Table of Contents

INTRODUCTION................................................................................................................ 1
PHISHING......................................................................................................................... 2
DEFINITION OF PHISHING.............................................................................................. 2
HOW THEY WORK?........................................................................................................ 2
NEGATIVE EFFECT OF PHISHING....................................................................................3
SAFEGUARD AGAINST PHISHING...................................................................................... 3
MALWARE......................................................................................................................... 5
DEFINITION OF MALWARE.............................................................................................. 5
TYPES OF MALWARE...................................................................................................... 5
SIGNS OF ATTACK.......................................................................................................... 6
NEGATIVE EFFECT OF MALWARE................................................................................... 6
SAFEGUARD AGAINST MALWARE...................................................................................... 7
HACKING.......................................................................................................................... 8
DEFINITION OF HACKER................................................................................................ 8
TYPES OF HACKER......................................................................................................... 8
DEFINITION OF HACKING............................................................................................... 9
GOOD THINGS OF HACKING.......................................................................................... 9
NEGATIVE EFFECT OF HACKING.................................................................................... 9
SAFEGUARD AGAINST HACKING..................................................................................... 11
CONCLUSION.................................................................................................................. 12
REFERENCES.................................................................................................................. 13
APPENDIX....................................................................................................................... 14

INTRODUCTION

Today, people rely on computers to create, store, and manage critical information. Thus, it is
important that computers and the data they store are accessible and available when needed. It also
is crucial that users take measures to protect their computers and data from loss, damage, and
misuse. A computer security risk is any event or action that could cause a loss of or damage to
computer hardware, software, data, information, or processing capability.
Internet and network attacks that jeopardize security include computer viruses, worms,
Trojan horses, and rootkit, phishing, and hacking. The following pages address these computer
security risks and suggest measures organizations and individuals can take to protect their
computers while on the Internet or connected to a network.

PHISHING
DEFINITION OF PHISHING
In computing, phishing is the fraudulent acquisition, through deception, of sensitive personal
information such as passwords and credit card details, by masquerading as someone trustworthy
with a real need for such information.
The term "phishing" is sometimes said to stand for password harvesting fishing. Still other
theories accredit the term "phishing" to originate from the name "Brien Phish" who was the first to
allegedly use psychological techniques to steal credit card numbers in the 1980s. Others believe
that "Brien Phish" was not a real person but a fictional character used by scammers to identify each
other.
The term was coined in the mid 1990's by crackers attempting to steal AOL accounts. An
attacker would pose as an AOL staff member and send an instant message to a potential victim.
The message would ask the victim to reveal his or her password, for instance to "verify your
account" or to "confirm billing information". Once the victim gave over the password, the attacker
could access the victim's account and use it for criminal purposes, such as spamming.
HOW THEY WORK?
There are numerous reasons why phishing works so well, starting with the ability of the scammers
to play mind tricks on victims, in order to lure them into trouble. Phishers can use tempting offers,
like complimentary giveaways, in order to bait users. This is a very efficient method, as many people
would likely take advantage of a free offer.
A scammer can also use the buzz around a certain topic or event take, for example, the largescale scam that occurred after the FIFA World Cup. In the summer of 2014, a phishing site imitating
the official FIFA web page, prompted users to sign a petition in defense of Luis Albert Suarez, the
star forward on the Uruguay national team. In order to sign the petition, a user had to fill out the
online form, which required ones name, country, mobile phone number, and email.Another scam
website offered its visitors an opportunity to download an e-ticket to the championship. Clicking the
link would then download a Trojan, which would hijack critical personal and financial data.
In order to reach those users who are wise to phishers tricks, cybercriminals use another efficient
tool with an immense reach originating from the victims friends accounts for instance, on social
networks.
According to Kaspersky Lab, over 35% of the anti-phishing module alerts in 2013 reacted to
phishing websites faking social media pages. Out of over 600 million attempts to access a phishing
site that we were able to detect, 22% of cases dealt with fake Facebook pages.(refer appendix)
Another extremely fruitful method that is used to fool a victim into clicking on a phishing link is
creating a sense of urgency and panic. This could be done in a scenario where a scammer
2

threatens his victim with blocking their user profile or even a bank account. To enhance the
efficiency of such an approach, the criminals also resort to so-called vishing (or voice phishing,
performed over the phone). Not everyone is so cautious in such a critical situation that they will
think to decline the requests of an extra-assertive ban security officer asking for credit card data in
order to prevent an account from being blocked.(refer appendix)
NEGATIVE EFFECT OF PHISHING
The effect of phishing scams can be swift, resulting in identity theft, the loss of thousands of pounds
of savings, running up of huge debts and even repossession of vehicles and property.

SAFEGUARD AGAINST PHISHING

How to protect you from phishing attacks:

Never respond to emails that request personal financial information

Banks or e-commerce companies generally personalize emails, while phishers do not. Phishers
often include false but sensational messages ("urgent - your account details may have been stolen")
in order to get an immediate reaction. Reputable companies don't ask their customers for
passwords or account details in an email. Even if you think the email may be legitimate, don't
respond - contact the company by phone or by visiting their website. Be cautious about opening
attachments and downloading files from emails, no matter who they are from. Sophos uses SPF
(Sender Policy Framework). This is an anti-forgery solution which involves publishing a list detailing
which servers are allowed to send Sophos emails.

Visit banks' websites by typing the URL into the address bar
Phishers often use links within emails to direct their victims to a spoofed site, usually to a similar
address such as mybankonline.com instead of mybank.com. When clicked on, the URL shown in
the address bar may look genuine, but there are several ways it can be faked, taking you to the
spoofed site. If you suspect an email from your bank or online company is false, do not follow any
links embedded within it.

Keep a regular check on your accounts

Regularly log into your online accounts, and check your statements. If you see any suspicious
transactions report them to your bank or credit card provider.

Check the website you are visiting is secure

Before submitting your bank details or other sensitive information there are a couple of checks you
can do to help ensure the site uses encryption to protect your personal data:
Check the web address in the address bar. If the website you are visiting is on a secure server it
should start with "https://" ("s" for security) rather than the usual "http://".
Also look for a lock icon on the browser's status bar. You can check the level of encryption,
expressed in bits, by hovering over the icon with your cursor.

Note that the fact that the website is using encryption doesn't necessarily mean that the website is
legitimate. It only tells you that data is being sent in encrypted form.

Be cautious with emails and personal data

Most banks have a security page on their website with information on carrying out safe transactions,
as well as the usual advice relating to personal data: never let anyone know your PINS or
passwords, do not write them down, and do not use the same password for all your online accounts.
Avoid opening or replying to spam emails as this will give the sender confirmation they have
reached a live address. Use common sense when reading emails. If something seems implausible
or too good to be true, then it probably is.

Keep your computer secure

Some phishing emails or other spam may contain software that can record information on your
internet activities (spyware) or open a 'backdoor' to allow hackers access to your computer
(Trojans). Installing anti-virus software and keeping it up to date will help detect and disable
malicious software, while using anti-spam software will stop phishing emails from reaching you. It is
also important, particularly for users with a broadband connection, to install a firewall. This will help
keep the information on your computer secure while blocking communication from unwanted
sources. Make sure you keep up to date and download the latest security patches for your browser.
If you don't have any patches installed, visit your browser's website, for example users of Internet
Explorer should go to the Microsoft website.

Always report suspicious activity

If you receive a suspicious email, forward it to the spoofed organization (many companies have a
dedicated email address for reporting such abuse).

MALWARE
DEFINITION OF MALWARE
Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus,
malware includes computer viruses, worms, Trojan horses and rootkit that gather information
about a computer user without permission.
TYPES OF MALWARE
Some types of malware are:
A computer virus is a potentially damaging computer program that affects, or infects, a computer
negatively by altering the way the computer works without the users knowledge or permission. Once
the virus infects the computer, it can spread throughout and may damage files and system software,
including the operating system.
A worm is a program that copies itself repeatedly, for example in memory or on network, using up
resources and possibly shutting down the computer or network.
A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate
program. A certain condition or action usually triggers the Trojan horse. Unlike a virus or worm, a Trojan
horse does not replicate itself to other computers.
A rootkit is a program that hides in a computer and allows someone from a remote location to take
full control of the computer. Once the rootkit is installed, the rootkit author can execute programs,
change settings, monitor activity, and access files on the remote computer. Although rootkits can have
legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing
rapidly.
For example, MyDoom and Blaster are worms; Melissa has elements of a virus, worm, and Trojan
horse.

