PASSWORD
MANAGEMENT:
Creating and managing
passwords to be as
secure as possible
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
WHAT’S A PASSWORD?
 A password is a string of characters that gives you access to a
computer or an online account.
COMMON THREATS AGAINST
YOUR PASSWORD
Password cracking is the process of breaking passwords in
order to gain unauthorized access to a computer or account .
Guessing:
Method of gaining access
to an account by
attempting to authenticate
using computers,
dictionaries, or large word
lists.
 Brute force – uses every
possible combination of
characters to retrieve a
password
 Dictionary attack – uses
every word in a dictionary
of common words to
identify the password
Social Engineering/Phishing:
Deceiving users into revealing
their username and
password. (easier than
technical hacking)
 Usually by pretending to be
an IT help desk agent or a
legitimate organization
such as a bank.
 DO NOT EVER SHARE YOUR
PASSWORDS, sensitive
data, or confidential
banking details on sites
accessed through links in
emails.
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
HOW MANY PASSWORDS DO YOU HAVE?
Banking and
Business
services
Personal
Emails
Social media
& news
Work
related
accounts
DON’T FORGET YOUR COMPUTER AND
PHONE LOGINS!
TIERED PASSWORD SYSTEMS
Tiered password systems involve having different levels of
passwords for different types of websites, where the complexity of
the password depends on what the consequences would be if that
password is compromised/obtained.
 Low security: for signing up for a forum, newsletter, or
downloading a trial version for a cer tain program.
 Medium security: for social networking sites, webmail and
instant messaging ser vices.
 High security: for anything where your personal finance is
involved such as banking and credit card accounts . If these are
compromised it could drastically and adversely affect your life .
This may also include your computer login credentials.
Keep in mind that this categorization should be based on how
critical each type of website is to you. What goes in which category
will vary from person to person .
HANDS-ON PART 1: REVIEW AND
CATEGORIZE YOUR PASSWORDS
1. Categorize your passwords into 3 categories: high, medium,
or low. Categorization should be based on how critical each
type of website is to you. Take 5 minutes to categorize some
of your online accounts.
2. Your high security passwords are the most important. Keep
in mind:


You should change any password that is weak.
If you have used any of your passwords for more than 1 site, you
should change.
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
COMMON
MISTAKES IN
CREATING
PASSWORDS
RISK EVALUATION
OF COMMON MISTAKES
Mistake
Example
Risk Evaluation
123456789
password
qwerty
Too risky. These are most criminal’s first guesses, so
don’t use them.
Gladiator
“Bobby”
“Jenny”
“Scruffy”
Too risky: anyone who knows you can easily guess this
information. Basing a password on your social security
number, nicknames, family members’ names, the names
of your favorite books or movies or football team are all
bad ideas.
Using a Short Password
John12
Jim2345
The shorter a password, the more opportunities for
observing, guessing, and cracking it.
Using the same password
everywhere.
Too risky: it’s a single point of failure. If this password is
Using one password on
compromised, or someone finds it, the rest of your
every site or online
accounts – including your sensitive information – are at
service.
risk.
Writing your passwords down.
Very high risk, especially in corporate environments.
Writing your password
Anyone who physically gets the piece of paper or sticky
down on a postit note
note that contains your password can log into your
stuck to your monitor.
account.
Using a Common Password.
Using a Password that is based
on personal data
WHAT MAKES A PASSWORD SAFE?
 Strong passwords:
 are a minimum of 8 characters in length, it’s highly recommended
that it’s 12 characters or more
 contain special characters such as @#$%^& and/or numbers.
 use a variation of upper and lower case letters.
WHAT MAKES A PASSWORD SAFE?
(CONT.)
It must not contain
easily guessed
information such
your birth date,
phone number,
spouse’s name,
pet’s name, kid’s
name, login name,
etc.
It shouldn’t contain
words found in the
dictionary.
HOW TO MAKE A STRONG PASSWORD
 “Treat your password like your
toothbrush. Don’t let anybody
else use it, and get a new one
ever y six months.” ~ Clif ford
Stoll
 The stronger your password, the
more protected your account or
computer is from being
compromised or hacked. You
should make sure you have a
unique and strong password for
each of your accounts.
