INTERNET SAFETY FOR ADULTS(includes Facebook and WhatsApp)

#Crowdsourcing #InternetSafety

Rajesh Soundararajan@rajeshsound

rajeshsound@outlook.in

WHAT’S UP? LET’S FACE IT!

What do you understand about Internet Safety?

Do you love your neighbour? Do you lock your door?

How uncommon is common sense?

HOW MUCH SAFETY IS TOO MUCH SAFETY?

HOW MUCH PANIC IS TOO MUCH PANIC?

We will talk about these today…

• Passwords

• Online Banking, Secure Shopping

• Hoax and Rumours on Facebook, WhatsApp, SMS

• Safe Browsing on Internet

• Email Caution

• ATM and Internet Banking

• Protecting with Anti-Virus and Spam Filters

• Home Wi-Fi Safety

• Filter Bubble

PASSWORD BASICS

A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which should be kept secret from those not allowed access.

Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. This website is interestingly useful https://howsecureismypassword.net

tips for a strong password

• DO Change your password – (1) every 90 days

(2) when it is compromised (3) More frequently

for banking and social sites

• DO Write down Passwords in a small Diary/

Notebook. While there is password

management software available, it may lead to

more compromise than safety if you are a

novice user. Please do share the details on

where you stored with at least one or a

maximum of two trusted people. Spouse or

Children

• DO NOT *save* your passwords on your mobile

phone or laptop. If lost, you are giving away a

lottery to the thief.

• Do not key in your password on your mobile

phone/ desktop / kiosk that is not your

personal private.

• DO NOT share your password ever, ever. If you

even have the slightest doubt that it is

compromised, please change it immediately.

ONLINE BANKING, SECURE SHOPPING

THERE ARE A

ZILLION SHARKS

OUT THERE

BANKING BLUES

• Think twice may be even 5 times over two days, before you click anyting to do with Money

• Never, Ever, share banking information(account numbers) Cheque numbers and credit card information via email.

• Change PIN for debit cards as soon as you receive them from the bank - Do not write PIN down and keep it next to the card in a "safe" place

• If someone from the bank calls you and asks for information, as for a number to call them back on and call them back on a landline that is a bank number.

• Your bank will never contact you via email if your credit card is "compromised". Never click on such emails.

• Use e-banking and update your cellphone numbers for SMS updates.

• Do not give your ATM card and PIN to anyone (maid, driver, fuel pump attender) to withdraw money for you.

Can you compare and contrast real life safety and online safety?

tips for Online Transactions

• ALWAYS Check for https whenever doing any banking transaction, online shopping or even for a mobile re-charge (example -https://www.icicibank.com)

• DO Close that Window/ Tab or Browser ‘each time’ after finishing the banking transactions

• DO NOT login to an internet links from your mobile unless you are doubly and triply sure that it is secure and authentic. If in doubt, avoid.

• DO use Virtual Keyboards where possible. • DO use Two Factor Authentication (2FA) and Mobile OTP• LOOK for padlock symbols in the URL

SAFE FACEBOOK/ WHATSAPP/ SMS

Are you a rumour monger? A hoax perpetrator?

How credible are those incredulous WhatsApp forwards?

tips for Facebook/ WhatsApp/ SMS

• ALWAYS Google and check before forwarding anything. You do not want to be a rumour monger. Do you?

• ALWAYS be very careful about the security / privacy settings before uploading pictures and videos on Facebook

ALWAYS refer to the dozens of sites share the hoaxes on Internet–

• Hoax-Slayer: Latest Email Hoaxes - Current Internet Scams

• Best WhatsApp Hoax messages: 5 new irritating ... - India

• 25 Hilarious Hoax WhatsApp Texts and Forwarded messages

• 11 weird health rumours on Facebook, WhatsApp and ...

BEWARE Internet is NOT Gospel Truth.

• A high % of WhatsApp Forwards are unconfirmed rumours

• Almost ALL rumours have malicious intent

• WhatsApp and Facebook take advantage of simplicity, speed and ignorance

to mass forward texts inside their CLOSED groups.

• Most of today’s digital audience wouldn’t sift out the facts.

• DO NOT accept unknown friend requests. If in doubt, ignore. If no display

picture, you must not accept that request.

• DO NOT REACT when you reading emotional charged posts

There is a big difference between posting a social media post and a private message. Discuss private matters face to face or on phone if it can be helped, not on electronic media.

BROWSING THE INTERNET

tips for Browsing the Internet

• ALWAYS hover the mouse on URL links and check (in the status bar) if the site it is pointing to seems reasonably safe. When in doubt completely avoid clicking something.

• ALWAYS AVOID clicking on pop-ups• browsing the internet relentlessly and finding crazy suggestions for fitness and health. Often, people are ready to try anything without pausing to think.

