Computer Security

and Safety
IT Application Tools
Learning Objectives:

 Describe the threats to computers and data.

 Recommend ways to protect computers and data.

 Apply the recommended ways to protect

computers and data.
Social Engineering,
Phishing, & Identity Theft
Social Engineering

 In the information security, social

engineering refers to the
psychological manipulation of
persons into performing actions or
divulging confidential information.

 It is also defined as “any act that

influences a person to take an
action that may or may not be in
their best interests”.
Phishing

 Phishing is a technique of fraudulently

obtaining private information.

 The phisher can acquire such

information under the guise of
legitimate business or person of
authority.

 Phishers can further reinforce their

disguise through identity theft.
Identity Theft

 The illegal use of another person’s

personal identifying information
(such as name, ID, account
numbers, position, etc.) to commit
fraud or other crimes.

 Identity thieves use someone else’s

identity to gain advantage or
benefits. The person whose identity
was stolen is at risk of suffering the
consequences of the thief’s actions.
Social Engineering

 Malicious actors can utilize  Authority

one or more of the following
social engineering principles
to carry out their task:
 Intimidation
 Consensus/Social Proof
 Scarcity
 Urgency
 Familiarity/Liking
Social Engineering using Authority

 The average person depends

on persons of authority,
experts, professionals, and
leaders.

 Malicious actors will pose or

steal the identities of these
authority figures to convince
their targets.
Social Engineering using
Intimidation

 The malicious actor, often

under anonymity, threatens
the target of negative
consequences if his/her
demands are not met.
Social Engineering using Consensus

 People tend to do things they

see other people do, possibly
out of curiosity or conformity.

 A malicious actor uses

consensus or social proof to
convince people to perform
his/her demands.
Social Engineering using Scarcity

 As scarcity can generate

demand, malicious actors use
perceived scarcity to influence
the decisions or actions of
their targets.
Social Engineering using Urgency

 Like in times of scarcity,

urgent issues or emergencies
tend to make people hasty in
making decisions.

 A malicious actor can

fabricate an urgent issue or
take advantage of a real
emergency.
Social Engineering using Familiarity

 People are more likely to be

convinced by familiar persons.

 Malicious actors can steal the

identities of family or friends of
their targets. They could also
interact with their targets
personally under the pretense of
friendship.
Malicious Software and
Attacks
Malicious Software

 Malicious software (malware) are

intentionally designed to cause harm  Viruses
or damage to a computer system or
its data.  Worms
 Trojan Horses
 These are often hidden and can infect  Ransomware
a user’s device without his/her  Spyware
knowledge.
 Rootkits
 Keyloggers
 Some examples of malware are listed
on the side.  Adware
Malware
Viruses
 This malware can produce
copies of itself. It can be
embedded within files and
programs.
 Viruses can corrupt or destroy
programs and data.
Worms
 Like viruses, worms can
produce copies of
themselves. They can also
spread out and infect other
computers connected to the
network.
Malware

Trojans Ransomware
 Trojan horses or trojans are  A ransomware locks a rightful
programs that are disguised to user from using his/her device
appear harmless. or its files.

 They can act as carriers for other  The attacker or malicious actor
malware. would then require the victim to
pay a ransom to unlock or
remove the ransomware.
Malware

Spyware
 Spyware are used to gather data,
often personal or confidential in
nature, without the consent or
knowledge of the user.
Rootkits
 Rootkits are designed to provide the
attacker privileged access to a
computer system. This grants them
full control of the system.

 Spyware can also be used to survey

and/or record a target’s online
behavior or browsing history.
Malware
Keyloggers
 Keyloggers are used to log or record
the keystrokes (buttons pressed) of
a target, without his/her consent or
knowledge.
 Data obtained by keyloggers
typically include passwords and
confidential information.
Adware
 Such program is used to show
advertisements that entice the user
to visit harmful or compromised
websites.
 Upon visiting the harmful or
compromised website, the user’s
device is at risk of other malware.
Botnet

 From the words; “robot” and

“network”, a botnet is comprised
of internet-connected devices
that run bots (automated
programs that emulate human
activity).