MOZILLA’S SAFE
PASSWORD METHODOLOGY
1. Pick up a familiar phrase or quote, for example, “May the force
be with you” and then abbreviate it by taking the first letter of
each word, so it becomes “mtfbwy”
2. Add some special characters on either sides of the word to
make it extra strong (like # mtfbwy!)
3. And then associate it with the website by adding a few
characters from the website name into the original password
as either a suffix or prefix. So the new password for Amazon
could become #mtfbwy!AmZ, #mtfbwy!FbK for Facebook and so
on.
*While this technique lets us reuse the phrase -generated part of
the password on a number of different websites, it would still be a
bad idea to use it on a site like a bank account which contains
high-value information. Sites like that deserve their own password
selection phrase.
USING A PASSPHRASE TO WRITE A
SECURE PASSWORD
While generating a password you should follow two rules; Length
and Complexity. Let’s start by using the following sentence: “May
the force be with you”. Let’s turn this phrase into a password.
1. Take the first letter from each word: Mtfbwy.
2. Now increase its strength by adding symbols and numbers:
!20Mtfbwy13!
The 20 and 13 refer to the year, 2013.
Secondly, I put a “!” symbol on each end of the password
Try using the name of your online account in the password





!20Mtfbwy13!Gmail
fb!20Mtfbwy13!
(for gmail)
(for Facebook)
 That’s one password developing strategy. Let’s keep adding
complexity, while also attempting to keep things possible to
memorize. *you actually should not use a should not be a
common phrase.
HAYSTACKING YOUR PASSWORD:
A S I M P LE A N D P OW E RF UL WAY O F S E C URI NG YO UR PA SSWORD
 Password Haystack is a methodology of making your password
extremely dif ficult to brute force by padding the password
with a pattern like (//////) before or/and after your
password.
Here’s how it works:
1. Come up with a password, but try to make it as a mix of uppercase and
lowercase letters, numbers and symbols
2. Come up with a pattern/scheme you can remember, such as the first letter of
each word from an excerpt of your favorite song or a set of symbols like
(…../////)
3. Use this pattern and repeat using it several times (padding your password)
Let’s have an example of this:
Password:
!20Mtfbwy13!
By applying this approach, the password becomes a Haystacked Password:
…../////!20Mtfbwy13!…../////
HANDS-ON PART 2:
TESTING YOUR PASSWORDS
Use these tools to test the strength of a password. As a
precaution, you probably shouldn’t use these services to test
your actual password. Instead, simply use it to learn what works
and what doesn’t work. Just play with the strength checkers by
constructing fake passwords and testing them.
 http://rumkin.com/tools/password/passchk.php
 https://www.microsoft.com/security/pc -security/passwordchecker.aspx
 http://www.grc.com/haystack.htm
 http://howsecureismypassword.net/
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
PASSWORD OVERLOAD: HOW CAN
ANYONE REMEMBER THEM ALL?
Many people use a few passwords for all of
their major accounts.
The average Web user maintains 25 separate
accounts but uses just 6.5 passwords to
protect them.
PASSWORD SECURIT Y
More than
60%
of
people use the same
password across multiple
sites
If one of your accounts is hacked, it’s likely that
your other accounts that used the same
password will quickly follow.
PASSWORD MANAGEMENT TECHNIQUES
(WAYS TO STORE YOU PASSWORDS)
 Human memory is the safest database for storing all your
passwords
 Writing passwords down on a piece of paper
 Storing passwords on a computer in a Word document or Excel
file
 Password Manager is software that allows you to securely
store all of your passwords and keep them safe, typically
using one master password. This kind of software saves an
encrypted password database, which securely stores your
passwords either on your machine or on the Web.
