eSecurity 1 - Personal Data

Question 1

What’s personal data?

Answer 1

Any data that relates to you + your identity.

Question 2

Examples of personal data

Answer 2

• Name
• Address
• Telephone number
• Email address
• Bank details
• Medical records
• Salary
• Political opinions

Question 3

What’s the danger of revealing any of your personal data?

Answer 3

Exposing yourself to identity theft, fraud, bullying and blackmail.
The moment you reveal any personal data to another, you are providing them with the potential to harm you or your identity.

Question 4

Guidelines to keep your computer safe 1

Regarding data

Answer 4

1. Have strong passwords set on any account that holds personal data. Stronger passwords include characters, numbers and symbols and are not recognisable as words.
2. Encrypt (scramble text so that it cannot be read without a decryption key) any personal data that you store on your computer.
3. Make use of any biometric devices (devices that measures a person’s biological data, such as thumbprints), that are built into technology.

Question 5

Guidelines to keep your computer safe 2

Regarding software

Answer 5

1. Have a firewall present, scanning incoming and outgoing data from your computer system.
2. Regularly scan your computer with preventative software, such as an anti-virus package, that is used to identify a virus on a computer and remove it.
3. Set all privacy controls to the most secure settings that are available on social media accounts

Question 6

Guidelines to keep your computer safe 3

Regarding what you visit

Answer 6

1. Do not open any email attachments from a sender you do not recognise.
2. Check the URL attached to any link requesting data to see if it is genuine.
3. If it is possible, use a virtual private network (VPN), an encrypted connection that can be used to send data more securely across a network.

Question 7

Guidelines to keep your computer safe 4

Regarding your data

Answer 7

1. Only visit and provide data to websites that are a trusted source.
2. Remove data about your location that is normally attached to your photos and videos that you may post, such as geotags (an electronic tag that assigns a geographical location).

Question 8

Guidelines to keep your computer safe 5

Regarding interactions with others

Answer 8

1. Report and block and suspicious user.
2. Use a nickname or pseudonym when using the internet for entertainment, for example, playing online games.
3. Do not become friends on social networking sites with people you do not know.
4. Be cautious about any pictures or opinions that you post or send to people.

Question 9

How is personal data collected?

Answer 9

• Shoulder surfing
• Phishing
• Smishing
• Vishing
• Pharming

Question 10

What’s shoulder surfing?

Answer 10

Shoulder surfing is the ability to get information or passwords by observing as someone types them in. Could be physically, CCTV (stay behind ATM).

Question 11

What’s Phising?

Answer 11

When a person sends a legitimate looking email to a user. The email contains a link to a website that also looks legitimate. The user is encouraged to click the link and to input personal data into a form on the website ot just ask the user to reply to the email with their personal data.
Its main aim is to obtain user’s personal data.

Question 12

What does the person do with the data in phishing?

Answer 12

This person can then use this data for criminal acts, for example, to commit fraud or steal the person’s identity.

Question 13

What’s a common feature of phishing emails?

Answer 13

Intimidation, threatening the user that they must click the link and rectify a situation immediately, or there will be a further issue.

Question 14

How to recognise phishing 1

Who? Where?

Answer 14

1. Don’t even open email that is not from a sender that you recognise or a trusted source.
2. Legitimate companies will send an email that uses their domain name. If this does not look legitimate, for example, does not contain the correct domain name, then it is probably fake.
3. A link in an email from a legitimate company will also normally contain the domain name of the company. See the address of the URL that is attached. If the URL does not contain the domain name, or also contains typical errors such as spelling mistakes, then be suspicious of this.

Question 15

How to recognise phishing 2

What?

Answer 15

1. Legitimate companies will never ask for your personal data using email. Be immediately suspicious of any email that requests your personal data.
2. Legitimate companies will normally address you by your name. Be suspicious of any email that addresses you as ‘Dear Member’ or ‘Dear Customer’.
3. Legitimate companies are protective of their professional reputation and thoroughly check any communications. They will make sure that all information given is grammatically correct are correctly spelt. Be suspicious of any email that contains bad grammar or spelling mistakes.

