ICT & Crime Data theft, phishing & pharming Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again from scratch can far outweigh the cost of any hardware or programs lost. Loss of data can have serious consequences for a business. Data can be stolen either by: •physical theft of hardware •or through unauthorised access to the system e.g. hacking. Activity 1 (10 minutes) With your partner, think of as many ways as you can in which this could affect your business. How do you think you could have prevented this from happening? Introduction Computer crime is defined as 'criminal activity directly related to the use of computers'. Last lesson we looked the use of computers to steal money. Data theft can be even more serious than the theft of money. There are a number of ways in which data can be stolen, specifically: – – – – Physical theft of equipment Hacking Phishing Pharming Physical theft of equipment Businesses can use a range of physical methods to protect their systems and data. Some of these include: •Keeping important computers such as servers or mainframes in locked rooms •Posting security guards •Security locks, smart cards •Keeping sensitive data on stand-alone machines instead of networks •Using alarm systems and video cameras Hackers & hacking What is a hacker? A hacker is a person who breaks codes and passwords to gain unauthorised entry to computer systems. Who is at risk? Computers which form part of networks or those with external links, such as attached modems, are in danger from hackers. Stand-alone computers are usually safe as there is no connection for the hackers to break into. Why do hackers hack? • curiosity • challenge - can they get through the system’s defences? • to access data, usually because the data has value • to steal financial information such as your credit card number, or the password to your bank account, in order to use that information to make purchases. Protect yourself against hackers • Use strong passwords to protect your user login account • Never reveal your login password to anyone else • Place a firewall between your computer and any network • Disconnect from networks (eg the internet) when you are not using them • Encrypt any sensitive information (just in case they get in) Phishing • This is where a user is tricked into entering their user name & password to a fake website. • The website looks like their bank/ebay/paypal website, but belongs to a hacker. • Watch this movie: Phishing scams in Plain English What is phishing? •Phishing is a form of identity theft, where fraudsters steal your identity and personal information to gain access to your accounts or commit other crimes using your persona. • In brief, a 'phishing' email is one that pretends to be from a company or bank like eBay, PayPal, your bank etc • It usually asks you to enter your account data, such as login details. • These scams are often supported by fake spoof websites, and victims are tricked into thinking they are logging to a real website. Other scams: • http://www.aboutpaypal.org/ebay_phishing_ email • This uses some quite threatening language to persuade users to follow the link. Other methods can be less threatening: Phishing: Protecting yourself • If you receive a suspicious email, check websites such as http://www.millersmiles.co.uk/ • http://www.millersmiles.co.uk/articles.php Pharming What is it? "Pharming" is the term for when criminal hackers redirect Internet traffic from one Web site to a different, identical-looking site in order to trick you into entering your user name and password into the database on their fake site. Why do they do it? Criminals try to acquire your personal information in order to access your bank account, steal your identity, or commit other kinds of fraud in your name, so banking and similar financial sites are often the targets of these attacks. Pharming vs Phishing Pharming might sound similar to e-mail phishing scams, but pharming is more insidious, because you can be redirected to a false site without any participation or knowledge on your part. How does pharming work? • A hacker attacks a DNS server • The hacker redirects traffic from the real website to his own fraudulent site • The user types in the web address of the real site • They are instead taken to the fake site – usually a bank or other ecommerce site. • Pharming is a highly sophisticated extension of phishing that can direct you to fake websites that look identical to the real ones, and then steal your identity, infest your computer with annoying adware, and attack your computer with damaging viruses. Plenary (5 minutes) Read some of the news stories here: http://www.teachict.com/news/news_stories/news_dataloss.ht m