 You should not rely totally on any type of password manager
 Your single master password must be unique and complex
HUMAN MEMORY
 Strength: safest database for storing all your passwords
 Weakness: Easy to forget
WRITING PASSWORDS DOWN
ON A PIECE OF PAPER
 Strength: ease of access
 Weaknesses:
 You can lose the paper
 Paper could be easily stolen or viewed by other people
STORING PASSWORDS ON A COMPUTER
IN A WORD DOCUMENT OR EXCEL FILE
 Strength: ease of access
 Weaknesses:
 Data is not encrypted, anyone who has access to the computer that
the file is saved on can easily read your passwords
 If your computer breaks, you could possibly permanently lose the file
PASSWORD MANAGER IS SOFTWARE
 Password Manager is software that allows you to securely
store all of your passwords and keep them safe, typically
using one master password. This kind of software saves an
encrypted password database, which securely stores your
passwords either on your machine or on the Web.
 You should not rely totally on any type of password manager
 Your single master password must be unique and complex
SO WHICH ONE IS THE BEST?
 Password management tools are really good solutions for reducing the
likelihood that passwords will be compromised, but don’t rely on a single
source. Why? Because any computer or system is vulnerable to attack .
Relying on a password management tool creates a single point of potential
failure.
 But before you turn to a password -management service based in the cloud or on your
PC, it's best to review the quality of the service , said Tim Armstrong, malware
researcher at Kaspersky Lab. He pointed out that you've got to ensure against data
leakage or insecure database practices . "Users must be extra careful in choosing a
provider," Armstrong said. "Make sure they're a valid and reputable vendor .“
 Grant Brunner wrote a fascinating article at ExtremeTech about Staying safe online:
Using a password manager just isn’t enough . In it, he wrote, “using a password
manager for all of your accounts is a ver y sensible idea, but don’t be lulled into a false
sense of security You’re not immune from cracking or downtime.” Broadly speaking,
password managers such as LastPass are like any software: vulnerable to security
breaches. For example, LastPass experienced a security breach in 2011, but users
with strong master passwords were not affected .
 Disadvantage : If you forget the master password, all your other passwords
in the database are lost forever, and there is no way of recovering them.
Don’t forget that password!
KEEPASS
 KeePass is a popular open-source, cross-platform, desktopbased password manager. It is available for Windows, Linux
and Mac OS X as well as mobile operating systems like iOS
and Android. It stores all your passwords in a single database
(or a single file) that is protected and locked with one master
key. The KeePass database is mainly one single file which can
be easily transferred to (or stored on) any computer. Go to the
download page to get your copy.
 KeePass is a local program, but you can make it cloud -based
by syncing the database file using Dropbox, or another service
like it. Check out Justin Pot’s article, Achieve Encrypted Cross Platform Password Syncing With KeePass & Dropbox.
 Make sure you always hit save after making a new entry to the
database!
MOZILLA FIREFOX’S
PASSWORD MANAGER
DO NOT PUT ALL YOUR
EGGS IN ONE BASKET.
 You should never record or write your password down on a post -it note.
 Never share your password with anyone, even your colleagues.
 You have to be ver y careful when using your passwords on public PCs
like schools, universities and libraries…etc. Why? Because there’s a
chance these machines are infected with keyloggers (or keystroke
logging methods) or password -stealing trojan hor ses.
 Do not use any password -saving features such as Google Chrome’s Auto
Fill feature or Microsof t’s Auto Complete feature, especially on public
PCs.
 Do not fill any form on the Web with your per sonal information unless
you know you can trust it. Nowadays, the Internet is full of fraudulent
websites, so you have to be aware of phishing attempts.
 Use a trusted and secure browser such as Mozilla Firefox. Firefox
patches hundreds of security updates and makes significant
improvements just to protect you from malware, phishing attempts,
other security threats, and to keep you safe as you browse the Web .
PWNEDLIST
 This free tool helps users
figure out if their account
credentials have been
hacked. If you go to the
website of the service, you
will see up-to-date statistics
of the number of leaked
credentials, passwords and
email addresses.
 PwnedList keeps
monitoring (or crawling) the
Web in order to find stolen
data posted by hackers on
the public sites and then
indexes all the login
information it finds.
POINTS TO REMEMBER
 ALWAYS use a mix of uppercase and lowercase letters along
with numbers and special characters.