• Clear you Cache

EMAILS

tips on Email Safety

• Emails have become by-far the most ubiquitous means of communication. Gone are the days of post-cards and inland letters. With such emails come s its own pain of being careful.

• ALWAYS Be extra cautious with when you open emails on Mobile and tablets

• ALWAYS Check the email address is veritable - sometimes the name reads like these - Facebook Team <noreply@acenzi.com>, Gmail Team <xyz@abc.com>, ICICI Bank <acds@in.icici.org>, YouTube Support <egnan@goosu.com>. You would never be able to see these in the mobile phones.

• For a more detailed discussion please refer to the topic ‘Phishing’ below

Dos and DON’Ts

• DO add safe contacts in Junk Mail and vice versa

• Do login to your mail systems on your desktop (Gmail/ yahoo/ Hotmail) and check the junk mail box.

• DO NOT open any emails where the sender is not familiar. At the slightest doubt and you delete them rather than open a can of worms.

• Downloading Attachments and Clicking Hyper-Links

• DO NOT click on links in emails unless you are 200% sure that it is from verifiable source. Just as you would be careful to welcome an unknown carton from an unknown entity in your house, you would need to treat attachments on email as such.

• DO NOT download suspicious attachments. If the attachment is not a *pdf or *.vcf, just be doubly careful. You might want to verify for attachments like *.doc and *ppt and *.xls and *.zip. If it is an *.exe or anything else just DO NOT click that attachment. Call the Sender.

WINNING LOTTERY AND FREEBIES

Winning Lottery and Freebies

• THERE ARE NO FREE LUNCHES. PERIOD.

• If you had relatives in Africa who had $50 million you would have known. Nor will a rich influential Chinese or Nigerian business may be willing to bequeath you with their $100Million wealth.

• If you are not a gambler and an online lottery player, there is NO way you will win a lottery of $8 Million.

• And, neither Apple, or Rolls Royce are fools to give away a 1000 iPads or 100 Cars for the first bunch of fools that Like a website link, answer a silly question or share their contact details.

• Well, if Greed drives it, then this chapter is not for you!

PHISHING EMAILS

PHISHING EMAILS

• "Phishing" (also known as "carding" or "spoofing") refers to email that attempts to fraudulently acquire personal information from you, such as your account password or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it's not.

• As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email.

• Find out who the email is really from. View the email headers to see where the message really originated from. A typical email header displays several lines that begin with "Received." If the "Received from" information does not match the email address of the sender or the company being represented in the email, it usually means that the message did not truly come from that individual or company.

• Be cautious of links in the email. One common phishing technique is to include links in an email that look like they go to a legitimate website. Upon closer inspection, the link may actually take you to a website that has nothing to do with the company the email is pretending to be from, even though the resulting website may be designed to look exactly the same.

PHISHING EMAILS (CONT)

• Note the email greeting. Phishing emails tend to start with generic phrases like "Dear valued customer" or your email account name, such as "Dear snookums123," instead of your name ("Dear Raghav" for example). Most legitimate companies include your name in their correspondence because companies will have it on record (if you've dealt with them before).

• Keep previous history in mind: If you've had previous, valid correspondence with the company, compare those messages to the email in question. If you have never done business with a particular company, and you receive an email that appears to be from that company requesting account information, it could be an attempt at phishing. Again, never email account information or credit card information if you are in doubt.

• Never provide personal account information through email. if you receive an unsolicited commercial email requesting personal information, do not provide any information without first checking directly with the company that appears to be the one requesting this information. Do not reply to the message or click any of the links in the message. Instead, visit the company's website and find an email address to contact regarding this issue, or call the company. Many companies appreciate being notified about fraudulent attempts to gain information about their customers.

• Be cautious of attachments. If you receive an unsolicited message that contains an attachment, do not open it. Contact the company directly to verify the contents of the email and the attachment before opening it.

ATM AND INTERNET BANKING PIN

tips for ATM and Internet Banking• NEVER do write ATM pins or passwords in a text file or back of ATM card.

• NEVER add personal information like phone number, address on your ATM card

ANTI-VIRUS SOFTWARE AND SPAM FILTERS

tips for Antivirus

• ALWAYS use the online Mail access and spam filters. The ones used by major providers like Gmail, Hotmail and Yahoo are pretty decent.

• DO get a good anti-virus and spam filter.

Spam And Spam-Filters

• Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients

• Spam Filters are the best way to stop spam.

• You can also unsubscribe to unwanted email lists, if you have inadvertently subscribed or had found that sender’s email useful in the past, but not anymore.

• Online mail applications and most mail clients can also do help you with intelligent spam options that can get sorted into appropriate spam folders boxes or junk email folders. Since they are based on intelligence of usage, it would help if you guide these by a few actions on your desktop or web-experience. Your mobile sorting would not help these systems learn much.

