230 likes | 307 Views
Cyber Stalking, Fraud, Abuse CSCE 201. Reading. Required: Chapter 3 from textbook Interesting: Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace, http://csis.pace.edu/~dwyer/research/DwyerAMCIS2007.pdf. Internet Safety.
E N D
Cyber Stalking, Fraud, Abuse CSCE 201
Reading • Required: • Chapter 3 from textbook • Interesting: • Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace, http://csis.pace.edu/~dwyer/research/DwyerAMCIS2007.pdf
Internet Safety • Technical vulnerabilities • Software, hardware, applications • Assurance • Usability • Non-technical vulnerabilities • Fraud • Scam • Social engineering • Stalking
How Internet Fraud Works? • Investment offers • Email • News letter • Common Schemes • Outrageous sum of money • Asks for small amount to be invested • Check US Secret Service bulletin, http://www.sec.gov/investor/alerts • Why would a stranger trust and reward you?
FROM THE OFFICE OF MR.MOHAMMED BELLO.CHIEF ACCOUNTANT NIGERIA NATIONAL PETROLEUM CORPORATION (NNPC),FEDERAL SECRETARIAT IKOYI, LAGOS-NIGERIA REQUEST FOR URGENT CONFIDENTIAL BUSINESS RELATIONSHIP Dear Sir/Madam. I,on behalf of my other colleagues from different federal government of Nigeria owned parastatals decided to solicit your assistance as regards transfer on the above-mentioned amount into your account. This fund arose from over-invoicing of various contract awarded in our parastatals to certain foreign contractors sometime ago. We as holders of sensitive positive positions in our various parastatals were mandated by the federal government to scrutinize all payments made to certain foreign contractors and we discovered that some of the contracts they executed were grossly over-invoiced either by omission or commission. Also we discovered that the sum of us$33.5M [thirty three million five hundred thousand U.S. Dollars only] was lying in a suspense account, although the foreign contractors were fully paid their contract entitlement after the execution the said contracts.… We are therefore, soliciting your assistance so that the remaining amount of U.S.$28.5M Can be speedily processed and fully remitted into your nominated bank account. On successful remittance of the fund into your account, you will be compensated with 30% of the total amount for your assistance and services.So far, much have been said and due to our sensitive positions, we cannot afford a slip in this transaction, neither can we give out our identity, as regards our respective offices, but where relationship is established and smooth operation commences, you will be furnished with all you deserve to know.… Yours Faithfully, Mr. Mohammed Bello, NNPC Chief accountant.
Investment Advise • Biased advertisement • Investment news letters – must disclosed if paid advertisement (but they don’t always do so) • Pump and dump • Purchase worthless stock • Artificially inflate stock prices • Sell at high price • US Securities and Exchange Commission, http://www.sec.gov/investor/pubs/pump.htm
How to Avoid InvestmentFraud? • Consider source • Verify claims • Research the company • Beware of high-pressure tactics • Be skeptical • Research investment opportunity Source: Wikipedia, https://en.wikipedia.org/wiki/Pyramid_scheme How about Internet pyramid-scheme?
Auction Fraud • US Federal Trade Commission • Types of frauds • Failure to sent merchandise • Sending something of lesser value • Failure to deliver in timely manner • Failure to disclose all relevant facts • Bidding frauds: • shill bidding • bid shielding • bid siphoning
Identity Theft • US department of justice, http://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud • “ Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. ” • It is a CRIME!
Methods of Identity Thefts • Social engineering • Phishing • Social network • Technical (break-ins, RFID readers, communication compromise, web application insecurity) How do you accept social network connection requests?
Social Relationships • Communication context changes social relationships • Social relationships maintained through different media grow at different rates and to different depths • No clear consensus which media is the best
Internet and Social Relationships • Internet • Bridges distance at a low cost • New participants tend to “like” each other more • Less stressful than face-to-face meeting • People focus on communicating their “selves” (except a few malicious users)
Privacy in Social Networks • Current support for security is limited • Common Access Categories: Public, Group Membership, “Friend” • No support for differentiating relationship “closeness” • “Friend” connections must be symmetric, unlike reality • Users often do not use existing security features • Hard-coded into the system • Owners have system dependent access categories
Security & Privacy Issues • Malware exploiting social networks • Malicious banner ads • Adware • Phishing attacks’ • Customizable scripts • Facebook’s attempt: make visible relationship actions to entire social group • Everyone reading everyone’s shared information
Behavioral Profiling • SN users: post personal information for friends, family, and … the World • Data Mining applications pattern of behavior • Misuse of information:Identity thefts, Scam, Phishing • Risk of third party applications! • Facial recognition of friends of friends • Relationships • Targeted advertisement • Marketing tools
Privacy? • SN and privacy issues in early research stage • Users tend to give out too much information • Privacy thresholds vary by individuals • What are the long term effects?
Lack of Legislation • Reactive procedures • Not addressed improper acts • Lack of technical expertise of legal personnel
Next Class • Secure online activities