 Have a dif ferent strong password for each site, account,
computer etc., and DO NOT have any personal information like
your name or birth details in your password.
 DO NOT share any of your passwords or your sensitive data
with anyone – even your colleagues or the helpdesk agent in
your company. In addition, use your passwords carefully,
especially in public PCs. Don’t be a victim of shoulder surfing.
 Last recommendation that we strongly encourage is for you to
start evaluating your passwords, building your tiered password
system, alternating your ways of creating passwords and
storing them using password managers.
HANDS-ON PART 3:
MANAGING YOUR PASSWORDS
1. Decide which methods you plan to store each password.
2. Download and practice using KeePass
3. Check your primary emails on PwnedList.com/
TABLE OF CONTENTS
1. The scale of consumer cyber crime
2. What is a password and facts about password security and
its importance
3. Tiered password system - review and categorize your
existing passwords
4. Writing secure passwords



Characteristic of strong and weak passwords
Tips and techniques
Testing the strength of a password
5. Password management techniques
6. Additional tips to secure your identity
ADDITIONAL TIPS TO
SECURE YOUR IDENTIT Y
 Open Wi-fi connection can be easily hacked using a free
packet snif fer software
 Always enable “HTTPS” (also called secure HTTP) settings in
all online services that support it – this includes Twitter,
Google, Facebook and more .
 Spoofed Website
INTERNET CRIME PREVENTION TIPS
FROM THE INTERNET CRIME COMPLAINT CENTER (IC3). IC3 IS A PARTNERSHIP BETWEEN THE FEDERAL
BUREAU OF INVESTIGATION AND THE NATIONAL WHITE COLLAR CRIME CENTER.
 I n te r n et c r i m e s c h e m e s t h a t s te a l m i l l io n s o f d o l l a r s e a c h ye a r f r o m v i c t i ms
c o n t i n ue to p l a g ue t h e I n te r n et t h r o u g h v a r i o us m et h o d s . Fo l l ow in g a r e p r ev e n t a t i ve
m e a s u r e s t h a t w i l l a s s i s t yo u i n b e i n g i n f o r m e d p r i o r to e n te r i n g i n to t r a n s a c t i o n s
o v e r t h e I n te r n et :
 A u c t i o n Fr a u d
 C o u n ter fe i t C a s h i e r ' s C h e c k
 C r e d i t C a r d Fr a u d
 D e b t E l i m i n a t io n
 DHL/UPS
 E m p l oy me n t / B us i n e s s O p p o r t un i t ie s
 E s c r ow S e r v i c e s Fr a u d
 Identity Theft
 I n te r n et E x to r t io n
 I nv e s t m e n t Fr a u d
 L o t te r i e s
 N i g e r i a n L et te r o r " 41 9 "
 P h i s h i n g / S p o o fi n g
 Po n z i /Py r a m i d
 Re s h i p p i n g
 Spam
 T h i r d P a r t y Re c e i v e r o f Fu n d s
ONLINE CRIME PREVENTION
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
Au c t io n Fr a ud
 B e fo re yo u bi d, c o n t a c t t h e s e ller
w i t h a ny q ue s t ions yo u h ave .
 Rev i ew t h e s e lle r's fe e dba c k .
 B e c a ut i o us w h e n de a l ing w i t h
i n di vidua ls o ut s i de o f yo ur ow n
c o un t r y.
 E n s ure yo u un de r s t a nd re fun d,
ret urn , a n d wa rra n t y po l i c ies.
 D ete rm in e th e s h ippin g c h a rg es
be fo re yo u buy.
 B e wa r y i f t h e s e ller o n l y a c c e pt s
w i re t ra n s fer s o r c a s h .
 If a n e s c row s e r vic e i s us e d, e n s ure
i t i s l e git imate .
 Co n sider i n s uring yo ur i te m .
 B e c a ut i o us o f un s o lic ited o f fe r s .
C o u n ter feit C a s h ier's C h e c k
 In s pe c t t h e c a s h ier's c h e c k .
 E n s ure t h e a m o unt o f t h e c h e c k
m a t c h es i n fi g ure s a n d wo rds .
