Internet safety 14's by Ben Bastiaensen

2012-2013 Internet Safety 14â&#x20AC;&#x2122;s

Preface We’re glad you’re reading the “Internet Safety 14’s” eBook. This has been the result of the work of the pupils in the eTwinning project “Internet Safety & Digital Footprints”. In this projects the pupils have been investigating issues related to internet safety like cyberbullying, trolling, identity theft, etc. During this project some partners delivered workshops at their schools during Safer Internet Day 2013. All results are bundled in the eBook, or can be found on the website.

The Subjects This mindmap was build based on the input of all involved pupils. Each country created their own mindmap. Afterwards we compared these mindmaps and created a common one. This is the result.

Scams, hoaxes and cookies 1. what is a Hoax or scam? A Hoax is an act of deception, it is designed to trick people into doing something they might normally wouldn’t do or accepting something as genuine knowledge. Their initial intent was for use of practical jokes through the use of the internet, but like so many things it quickly evolved into something greater. Today the most common use for a Hoax is to rip people off or even stealing their entire identity. But even although a lot of Hoaxes are harmful in many ways, there are also a few hoaxes that are intended in doing the exact opposite of harming the receiver, they try to sensibilitate the receiver in certain dangers or try to make sure that certain social situations are known to a broad public. A lot of these modern day hoaxes are most of the time send by e-mail, usually filled to the brim with pictures and flashy pieces of text, yet when the people click on anything they see the truth behind it (this is only with the hoaxes that are intended as practical jokes). The harmful hoaxes don’t have this mechanism and are solely used for personal gain and or financial accounts. As scam is roughly the same as a harmful hoax, only the scam produces more legitimate sources and are more professional. They look in fact so real that most people wouldn’t see the difference between a general commercial and a scam. A scam is only used for financial or personal gain, they generally don’t ask for your personal information or bank accounts.

2. A few examples of hoaxes and scams: Some of you might have come across a few scams yourself already. They are sent to almost everybody who has an e-mail account. A few of these scams and hoaxes are: - The chainmail - A mail from an unknown person who claims to know you - An commercial for an unknown product - Personal information request - A free product give-away in replacement of an old or expired product Most chainmail’s: are pretty innocent, they usually just ask you to send the e-mail to other people in exchange for a girlfriend, the happiest day of your life,…. Some actually trick people into pressing alt F4 which turns of your pc. A mail from an unknown person who claims to know you actually is a virus in disguise: never open them for when you click them you haul in the virus. An commercial for an unknown product: It could also be a virus but most of the time it’s a trick to get a lot of money from an unknowing person who thinks he/she really will get something in return. Personal information requests: are imposters who will ask for your personal data. Data that might be requested ranges from Bank accounts to identities to even just usernames and passwords. A free product give-away in replacement of an old or expired product: also send a virus when opened by the receiver.

3. What can you do to counter hoaxes and scams? It is not hard to check if the mail that has been send is a real ad or a scam/hoax, a few things you could do are: - Check the company out by typing the name into the googlesearchbar and check the site out - Don’t give away your information to anybody, unless you are sure that person is to be trusted (so in general to someone you know really well) and if you still need to send the information, send it through a live chat room, not through e-mail. - DO NOT reply to any e-mails asking for personal information. - Read the e-mails carefully, they usually contain a hint to the fact that it is real or fake(most of the time in the small letters). - Lotteries from a foreign country are, most of the time, scams or hoaxes to There are a few programs who scan the e-mails to check if they are real or not. Although you shouldn’t rely on them and it is hard to find one that is good or not a virus itself. The best method to counter hoaxes and scams is still to clear those e-mails and close the messages immediately. Delete all e-mails from people you do not know. If you get an e-mail from a friend with a weird title or a different writing style ask those people if the send that email. And never ever send the e-mail to someone else! We cannot stress this enough. This way the scam/hoax just continuous on, and this way the creator of the hoax or scam doesn’t have to do anything to continue stealing information from people. A lot of antivirus systems also help protect you from these hoaxes, although the creators of these hoaxes are always developing new methods of getting around these antivirus systems.

4. What are the dangers of a scam and or hoax? There are a lot of dangers from these hoaxes and scams, going from small things like a password from a site you use (youtube, facebook,….) to things of personal value or great importance (pin-codes, Id,….). The biggest problem about the hoaxes and scams are that you never know what the hoax or scam steals from you. The creators of these hoaxes and scams are sending so many viruses these days that people are starting to ignore these alerts, most of the viruses from hoaxes and scams are still small but these people will also not notice when larger and more dangerous than those smaller previous viruses.

