Cyber Security

1. Why do you need to secure your Desktop/Laptop?

A personal computer used without proper security measure could lead to exploiting the system for
illegal activities using the resources of such in-secured computers. These exploiters could be Virus,
Trojans, Key loggers and sometimes real hackers. This may result in data theft, data loss, personal
information disclosure, stealing of credentials like passwords etc. So, protect and secure your Personal
Computer before it is compromised.

Basic security measures for Safe use of Desktop/Laptop

Physical security measures for Desktop/Laptop

Regularly clean your system and its components.

Note: Turn your PC Off before cleaning it.

Properly organize the power cables, wires, to prevent from water, insects etc.

While working at PC, be careful not to spill water or food items on it.

Always follow “Safely Remove” option provided by the Operating System while

disconnecting the USB devices.

By setting BIOS password, you can prevent unauthorized access to your personal computer.

Switch off the computer when it’s not in use.

**Data Security measures for Desktop/Laptop**

Data security refers to the protection of data from unauthorized access, use, change, disclosure and
destruction. There are different types of data security measures such as data backup, encryption and
antivirus software, which will ensure the security of your sensitive data.

Enable Auto-updates of your Operating System and update it regularly.

1
Download Anti-Virus Software from a Trusted Website and Install. Make sure it automatically gets
updated with latest virus signatures.

Download Anti-Spyware Software from a Trusted Website and Install. Make sure it automatically
updates with latest definitions.

Use “Encryption” to secure your valuable Information.

Note: For encryption password is required, always remember the password used while encrypting it,
else data would not be available thereafter.

**

1. Is there a need to use both Antivirus and Antispyware in your personal computer?

Yes, both are required

No, both are not required, any one is sufficient to protect from threats

**

1. Is there a need to use both Antivirus and Antispyware in your personal computer?

Yes, both are required

No, both are not required, any one is sufficient to protect from threats

2. what are the measures you take to protect and secure your data? i. Keep back up regularly ii. Use
Antivirus iii. Make copies of only important data

option i

option i and ii

option i, ii and iii

Data Security measures for Desktop/Laptop....

Strong password should be used for “Admin” Account on computer and for other important applications
like E-mail client, Financial Applications (accounting etc).

Backup : Periodically backup your computer data on CD / DVD or USB drive etc.. in case it may get
corrupted due to HardDisk failures or when reinstalling/format ting the system.

Recovery Disk: Always keep recovery disk suplied by Manufacturer / Vendor of the Computer System to
recover the Operating System in the event of boot fail- ures due to system changes such as uncerificated
Drivers/unknown Software pub- lisher.

2
Startup programs should be monitored / controlled for optimal system performance.

**Browser Security measures for Desktop/Laptop

Today, web browsers such as Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari are installed
on almost all computers. Because web browsers are used so frequently, it is vital to configure them
securely. Often, the web browser that comes with an operating system is not set up in a secure default
configuration. Not securing your web browser can lead quickly to a variety of computer problems
caused by anything from spyware being installed without your knowledge to intruders taking control of
your computer.

Always update your Web Browser with latest patches.

Use privacy or security settings which are inbuilt in the browser.

Also use content filtering software.

Always have Safe Search “ON” in Search Engine.

* 1. Do browsers update automatically? How do I know my browser is updated with latest version ?

Yes latest browsers will update automatically, and you need to click on more options to know whether
you browser is updated or not

No we need to manually update all the browsers and you need to click on more options to know
whether you browser is updated or not

May be browsers will update automatically

** e-Mail Security measures for Desktop/Laptop

Email security is about protecting sensitive information in email communication and accounts to secure
against unauthorized access, loss or compromise. Email is often used to spread malware, spam and
phishing attacks. Scammers fraudulently entice recipients to part with sensitive information, open
attachments or click on hyperlinks that install malware on the victim’s device.

Always use strong password for your email account.

Always use Anti-Spyware Software to scan the eMails for Spam.

Always scan the e-Mail attachments with latest updated Anti-Virus and Anti-Spy ware before opening.

Always remember to empty the Spam folder.

1. How effective is one spam filter to protect your e-mail from all kind of malicious emails ? i. Spam
emails may carry virus and attack your system through e-mail, so using a spam filter can protect your e-

3
mail and also your system ii. spam emails fills your inbox and make it difficult to find the genuine e-
mails, spam filter will reduce the spam e-mails and protect your email iii. spam emails will block email
bombing

option i

option ii and iii

option i and ii

option i, ii and iii

** How to encrypt a file?

File encryption helps protect your data by encrypting it. Only someone with the right encryption key
(such as a password) can decrypt it. File encryption is not available in Windows 10 Home.

 Right-click (or press and hold) a file or folder and select Properties.
 Select the Advanced button and select the Encrypt contents to secure data check box.
 Select OK to close the Advanced Attributes window, select Apply, and then select OK.

Password-protecting a zipped file:

This is a good solution if your version of Windows does not support password protection. If you put the
files you would like to protect in a zip file, you can then apply a password.

 In Windows Explorer, highlight and right-click on the files you would like to put into a zipped file.
 Select Send to, then Zip folder (compressed). Follow the prompts to name and save the folder.
 Double-click the zipped file, then select File and Add Password.
 Fill out the requested information, then click Apply.

