0

2012-2013

Internet Safety 14’s

1

Preface

We’re glad you’re reading the “Internet Safety 14’s” eBook. This has been the result of the

work of the pupils in the eTwinning project “Internet Safety & Digital Footprints”. In this

projects the pupils have been investigating issues related to internet safety like cyberbullying,

trolling, identity theft, etc. During this project some partners delivered workshops at their

schools during Safer Internet Day 2013. All results are bundled in the eBook, or can be found

on the website.

2

The Subjects

This mindmap was build based on the input of all involved pupils. Each country created their own mindmap. Afterwards we compared these

mindmaps and created a common one. This is the result.

3

Scams, hoaxes and cookies

1. what is a Hoax or scam?

A Hoax is an act of deception, it is designed to trick people into doing something they might normally wouldn’t do or accepting something as genuine knowledge. Their initial intent was for use of practical jokes through the use of the internet, but like so many things it quickly evolved into something greater. Today the most common use for a Hoax is to rip people off or even stealing their entire identity. But even although a lot of Hoaxes are harmful in many ways, there are also a few hoaxes that are intended in doing the exact opposite of harming the receiver, they try to sensibilitate the receiver in certain dangers or try to make sure that certain social situations are known to a broad public. A lot of these modern day hoaxes are most of the time send by e-mail, usually filled to the brim with pictures and flashy pieces of text, yet when the people click on anything they see the truth behind it (this is only with the hoaxes that are intended as practical jokes). The harmful hoaxes don’t have this mechanism and are solely used for personal gain and or financial accounts. As scam is roughly the same as a harmful hoax, only the scam produces more legitimate sources and are more professional. They look in fact so real that most people wouldn’t see the difference between a general commercial and a scam. A scam is only used for financial or personal gain, they generally don’t ask for your personal information or bank accounts.

2. A few examples of hoaxes and scams:

Some of you might have come across a few scams yourself already. They are sent to almost everybody who has an e-mail account. A few of these scams and hoaxes are:

- The chainmail - A mail from an unknown person who claims to know you - An commercial for an unknown product

- Personal information request - A free product give-away in replacement of an old or expired product

- Most chainmail’s: are pretty innocent, they usually just ask you to send the e-mail to other people in exchange for a girlfriend, the happiest day of your life,…. Some actually trick people into pressing alt F4 which turns of your pc. A mail from an unknown person who claims to know you actually is a virus in disguise: never open them for when you click them you haul in the virus. An commercial for an unknown product: It could also be a virus but most of the time it’s a trick to get a lot of money from an unknowing person who thinks he/she really will get something in return. Personal information requests: are imposters who will ask for your personal data. Data that might be requested ranges from Bank accounts to identities to even just usernames and passwords. A free product give-away in replacement of an old or expired product: also send a virus when opened by the receiver.

4

3. What can you do to counter hoaxes and scams?

It is not hard to check if the mail that has been send is a real ad or a scam/hoax, a few things you could do are:

- Check the company out by typing the name into the googlesearchbar and check the site out

- Don’t give away your information to anybody, unless you are sure that person is to be trusted (so in general to someone you know really well) and if you still need to send the information, send it through a live chat room, not through e-mail.

- DO NOT reply to any e-mails asking for personal information.

- Read the e-mails carefully, they usually contain a hint to the fact that it is real or fake(most of the time in the small letters).

- Lotteries from a foreign country are, most of the time, scams or hoaxes to -

There are a few programs who scan the e-mails to check if they are real or not. Although you shouldn’t rely on them and it is hard to find one that is good or not a virus itself. The best method to counter hoaxes and scams is still to clear those e-mails and close the messages immediately. Delete all e-mails from people you do not know. If you get an e-mail from a friend with a weird title or a different writing style ask those people if the send that e-mail. And never ever send the e-mail to someone else! We cannot stress this enough. This way the scam/hoax just continuous on, and this way the creator of the hoax or scam doesn’t have to do anything to continue stealing information from people. A lot of antivirus systems also help protect you from these hoaxes, although the creators of these hoaxes are always developing new methods of getting around these antivirus systems.