 C h e c k to s e e t h a t t h e a c c o un t
n um be r i s n ot s h i ny i n a ppe a ra n c e.
 B e wa t c h ful t h a t t h e drawe r' s
s i g nat ure i s n ot t ra c e d.
 O f fi c i al c h e c ks a re g e n e rally
pe r fo ra te d o n a t l e a st o n e s i de .
 In s pe c t t h e c h e c k fo r a ddi t i ons,
de l et ions, o r ot h e r a l te ra tions.
 C o n t a c t t h e fi n a n cial i n s tit ut i on o n
w h i c h t h e c h e c k wa s draw n to
e n s ure l e g it imac y.
 O bt a i n t h e ba n k ' s te l e ph one
n um be r fro m a re l ia ble s o urc e , n ot
fro m t h e c h e c k i ts elf.
 B e c a ut i o us w h e n de a l ing w i t h
i n di vidua ls o ut s i de o f yo ur ow n
c o un t r y.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
C r e d i t C a r d Fr a u d
 E n s u r e a s i te i s s e c u r e a n d r e p u t a b l e
b e fo r e p r ov i d i n g yo u r c r e d i t c a r d
number online.
 D o n ' t t r u s t a s i te j u s t b e c a u s e i t c l a i m s
to b e s e c u r e .
 If purchasing merchandise, ensure it is
from a reputable source.
 Promptly reconcile credit card
s t a te m e n t s to av o i d u n a u t h o r i z e d
charges.
 D o yo u r r e s e a r c h to e n s u r e l e g i t i m a c y
o f t h e i n d i v i d u a l o r c o m p a ny.
 B e wa r e o f p r ov i d i n g c r e d i t c a r d
information when requested through
unsolicited emails.
Debt Elimination
 K n ow w h o yo u a r e d o i n g b u s i n e s s w i t h
— d o yo u r r e s e a r c h .
 Obtain the name, address, and
te l e p h o n e n u m b e r o f t h e i n d i v i d u a l o r
c o m p a ny.
 Re s e a r c h t h e i n d i v i d u a l o r c o m p a ny to
e n s u r e t h ey a r e a u t h e n t i c .
 C o n t a c t t h e B e t te r B u s i n e s s B u r e a u to
d e te r m i n e t h e l e g i t i m a c y o f t h e
c o m p a ny.
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r o w n c o u n t r y.
 E n s u r e yo u u n d e r s t a n d a l l te r m s a n d
c o n d i t i o n s o f a ny a g r e e m e n t .
 B e wa r y o f b u s i n e s s e s t h a t o p e r a te
f r o m P. O . b ox e s o r m a i l d r o p s .
 A s k fo r n a m e s o f o t h e r c u s to m e r s o f
t h e i n d i v i d u a l o r c o m p a ny a n d c o n t a c t
them.
 I f i t s o u n d s to o g o o d to b e t r u e , i t
probably is.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
DHL/UPS
 B e wa r e o f i n d i v i d u a l s u s i n g t h e D H L o r
U P S l o g o i n a ny e m a i l c o m m u n i c a t i o n .
 B e s u s p i c i o u s w h e n p ay m e n t i s
r e q u e s t e d by m o n ey t r a n s fe r b e fo r e t h e
goods will be delivered.
 Re m e m b e r t h a t D H L a n d U P S d o n ot
g e n e r a l l y g e t i nv o l v e d i n d i r e c t l y
c o l l e c t i n g p ay m e n t f r o m c u s to m e r s .
 Fe e s a s s o c i a t e d w i t h D H L o r U P S
t r a n s a c t i o n s a r e o n l y fo r s h i p p i n g c o s t s
a n d n e v e r fo r ot h e r c o s t s a s s o c i a t e d
with online transactions.
 C o n t a c t D H L o r U P S to c o n fi r m t h e
authenticity of email communications
received.
E m p l oy m e n t / B u s i n e s s O p p o r t u n i t i e s
 B e wa r y o f i n fl a t e d c l a i m s o f p r o d u c t
e f fe c t i v e n e s s .