**Wireless Security measures for Desktop/Laptop

Wireless security is the prevention of unauthorized access or damage to computers or data
using wireless networks, which include Wi-Fi Networks. wireless networking is prone to some
security issues. cyber criminals have found wireless networks relatively easy to break into, and
even use wireless technology to hack into wired networks. As a result, it is very important that
one must use wireless security measures to safe guard against unauthorized access to
important resources.

 Change default Administrator passwords.

 Turn On WPA (Wi-Fi Protected Access) / WEP Encryption.
 Change default SSID.

4
 Enable MAC address filtering.
 Turn off your wireless network when not in use.
*1. what is SSID for Wi-Fi ?
It’s the name of Wi-Fi
its security password for Wi-Fi
It’s the name and password of Wi-Fi
**Modem Security measures for Desktop/Laptop
 Change the default passwords.
 Switch off when not in use.
 The best way to protect a router from malicious software is not to turn it off when it is
not in use, but to secure it with a strong password.
Test your Knowledge
1. Do turning off your modem every night ensure safety ?
No, it does not ensure safety
Yes it does ensure safety
**How to connect a Wireless Modem to a Desktop Computer….
Instructions to be followed while connecting the Wireless Modem

Make sure you have the necessary equipment. Your wireless modem package should
include the wireless modem (or wireless adapter); an installation CD-ROM with a
manual; an Ethernet cable (or a USB cable if you have a wireless USB modem); a
wireless antenna (conforming to wireless standards such as 802.11a, 802.11b, or
802.11g); and a power adapter. Call the retailer or the manufacturer of your wireless
modem if any of these items are missing.

1. Read the manual to learn how the equipment functions. For example, use the
wireless antenna to connect to the wireless network ; use the Ethernet cable (or USB
cable) to connect the computer to the modem.
2. Attach your wireless antenna to the modem.
3. Hook up an Ethernet cable from your computer to a LAN/Ethernet port on the
modem. Or, if you have a wireless USB modem, connect the USB cable to the USB port
of the computer.
4.Connect the power adapter to the power connector of the modem, plug it in and
switch it on.
**Setting Up the Wireless Modem
 Open your Web browser and enter the URL of the modem’s administrative site. If
you can’t find it in the users’ manual, call the modem manufacturer’s/vendor’s
customer service.
 Log in to the administrative site by entering the user name and password provided
in the user manual. Again, if you cannot locate these, call the modem
manufacturer’s/vendor’s customer service. Usually the default username and
password is “Admin.”

5
 Select the Internet connection type. There are four types of Internet connection:
“Dynamic IP Address,” “Static IP Address,” “PPPoE/PPPoA” and “Bridge Mode.” Call
your Internet service provider (ISP) to ask which setting best suits their wireless
service.
 Choose “Dynamic IP Address” to get an IP address automatically from the ISP’s
server. For ev- -ery wireless Internet connection you make, you receive an IP
address. In some cases the IP address is dynamic (it changes every time you connect
to the Internet), and in other cases it is static (the IP address remains the same even
after you disconnect and reconnect to the Internet). If the address is dynamic, you
will have to choose this setting so that the modem automatically takes the IP from
the ISP’s server whenever a new wireless connection is esta- -blished. Enter your
modem’s MAC Address (usually found at the back of the modem) and other details.
Refer to the user manual or call the modem manufacturer’s / vendor’s custom- -er
service to get these details.
**Setting Up the Wireless Modem
 Select “Static IP Address” if you are provided with a static IP. You will need to fill
in the fields for “VPI,” “VCI,” “IP Address,” “Subnet Mask,” “ISP Gateway
Address,” “Server Address,” “Primary DNS Address,” “Secondary DSN Address”
and “Connection Type.” These details can be otained from your ISP.
 Opt for “PPPoE/PPPoA” if your ISP uses this type of connection. DSL users may
use this connection. Enter your user name, password and other details. These
will be provided by your ISP.
 Select the “Bridge Mode” if your ISP uses this connection type. Enter the
relevant details provided by your ISP.
 Finish the process by clicking on the icon that says “Finish” or “OK” or something
similar. Your modem should be set up now.
 Enter any URL address in your browser’s address window to check whether
Internet is com- -m ing or not.
**Ergonomics of Desktop/laptop use
It is necessary to take care of ergonomic aspects while arranging the digital devices for
use at home or office and also know about its relevance and importance, in reducing the
stress and strain on the physical body thereby avoiding injuries due to repeated usage.
**1. Why is ergonomics so important to computer users?
for security reasons
for health reasons
both a) and b)
2. What is the proper way to use a laptop?
Use a chair that supports a comfortable upright or slightly reclined posture.
keep laptop on the lap while working
keep the laptop on the flat place and look down to the screen to avoid the strain
**Here are several helpful computer ergonomics tips:

6
 Position your computer display so the top of the screen is at or slightly below eye
level. This will allow you to view the screen without bending your neck.
 Adjust the position of your display to prevent reflections of overhead and outdoor
lighting appearing on your screen.
 Put your monitor close enough to your eyes so you can comfortably read text on the
screen without leaning forward.
 Angle the laptop screen back so you can see it with the least amount of neck
deviation as possible
 For relaxing your eyes when looking at device screens follow 20-20-20 rule, which is
for every 20 minutes of time spent looking at screen, take 20 second break, and look
at something that is 20 feet away.
imagesource:https://www.eyehealthnepal.com
**1. For your new laptop and you wanted to download Microsoft office and when your
searched for purchasing a licensed version you found it costly and required yearly
renewal, so to make it cost effective you got hold of a unlicensed version and installed in
the laptop. Do you think it is ok to use unlicensed software for your personal laptop?
Yes, I think it is ok
No , it is not safe to install
2. If an attacker is able to gain administrative access to your firewall of your personal
computer, it is considered your network security is 'compromised'. Your Antivirus
cannot prevent unwanted access. Do you agree to this ?
Yes ,configuring the personal firewall is necessary
No , it is ok if you don’t configure your firewall, and use only antivirus
**Hygienic practices while using Desktop/Laptop
 Use Screen guard and protective covers for your laptop/desktop.
 Ensure that laptop is properly charged before use.
 Avoid over charging as it decreases battery life and may cause fire in few cases. It is
advisable to charge a device when its charge is 50% or low and not charge upto or
beyond 100%. (shallow discharges and recharges puts less stress on battery)
 Do not use chargers that do not suit your desktop/laptop.
 Use padded bags for laptops while travelling to prevent damage.
 Do not expose your desktop/laptop to extreme temperatures and keep them away
from wet places.
 Always log off the computer when you are away from your computer.
 Shut down your laptops before putting it in bag as it may cause over heating.
**Useful tips on cleaning your digital devices in case of spillage
 While cleaning your digital device never spray the liquids directly on the device ,
instead use soft or microfiber cloth dip it in the cleaning solution and clean it gently.
 In case you accidentally spill something on your desktop/laptop, switch off
immediately and remove the battery and other accessories attached to it, position
your device in a way that the liquid runs out and then wipe with soft cloth and let it
dry (do not use hair dryer or vaccum cleaners). If need be take it to repair shop.

7
 Remember that opening up the computer case and trying to dry internal parts can
not only damage it further but also make any warranty null.
 It is advisable that once in while you have your desktop/laptop checked at an
authorized service centre .
**1. Can the wrong charger ruin your laptop?
it can potentially damage your laptop.
it will not cause any damage
may be it may cause
2. How Does Temperature Affect The Performance of Computer Components?
damage the hardware components of computer
damage the hardware and software of the computer I don’t think temperature will
affect the performance of computer
I don’t think temperature will affect the performance of computer
**How to safely dispose your Desktop/Laptop
o Sign Out of Accounts, Disconnect Devices, and Erase Your Hard Drive
After you save your personal information,
o Sign out of all your online accounts from the computer.
o Un-pair your computer from Bluetooth devices like a mouse, keyboard, or wireless
display.
o Delete your browsing history
o Uninstall your programs.
o Erase your computer’s hard drive.
Note: Look for a program or function on your computer that will let you erase all your
files from the hard drive and reset it to factory settings.
Safely Dispose of Your Computer
After you saved your personal information and wiped your hard drive clean you can get
rid of the computer

**1. I am selling my computer but want to leave Windows and Microsoft on it. Is it safe
to make a new local admin account, logout of your current profile, login to the new
account, and delete your account?
it is not a safe option to sell your computer leaving the windows on it
it is ok to sell it with windows on it
**Mobile Phone Security
Mobile phones are becoming ever more popular and are rapidly becoming attractive
targets for malicious attacks. Mobile phones face the same security challenges as
traditional desktop computers, but their mobility means they are also exposed to a set
of risks quite different to those of a computer in a fixed location. Mobile phones can be
infected with worms, trojan horses or other virus families, which can compromise your
security and privacy or even gain complete control over the device. This guide provides
the necessary steps, do’s, don’ts & tips to secure your mobile devices.

8
1. Why is mobile security important? i. to protect your privacy ii. to protect your money
iii. to protect your mobile device
only i
only ii
i,ii and iii
**Steps to be followed before Mobile Phone usage
Read the manufacturer’s manual carefully and follow the guidelines as specified to
setup your mobile phone.
Record the IMEI (International Mobile Equipment Identity) number for tracking your
mobile in case you lose it.
Note: This is usually printed on the phone below the battery, or can be accessed by
keying *#06# on most of the phones.
1. To safe guard your mobile you note down your IMEI number in a paper and you keep
it in the wallet. but a burglar takes away your wallet. what risk does it pose to you and
your mobile ?
your personal information is lost
your financial data is at risk
There is no risk
2. IMEI number on can be used to spy on someone?
yes it is possible
No it is not possible
not exactly it can spy but tracking is possible
**Mobile Phone Security Threats Categories
o Mobile Device and Data Security Threats : Threats related to un-authorised or
intentional physical access to mobile phone and Lost or Stolen mobile phones.
o Mobile Connectivity Security Threats :Threats related to mobile phone connectivity
to unknown systems, phones and networks using technologies like Bluetooth, WiFi,
USB etc.
o Mobile Application and Operating System Security Threats :Threats arising from
vulnerabilities in Mobile Applications and Operating Systems
1. Mysterious data usage spikes without any changes on your part, Your phone works
slow. You notice something you don’t recognize on your phone (e.g., apps you didn’t
download, messages you didn’t send, purchases you didn’t make, suspicious phone
calls) what does all these warning signs indicate?
your phone is hacked?
your phone is infected with malware
the device is faulty
**Typical impact of attacks against Mobile Phones :
 Exposure or Loss of user's personal Information/Data, stored/transmitted through
mobile phone.
 Monetary Loss due to malicious software

9
  Privacy attacks which includes the tracing of mobile phone location
 Losing control over mobile phone and unknowingly becoming zombie for targeted
attacks.
1. What are different ways that hackers can harm you if they know your phone number?
hack all your online accounts linked with your phone number
hack your phone
cannot do anything
**Mitigation against Mobile Device and Data Security Attacks
Mobile device security
Record IMEI number : Record the unique 15 digit IMEI number. In case Mobile phone is
stolen/lost, this IMEI number is required for registering complaint at Police station and
may help in tracking your mobile phone through service provider.

Enable Device locking : Use autolock to automatically lock the phone or keypad lock
protected by passcode/ security patterns to restrict access to your mobile phone.

Use a PIN to lock SIM card: Use a PIN (Personal Identification Number) for SIM
(Subscriber Identity Module) card to prevent people from making use of it when stolen.
After turning on SIM security, each time phone starts it will prompt to enter SIM PIN.
Use password to protect information on the memory card.
Mobile device security....
Report lost or stolen devices: Report lost or stolen devices immediately to the nearest
Police Station and concerned service provider.
Use mobile tracking feature: Use the feature of Mobile Tracking which could help if the
mobile phone is lost/stolen. Every time a new SIM card is inserted in the mobile phone, it
would automatically send messages to two preselected phone numbers of your choice, so
that you can track your Mobile device. Never leave your mobile device unattended.
Turn off applications [camera, audio/video players] and connections [Bluetooth, infrared,
Wi-Fi] when not in use. Keeping the connections on may pose security issues and also cause
to drain out the battery.
1. All Mobile phones collect a lot of data in the name of providing a better user experience.
A plethora of sensors are used to collect where a compass present in the mobile can reveal
____________
Your location
Your call data
Your personal information
Data Security
Backup data regularly :Backup data regularly and set up your phone such that it backs up
your data when you sync it. You can also back up data on a separate memory card. This can
be done by using the Vendor’s document backup procedure.

10
Reset to factory settings : Make sure to reset to factory settings when a phone is
permanently given to another user to on sure that personal data in the phone is wiped out.
Bluetooth:
Bluetooth is a wireless technology that allows different devices to connect to one another
and share data, such as ringtones or photos. Wireless signals transmitted with Bluetooth
cover short distanes, typically 30 feet (10 meters).

Do’s:

Use Bluetooth in hidden mode so that even if the device is using Bluetooth it is not visible to
oth- ers.
Change the name of the device to a different name to avoid recognition ofyour Mobile
phone model
Note: The default name will be the mobile model number for Bluetooth devices.

 Put a password while pairing with other devices. The devices with the same password
can connect to your computer
 Disable Bluetooth when it is not actively transmitting information.
 Use Bluetooth with temporary time limit after which it automatically disables so that the
device is not available continuously for others
Bluetooth....
Don’ts:

 Never allow unknown devices to connect through Bluetooth.

 Never switch on Bluetooth continuously.
 Never put Bluetooth in always discoverable mode.
Note: Attackers can take advantage of its default always-on, always discoverable settings to
1. Can Mobile phone be hacked through Bluetooth connectivity?
Yes
No
May be
2. 2. Imagine, you are taking a walk through a crowded area -- perhaps the shopping district
of a big city. Maybe you're just doing some casual window shopping, As you linger in front of
a store, your phone beeps: A text message from unknown number comes. It reads: "We
know where you are. Having fun shopping?" you are shocked to see a message from
unknown number. is it possible to happen and how ?
you kept your mobile data on
someone hacked your phone
You have kept your phone with you and left Bluetooth on "discoverable" mode. This allows
other Bluetooth phones to locate you.
Mobile as USB

11
The mobile phones can be used as USB memory devices when connected to a computer. A
USB cable is provided with the mobile phone to connect to computer. Your mobile’s phone
memory and memory stick can be accessed as USB devices. Your mobile’s phone memory
and memory stick can be accessed as USB devices.
Do’s:
 When a mobile phone is connected to a personal computer, scan the external phone
memory and memory card using an updated anti virus.
 Take regular backup of your phone and external memory card because if an event like a
system crash or malware penetration occurs, at least your data is safe.
 Before transferring the data to Mobile from computer, the data should be scanned with
latest Antivirus with all updates.
Don’ts:
 Never keep sensitive information like user names/passwords on mobile phones.
 Never forward the virus affected data to other Mobiles.
1. Can mobile phone be used as a USB device and what is the use of connecting mobile
as a USB
Yes, as a storage device and take back of all data in the phone to an external device
Yes, for charging purpose only
May be
Wi-Fi
Wi-Fi is short for “Wireless Fidelity.” Wi-Fi refers to wireless networking technology that
allows computers and other devices to communicate over a wireless signal. Many
mobile devices, video game systems, and other standalone devices also include Wi-Fi
capability, enabling them to connect to wireless networks. These devices may be able to
connect to the Internet using Wi-Fi.
1. Wi-Fi, by its nature is open technology.______, ensure security of your data.
Wi-Fi extender
Wi-Fi password
VPN encryption
Do’s:
 Connect only to the trusted networks.
 Use Wi-Fi only when required. It is advisable to switch off the service when not in
use.
 Beware while connecting to public networks, as they may not be secure.
Don’ts:
 Never connect to unknown networks or untrusted networks.
1. If you use a smart-phone to surf the Internet, your Wi-Fi provider or a Wi-Fi
owner can see your browsing history. Do you agree to this?
No, it is not possible
Yes, it is possible
Mitigation against Mobile Application and Operating System Attacks:

12
Application and Mobile Operating System:

 Update the mobile operating system regularly.