4. What are the dangers of a scam and or hoax?

There are a lot of dangers from these hoaxes and scams, going from small things like a password from a site you use (youtube, facebook,….) to things of personal value or great importance (pin-codes, Id,….). The biggest problem about the hoaxes and scams are that you never know what the hoax or scam steals from you. The creators of these hoaxes and scams are sending so many viruses these days that people are starting to ignore these alerts, most of the viruses from hoaxes and scams are still small but these people will also not notice when larger and more dangerous than those smaller previous viruses.

5. Cookies, what are they and what do they do?

Cookie, it’s a message given to a web browser by the web server. The browser stores the

message in a text file. The message is send back to the server each time you visit the site,

the browser will send the text file back.

There are 2 kind of cookies, the session cookies and the persistent cookies.

A session cookie(also called a transient cookie): a cookie that is erased when the user

closes his web browser. The cookie is in the temporary memory of the browser and does not

save when the browser closes. These cookies are safe, they don’t collect information from

the user his computer. They will store information in the form of a session identification that

doesn’t personally identify you.

5

A persistent cookie(also called a permanent cookie or stored cookie): a cookie that is stored

on the user’s hard drive, these expire after a time that’s set in the cookie file, or when the

user deletes the file. They are made to collect identifying information about the user(web

surfing behaviour or user preferences, …). The persistent cookies carries personal

information and are more dangerous than the session cookies.

6. The danger from cookies.

There are 2 cookies, first-party and third-party. First-party cookies are placed on your

computer by

the website that you visit; they are generally used by the websites you visit to identify your

computer, especially on return visits to the same site. Third-party cookies, the most

problematic of the two types, are placed on your computer by a party other than the website

you are visiting--for instance, a third-party advertising company that wants to keep track of

where you shop and what you buy. Third-party cookies are the primary source for online

identity theft through cookies.

Also Third-party cookies can track all the websites you visit every time. They can contain any

of the information you enter on any website. Because of that these cookies not only have

information about which sites you visit, but they might also contain user name, password and

bank or credit card account information. Cookie thieves or cookie hijackers tap into the

cookie files and steal the information.

7.How can I prevent cookies from saving on my computer?

You can disable cookies in various web browsers, but this is not always the best thing to do.

Some websites need those cookies to function, also the first-party cookies are not

dangerous.

Another thing you can do is delete the cookies on your hard disk. And don’t give sites

personal information, the site can’t save the personal information in the cookie. If you don’t

trust the website than just don’t fill anything in on the website.

If you want to delete your cookies.

For Windows Me, Windows 98, Windows NT or Windows 95 then cookie folder is in one of

these locations:

C:\Windows\Cookies\

C:\Windows\Profiles\<username>\Cookies…

If you have Windows XP or Windows 2000 then cookie folder is in this location (note that on

your PC it can be on other drive instead of drive C):

C:\Documents and Settings\<username>\Cookies\

Please be careful some “cookies” are no cookies and Windows and Internet explorer use

them all the time, deleting those can make problems in IE and Windows.

6

Email Scams

1. What is a email scam or Phishing?

Phishing is the act of attempting to acquire information such as usernames, passwords, and

credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy

entity in an electronic communication. Communications purporting to be from popular social

web sites, auction sites, online payment processors or IT administrators are commonly used

to lure the unsuspecting public. Phishing emails may contain links to websites that are

infected with malware. Phishing is typically carried out by e-mail spoofing or instant

messaging, and it often directs users to enter details at a fake website whose look and

feel are almost identical to the legitimate one. Phishing is an example of social engineering

techniques used to deceive users, and exploits the poor usability of current web security

technologies. Attempts to deal with the growing number of reported phishing incidents

include legislation, user training, public awareness, and technical security measures.

A phishing technique was described in detail in 1987, and (according to its creator) the first

recorded use of the term "phishing" was made in 1995. The term is a variant

of fishing, probably influenced by phreaking and alludes to "baits" used in hopes that the

potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in

which case their financial information and passwords may then be stolen.

2. Damage caused by phishing

The damage caused by phishing ranges from denial of access to e-mail to substantial

financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2

million computer users in the United States suffered losses caused by phishing, totaling

approximately US$929 million. United States businesses lose an estimated US$2 billion per

year as their clients become victims. In 2007, phishing attacks escalated. 3.6 million adults

lost US$3.2 billion in the 12 months ending in August 2007. Microsoft claims these estimates

are grossly exaggerated and puts the annual phishing loss in the US at US$60 million. In

the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled

to GB£23.2m in 2005, from GB£12.2m in 2004, while 1 in 20 computer users claimed to have

lost out to phishing in 2005.