5. Cookies, what are they and what do they do? Cookie, it’s a message given to a web browser by the web server. The browser stores the message in a text file. The message is send back to the server each time you visit the site, the browser will send the text file back. There are 2 kind of cookies, the session cookies and the persistent cookies. A session cookie(also called a transient cookie): a cookie that is erased when the user closes his web browser. The cookie is in the temporary memory of the browser and does not save when the browser closes. These cookies are safe, they don’t collect information from the user his computer. They will store information in the form of a session identification that doesn’t personally identify you. 4

A persistent cookie(also called a permanent cookie or stored cookie): a cookie that is stored on the user’s hard drive, these expire after a time that’s set in the cookie file, or when the user deletes the file. They are made to collect identifying information about the user(web surfing behaviour or user preferences, …). The persistent cookies carries personal information and are more dangerous than the session cookies.

6. The danger from cookies. There are 2 cookies, first-party and third-party. First-party cookies are placed on your computer by the website that you visit; they are generally used by the websites you visit to identify your computer, especially on return visits to the same site. Third-party cookies, the most problematic of the two types, are placed on your computer by a party other than the website you are visiting--for instance, a third-party advertising company that wants to keep track of where you shop and what you buy. Third-party cookies are the primary source for online identity theft through cookies. Also Third-party cookies can track all the websites you visit every time. They can contain any of the information you enter on any website. Because of that these cookies not only have information about which sites you visit, but they might also contain user name, password and bank or credit card account information. Cookie thieves or cookie hijackers tap into the cookie files and steal the information.

7.How can I prevent cookies from saving on my computer? You can disable cookies in various web browsers, but this is not always the best thing to do. Some websites need those cookies to function, also the first-party cookies are not dangerous. Another thing you can do is delete the cookies on your hard disk. And don’t give sites personal information, the site can’t save the personal information in the cookie. If you don’t trust the website than just don’t fill anything in on the website. If you want to delete your cookies. For Windows Me, Windows 98, Windows NT or Windows 95 then cookie folder is in one of these locations: C:\Windows\Cookies\ C:\Windows\Profiles\<username>\Cookies… If you have Windows XP or Windows 2000 then cookie folder is in this location (note that on your PC it can be on other drive instead of drive C): C:\Documents and Settings\<username>\Cookies\ Please be careful some “cookies” are no cookies and Windows and Internet explorer use them all the time, deleting those can make problems in IE and Windows.

Email Scams 1. What is a email scam or Phishing? Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. A phishing technique was described in detail in 1987, and (according to its creator) the first recorded use of the term "phishing" was made in 1995. The term is a variant of fishing, probably influenced by phreaking and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.

2. Damage caused by phishing The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims. In 2007, phishing attacks escalated. 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007. Microsoft claims these estimates are grossly exaggerated and puts the annual phishing loss in the US at US$60 million. In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to GB£23.2m in 2005, from GB£12.2m in 2004, while 1 in 20 computer users claimed to have lost out to phishing in 2005. The stance adopted by the UK banking body APACS is that "customers must also take sensible precautions ... so that they are not vulnerable to the criminal." Similarly, when the first spate of phishing attacks hit the Irish Republic's banking sector in September 2006, the Bank of Ireland initially refused to cover losses suffered by its customers (and it still insists that its policy is not to do so), although losses to the tune of €11,300 were made good.

3. How do you recognize a phishing-mail? Mostly a phishing-mail is very recognizable:       

the mail mostly emphasizes that it's urgent and that it's important that you need to reply very fast -The mail threatens to lose information when you don't reply - In the mail it mostly asks for user data and/or passwords -The mail is often written in sloppy Dutch or sloppy English -The sender looks very important, but it isn't -Mostly the mail is unpersonnaly adressed to you like "dear customer" -They mostly use wrong internet adresses in this kind of mails

Keylogging 1. What is a keylogger? Keystroke logging, more often called keylogging, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. It also has very legitimate uses in studies of human-computer interaction. There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis.

2. Effect of keylogging The effects of keylogging software can be devastating. From accounts on sites such as skype and Facebook being hijacked to credit card and bank account numbers being stolen, a keylogging program can basically be a catalyst for full scale identity effect.

3. Countermeasures The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screenloggers - but not all - and an anti-spywareapplication that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers. Also, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.

Anti keyloggers Anti keylogger is a piece of software specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers looking for similarities which might signal the presence of a hidden keylogger

Live CD/USB Rebooting the computer using a Live CD or write-protected Live USB is a possible countermeasure against software keyloggers.

Anti-spyware / Anti-virus programs Many anti-spyware applications are able to detect some software keyloggers and quarantine, disable or cleanse them. However, because many keylogging programs are legitimate piece of software under some circumstances.

Network monitors Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.

Automatic form filler programs Automatic form-filling programs may prevent keylogging by removing the requirement for a user to type personal details and passwords using the keyboard.