 Upgrade the operating system to its latest version.
 Always install applications from trusted sources.
 Consider installing security software from a reputable provider and update them
regularly.
 It’s always helpful to check the features before downloading an application.
Some applications may use your personal data.
 If you’re downloading an app from a third party, do a little research to make
sure the app is reputable.
1. Are there any vulnerabilities specific to mobile devices?
Yes, vulnerabilities in hardware & software
Yes , Threats that can effect through mobile connectivity
No
How to identify if systems/ mobiles are affected with Malware
Signs of infection
Some types of infection, called “exploits” by the security community, have a
noticeable effect on the performance, reliability or function of a computer or mobile
device others do not. The most talented hackers will attempt to make their exploits
act silently and without raising alarms from the unsuspecting users.

Warning Sign 1: Speed reduction

There are types of exploits that are interested mostly in using the computing power
in your device. You may notice that apps take longer to load, or web pages pause
before responding to clicks. There can, of course, be a lot of causes for this, and
unsuspecting users usually just ignore it and blame the carrier or Wi-Fi but keep in
mind that speed reduction can be a symptom of a malware attack.
Warning Sign 2: Battery life reduction
If your device is the target of an infection, quite often this will manifest as a
noticeable degradation in the life of your battery. As is the case with speed
reduction, most users have adapted to the idea that batteries become less efficient
over time, making you all the more susceptible if you use an older device, when in
fact it could be a malicious strain attacking your battery’s performance.
Warning Sign 3: Device temperature
An unmistakable sign of an active phone is heat. Especially while idle, your device
shouldn’t be particularly warm to touch. Both the processors and the power being
consumed by active antennae generate significant heat when they are busy for
extended periods of time, and suggest computation and communication are
happening beyond the typical background alerts and updates.

13
1. 1. How do I remove malware from phone? i) Malware cleaning app ii) Do a factory
rest for your phone
only i
only ii
both i and ii
either i or ii
2. Will mobile phone get infected with malware while you download an image
Yes , an image can contain malware
No, a image cannot contain malware
What to do if systems /mobiles are affected
 Delete your browser cache
 Uninstall any unused apps
 Install a modern antivirus that can quarantine infected files and apps
 Reset your device to factory settings
 Ensure that the latest OS and security updates are installed
1. If you have ever tried to download a file from the Internet and were warned of a
potential threat, that’s your ______ protecting your computer in the background.
Antivirus
OS
Applications
2. What happens when you quarantine a virus?
Deletes the file from the device
move the files to recycle bin
It deletes the file from its original location and makes changes to it so that it cannot
run as a program

Mitigation against device theft

It is almost impossible not to use any apps or to keep any sensitive information on
your mobile device, so not storing anything is not an option. Therefore, it is
important to take preventive measures and know what actions you must take if you
lose a mobile device.
1. What is the simplest way to protect data when a device is lost or stolen
change passwords immediately and perform a remote wipe to the device
change passwords of all accounts
block the SIM immediately
Preventive Measures
 Always assign a password, pattern or gesture to unlock your phone. This makes
unauthorized access difficult in the event of a loss. Most probably, criminals will
have to reset and wipe the phone in order to use or resell it.
 Log out after each shopping session and never select the 'Remember Password'
option. Also, try to delete the cache and cookies after each purchase.

14
 Alternatively, use a good antivirus that provides a safe shopping environment,
which will automatically wipe out all sensitive data.
 Configure your phone to erase all data after several incorrect access attempts.
Most smartphones have this option and it can be triggered remotely as well.
Just remember to keep a backup of your data.
 Write down your phone's model number, serial number and International
Mobile Equipment Identity (IMEI number). This information will help carriers
and authorities to restrict use of the stolen devices.
1. How do I block my phone when stolen?
If your phone is stolen or lost, you may report your IMEI number and block it.
If your phone is stolen or lost, you may report to your network service provider
Both a & b
Ergonomics of Mobile use
Taking the time to look into the ergonomic aspect of your devices can save you
some pain and suffering down the road. Here are 10 solid tips that can help you
ease the strain of handheld technology on your body.

Invest in Bluetooth. Holding your phone between your ear and shoulder isn’t
just uncomfortable; it can lead to more serious and longer-lasting problems.
This is one of the major reasons that mobile phones and backpain are
inseparable. Holding your phone in this way pinches your spinal discs and can
cause nerve compression.
Keep your wrists as straight as possible while you’re texting and swiping. This is
one of the best ways to minimize strain. If your wrists are awkwardly bent, it
forces your fingers to work harder than is necessary.
Find the best fit. Just because a phone has the biggest screen, doesn’t
necessarily mean it’s the best phone for you. You should look for a phone that
you can easily reach the opposite corner with your thumb.
Ergonomics of Mobile use...
 Buy a phone that you can fit your hand around You should be able to touch
your thumb and forefinger around your phone.
 Alternate the way you text Switching between using your thumbs and
fingers drastically reduces repetitive thumb pain.
 Be mindful of your grip Holding your mobile phone too tightly puts stress on
your fingers, thumbs and wrist.
 Maintain good posture You may have a tendency to slouch when you use
your phone. Most people do. Keeping your back straight and shoulders back
and down goes a long way toward reducing pain in your neck, shoulders and
back.
 Set your phone up for easy access Put your frequently used controls and
apps within easy reach of your thumbs. Even if you alternate between

