Week 3 - Recognizing and Combatting Cybercrime
As technology advances, the impact of cybercrime is becoming more costly and frequent. Law enforcement, government, industry, and individual citizens all play a vital role in mitigating adverse impact to our schools, communities, and personal well-being. Incidents ensue through every day ‘phishing’ emails masked behind trusted sources, in infected websites that unknowingly capture personal information when entered, and as persuasive links that lock files until a ransom is paid. Week 3 focuses on the signs of criminal intent through technology and what individuals can do to detect and prevent cybercrime.
Learn to recognize phishing attacks in emails or websites. These can infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.
The following messages, from the Federal Trade Commission’s OnGuardOnline, are examples of what attackers may email or text when phishing for sensitive information:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information.Please click here to update and verify your information."
"Our records indicate that your account was overcharged. You must call us within 7days to receive your refund."
To see examples of actual phishing emails, and steps to take if you believe you received a phishing email, please visit http://www.IRS.gov/uac/report-phishing.
- When in doubt, throw it out: Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious – even if you know the source – it’s best to delete or, if appropriate, mark it as "junk email." Contact the company or individual directly (via phone) to be sure the email is not legitimate.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Use stronger authentication: Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password. Create unique passwords for each account. Keeping separate passwords for every account helps thwart cybercriminals.
- Guard your personal information: Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself.
- Install and update anti-virus software: Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; type the URL (web address) directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.
REPORTING A CYBERCRIME
As we spend more time online, crimes that previously occurred face to face – like credit card fraud, identity theft, and harassment – now occur online as well. By reporting cybercrime to the appropriate authorities, you can play a role in making the Internet safer and more secure for all.
Resources Available to You
Once you discover that you have become a victim of cybercrime, immediately notify your local authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. Below is a list of the government organizations that you can file a complaint with if you are a victim of cybercrime.
Report computer or network vulnerabilities to US-CERT via the hotline (1-888-282-0870) or the website (www.us-cert.gov). To report phishing attempts to US-CERT, forward phishing emails or websites to US-CERT at firstname.lastname@example.org.
Report fraud to the Federal Trade Commission at www.ftc.gov/complaint, if applicable. Report identity theft at www.IdentityTheft.gov, the government’s free, one-stop resource to help you report and recover from identity theft.
If you are a victim of online crime, file a complaint with the Internet Crime Compliant Center (IC3) at www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271. For additional resources, visit the SSA at http://oig.ssa.gov/report-fraud-waste-or-abuse.
Additional information to help you stay safe online: