MSU-Northern ITS: IT Security

Information Technology Services: Types of Net Threats

Whether the computer you’re using is connected to the Internet from on campus or off, that computer is a target. Fraudsters are often looking for credit card numbers, bank account information and any other personal information they can use for their own gain. And it's not just financial information they're after: once they compromise a computer, intruders can use the hard disk, processor and Internet connection to attack other computers. Many home computer users are especially vulnerable because they do not realize the risks of being on a network and that there are protection measures available to them to guard against these threats. All computer users need to educate themselves and understand the threats in order to more effectively protect their personal information and computer systems.

Identity Theft

Identity Theft Identity theft occurs when someone obtains and uses personally identifying information, like your name, Social Security number, credit card numbers, etc, without permission, to commit fraud or deception, most typically for financial gain.

The Federal Trade Commission (FTC) estimates that as many as 9 million Americans have their identities stolen each year.

Identity theft is serious. People whose identities have been stolen spend a lot of time and money cleaning up the mess thieves have made of their good name and credit record.

Read More...

Malware - Viruses, Worms, Trojans and more

Malware (Malicious Software) is software designed to infiltrate or damage a computer system without the owner's informed consent.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs, such as spyware, are also known for containing worms and viruses that cause a great deal of computer damage.

Read More...

Botnets

Botnets (also known as a zombie armies) are typically a network of hijacked computers used to conduct attacks, usually for personal gain.

Here are a few examples of what your computer might do if it becomes part of a botnet:

Generate spam,
Execute denial of service attacks (DoS),
Propagate worms, Trojans, or other malware,
Host fraudulent Websites, such as banking sites, for phishing purposes,
Install adware or spyware - attackers get paid on a per-install basis,
Extortion - attackers can hold your files hostage and threaten to destroy them or threaten to unleash a DoS on a company’s Website unless a ransom is paid,
Execute brute-force attacks to find sensitive information such as encryption keys or account information
Generate fake "click-thru" traffic - Pay per Click is a type of marketing where advertisers pay a set amount every time their ad is clicked.

A computer becomes part of a botnet after it has been infected with some form of malware (like a virus, worm or Trojan), which installs a botnet "agent" that is designed to allow control of the computer from a central remote source.

Social Engineering

Social Engineering is a term is used to describe the art of persuading people to divulge information, such as account names, passwords and your personal information. These methods depend on people skills rather than technical skills, since they exploit human nature rather than software or hardware vulnerabilities.

A good social engineer is an accomplished actor who tries to charm or intimidate you into giving out sensitive information. Social Engineering may be one of the most dangerous hacking techniques because the best technology in the world cannot defend against it. This human factor is one of the most often overlooked threats to computer security.

There are really only two steps involved in protecting yourself against social engineers who try to charm, intimidate, or trick you into giving them information:

Be aware of what is happening
You should be suspicious of people who ask you for your SSN, account names or passwords, computer name, IP address, employee ID number, or any other information that could be misused. You should be especially suspicious if they attempt to charm you or intimidate you. Several signs of social engineering attacks: refusal to give contact information, rushing, name-dropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. Look for things that just don’t quite add up.
Just say no
If you’re not comfortable with what the person is asking for, just say no.