The stance adopted by the UK banking body APACS is that "customers must also take

sensible precautions ... so that they are not vulnerable to the criminal." Similarly, when the

first spate of phishing attacks hit the Irish Republic's banking sector in September 2006,

the Bank of Ireland initially refused to cover losses suffered by its customers (and it still

insists that its policy is not to do so), although losses to the tune of €11,300 were made good.

7

3. How do you recognize a phishing-mail?

Mostly a phishing-mail is very recognizable:

the mail mostly emphasizes that it's urgent and that it's important that you need to

reply very fast

-The mail threatens to lose information when you don't reply

- In the mail it mostly asks for user data and/or passwords

-The mail is often written in sloppy Dutch or sloppy English

-The sender looks very important, but it isn't

-Mostly the mail is unpersonnaly adressed to you like "dear customer"

-They mostly use wrong internet adresses in this kind of mails

8

Keylogging

1. What is a keylogger?

Keystroke logging, more often called keylogging, is the action of recording (or logging) the

keys struck on a keyboard, typically in a covert manner so that the person using the

keyboard is unaware that their actions are being monitored. It also has very legitimate uses

in studies of human-computer interaction. There are numerous keylogging methods, ranging

from hardware and software-based approaches to acoustic analysis.

2. Effect of keylogging

The effects of keylogging software can be devastating. From accounts on sites such as

skype and Facebook being hijacked to credit card and bank account numbers being stolen, a

keylogging program can basically be a catalyst for full scale identity effect.

3. Countermeasures

The effectiveness of countermeasures varies, because keyloggers use a variety of

techniques to capture data and the countermeasure needs to be effective against the

particular data capture technique. For example, an on-screen keyboard will be effective

against hardware keyloggers, transparency will defeat some screenloggers - but not all - and

an anti-spywareapplication that can only disable hook-based keyloggers will be ineffective

against kernel-based keyloggers.

Also, keylogger software authors may be able to update the code to adapt to

countermeasures that may have proven to be effective against them.

Anti keyloggers

Anti keylogger is a piece of software specifically designed to detect keyloggers on a

computer, typically comparing all files in the computer against a database of keyloggers

looking for similarities which might signal the presence of a hidden keylogger

Live CD/USB

Rebooting the computer using a Live CD or write-protected Live USB is a possible

countermeasure against software keyloggers.

Anti-spyware / Anti-virus programs Many anti-spyware applications are able to detect some software keyloggers and quarantine,

disable or cleanse them. However, because many keylogging programs are legitimate piece

of software under some circumstances.

Network monitors Network monitors (also known as reverse-firewalls) can be used to alert the user whenever

an application attempts to make a network connection. This gives the user the chance to

prevent the keylogger from "phoning home" with his or her typed information.

Automatic form filler programs Automatic form-filling programs may prevent keylogging by removing the requirement for a

user to type personal details and passwords using the keyboard.

9

One-time passwords (OTP) Using one-time passwords may be keylogger-safe, as each password is invalidated as soon

as it's used.

Security tokens Use of smart cards or other security tokens may improve security against replay attacks in

the face of a successful keylogging attack, as accessing protected information would require

both the (hardware) security token as well as the appropriate password/passphrase.

On-screen keyboards Most on screen keyboards (such as the onscreen keyboard that comes with Windows XP)

send normal keyboard event messages to the external target program to type text.

Keystroke interference software Keystroke interference software is also available.These programs attempt to trick keyloggers

by introducing random keystrokes, although this simply results in the keylogger recording

more information than it needs to.

Speech recognition Similar to on-screen keyboards, speech-to-text conversion software can also be used against

keyloggers, since there are no typing or mouse movements involved.

Handwriting recognition and mouse gestures Also, many PDAs and lately tablet PCs can already convert pen (also called stylus)

movements on their touchscreens to computer understandable text successfully.

10

DDOS-Attack

1. What is DDOS?

‘A distributed denial-of-service attack or DDoS attack is an attempt to make a machine or

network resource unavailable to its intended users. Although it generally consists of the

efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a

host connected to the Internet.

DoS: Is a software that makes your computer send (empty) packages.

DDoS: is a software that let other computers send (empty) packages.

