Online identity theft and Security

Identity theft
The fraudulent acquisition and use of person’s private identifying information, usually for financial gain. It can be divided into two broad categories:

Credit card fraud
Credit card frauds committed by making use of credit/debit card of others for obtaining goods or services. The threat emerge due to stealing of information like Credit card number, PIN number, password etc. Theft of cards and cloning of cards are also employed to commit such frauds. Hackers use complex techniques like Phishing, Skimming etc. to gain credit card information from innocent users.

Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Skimming
Skimming is the theft of credit card / Debit card information. Thief can procure victim's credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victim’s credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card and makes note of card details for further use.

Vishing
It is one of the method of social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and “phishing” is called as “Vishing”.

Social Engineering
Social engineering involves gaining trust hence the fraudster poses as a member of staff or even security guard. The fraudster would then ask the customer to check the card for damages. The fraudster would have gained confidence from his prey using various tactics such as offering assistance to the customer who perhaps would have tried to use the ATM without success or perhaps the customer who is not familiar with use of ATM machine and requires assistance.

Steps to be followed before Credit card & Debit card/ATM card usage 

1. Whenever you receive the card from the bank make sure the mail is completely sealed and there is no damage.
2. Whenever you receive the card from the bank immediately sign on the card.
3. Try to cover the last three digit number on the card.
4. Register your phone number to check the account transactions.
5. Change the pin number immediately.

Secure usage of credit/Debit cards at Shopping malls and Restaurant

• Always keep an eye how the vendor swipe your card.
• Always make sure that the transactions happen at your presence.
• Never sign a blank credit card receipt. Carefully draw a line through blank portions of the receipt where additional charges could be fraudulently added.
• Don’t give away your personal information in the survey forms given in restaurants/shopping malls.

Detect Virus in Computer

Many of us wonder how our Antivirus software scans for virus, worm, trojan. When we scan a computer or folder or local drive for virus what actually happens during the virus scan period?

What are techniques applied to trace the virus existence in computer?

There are five (5) techniques used by anti virus program to detect virus:
1. Signature Based Scan.
2. Heuristic Based Scan.
3. Threat Sense Technology.
4. Artificial Intelligence.
5. Proactive Defense.

Signature Based Scan:
Traditionally, Antivirus solutions have relied strongly on signature-based scanning, also referred to as “scan string-based technologies”. Signature based scanning anti virus program searches within given files for the presence of certain strings (also only in certain regions). If these predefined strings are found, then antivirus report “A Threat has been detected”.

According to Mcafee Lab, hundreds of viruses are released every day on internet, so it’s gigantic task to catch all those viruses. So, anti virus research labs will be working round the clock in tracking of new viruses and then designing new patches to anti virus program so, in this way anti virus program detect the latest unknown viruses and threats.

Heuristic Based Scan:
The first heuristic engines were introduced to detect DOS viruses in 1989. Heuristic is an adjective for methods that help in problem solving. In this scanning, anti virus program searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus.

Threat Sense Technology:
Earlier when a virus was found in computer then it was detected by antivirus experts after many days. By that period of time virus had done enough damage to millions of computers around the world. Now a days anti virus experts designed Threat Sense Technology, this technology monitoring the computer activities when a certain files does suspicious activity in computer, anti virus program keep eye on that file. Next, when you update your anti virus these files are send to anti virus labs of that anti virus that you are using. The security experts then analyze the file, if it is a virus or malicious code then they make it’s signatures and updates the anti virus program. So in this way virus can be caught by anti virus program within very short period of time.

Artificial Intelligence:
These programs monitor you computer activities. If any dangerous or specious activity occurred by a file, then anti virus program inform the user and give some options to user to perform certain actions. Now user of that computer has to take decision whether it is a virus file or something useful file. If user takes wrong decision then the software which is reported by anti virus get corrupted and antivirus quarantined.

Proactive Defense:
There is another technology in anti virus program is “Proactive Defense”. When any program or process in computer gets executed, then “Proactive Defense” tells the user about the activity of the program and asks user whether to allow it or to block the program or process execution.

Files get corrupt by Hackers

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a website. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses. However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including
Interfering with your computer's ability to process information by consuming memory or bandwidth
Installing, altering, or deleting files on your computer
Giving the attacker access to your computer
Using your computer to attack other computers

How can you protect yourself?

Use and maintain anti-virus software: Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Use caution with email attachments: Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first. Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads and opens attachments, check your settings to see if you can disable this feature.

Be ware of downloadable files on websites: Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a website certificate. If you do download a file from a website, consider saving it to your computer and manually scanning it for viruses before opening it.

Keep software up to date: Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

Take advantage of security settings: Check the security settings of your email client and your web browser. Apply the highest level of security available that still gives you the functionality you need.