SIGNS OF ATTACK
1) PC slowdowns Computer that has been infected by malware ( virus,worms,and Trojan)
will running tasks that take up a lot of resources making the computer system run more
slowly than usual. The computer has virus if the system slowdown without any resourcesheavy application.
2) Computer gone unstable- Malware messes around with important files that halt the
computer running properly. The computer crashes when user tried to run specific
application or particular files.
3) Randomly connected to various websites Malware force-connect he computer to
websites in the background and send information back and forth with these sources.
4) Everything seems perfectly normal - Some types of malware do their best to hide all
activity, leaving no visible traces. Even when user don't notice anything unusual, it's
possible that a 'bot on user system may be quietly awaiting instruction from its command
and control system, or a Remote Access Trojan may be harvesting user personal
information.

NEGATIVE EFFECT OF MALWARE

1) Computer Instability - If infected by a virus or worm, users computer can become unstable. If
users computer inexplicably crashes, spontaneously reboots, won't shut down, won't restart or
is experiencing other repeated malfunctions, malware can be the cause of such turmoil.

2) Loss of Privacy - Some malware is designed to create a text log based on user key strokes,
which can reveal email addresses and account passwords. These text logs can then be scanned
by hackers and used to send email to users contacts. If user has an online account that has
been compromised, user may have malware that enabled the process on his/her computer.

3) Identity & Financial Theft - Spyware infections can lead to the access of personal information
and financial account details, which can then be used to commit identity theft and fraudulent
crimes. You may be unaware your information has been leaked until you monitor your financial
accounts and see unauthorized behaviour.

SAFEGUARD AGAINST MALWARE

Methods that guarantee a computer or network is safe from computer viruses and other
malware simply do not exist. Users can take several precautions, however, to protect their home
and work computers and mobile devices from these malicious infections. The following paragraphs
discuss these precautionary measures.
1. Never start a computer with removable media inserted in the drives or plugged in the ports,
unless the media are uninfected.
2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source.
3. Set the macro security in programs so that you can enable or disable macros. Enable macros
only if the document is from a trusted source and you are expecting it.
4. Install an antivirus program on all of your computers.
Update the software and the virus signature files regularly.
5. Scan all downloaded programs for viruses and other
malware.
6. If the antivirus program flags an e-mail attachment as
infected, delete or quarantine the attachment immediately.
7. Before using any removable media, scan the media for
malware. Follow this procedure even for shrink-wrapped
software from major developers. Some commercial software
has been infected and distributed to unsuspecting users.

Popular Antivirus
Program
AVG Anti-Virus
avast! Antivirus
Bitdefender
CA Anti-Virus
Kaspersky Anti-Virus
McAfee VirusScan
Norton AntiVirus
Trend Micro AntiVirus
Vexira AntiVirus