 Be cautious of exaggerated claims of
possible earnings or profits.
 B e wa r e w h e n m o n ey i s r e q u i r e d u p f r o n t
fo r i n s t r u c t i o n s o r p r o d u c t s .
 Be leer y when the job posting claims
"no experience necessar y".
 D o n ot g i v e yo u r s o c i a l s e c u r i t y n u m b e r
w h e n fi r s t i n te r a c t i n g w i t h yo u r
p r o s p e c t i v e e m p l oye r.
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r o w n c o u n t r y.
 B e wa r y w h e n r e p l y i n g to u n s o l i c i t e d
e m a i l s fo r wo r k - a t - h o m e e m p l oy m e n t .
 Re s e a r c h t h e c o m p a ny to e n s u r e t h ey
are authentic.
 C o n t a c t t h e B e t te r B u s i n e s s B u r e a u to
d e te r m i n e t h e l e g i t i m a c y o f t h e
c o m p a ny.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
E s c r o w S e r v i c e s Fr a u d
 A l way s t y p e i n t h e we b s i t e a d d r e s s
yo u r s e l f r a t h e r t h a n c l i c k i n g o n a l i n k
provided.
 A l e g i t i m a t e we b s i te w i l l b e u n i q u e a n d
w i l l n o t d u p l i c a t e t h e wo r k o f ot h e r
companies.
 B e c a u t i o u s w h e n a s i te r e q u e s t s
p ay m e n t to a n " a g e n t " , i n s te a d o f a
c o r p o r a t e e n t i t y.
 B e l e e r y o f e s c r ow s i te s t h a t o n l y
a c c e p t w i r e t r a n s fe r s o r e - c u r r e n c y.
 B e wa t c h f u l o f s p e l l i n g e r r o r s , g r a m m a r
p r o b l e m s , o r i n c o n s i s t e n t i n fo r m a t i o n .
 B e wa r e o f s i te s t h a t h av e e s c r ow fe e s
t h a t a r e u n r e a s o n a b l y l ow.
Identity Theft
 E n s u r e we b s i t e s a r e s e c u r e p r i o r to
s u b m i t t i n g yo u r c r e d i t c a r d n u m b e r.
 D o yo u r h o m e wo r k to e n s u r e t h e
b u s i n e s s o r we b s i t e i s l e g i t i m a t e .
 At te m p t to o b t a i n a p hy s i c a l a d d r e s s ,
r a t h e r t h a n a P. O . b o x o r m a i l d r o p .
 N e v e r t h r ow away c r e d i t c a r d o r b a n k
s t a te m e n t s i n u s a b l e f o r m .
 B e awa r e o f m i s s e d b i l l s w h i c h c o u l d
i n d i c a t e yo u r a c c o u n t h a s b e e n t a ke n
ov e r.
 B e c a u t i o u s o f s c a m s r e q u i r i n g yo u to
p r ov i d e yo u r p e r s o n a l i n f o r m a t i o n .
 N e v e r g i v e yo u r c r e d i t c a r d n u m b e r o v e r
t h e p h o n e u n l e s s yo u m a ke t h e c a l l .
 M o n i to r yo u r c r e d i t s t a te m e n t s m o n t h l y
fo r a ny f r a u d u l e n t a c t i v i t y.
 Re p o r t u n a u t h o r i z e d t r a n s a c t i o n s to
yo u r b a n k o r c r e d i t c a r d c o m p a ny a s
soon as possible.
 Re v i e w a c o py o f yo u r c r e d i t r e p o r t a t
l e a s t o n c e a ye a r.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
Internet Extor tion
 S e c u r i t y n e e d s to b e m u l t i - l ay e r e d s o
that numerous obstacles will be in the
way o f t h e i n t r u d e r.
 Ensure security is installed at ever y
possible entr y point.
 I d e n t i f y a l l m a c h i n e s c o n n e c t e d to t h e
I n te r n e t a n d a s s e s s t h e d e fe n s e t h a t ' s
engaged.
 I d e n t i f y w h e t h e r yo u r s e r v e r s a r e
u t i l i z i n g a ny p o r t s t h a t h av e b e e n
k n ow n to r e p r e s e n t i n s e c u r i t i e s .