15
 using your thumbs and fingers, your thumbs still do the most work on
your screen.
 Keep mobile phone interactions to a minimum The less you have to
physically interact with your phone, the better for your overall
ergonomics. Enabling voice commands is always a good idea.
 Take a minute to stretch It’s recommended that you spend one to two
minutes stretching for every 30 minutes you spend on your mobile
phone.
How to dispose your mobile
If you dispose, trade-in or pass on your old mobile devices without
removing the information in it, you could potentially expose your
personal, sensitive and organisation specific information. During the
day-to-day usage of our mobile devices, personal and sensitive
information such as our contacts; messages, web browsing and GPS
locations; photos, music and videos; and even login ID and passwords to
emails, websites and social media accounts may be stored.
Deleting files and information from mobile devices does not remove
them from your device. The data continues to reside in your mobile
devices’ storage memory for as long as it is not overwritten by other
new data.
What Should You Do Before Disposing Your Mobile Devices
Factory Reset
Simply deleting your files and data from your mobile devices does not
remove the information completely. You should perform a “factory
reset” to remove all files and data from your mobile device and bring it
back to the state when it was freshly produced from the factory.

Not all model devices operating systems deemed information stored in

your mobile device unreadable after you perform a “factory reset.”
Information can still be recovered unless the operating system encrypts
all files stored by default, and performing a “factory reset” destroys the
encryption key to the encrypted files.

Check out your mobile device’s manual to find out how you can perform
a “factory reset” on your mobile devices.
Remove your External Storage Media
A number of mobile devices allow the storage of data on external
storage media (e.g. SD cards, mini SDs or micro SDs) to provide more
storage space. External storage media are usually used to store files
such as your photos, music, videos, and many other personal
information. Never dispose your mobile devices together with the

16
external storage media. If you are not reusing them, either perform a
secure erasure on it or destroy it physically.
USB Device security
USB (Universal Serial Bus) storage devices are very convenient to
transfer data between different computers. You can plug it into a USB
port, copy your data, remove it and be on your way. Unfortunately this
portability, convenience and popularity also brings different threats to
your information. Data thefts and Data leakage are everyday news now!
All these can be controlled or minimized with care, awareness and by
using appropriate tools to secure the information. The tips and
recommendations provided in this document helps you to keep your
information secure while using USB storage devices.
1. 1. USB drives are popular for storing and transporting data, but some
of the characteristics that make attackers convenient to introduce
security risks like _________
DDoS
shoulder surfing
Malware delivered via USB
Common Threats
Malware Infection :Malware Spreads through USB storage devices.
Somebody may intentionally sell USB storage devices with malware to
track your activities, files, systems and networks.
Malware may spread from one device to another device through USB
Storage Devices using autorun.exe, which is by default enabled.
Unauthorized Usage
Somebody may steal your USB Devices for Data.
Baiting :Somebody intentionally leave USB devices at your Desk or Place
with Malware
1. cyber criminals leave USB devices for people to find and plug into
their computers. what is this and what are the risk associated?
Universal Serial Bus (USB) drop attack, it can have malware infected
files
Social engineering attack, to steal data
spyware to spy on your data
How to stop Data Leakage via USB storage ?
Design and adopt a good security policy to limit the usage of USB
Storage devices.
Monitor the employees what they are copying.
Implement Authentication, Authoriza-tion and Accounting to secure
your information
1. How to stop Data Leakage via USB devices
Disable unused USB ports

17
 Plug-in USB “locks” to physically secure unused ports
Use data blocker
What to do when you lose the Device?
If you have stored any personal or sensitive information inside the USB
drive like passwords etc, imediately change all passwords along with
security questions and answers provided during any account creation
[There may be chances that hacker can retrieve your online account
logon information by using data in the stolen drive].
Also ensure that all security measures have been taken against the data
lost.
1. Shyam received a call from someone claiming to be from a bank,
saying that the ATM card number will be blocked because of some
technical issue and he has to share the card number and PIN to ensure
that the card is enabled and updated accordingly? What do you think
Shyam should do?
He can share the details with the bank official after confirming that he
is from the bank.
He can share his details through SMS to the mobile number, from
which he received the call.
He should never share the details of ATM card number or PIN number
with any one claiming to be from bank or any other trusted source for
any purpose.
How to stop Device theft ?
Always secure the drive physically by tagging it to a key chain.
Never leave your drive unattended anywhere.
Never keep sensitive information with-out encryption .
1. 1. You can turn your USB flash drive into a physical key that locks and
unlocks your computer. What is the advantage?
Additional layer of security
There is no advantage
additional responsibility to take care of the physical device
if lost would be difficult to regain access

Guidelines In The Usage Of USB Devices

Don’ts

Do not accept any promotional USB device from unknown members.

Never keep sensitive information like username/passwords on USB disk.
Guidelines In The Usage Of USB Devices
Do’s

Always do low format for first time usage.