8. Install a personal firewall program.

9. Stay informed about new virus alerts and virus hoaxes.

HACKING
DEFINITION OF HACKER
A hacker is a term that first started being used in the 1960s and being described a programmer or
someone who hacked computer code. Later the term evolved into an individual who had an
advanced understanding of computers, networking, programming, or hardware, but did not have
any malicious intent.
Today, a malicious hacker is usually referred to as a black hat or criminal hacker, which describes
any individual who illegally breaks into computer system to damage or steal information. Some
people who consider themselves let may refer to themselves as a haxord , h4x0rs , or HaXXorZ.
However, often these users are nothing more than script kiddies.
TYPES OF HACKER
WHITE HAT
A White Hat hacker is a computer network security professional and has non malicious intent
whenever he breaks into security system. A white hat hacker has deep knowledge in Computer
Networking, Network Protocol and system Administration. White Hat hacker has also good
knowledge in hacking tools and knows how to program hacking tools.
A White Hat hacker has the skill to break into networks but he uses his skills to protect organization.
BLACK HAT.
A Black Hat hacker , also known as a cracker , is a computer professional with deep knowledge in
computer networking , network protocols and system administration (atleast three or four operation
system and very good skills in scripting and programming).Black hat are also has good knowledge
in many hacking toolos and know how to program hacking tools. A Black Hat hacker uses his skills
for unethical reasons.
Example: To steal research data from a company, To steal money from credit card , Hacks email
accounts etc.
GREY HAT.
A Grey Hat hacker is someone who iss between white hat hacker and black hat hacker. Grey Hat
hackers normally do the hacking without the permissions from the administration of the network he
is hacking. But he will expose the network vulnerabilities to the network admins and offer a fix for
the vulnerability for money.
SCRIPT KIDDIE.

A Script Kiddie I basically a hacker amateur who doesnt has much knowledge to program tool to
breaks into computer networks.
HACKTIVIST
A Hactivist is a hacker with political intention. The hacktivist has the same tools as the hacker. The
primary intention of a hacktivist is to bring public attention to a political matter.
PHREAKER.
Phreaker is a telecom network hacker who hacks a telephone system illegally to make calls without
paying for them.
DEFINITION OF HACKING
Hacking is unauthorized use of computer and network resources (The term hacker originally
meant a very gifted programmer. In recent years through, with easier access to multiple systems, it
now has negative implication). People who engage in computer hacking activities are often called
hackers. There are two kinds of hackers which are good hackers and bad hackers.
GOOD THINGS OF HACKING
The most of us would never have thought there was never a good side to hacking. Well there is ,
such as individual and organizations that conduct security audits and research and publishing their
findings for the security industry and to also help new users who arent familiar with security , thi can
also help us be a steps ahead to protect the online society from exploits and security risks.
NEGATIVE EFFECT OF HACKING
Hacker and cracker are often referred to across the world ass the big threat for online business and
the online society. The effects are as following:
Effects on individual: according to Banks (1997) these are cases where individual information is
sold and used for bad purposes like using their account .While Seo (2001) focuses on psychology of
individual after being hacked and that they will always have the fear being monitored when
accessing internet and information, added to that the privacy of users can be easily penetrated.
Effect on company: the companys server will be broken due to huge traffic causing customer
frustration and hurt the company reputation. Same for software theft that cause bankruptcy to
companies which spend million to develop and create software that sadly later on is stolen and
copied for cheap prices. The main problem is that some companies hire or use hackers to break into
other competitor system to steal precious information.
Effect of countries: since we are living in information society where all our daily activities are
controlled by technology, there will be a great damage if a vital system broken by hacking attacks.
Breaking main system might result in collapse of countries Bank (1997).
REAL CASE
On October 2014, hackers steal more than $1.2 million from 17 automated teller machines (ATMs)
in Malaysia. A Latin American gang of cyber criminals were able to exploit a way to hack and steal
millions of dollars from 17 automated teller machines (ATM) in Malaysia. ATMs of at least 17 bank
branches belonging to United Overseas Bank, Affin Bank, Al Rajhi Bank and Bank of Islam were
reportedly hacked into by the Latin American gang.
9

Closed-circuit television (CCTV) footage from the banks showed that 2-3 Latin American men, who
were involved in the crime, entered and withdraw money from these ATMs one after another.Bukit
Aman Commercial Crime Investigation Department chief Comm Datuk Mortadza Nazarene told
Bernama that the suspects used a computer malware known as ulssm.exe to hack into the ATMs.
The suspects were found to have opened the top panel of the machine without using a key and
inserted a compact disc into the machines processing centre which caused the ATMs system to
reboot, he told Bernama, Tuesday morning, The Star reported.
A Selangor Commercial Crime Investigation Department spokesman said that an investigation is still
going on. In the meantime police were able to recover one of the ATM cards which were used by the
hackers to withdraw the money. Since it was the ATM which was rebooted to default, no customers
data was compromised in the hack, police are investigating the scene and believes the gang
members are still in the country.