 E n s u r e yo u a r e u t i l i z i n g t h e m o s t u p - to d a te p a t c h e s fo r yo u r s o f t wa r e .
I n v e s t m e n t Fr a u d
 I f t h e " o p p o r t u n i t y " a p p e a r s to o g o o d to
be true, it probably is.
 B e wa r e o f p r o m i s e s to m a ke f a s t
p r o fi t s .
 D o n ot i nv e s t i n a ny t h i n g u n l e s s yo u
understand the deal.
 D o n ' t a s s u m e a c o m p a ny i s l e g i t i m a t e
b a s e d o n " a p p e a r a n c e " o f t h e w e b s i te .
 B e l e e r y w h e n r e s p o n d i n g to i nv e s m e n t
o f fe r s r e c e i v e d t h r o u g h u n s o l i c i t e d
email.
 B e wa r y o f i nv e s t m e n t s t h a t o f f e r h i g h
returns at little or no risk.
 I n d e p e n d e n t l y v e r i f y t h e te r m s o f a ny
i nv e s t m e n t t h a t yo u i n te n d to m a ke .
 Re s e a r c h t h e p a r t i e s i nv o l v e d a n d t h e
n a t u r e o f t h e i nv e s t m e n t .
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r o w n c o u n t r y.
 C o n t a c t t h e B e t te r B u s i n e s s B u r e a u to
d e te r m i n e t h e l e g i t i m a c y o f t h e
c o m p a ny.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
Lotteries
 I f t h e l o t te r y w i n n i n g s a p p e a r to o g o o d
to b e t r u e , t h ey p r o b a b l y a r e .
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r ow n c o u n t r y.
 B e l e e r y i f yo u d o n ot r e m e m b e r
e n te r i n g a l ot te r y o r c o n te s t .
 B e c a u t i o u s i f yo u r e c e i v e a te l e p h o n e
c a l l s t a t i n g yo u a r e t h e w i n n e r i n a
l o t te r y.
 B e wa r e o f l ot te r i e s t h a t c h a r g e a fe e
p r i o r to d e l i ve r y o f yo u r p r i z e .
 B e wa r y o f d e m a n d s to s e n d a d d i t i o n a l
m o n ey to b e e l i g i b l e fo r f u t u r e
winnings.
 I t i s a v i o l a t i o n o f fe d e r a l l aw to p l ay a
f o r e i g n l ot te r y v i a m a i l o r p h o n e .
N i g e r i a n L e t t e r o r " 41 9 “
 I f t h e " o p p o r t u n i t y " a p p e a r s to o g o o d
to b e t r u e , i t p r o b a b l y i s .
 D o n ot r e p l y to e m a i l s a s k i n g f o r
personal banking information.
 B e wa r y o f i n d i v i d u a l s r e p r e s e n t i n g
t h e m s e l v e s a s fo r e i g n g o v e r n m e n t
o f fi c i a l s .
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r o w n c o u n t r y.
 B e wa r e w h e n a s ke d to a s s i s t i n p l a c i n g
l a r g e s u m s o f m o n ey i n ov e r s e a s b a n k
accounts.
 D o n ot b e l i e v e t h e p r o m i s e o f l a r g e
s u m s o f m o n ey fo r yo u r c o o p e r a t i o n .
 G u a r d yo u r a c c o u n t i n f o r m a t i o n
c a r e f u l l y.
 Be cautious when additional fees are
r e q u e s t e d to f u r t h e r t h e t r a n s a c t i o n .
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
P h is hing/ S po o fin g
 B e s us pi c ious o f a ny un s o licite d
e m a il re q ue s t ing pe r s o nal
i n fo rmat ion.
 Avoid fi l lin g o ut fo rm s i n e m a il
m e ssa ges t h a t a s k fo r pe r s o nal
i n fo rmat ion.
 Al way s c o m pa re t h e l i nk i n t h e
e m a il to t h e l i n k t h a t yo u a re
a c t ua l ly di re c te d to .
