Whether the computer you’re using is connected to the Internet from on campus or off, that computer is a target. Fraudsters are often looking for credit card numbers, bank account information and any other personal information they can use for their own gain. And it's not just financial information they're after: once they compromise a computer, intruders can use the hard disk, processor and Internet connection to attack other computers. Many home computer users are especially vulnerable because they do not realize the risks of being on a network and that there are protection measures available to them to guard against these threats. All computer users need to educate themselves and understand the threats in order to more effectively protect their personal information and computer systems.
Identity Theft Identity theft occurs when someone obtains and uses personally identifying information, like your name, Social Security number, credit card numbers, etc, without permission, to commit fraud or deception, most typically for financial gain.
The Federal Trade Commission (FTC) estimates that as many as 9 million Americans have their identities stolen each year.
Identity theft is serious. People whose identities have been stolen spend a lot of time and money cleaning up the mess thieves have made of their good name and credit record.
Malware (Malicious Software) is software designed to infiltrate or damage a computer system without the owner's informed consent.
Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs, such as spyware, are also known for containing worms and viruses that cause a great deal of computer damage.
Botnets (also known as a zombie armies) are typically a network of hijacked computers used to conduct attacks, usually for personal gain.
Here are a few examples of what your computer might do if it becomes part of a botnet:
- Generate spam,
- Execute denial of service attacks (DoS),
- Propagate worms, Trojans, or other malware,
- Host fraudulent Websites, such as banking sites, for phishing purposes,
- Install adware or spyware - attackers get paid on a per-install basis,
- Extortion - attackers can hold your files hostage and threaten to destroy them or threaten to unleash a DoS on a company’s Website unless a ransom is paid,
- Execute brute-force attacks to find sensitive information such as encryption keys or account information
- Generate fake "click-thru" traffic - Pay per Click is a type of marketing where advertisers pay a set amount every time their ad is clicked.
A computer becomes part of a botnet after it has been infected with some form of malware (like a virus, worm or Trojan), which installs a botnet "agent" that is designed to allow control of the computer from a central remote source.
Social Engineering is a term is used to describe the art of persuading people to divulge information, such as account names, passwords and your personal information. These methods depend on people skills rather than technical skills, since they exploit human nature rather than software or hardware vulnerabilities.
A good social engineer is an accomplished actor who tries to charm or intimidate you into giving out sensitive information. Social Engineering may be one of the most dangerous hacking techniques because the best technology in the world cannot defend against it. This human factor is one of the most often overlooked threats to computer security.
There are really only two steps involved in protecting yourself against social engineers who try to charm, intimidate, or trick you into giving them information:
- Be aware of what is happening
You should be suspicious of people who ask you for your SSN, account names or passwords, computer name, IP address, employee ID number, or any other information that could be misused. You should be especially suspicious if they attempt to charm you or intimidate you. Several signs of social engineering attacks: refusal to give contact information, rushing, name-dropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. Look for things that just don’t quite add up.
- Just say no
If you’re not comfortable with what the person is asking for, just say no.