One-time passwords (OTP) Using one-time passwords may be keylogger-safe, as each password is invalidated as soon as it's used.

Security tokens Use of smart cards or other security tokens may improve security against replay attacks in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase.

On-screen keyboards Most on screen keyboards (such as the onscreen keyboard that comes with Windows XP) send normal keyboard event messages to the external target program to type text.

Keystroke interference software Keystroke interference software is also available.These programs attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to.

Speech recognition Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since there are no typing or mouse movements involved.

Handwriting recognition and mouse gestures Also, many PDAs and lately tablet PCs can already convert pen (also called stylus) movements on their touchscreens to computer understandable text successfully.

DDOS-Attack 1. What is DDOS? ‘A distributed denial-of-service attack or DDoS attack is an attempt to make a machine or network resource unavailable to its intended users. Although it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. DoS: Is a software that makes your computer send (empty) packages. DDoS: is a software that let other computers send (empty) packages. Both causing the server or devise to crash or slow down.

2. Dangers of DDOS Slowing down the server or devise to an unmanageable speed. Permanent damage of the hardware or shutdown due to overheating. Automatic shutdown of the server or computer. Bad reputation for public servers if they don’t work.

3. How to stop one? Updating your firewalls and downloading anti-ddos programs. Traffic counter that count’s the amount of data/files send to the server, and sends a message when the counter goes over the maximum. By using a VPN (Virtual private network). For servers and websites you can use Cloudflare.

Phishing 1. What is phishing? Phishing is an attempt to acquire information like usernames or password but also credit card information this is done through various ways. One of the most common ways is by email. The email is made through an email spoofer so it contains the email address of a company that is well known. In the email will most likely contain a link to a website which contains malware or another kind of virus or spyware. Another way is to make an identical website from a popular company but with a slight difference in the website address or a fake website address made with the use of JavaScript.

2. Dangers: The phisher can use the information gathered to access accounts you use on the internet and can make changes to them and in the worst case scenario he can access your bank account or other financial accounts and make transactions without you being aware of. He can also use your identity to commit fraud.

3. Countermeasures & preventions: If u know u are a victim from a phishing attempt make sure to change all you passwords and report it. Forward phishing emails to spam@uce.gov, to the company impersonated in the email and the local police. You also may report phishing emails to reportphishing@antiphishing.org, http://www.ic3.gov/default.aspx. Donâ&#x20AC;&#x2122;t click on links in emails unless u are certain they wonâ&#x20AC;&#x2122;t harm your computer in any way. Make sure you have turned on your web browser anti-phishing filter is turned on, but donâ&#x20AC;&#x2122;t rely too much on it, search for an alternative program or see if your anti-virus has one.

Identity theft Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The source of identity theft and online fraud. Such authorization cannot provide a legal basis for national legislation subjecting to tax the value added theft of goods from a tax warehouse.

Addictions and Who's vulnerable. What is it? Wikipedia says that Internet addiction has a specific name: “Internet addiction disorder (IAD), or, more broadly, Internet overuse, problematic computer use or pathological computer use, is excessive computer use that interferes with daily life.”

That's a general idea, but if we go deeper, there are different subcategories inside this Internet addiction disorder: • Cyber-Relationship Addiction: Addiction to social networking, chat rooms, and messaging to the point where virtual, online friends become more important than real-life relationships with family and friends. • Net Compulsions: Such as compulsive online gaming, gambling, stock trading, or compulsive use of online auction sites such as eBay, often resulting in financial problems. • Information Overload: Compulsive web surfing or database searching, leading to lower work productivity and less social interaction with family and friends.

How can you be vulnerable? It is so easy to fall in each of these addictions, because it is easy to access to this websites or download the required software. Everybody that uses internet is vulnerable to become an addict. Everybody can create a Facebook account, and there is no problem with that, but it isn't so easy to erase it, or even log out. Also happens with the rest of websites, where you enter at some hour, and then the times goes faster. It will be too late when you realize you spent all the evening doing nothing. Internet gambling (as online poker) is also incredibly, you just go to a website, push a button admitting that you are of legal age (it does not have to be true) and, maybe, download some software to start playing. If you have a credit card, you can also lose your money quickly. It happens in shopping and auctions websites also, but without you have to download any software.

Measures to prevent it It is very important to control the time spend and 13

how we act in the Internet (if your eyes hurt, it's time to leave it). You have to be careful with online relationships, even if we believe we know the person we spoke to quite well, we can never be completely sure that we can trust him/her. Also, we must not forget our real-life relationships, and take care of them. We must put real care in the money we spend online. Never buy more than necessary (write the expenses on a paper near your keyboard helps a lot) and, if we are adults and we are sure that we want to play online (gambling), keep in mind the risk you run, control costs and time invested. Finally, here is a gold rule: If you have been connected to the internet a while and do not know what to do now, turn off your computer and do something else.