 Lo g o n to t h e o f fi c i al we bs i te ,
i n s tead o f " l i nking" to i t fro m a n
un s o licite d e m a il.
 Co n t a c t t h e a c t ua l bus i n ess t h a t
s uppo s edly s e n t t h e e m a il to ve ri fy
i f t h e e m a il i s g e n ui ne.
Po n z i/ P y ramid
 If t h e " o ppo r t un i t y" a ppe a r s to o
g o o d to be t rue , i t pro ba bl y i s .
 B ewa re o f pro m i ses to m a ke fa s t
pro fi t s .
 E xe rc i se di l ig enc e i n s e l ec t ing
i nvest ment s.
 B e v i g ila nt i n re s e a rc hing w i t h
w h o m yo u c h o ose to i nvest .
 M a ke s ure yo u ful l y un de r s ta nd th e
i nvest ment pri o r to i nvest ing.
 B e wa r y w h e n yo u a re re q ui re d to
bri n g i n s ubs e quen t i nvestor s.
 In de pe n dent ly ve rify t h e l e g it ima cy
o f a ny i nvest ment .
 B ewa re o f re fe re n ces g i ve n by t h e
pro m ote r.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O R T U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T P R O B A B LY I S .
Reshipping
 B e c a u t i o u s i f yo u a r e a s ke d to s h i p
p a c ka g e s to a n " ove r s e a s h o m e o f fi c e . "
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r ow n c o u n t r y.
 B e l e e r y i f t h e i n d i v i d u a l s t a te s t h a t h i s
c o u n t r y w i l l n ot a l l ow d i r e c t b u s i n e s s
s h i p m e n t s f r o m t h e U n i te d S t a te s .
 B e wa r y i f t h e " s h i p to " a d d r e s s i s yo u r s
b u t t h e n a m e o n t h e p a c ka g e i s n ot .
 N e v e r p r ov i d e yo u r p e r s o n a l i n fo r m a t i o n
to s t r a n g e r s i n a c h a t r o o m .
 D o n ' t a c c e p t p a c ka g e s t h a t yo u d i d n ' t
o r d e r.
 I f yo u r e c e i v e p a c ka g e s t h a t yo u d i d n ' t
o r d e r, e i t h e r r e f u s e t h e m u p o n d e l i v e r y
o r c o n t a c t t h e c o m p a ny w h e r e t h e
p a c ka g e i s f r o m .
Spam
 D o n ' t o p e n s p a m . D e l e te i t u n r e a d .
 N e v e r r e s p o n d to s p a m a s t h i s w i l l
c o n fi r m to t h e s e n d e r t h a t i t i s a " l i v e "
email address.
 H av e a p r i m a r y a n d s e c o n d a r y e m a i l
a d d r e s s - o n e fo r p e o p l e yo u k n o w a n d
o n e fo r a l l ot h e r p u r p o s e s .
 Av o i d g i v i n g o u t yo u r e m a i l a d d r e s s
u n l e s s yo u k n ow h o w i t w i l l b e u s e d .
 N e v e r p u r c h a s e a ny t h i n g a d v e r t i s e d
through an unsolicited email.
T h i r d P a r t y R e c e i v e r o f Fu n d s
 D o n ot a g r e e to a c c e p t a n d w i r e
p ay m e n t s fo r a u c t i o n s t h a t yo u d i d n o t
post.
 B e l e e r y i f t h e i n d i v i d u a l s t a te s t h a t h i s
c o u n t r y m a ke s r e c e i v i n g t h e s e t y p e o f
f u n d s d i f fi c u l t .
 Be cautious when the job posting
claims "no experience necessar y".
 Be cautious when dealing with
i n d i v i d u a l s o u t s i d e o f yo u r o w n c o u n t r y.
REFERENCES
 Al-Marhoon, M. (n.d.). Password Management Guide.
MakeUseOf. Retrieved April 10, 2013, from
http://www.makeuseof.com/pages/the -passwordmanagement-guide-fulltext
 http://www.slideshare.net/NortonOnline/2012 -nortoncybercrime-report-14207489
 http://www.ic3.gov/media/annualreports.aspx