 Botnets can be used to perform

distributed denial-of-service
(DDoS) attacks, steal data, send
spam or malware.
Distributed Denial-of-Service (DDoS)

 This is a cyber-attack in which

the malicious actor seeks to
make a machine or network
resource unavailable to the
intended users.

 The target machine is flooded by

superfluous transactions to
overload the system, preventing
legitimate transactions from
being fulfilled.
Spam

 Spam is any form of unwanted,

unsolicited communication that gets
sent in bulk.

 Spam can be sent via emails, text

messages, or phone calls.

 In marketing, spam may be used to

peddle a business’ products or
services. Malicious actors can use
spam to spread malware.
Signs of Possible Malware
Infection
Signs of Possible Malware Infection

 The device’s performance is slow. It is slow when turning on, when

running a program, or when turning off.

 The internet connection becomes slow. If you are using limited

internet data, you might find that your data is reaching the limit faster
than usual.

 The device might suddenly crash or freeze, become unresponsive,

restart or shutdown without the user’s input.
Signs of Possible Malware Infection

 The device’s storage or memory capacity is changing abnormally. If

the capacity is decreasing, the malware might be replicating itself to
occupy the available space. If the capacity is increasing, the malware
might be deleting files.

 There is unusual device or program activity. Apps might not be

behaving in an expected manner. Unknown files and programs might
suddenly appear without the user installing them.
Signs of Possible Malware Infection

 Unexpected pop-ups appear. If these suspicious pop-ups appear and

you are not sure where they are from, do not click on them.

 Your device settings are changed without user input. Anti-virus

programs might become disabled for no apparent reason.

 Files you were able to access might no longer be present or

accessible.
Cybersecurity Tips

From Cisco Umbrella’s Kara Drapala (2020)

  Realize that you are an attractive target to
hackers. Don’t ever say “it won’t happen
to me”.

Cybersecurity  Practice good password management.

Tips Use a strong mix of characters, and don’t
use the same password for multiple sites.
Don’t share your password with others,
don’t write it down, and don’t write it on
post-it notes attached to your monitor.
  Never leave your devices unattended. If
you need to leave your computer, phone,
or tablet for any length of time – no
matter how short – lock it up so no one
can use it while you are gone. If you keep
sensitive information on a flash drive or
external hard drive, make sure to lock it
up as well.
Cybersecurity
Tips  Always be careful when clicking on
attachments or links in email. If it’s
unexpected or suspicious for any reason,
don’t click on it. Double check the URL of
the website the link is pointing to. Bad
actors will often take advantage of
spelling mistakes to direct you to a
harmful domain.
  Sensitive browsing, such as banking or
shopping, should only be done on a
device that belongs to you, on a network
that you trust. Whether it’s a friend’s
phone, a public computer, or a café’s free
Cybersecurity Wi-Fi – your data could be copied or
Tips stolen.

 Back up your data regularly, and make

sure your anti-virus software is up-to-
date.
  Be conscientious of what you plug into
your computer. Malware can be spread
through infected flash drives, external
hard drives, and even smartphones.

Cybersecurity  Watch what you’re sharing on social

Tips networks. Criminals can befriend you and
easily gain access to a shocking amount
of information – where you go to school,
where you work, when you’re on vacation
– that could help them gain access to
more valuable data.
  Offline, be wary of social engineering,
where someone attempts to gain
information from you through
manipulation. If someone calls or emails
you asking for sensitive information, it’s
okay to say no. You can always call the
Cybersecurity company directly to verify credentials
Tips before giving out any information.

 Be sure to monitor your accounts for any

suspicious activity. If you see something
unfamiliar, it could be a sign that you’ve
been compromised.
Assignment:

1. Read up on Republic Act 10175 – Cybercrime Prevention Act of 2012.

What are the punishable acts under this law?

2. In the event of a cybercrime, how should the victim of that cybercrime

react? To which law enforcement authorities can he/she address the
violation?

3. Is cybersecurity the sole responsibility of the owners/managers of an

organization? Explain your answer.