Both causing the server or devise to crash or slow down.

2. Dangers of DDOS

Slowing down the server or devise to an unmanageable speed.

Permanent damage of the hardware or shutdown due to overheating.

Automatic shutdown of the server or computer.

Bad reputation for public servers if they don’t work.

3. How to stop one?

Updating your firewalls and downloading anti-ddos programs.

Traffic counter that count’s the amount of data/files send to the server, and sends a message

when the counter goes over the maximum.

By using a VPN (Virtual private network).

For servers and websites you can use Cloudflare.

11

Phishing

1. What is phishing?

Phishing is an attempt to acquire information like

usernames or password but also credit card information

this is done through various ways. One of the most

common ways is by email. The email is made through an

email spoofer so it contains the email address of a

company that is well known. In the email will most likely

contain a link to a website which contains malware or

another kind of virus or spyware. Another way is to make

an identical website from a popular company but with a

slight difference in the website address or a fake website

address made with the use of JavaScript.

2. Dangers:

The phisher can use the information gathered to access accounts you use on the internet

and can make changes to them and in the worst case scenario he can access your bank

account or other financial accounts and make transactions without you being aware of. He

can also use your identity to commit fraud.

3. Countermeasures & preventions:

If u know u are a victim from a phishing attempt make sure to change all you passwords and

report it. Forward phishing emails to spam@uce.gov, to the company impersonated in the

email and the local police. You also may report phishing emails to

reportphishing@antiphishing.org, http://www.ic3.gov/default.aspx.

Don’t click on links in emails unless u are certain they won’t harm your computer in any way.

Make sure you have turned on your web browser anti-phishing filter is turned on, but don’t

rely too much on it, search for an alternative program or see if your anti-virus has one.

12

Identity theft

Identity theft is a form of stealing someone's identity in which someone pretends to be

someone else by assuming that person's identity, typically in order to access resources or

obtain credit and other benefits in that person's name. The source of identity theft and online

fraud. Such authorization cannot provide a legal basis for national legislation subjecting to

tax the value added theft of goods from a tax warehouse.

13

Addictions and Who's vulnerable.

What is it?

Wikipedia says that Internet addiction has a specific name: “Internet addiction disorder (IAD), or, more broadly, Internet overuse, problematic computer use or pathological computer use, is excessive computer

use that interferes with daily life.”

That's a general idea, but if we go deeper, there are different subcategories inside this Internet addiction disorder:

• Cyber-Relationship Addiction: Addiction to social networking, chat rooms, and messaging to the point where virtual, online friends become more important than real-life relationships with family and friends. • Net Compulsions: Such as compulsive online gaming, gambling, stock trading, or compulsive use of online auction sites such as eBay, often resulting in financial problems. • Information Overload: Compulsive web surfing or database searching, leading to lower work productivity and less social interaction with family and friends.

How can you be vulnerable?

It is so easy to fall in each of these addictions, because it is easy to access to this websites or download the required software. Everybody that uses internet is vulnerable to become an addict. Everybody can create a Facebook account, and there is no problem with that, but it isn't so easy to erase it, or even log out. Also happens with the rest of websites, where you enter at some hour, and then the times goes faster. It will be too late when you realize you spent all the evening doing nothing. Internet gambling (as online poker) is also incredibly, you just go to a website, push a button admitting that you are of legal age (it does not have to be true) and, maybe, download some software to start playing. If you have a credit card, you can also lose your money quickly. It happens in shopping and auctions websites also, but without you have to download any software.

Measures to prevent it

It is very important to control the time spend and

14

how we act in the Internet (if your eyes hurt, it's time to leave it).

You have to be careful with online relationships, even if we believe we know the person we spoke to quite well, we can never be completely sure that we can trust him/her. Also, we must not forget our real-life relationships, and take care of them. We must put real care in the money we spend online. Never buy more than necessary (write the expenses on a paper near your keyboard helps a lot) and, if we are adults and we are sure that we want to play online (gambling), keep in mind the risk you run, control costs and time invested. Finally, here is a gold rule: If you have been connected to the internet a while and do not know what to do now, turn off your computer and do something else.

15

Who´s vulnerable

At first we need to define what the vulnerability is. Vulnerability is a failure or a weak point in the source code of a program, application, operating system, etc… that could be used to involve de integrity, availability, etc… In general terms a vulnerability allows when you use a determinate exploit (program that is used to attack), the failure in the program allow that a malicious user could execute any code or malicious command and this can take the control

of the program.