Question 16

What’s Smishing?

Answer 16

Variant of phishing that uses SMS text messages to lure the user into providing their personal details. The user is sent an SMS text message that either contains a link to a website, or it will ask the user to call a telephone number to resolve an urgent issue.

Question 17

Extra advice for smishing

Answer 17

1. Question at all times any links that are sent from an unknown or suspicious user. It is advisable that if a user believes the message may be legitimate, to type in the domain name for the legitimate company website into their web browser, rather than following the link in the message.
2. Users should block any numbers that they believe are suspicious to prevent any further risk of smishing from that number.

Question 18

What’s vishing?

Answer 18

Vishing has the same aim as phishing, but it’s via a telephone call that could either be an automated system or could be a real person.

An automated voice could speak to the user and advise them that an issue has occurred, such as there has been suspicious activity regarding their bank account. The user may then be asked to call another number, or just to simply press a digit and be directed to another automated system. This system will then ask them to provide their bank account details (log-in/PIN details) to resolve the issue. The bank account details have been obtained by the unauthorised user and can be used to commit a crime against the user.

Question 19

How can you prevent vishing?

Answer 19

1. No company will ever call you and ask you to provide any log-in details or PIN details over the telephone.
2. They may ask you to provide other personal information, and if you are in doubt that the person on the other end of the phone is legitimate, it is always advisable to put the phone down and call the company back on a legitimate number that you may already know or can obtain.

Question 20

What’s pharming?

Answer 20

When an unauthorised user installs malicious code on a person’s hard drive or server. The code is designed to redirect a user to a fake website when they type in the address of a legitimate one. The fake website is designed to look like the legitimate one, to make sure they are not aware that their request has been redirected. The user will then enter their personal details into the fake website, believing it is the legitimate one, and the unauthorised person will now have their personal data.

Question 21

What’s a common technique used in pharming?

Answer 21

Domain name server (DNS) cache poisoning. This technique exploits vulnerabilities in the DNS and diverts the internet traffic intended for a legitimate server toward a fake one instead.

Question 22

How is the pharming code installed?

Answer 22

They often hide the malicious code in an email attachment or link. When the user opens the email attachment or clicks on the link, the malicious code is downloaded also.

Question 23

Pharming prevention

Answer 23

Have a firewall installed and operational. It could detect and block suspicious traffic, such as malicious code trying to enter your system.

Have an anti-virus program installed.

Be careful using public Wi-Fi connections. A hacker could look to directly access your computer and install the malicious code if you are connected to a public Wi-Fi connection. It is often advisable to use a VPN when using public Wi-Fi. This will help shield your internet activity and personal details from a hacker, making it more difficult for them to access your computer.

Question 24

What does a firewall do?

Answer 24

A firewall monitors incoming and outgoing traffic from your computer. It checks this traffic against a set of rules and will flag and stop any traffic that does not meet the criteria. A firewall could detect and block suspicious traffic, such as malicious code trying to enter your system.

Question 25

What does an anti-virus do?

Answer 25

It is designed to detect malicious pharming code. You need to scan your computer on a regular basis to check for any malicious code. It is advisable to set up an automatic scan on a daily basis at a time when your computer will normally be switched on. It is important that your anti-virus software is also kept up to date, and you should ensure that your software frequently checks for updates.

Some anti-virus software can be set for real-time checking. This means that all programs that are requested for download are immediately checked for viruses. If the anti-virus detects the presence of a virus, it will alert the user and tell them not to download the file as it contains a virus.

Question 26

What is another way pharming could occur related to another social engineering technique?

Answer 26

Smishing can also be used as a form of pharming. A user is sent a link, that when they click is designed to download malware onto their mobile device. Therefore, it is advisable to have security software installed on your mobile device and also scan it regularly to detect any presence of malware.