Top of page

Return to IT Security Home

Quick Links Help Desk - 3765 ITS Home IT Security Services Information About... Site Index In this section... IT Security Stay Updated! Passwords Data Security Firewalls Virus Protection While Traveling... Types of Threats Hoaxes E-mail Safety & Spam Phishing Identity Theft Malware Web Surfing Safely Social Networks Online Harassment Copyrights & Peer-to- Peer (P2P) Applications Related Links (external) MSU Security Web Site Help Desk MSU-Northern students, faculty and staff - Use the ITS Help Desk as the first point of contact for your technology problems, questions & services! Information Technology Services Help Desk Walk-in Support: Cowan Hall 117B Telephone Support: 265-3765 E-Mail Support: itstech Last Updated: 18-Jun-2009
	Information Technology Services: Types of Net Threats Whether the computer you’re using is connected to the Internet from on campus or off, that computer is a target. Fraudsters are often looking for credit card numbers, bank account information and any other personal information they can use for their own gain. And it's not just financial information they're after: once they compromise a computer, intruders can use the hard disk, processor and Internet connection to attack other computers. Many home computer users are especially vulnerable because they do not realize the risks of being on a network and that there are protection measures available to them to guard against these threats. All computer users need to educate themselves and understand the threats in order to more effectively protect their personal information and computer systems. Identity Theft Identity Theft Identity theft occurs when someone obtains and uses personally identifying information, like your name, Social Security number, credit card numbers, etc, without permission, to commit fraud or deception, most typically for financial gain. The Federal Trade Commission (FTC) estimates that as many as 9 million Americans have their identities stolen each year. Identity theft is serious. People whose identities have been stolen spend a lot of time and money cleaning up the mess thieves have made of their good name and credit record. Read More... Malware - Viruses, Worms, Trojans and more Malware (Malicious Software) is software designed to infiltrate or damage a computer system without the owner's informed consent. Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs, such as spyware, are also known for containing worms and viruses that cause a great deal of computer damage. Read More... Botnets Botnets (also known as a zombie armies) are typically a network of hijacked computers used to conduct attacks, usually for personal gain. Here are a few examples of what your computer might do if it becomes part of a botnet: Generate spam, Execute denial of service attacks (DoS), Propagate worms, Trojans, or other malware, Host fraudulent Websites, such as banking sites, for phishing purposes, Install adware or spyware - attackers get paid on a per-install basis, Extortion - attackers can hold your files hostage and threaten to destroy them or threaten to unleash a DoS on a company’s Website unless a ransom is paid, Execute brute-force attacks to find sensitive information such as encryption keys or account information Generate fake "click-thru" traffic - Pay per Click is a type of marketing where advertisers pay a set amount every time their ad is clicked. A computer becomes part of a botnet after it has been infected with some form of malware (like a virus, worm or Trojan), which installs a botnet "agent" that is designed to allow control of the computer from a central remote source. Social Engineering Social Engineering is a term is used to describe the art of persuading people to divulge information, such as account names, passwords and your personal information. These methods depend on people skills rather than technical skills, since they exploit human nature rather than software or hardware vulnerabilities. A good social engineer is an accomplished actor who tries to charm or intimidate you into giving out sensitive information. Social Engineering may be one of the most dangerous hacking techniques because the best technology in the world cannot defend against it. This human factor is one of the most often overlooked threats to computer security. There are really only two steps involved in protecting yourself against social engineers who try to charm, intimidate, or trick you into giving them information: Be aware of what is happening You should be suspicious of people who ask you for your SSN, account names or passwords, computer name, IP address, employee ID number, or any other information that could be misused. You should be especially suspicious if they attempt to charm you or intimidate you. Several signs of social engineering attacks: refusal to give contact information, rushing, name-dropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. Look for things that just don’t quite add up. Just say no If you’re not comfortable with what the person is asking for, just say no. Top of page Return to IT Security Home		Did you know? Most users infect themselves by clicking unexpected or suspicious links in e-mail, IM messages or on questionable Web sites. Think before you click! Anti-virus software is not enough to protect you from today's Internet threats. To help you avoid dangerous sites and content, download and install the free McAfee SiteAdvisor plug-in (www.SiteAdvisor.com) for Internet Explorer and Fire Fox browsers. Don't Get Hooked If you get an email, instant message or or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies do NOT ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and manually type in the company's correct Web address yourself. Never copy and paste a link into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site. Report Security Incidents Report stolen devices (laptops, PDAs, etc) and suspected computer break-ins to ITS immediately. The sooner we know about an incident, the sooner we can respond, potentially limiting any damage.