HACKERS AND HOME WI-FI

Account Hacking

• In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them.

• When you believe your account is hacked, please contact the service provider immediately.

• Share the information with a few friends or family who are technically savvy, so that they can raise an alert on your behalf.

tips Home Wi-Fi

• Wi-Fi routers at homes have usernames and passwords often handed down by service provider or the router manufacturer. Usually unknown users (free riders) gain access and use up your bandwidth. Not only does it cost you heavily in broadband bills, but it also leads to potential hacking through their connections and devices.

• ALWAYS change this to a more personalised name and have a new password

• ALWAYS use a new WPA2 password or equivalent and make sure you note down the same on the router lest you lose it.

Be Aware of Filter Bubble

• A filter bubble is a result of a personalized search in which a

website algorithm selectively guesses what information a user

would like to see based on information about the user (such

as location, past click behaviour and search history) and, as a

result, users become separated from information ...

• http://www.goodreads.com/book/show/10596103-the-filter-

bubble

http://www.amazon.com/The-Filter-Bubble-Personalized-

Changing/dp/0143121235

In Summary

• Passwords

• Online Banking, Secure Shopping

• Hoax and Rumours on Facebook, WhatsApp, SMS

• Safe Browsing on Internet

• Email Caution

• ATM and Internet Banking

• Protecting with Anti-Virus and Spam Filters

• Home Wi-Fi Safety

• Filter Bubble

Rajesh Soundararajan@rajeshsound

rajeshsound@outlook.in

Some Additional References• http://www.wikipedia.org

• www.google.com

• www.bing.com

• Securing The Human Newsletters: Securing Your New Tablet, January 2016

• Securing Your New Tablet, January 2016

• Phishing, December 2015

• Shopping Online Securely, November 2015

• Password Managers, October 2015

• Two-Step Verification, September 2015

• Backup & Recovery, August 2015

• Social Media, July 2015

• Educating Kids on Cyber Safety, June 2015

• Securing the Cyber Generation Gap, May 2015

• Passphrases, April 2015

• Gaming Online Safely & Securely, March 2015

• Staying Secure on the Road, February 2015

• Securely Using Mobile Apps, January 2015

• What Is Anti-Virus?, December 2014

• Social Engineering, November 2014

• Five Steps to Staying Secure, October 2014

• Using the Cloud Securely, September 2014

• Encryption, August 2014

• Email Do's and Don'ts, July 2014

• Disposing of Your Mobile Device, June 2014

• I’m Hacked, Now What?, May 2014

• Yes, You Actually Are a Target, April 2014

• The End of Windows XP, March 2014

• What Is Malware, February 2014

• Securing Your Home Network, January 2014

#Crowdsourcing Contributions(Thank you)Ajit Iyer

Anju Raja

Anuja Singh

Arati, Santhosh

David D'Costa

Deepika Zingade

Krishnendu Laha

Madhu Lakshmanan

Ratnaprabha Kibe

Sadha Shiv

Santhanam Krishnamachari

Shailendra Singh

Shobha Sampath

Shreya Bhagwanth

Uthra Srinivasan

Vivek Singh

• Madhukar Shukla

• Manjunath

Revenasiddappa

• Mukesh Rao Engla Syam

• Murli Iyer

• Preethi Bashyam Sriganesh

• Rahul Sharma

• Rajagpalan AR

• Ramesh Rangan

Glossary

• A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which should be kept secret from those not allowed access.

• Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly.

• HTTPS (also called HTTP over TLS, [1] [2] HTTP over SSL, [3] and HTTP Secure [4] [5]) is a protocol for secure communication over a computer network which is widely used on the Internet.

• Two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code.

• A one-time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or other digital device.

• Check if you see a lock on the web browser address bar then you should also see that the website starts with HTTPS as opposed to HTTP in which case the page is using secure socket layer and is secure from a third party being able to see your information as it is being transmitted.

• A hoax is a deliberately fabricated falsehood made to masquerade as truth. It is distinguishable from errors in observation or judgment, or rumours, urban legends, pseudoscience or April Fools' Day events that are passed along in good faith by believers or as jokes.

GLOSSARY (2)

• Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim.

• A personal identification number (PIN, pronounced "pin"; often redundantly PIN number) is a numeric password used to authenticate a user to a system, in particular in association with an ATM card.

• Anti-virus software can attempt to scan for rootkits. A rootkit is a type of malware designed to gain administrative-level control over a computer system without being detected.

• Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.

• In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them.

• A filter bubble is a result of a personalized search in which a website algorithm selectively guesses what information a user would like to see based on information about the user (such as location, past click behaviour and search history) and, as a result, users become separated from information ...