Baiting – Someone gives you a USB drive or other electronic media that is preloaded with malware in the hope you will use the device and enable them to hack your computer.
Do not use any electronic storage device unless you know its origin is legitimate and safe. Scan all electronic media for viruses before use.
Click-jacking – Concealing hyperlinks beneath legitimate clickable content which, when clicked, causes a user to unknowingly perform actions, such as downloading malware, or sending your ID to a site. Numerous click-jacking scams have employed “Like” and “Share” buttons on social networking sites. Disable scripting and iframes in whatever Internet browser you use. Research other ways to set your browser options to maximize security.
Cross-Site Scripting (XSS) – Malicious code is injected into a benign or trusted website. A Stored XSS Attack is when malicious code is permanently stored on a server; a computer is compromised when requesting the stored data. A Reflected XSS Attack is when a person is tricked into clicking on a malicious link; the injected code travels to the server then reflects the attack back to the victim’s browser. The computer deems the code is from a “trusted” source. Turn off “HTTP TRACE” support on all webservers. Research additional ways to prevent becoming a victim of XSS.
Doxing – Publicly releasing a person’s identifying information including full name, date of birth, address, and pictures typically retrieved from social networking site profiles.
Be careful what information you share about yourself, family, and friends (online, in print, and in person).
Elicitation – The strategic use of conversation to extract information from people without giving them the feeling they are being interrogated. Be aware of elicitation tactics and the way social engineers try to obtain personal information.
Pharming – Redirecting users from legitimate websites to fraudulent ones for the purpose of extracting confidential data. (E.g.: mimicking bank websites.)
Watch out for website URLs that use variations in spelling or domain names, or use “.com” instead of “.gov”, for example. Type a website’s address rather than clicking on a link.
Most computer infections come from websites. Just visiting a website can expose your computer to malware even if you do not download a file or program. Often legitimate sites may be unknowingly infected. Websites with information on popular celebrities or current sensational news items are frequently hijacked by criminals, or criminals may create such websites to lure victims to them.
Phishing – Usually an email that looks like it is from a legitimate organization or person, but is not and contains a link or file with malware. Phishing attacks typically try to snag any random victim. Spear phishing attacks target a specific person or organization as their intended victim.
Do not open email or email attachments or click on links sent from people you do not know. If you receive a suspicious email from someone you know, ask them about it before opening it.
In March 2011, hackers sent two spear phishing emails to a small group of employees at security firm, RSA. They only needed one employee to open an infected file and launch the malware. The malware downloaded information from RSA that then helped the hackers learn how to defeat RSA’s security token.
In May and June 2011, a number of defense contractors’ networks were breached via the compromised RSA token.
Phreaking – Gaining unauthorized access to telecommunication systems.
Do not provide secure phone numbers that provide direct access to a Private Branch Exchange or through the Public Branch Exchange to the public phone network.
Scams – Fake deals that trick people into providing money, information, or service in exchange for the deal.If it sounds too good to be true, it is most likely a scam. Cybercriminals use popular events and news stories as bait for people to open infected email, visit infected websites, or donate money to bogus charities.
Before the 2010 World Cup, cybercriminals offered tickets for sale or sent phishing emails claiming you won tickets to see the event.
Spoofing – Deceiving computers or computer users by hiding or faking one’s identity. Email spoofing utilizes a sham email address or simulates a genuine email address. IP spoofing hides or masks a computer’s IP address. Know your co-workers and clients and beware of those who impersonate a staff member or service provider to gain company or personal information.
The report also gives you useful advice and countermeasures to help protect yourself and your computer at work or home.
Do not store any information you want to protect on any device that connects to the Internet.
If more people would follow this simple rule we could eliminate so many problems