18
Always delete the drive securely to clear the contents.
Always scan USB disk with latest Antivirus before accessing.
Protect your USB device with a password.
Encrypt the files / folders on the device.
Use USB security products to access or copy data in your USB.
Always protect your documents with strong password.
How to encrypt your external hard drive
You have four main options when it comes to encrypting the data on
your USB peripherals. You can:

Encrypt each document individually using document processing

programs
Encrypt the entire external hard drive using an encryption system built
into your device’s operating system
Use a third-party encryption service to encrypt files or your hard drive
Use a hardware-encrypted external hard drive
Test your Knowledge
1. 1. ____________ are portable USB drives that embed encryption
algorithms within the hard drive, thus eliminating the need to install any
encryption software.
Self encrypting USB drives
Media Encryption Software
File Encryption Software.
Use of data blocker
One of the most popular ways people boost their devices’ batteries is by
using the USB power plugs, usually found at hotels or airports, and
other public places. As much as they offer a quick and easy way of
charging up your devices, they’re not safe. That is why you need a USB
data blocker to protect your data from hackers who may steal your data
through these USB power plugs.

A USB data blocker, also known as a “USB condom” (really, no kidding!),

is a device that allows you to plug into USB charging ports including
charging kiosks, and USB ports on gadgets owned by other people. The
main purpose of using one is to eliminate the risk of infecting your
phone or tablet with malware, and even prevent hackers to
install/execute any malicious code to access your data.
Test your Knowledge
1. Why You Should Never Use Airport USB Charging Stations
your data can be hacked
your device can be corrupted
your device can be stolen

19
Tablets/i-Pad security
Tablets have become common portable tools, where we store all types
of data that’s valuable to us from personal files to games, music and
movies. Tablet use has grown so much. Nowadays, tablets are often
replacing PCs, and they are increasingly being used for both work and
personal use. But as tablets become more common, tablet security
becomes increasingly necessary to prevent cybercriminals from stealing
your personal data. Because it is connected to the internet, even one
tablet connected to the network can become a security risk
1. Is it safe to use a tablet for online banking?
Yes it safe if you take necessary precautions
No it is not safe
2. Phone, tablet, laptop, or a desktop has webcam which is used for
work, study or meeting friends and family. This can leave us vulnerable
to an online attack known as ____________.
camfecting
hacking
identity theft
fake profile creation
Tablet Security threats....
What to do: the real threat is with third party stores, which provide
more design freedom for developers but aren't monitored by any
official store. Steps to take to prevent mobile malware from infecting
your tablet:

Be wary of free or fake-looking apps, and be aware of on how to

identify a free app that looks suspicious.
do your research before downloading any app.
Always download from Google Play or the App Store, and avoid third-
party stores and downloads.
Install a mobile security app that automatically scans, detects and
removes malware for both android and iOS.
1. Which of the following is not a threat to your tablet
device theft
Target apps’ vulnerabilities
trick user to install Key-loggers and spyware through links
all the above
Tablet Security threats
Here are five tablet security threats your employees face, and how to
prepare for them.

Mobile malware

20
Tablet users are at the same types of risk for mobile malware as
smartphone users. The most popular types of malware include banking
malware, spyware, adware, and the growing threat of mobile
ransomware. The goal of the malware is to infect your tablet and access
stored and transmitted data.
Tablet security threats....
BYOD risks
Having a Bring Your Own Device (BYOD) program can be very beneficial
to a business. Employees can use their preferred devices on the job,
which increases both job satisfaction and productivity. But it also comes
with many risks, primarily from employees being relaxed about device
security and combining work and play in a single device.
1. How can organisations reduce the risks associated with confidential
data in BYOD environments?
Write policies that state which actions are acceptable for users to
perform on their devices.
Encrypt data and devices and use two-factor authentication.
Both of the above.
There's nothing organisations can do to reduce BYOD security risks
Apps you install
Everybody has their favorite apps. But if you want to save files into your
personal Dropbox account to work on after hours, or if you have a habit
of downloading apps on your work tablet without informing your IT
department, you are creating unnecessary risk.
IT and security can't protect the network from apps (and devices) they
don't know about. Unauthorized app use is especially a problem with
BYOD use.
what to do :Employees should have a clear understanding of the
security risks of using an unauthorized app. The purpose behind using
these apps is about efficiency and productivity, so the organization
should work with employees to determine the app's value to the
organisation.
1. Ramesh went on a trip with his family. Which of the following you
think should he do?
Post his plans on social social media to let his friends and relatives
know about his trip.
Post the photos while on his travel on social media.
Post the photos after few days after the travel.
2. Mr. Rakesh is travelling abroad for office work and needs to attend a
meeting while travelling, what precautions should he take so that his
meeting goes on smoothly without any breaks?
Charge his laptop/ mobile phone/tablet fully.

21
 Carry a power bank.
The laptop is 80% charged, and the meeting is only for 20 minutes, so
need to charge the laptop, nor carry the power bank
Both option 1 and option 2
Unsecured networks
From cafes to airports, hotels and other areas, plugging tablets into
public Wi-Fi hotspots may be convenient for on-the-go employees, but
it's also one of the easiest ways to give cybercriminals access to
sensitive data. Flaws in the WPA2 protocol allow anyone to intercept
sensitive information transmitted through public Wi-Fi hotspots.

