PROTECT YOUR FAMILY
"Information is Power"
TARGET: ADULT
Adults can be attacked in ways similar to kids and teens, and may fall for some primitive attacks like those primarily aimed at seniors. Below are some attacks more likely targeted at adults, rather than other age groups.
Cyber-bullying / harassment:
While uncommon, it is not unheard of. Usually such problems are reserved for more socially visible individuals, such as celebrities (Ashley Judd gave an excellent TED Talk on this topic). While it can be potentially devastating in some rare scenarios, this attack is more a nuisance than a threat to an adult (as opposed to cyber-bullying of a child).
Scam – confidence:
Everyone knows about emails from Nigerian princesses who need to flee the country and must ship gold to you immediately or the authorities will seize their family fortune (they would rather share as much as 20% of the fortune with you, but they need to have $500 transferred from your account to their banker’s as proof that you are a real person, reliable and trustworthy). These emails should not require further (or any) discussion. The online scams of today can vary in complexity, but a few safety practices are generally enough to counter most of them. Here are some examples of confidence scams:
* Online classifieds (Kijiji, Craigslist, etc): when looking for an apartment for rent or a car for sale, the target may come across someone who offers a pretty good deal (some are unreasonably generous – easy to spot; others are better designed). The seller or buyer, depending on the scam, will offer to do the deal in an untraditional way. One example is asking you to send the car that you’re trying to sell to some other country; another is asking the target to pay first- & last-month rent by Western Union to the Philippines. All kinds of excuses can be given to make the transaction seem much more innocent than it appears in this text. People do fall for this, including university graduates.
* Online dating: to many people this is almost a stereotype, like the “Nigerian Princess,” but this is a very successful online business. It is often conducted by organized crime. We will see in future examples that there is a number of ways to make a competent adult believe in all kinds of fables. An interesting addition to the game is crypto-currency (ex: Bitcoin). The victim is fooled into sending such money in some “emergency situation”. The use of crypto-currency is justified somehow. Men are the usual victims of these scams, but women have been known to fall prey to such criminals also.
* Emergency situation: The target is a parent (as an example), who receives a distressed email from his teen daughter. The daughter is on vacation in the Caribbean (she really is, and everyone knows this to be true - including online strangers who can see her Facebook page, for example). In the email, “she” writes that she has lost her phone, she got robbed, she has no money or anything... Disaster. She’s going to get kicked out of the hotel, she needs money ASAP, but she can’t receive it. Daddy has to send it to her friend who will receive it for her, since she has no passport or ID of any kind (it was stolen, remember?).
Scam – phishing:
You have probably heard of this, but it is truly amazing how many people in the corporate world fall for phishing emails (especially bad ones!) to this day, even though there is now a somewhat heightened sense of awareness. A phishing email's purpose is to trick you into providing sensitive information, like Apple account name and password, banking info, corporate email and password, etc. The email will appear to be from a legitimate source, but there are ways of determining its validity.
Scam – sex:
This is usually a prelude to coercion (blackmail). This concerns men as much as women. There are documented cases of men who meet a “woman” online, chat with her, and eventually engage in sexual activities via webcam (both ways). What’s very interesting about this type of attack is that the attacker can play a pre-recorded video for the victim (ex: an attractive woman flirting via webcam, not talking but typing on the keyboard because her child is sleeping nearby and she can’t talk). This makes the communication seem very realistic, since the attacker actually talks to the victim; he/she can type in sync with the woman on the video, to match the conversation with the victim. The result is collection of potentially embarrassing private sexual video material from the victim. The attacker uses the video to blackmail the victim to send money wherever, again, potentially through crypto-currency transactions. Please note that this attack can be used to milk the victim on a regular basis, for example, 300USD monthly. The threat is that if the victim doesn’t comply, the video will be sent via social media, email, or whatever means to the victim’s social circle.
This looks like a good place to wrap up discussion of scams, considering we’re already somewhat into the next topics.
Coercion:
This concept is basically common-knowledge, so I won’t go into too much detail here. The example in the above section is quite appropriate. Another classic is an attacker getting access to the victim’s email, finding some evidence of some dirty secret (affair, criminal activities, etc), and using that info to milk the victim. The main concept is annoyingly obvious – you don’t want to be in a position where someone has leverage against you. Placed in the context of information security, you don’t want to get compromised to the point where someone has access to highly sensitive personal data. Following best security practices, as outlined on this site and other sources, will lower that risk.
Sexual assault:
The above section “Scam – sex” gives a good example of the dangers of online sexual activities. However, one does not have to be pursuing online sex, or even be interested in it, to become a victim of sexual assault. If an attacker can gain access to sensitive personal data (such as private nude photos) through basic attacks (such as phishing), the attacker can attempt to exercise control over the victim. An excellent example comes from a true story.
A woman didn’t know her laptop was infected. The attacker had her webcam activated and was recording her while she was in the same room (which was her bedroom), doing mundane everyday things. The attacker made screenshots of the woman getting dressed/undressed. Later, he made photos from video frames, producing what looked like deliberately made nude photos - he used these to then blackmail the woman. Needless to say, she had no idea this was even a possibility. Other cases include phishing/similar attacks to gain access to a victim's device or some on-line storage account, containing self-made nude photos/videos (which are likely meant to be private). Once the attacker has these, many types of blackmail demands can be made.
PII (Personally Identifiable Information) / Identity Theft
This sort of attack has been around for many years, and the Internet criminals merely improved the existing mechanisms. The end goal is to acquire as many pieces of the target’s personal information as possible. Depending on your place of residence, there are various laws in place to protect it. You may also have various rights to see how a given organization protects your PII (such as a medical clinic, hospital, insurance company, etc). Naturally, this depends primarily on local laws.
Many people are afraid of having their credit card numbers stolen, but that’s actually not nearly as profitable for the criminals as PII. For comparison, consider this: on the black market, a stolen credit card is worth approximately 2USD (yes, two), while a stolen set of PII is worth approximately 50USD – 100USD. There are many articles online about PII, so we won’t go into too much detail here. Many types of info fall into this category (name, address, DOB, medical info and history, insurance info, etc). It can be used to steal identity, commit insurance fraud, and perform other unpleasant “modifications” to the victim’s life. Naturally, this can extend to the entire family, depending on the magnitude of the attack or security breach.
(Work in progress)