trusting their friends and social technologies The scams look really real Users are curious Users are ignorant of the real risks The scam method is new

11. C ASE 1 – F ACEBOOK U SED BY S CAMMERS FOR P ROFIT (4) Question 3 Recent Facebook scam - http://www.today.com/tech/6- biggest-facebook-scams-how-avoid-them-1C7447403http://www.today.com/tech/6- biggest-facebook-scams-how-avoid-them-1C7447403 Comparing the recent Facebook Scams and the ones happened in April 2011 – http://www.hoax- slayer.com/facebook-related.htmlhttp://www.hoax- slayer.com/facebook-related.html