10

SAFEGUARD AGAINST HACKING

How can individuals protect or make it more difficult for hackers to access their information?
Here are tips that can help you protect against these attacks:
1. Make your password harder to hack
Hard passwords include upper and lower case letters, numbers and special characters. They
should be at least eight characters in length. They should also not spell out words easy for hackers
to find, like your pets name or the name of a family member.
2. Change your password regularly
A very common mistake made by users is to create one hard password, but then never change
it. Remembering a long list of complicated passwords can be difficult. But no password is
unbreakable. Hackers are better able hack multiple accounts if those accounts all have the same
password. A password management service, like Dashlane or PasswordBox, can help you keep
track of hard passwords. These services permit users to easily store and secure their passwords.
3. Clear your browser history
This goes for all the devices you use in a day your home computer, your work computer, or
your friends iPad. Internet browsers like Firefox or Chrome keep track of where youve been and
what youve done online. They keep records of every site you visited. Information about what you
sent from or saved on your computer can be kept for days or weeks. It is very easy for anyone who
sees that information to steal a detailed record of your online activities.
4. Do not use free Wi-Fi
An increasing number of public places now offer free wireless access to the Internet. Often, a
user does not need a password to connect to these wireless networks. These services might be
useful, but theyre also an easy way for hackers to access everything on your device. Unless you
really need it, it is best not to use it.
5. Use HTTPS
HTTPS is officially known as hyper-text transfer protocol secure. It is similar to HTTP, which is
used to enter Internet addresses. HTTPS adds an extra layer of security and encryption while
online. Communications between users and sites that support HTTPS are encrypted. The
information is also authenticated. That means that HTTPS can determine whether or not a website
is real.
6. Watch what you click
One of the most popular and successful ways hackers infect your computer is through a
technique called phishing. Phishing occurs when someone opens an email attachment that looks
real. But the attachment is actually a virus that immediately infects the users computer. If someone
sends you a file or a website you did not ask for, it is best to not click on it.
7. Try not to use public computers
For many people, not using a public computer can be difficult. Those without a computer or
Internet access at home often use Internet cafes to get online. However, the more different people
use a computer, the more likely a virus has infected it.

11

12

CONCLUSION
As a conclusion, a cyber-security attack, in a simple terms, is an attack on our computer
systems originating from malicious acts of an anonymous source. Cyber-attack allows for an illegal
access to our digital device, while gaining access or control of our digital device. As we know, cyberattacks was created by humans, and mistakes happen because of humans.
Different types of cyber-attacks can be defined as an offensive tactic to gain an illegal control or
access to your digital device, called the target system, initiated by a person or a computer against a
website.
As a result, it becomes highly imperative to have a system of security in place to handle such
attack. It is important to continually update our software to counter the new threats that these
devices are poised to on daily basis.
Cyber security is fast turning out to be an important aspect of everyones life and should always be
looked upon in this digital age to have safe digital experience.

13

REFERENCES
https://securitylockdownblog.wordpress.com/2014/09/10/various-internet-and-network-attacks-andhow-you-can-safeguard-against-these-attacks/
https://cybersafety2014.wordpress.com/2014/09/11/what-are-various-internet-and-network-attacksand-how-can-users-safeguard-against-these-attacks/
http://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014so-far/#293b71d721a6
https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-about-cyber-security/
http://www.komando.com/tips/12164/5-signs-you-have-a-computer-virus/all
Https://en.wikipedia.org/wiki/phishing
Https://rfa.blog.com
https://netcraft.com/anti.phishang
Https://computing/smb-security/articles/64476.aspx
http://www.techworm.net/2014/10/17-atms-hacked-in-malaysia.html
http://www.therakyatpost.com/news/2015/01/26/malaysian-airlines-website-hacked/

14

APPENDIX

15

Example of
Antivirus

How Firewall
works.

16

17

18