Who´s vulnerable At first we need to define what the vulnerability is. Vulnerability is a failure or a weak point in the source code of a program, application, operating system, etc… that could be used to involve de integrity, availability, etc… In general terms a vulnerability allows when you use a determinate exploit (program that is used to attack), the failure in the program allow that a malicious user could execute any code or malicious command and this can take the control of the program. There are lots of vulnerabilities in the net, and this vulnerabilities can involve to all the people. First of all if we don´t have an antivirus we will be in risk because this is a vulnerability constant. We must install an antivirus and a firewall to protect de PC and protect us. Then we can found different risks on the net who can affect to different groups of people. The kids are a big group that have lots of risks. One of the risks come from paedophiles who can contact with them from social networks, chats or similar sites. Other risks is that a people who need money can kidnap the kids using the information that the kids upload to the net and then request money to release them. Other group of people in risk are the gambler addict, the can waste/lose a lot of money betting in different pages or playing cards or similar things. This group is vulnerable by a sickness not by a failure in a program. Other group in risk are older people who don´t became familiar with new technologies and can be scam by burglars with fake pages or fake advertisements. But there are some risks which can affect to all the people like trojans or spyware that can investigate us or stole information which install in our computer when we download things from not secure pages. In conclusion all the people is vulnerable from different questions, when we enter on the net independently of the age. We can protect us but always we will stay in danger.

Links Scams, hoaxes and cookies what is a Hoax or scam? http://www.wisegeek.org/what-is-a-hoax.htm http://www.fbi.gov/scams-safety/fraud/internet_fraud/ http://www.securitysupervisor.com/security-q-a/online-security/263-what-is-scam http://www.dhs.gov/internet-hoaxes http://www.slate.com/articles/life/longform/2013/01/manti_te_o_and_other_internet_hoaxes_ a_longform_collection.html What can you do to counter a hoax or scam? http://www.scamdex.com/ http://www.consumer.ftc.gov/articles/0060-10-ways-avoid-fraud http://www.artscams.com/ http://www.scambusters.org/stopscammers.html What are the dangers of a hoax or Scam? http://www.symantec.com/connect/articles/virus-hoaxes-and-real-dangers-they-pose http://articles.winferno.com/antivirus/virus-hoax/ http://www.boardofethics.org/education/internet-fraud-the-dangers-you-as-a-newunsuspecting-user-are-exposed-to-online http://www.net-security.org/secworld.php?id=10166 examples: http://www.hoax-slayer.com/latest-information.html http://www.hoax-slayer.com/ http://www.dogbreedinfo.com/internetfraud/scamemailexamples.htm what is a cookie? http://www.webopedia.com/TERM/C/cookie.html examples http://www.webopedia.com/TERM/C/cookie.html http://www.webopedia.com/TERM/S/session_cookie.html http://www.webopedia.com/TERM/P/persistent_cookie.html

Email scams & Keylogger Examples of email scams: http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm YouTube video: http://www.youtube.com/watch?v=Q0e-pPfITts Watch if the email scam free is: http://www.scamomatic.com/

Scamfilter: http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP 6jbYCFcJZ3godkwoAGg Examples of email scams: http://netforbeginners.about.com/od/scamsandidentitytheft/ss/top10inetscams_2.htm YouTube video: http://www.youtube.com/watch?v=Q0e-pPfITts Watch if the email scam free is: http://www.scamomatic.com/ Scamfilter: http://www.spamfighter.com/SPAMfighter/Lang_NL/Adw1.asp?cid=adwsfbe&gclid=CLruwKP 6jbYCFcJZ3godkwoAGg Links email scam: http://nl.wikipedia.org/wiki/Phishing http://www.zdnet.be/phishing/45727/wat-is-phishing-/ https://admin.kuleuven.be/icts/info/phishing Links keylogger: http://nl.wikipedia.org/wiki/Keylogger http://www.mget.nl/hoe-verdedigen-tegen-keyloggers.html http://gamecreator.hubpages.com/hub/Why-Keyloggers-are-extremely-dangerous

Phishing http://www.internet-safety-solutions.com/phishingprevention.html#phishingpreventionguidelines http://nl.wikipedia.org/wiki/Phishing http://www.onguardonline.gov/phishing http://www.ogone.be/nl/Contact/Phishing%20Attack.aspx http://www.us-cert.gov/report-phishing

Made by the pupils from: SO-Zenit, Belgium IES Fernández Vallín, Spain Colegiul National “Nichita Stanescu”, Romania Lycée Saint Marc, France Střední průmyslová škola elektrotechnická a informačních technologíí, Czech Republic