There are lots of vulnerabilities in the net, and this vulnerabilities can involve to all the people. First of all if we don´t have an antivirus we will be in risk because this is a vulnerability constant. We must install an antivirus and a firewall to protect de PC and protect us. Then we can found different risks on the net who can affect to different groups of people. The kids are a big group that have lots of risks. One of the risks come from paedophiles who can contact with them from social networks, chats or similar sites. Other risks is that a people who need money can kidnap the kids using the information that the kids upload to the net and then request money to release them. Other group of people in risk are the gambler addict, the can waste/lose a lot of money betting in different pages or playing cards or similar things. This group is vulnerable by a sickness not by a failure in a program. Other group in risk are older people who don´t became familiar with new technologies and can be scam by burglars with fake pages or fake advertisements. But there are some risks which can affect to all the people like trojans or spyware that can investigate us or stole information which install in our computer when we download things from not secure pages. In conclusion all the people is vulnerable from different questions, when we enter on the net independently of the age. We can protect us but always we will stay in danger.

16

Links

Scams, hoaxes and cookies

what is a Hoax or scam? http://www.wisegeek.org/what-is-a-hoax.htm http://www.fbi.gov/scams-safety/fraud/internet_fraud/ http://www.securitysupervisor.com/security-q-a/online-security/263-what-is-scam http://www.dhs.gov/internet-hoaxes http://www.slate.com/articles/life/longform/2013/01/manti_te_o_and_other_internet_hoaxes_a_longform_collection.html What can you do to counter a hoax or scam? http://www.scamdex.com/ http://www.consumer.ftc.gov/articles/0060-10-ways-avoid-fraud http://www.artscams.com/ http://www.scambusters.org/stopscammers.html What are the dangers of a hoax or Scam? http://www.symantec.com/connect/articles/virus-hoaxes-and-real-dangers-they-pose http://articles.winferno.com/antivirus/virus-hoax/ http://www.boardofethics.org/education/internet-fraud-the-dangers-you-as-a-new-unsuspecting-user-are-exposed-to-online http://www.net-security.org/secworld.php?id=10166 examples: http://www.hoax-slayer.com/latest-information.html http://www.hoax-slayer.com/ http://www.dogbreedinfo.com/internetfraud/scamemailexamples.htm what is a cookie? http://www.webopedia.com/TERM/C/cookie.html examples http://www.webopedia.com/TERM/C/cookie.html http://www.webopedia.com/TERM/S/session_cookie.html http://www.webopedia.com/TERM/P/persistent_cookie.html

Email scams & Keylogger

Examples of email scams:

http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm

YouTube video:

http://www.youtube.com/watch?v=Q0e-pPfITts

Watch if the email scam free is:

http://www.scamomatic.com/

17

Scamfilter:

http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP

6jbYCFcJZ3godkwoAGg

Examples of email scams:

http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm

YouTube video:

http://www.youtube.com/watch?v=Q0e-pPfITts

Watch if the email scam free is:

http://www.scamomatic.com/

Scamfilter:

http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP

6jbYCFcJZ3godkwoAGg

Links email scam:

http://nl.wikipedia.org/wiki/Phishing

http://www.zdnet.be/phishing/45727/wat-is-phishing-/

https://admin.kuleuven.be/icts/info/phishing

Links keylogger:

http://nl.wikipedia.org/wiki/Keylogger

http://www.mget.nl/hoe-verdedigen-tegen-keyloggers.html

http://gamecreator.hubpages.com/hub/Why-Keyloggers-are-extremely-dangerous

Phishing

http://www.internet-safety-solutions.com/phishing-

prevention.html#phishingpreventionguidelines

http://nl.wikipedia.org/wiki/Phishing

http://www.onguardonline.gov/phishing

http://www.ogone.be/nl/Contact/Phishing%20Attack.aspx

http://www.us-cert.gov/report-phishing

18

Made by the pupils from:

SO-Zenit, Belgium

IES Fernández Vallín, Spain

Colegiul National “Nichita Stanescu”, Romania

Lycée Saint Marc, France

Střední průmyslová škola elektrotechnická a informačních

technologíí, Czech Republic