What to do: The simplest solution is to avoid using public wi-fi, including
the hotel Wi-Fi that requires you to sign in through your room number
and a password. Never log in through an open Wi-Fi connection. If you
need to use Wi-Fi while on the road, use a VPN connection, preferably
one connected through your company's network. (Beware of free VPN
apps, as they often have security flaws.) Your best way is to get a data
plan for your tablet and use that.
But if using public Wi-Fi is unavoidable, never share Personally
Indefinable Information (PII), such as Social Security numbers, bank
account information, or credit cards.
Theft and loss
It goes without saying that employees should never leave their tablets
unattended, but theft of the device happen. Because there is no
foolproof way to completely prevent theft and loss of video.
What to do: Although the chances of getting a stolen tablet back are
less, what can be done to protect the data within the device:
Use a lock screen that requires a PIN, password or, even better use
biometrics.
Locate and wipe the tablet as soon as possible. Note: Apps like Find My
iPhone, which also works on iPads, can help you both locate and
remotely wipe the device. For Android, check out Android Lost, which
can also wipe SD cards. Windows tablets, however, don't require third-
party apps;
Make sure you always log out of apps after use, so if someone is able to
access your tablet, they won't be able to access your accounts.
Save everything to the cloud, rather than to the device. That way you
can still access the information if the device is wiped and limits what
others can access.
If possible, avoid sharing sensitive information on your tablet so it can't
be compromised if lost or stolen.
How to Secure Your tablets Have More Privacy

22
You might be giving away more private information than you realize
over your smartphone. Here's how to to better protect your privacy on
your mobile or tablet.
Tablet settings

The first step is to skim through your tablet settings to make sure the
manufacturer, Google, Apple, and your apps aren’t granted unnecessary
access to any private data.
Switch off location tracking services, access to your camera and
microphone, and data sharing features that you don’t need.
Keep in mind that disabling a permission can potentially cripple an app,
so make sure it isn’t necessary for the app to function properly.
Password
Strong, varied passwords are a key component in guarding your privacy
online, but memorizing different passwords for every account is a
hassle. Use passphrases instead of password
Set a pin or swipe code
It can be annoying to have to swipe or type in a passcode every time
you want to access your phone, but it’s a precaution worthy of your two
seconds of added effort. Passwords are the most secure, followed by
PIN numbers, and finally swipe codes.
Enable device tracking
Both iOS and Android have remote phone tracking and limited control
features that require limited setup to use. Enable Find My Phone and
set up an iCloud account on iPhones, and allow Google to track your
location on an Android phone. These features will not only assist you in
locating a lost or stolen device, they will let allow you to remotely wipe
it and return the phone to factory settings. The caveat here is that you
must sacrifice some privacy to Apple or Google in order to use these
services.
Always check permissions on new apps and updates
Every time you install a new app, don’t just accept all the permissions.
In particular if the app is from a less well-known publisher, ask yourself
whether it really needs all those permissions. If you want to install the
app but want to exclude a particular permission, you can usually disable
specific permissions in your device’s app settings. Look out for
permission changes in new updates as well.

Back up
Should your phone be lost, stolen, or broken, be sure to have a backup
ready either on the cloud or a local device.
Update the OS

23
Keeping your device software up to date will nullify vulnerabilities in
deprecated or obsolete older versions. We recommend you stick to the
latest stable release, but there’s generally no need to use beta or nightly
versions that are still being tested.
Ergonomics of tablets use
If the device is used primarily to consume media such as viewing and
reading web pages, then the position must be optimised for viewing.
This means:
Place the device higher than the lap
Tilt the screen toward the eyes
Ensure the device is at an appropriate viewing distance to avoid forward
bending
If the device must be hand-held, consider an armrest to prevent arm
and shoulder fatigue
Reduce the duration and frequency of use. Take frequent microbreaks
from intensive tablet use
1. When working at your desk, your head and neck should be in line
with your torso.
True
False
Alternate fingers/hands when using buttons/touchscreens
Reduce the number of required keystrokes with text shortcuts (search
“text shortcuts” on the web browser), or where feasible, use
speech/recognition applications
Maintain neutral wrist posture and alternate hands when holding
devices. Consider using a case with a hand strap or a flexible mounting
to reduce gripping
Focus on neck posture - avoid excessive looking down when using a
tablet. The best location for use is just below the field of vision. Ensure
the tablet can be placed in a location suited to each individual’s
requirements and the task particulars
Keep the upper body posture neutral and well supported. The neck
should be straight, shoulders relaxed, and the arms positioned near the
torso
Avoid twisted and asymmetric postures – place the tablet directly in
front of the body
1. Which of these is an important feature of an ergonomic chair?
A straight, rigid back rest
Fixed armrests
A five-leg base with casters (rollers)
All of the above
Connected home Smart devices and the challenges

24
Connected Home or Home automation is exactly what it sounds like:
automating the ability to control items around the house with a simple
push of a button (or a voice command). Some activities, like setting up a
lamp to turn on and off at your at your command. There are many smart
home product categories, so you can control everything from lights and
temperature to locks and home security devices.
Several notable types of smart devices are smartphones, smart cars,
smart thermostats, smart doorbells, smart locks, smart refrigerators,
and tablets, smartwatches, smart bands, smart key chains, smart
speakers and others. all these add a add a level of convenience to your
life, but they could also can make your home and connected devices
vulnerable. That’s why it’s important to have a defense plan for securing
smart home devices.
1. Do these smart devices need special security measures
Yes , it requires extra protective measures
Yes , it need similar measures as other digital devices
secuirty is inbuilt
No it is not required as we control these devices
2. 2. To protect your smart TV, you should check for any ________
updates as well that can be downloaded that will boost the security of
your device. Which port will be used to update firmware in Smart TV?
Firmware, USB
Motherboard updates ,USB
Antivirus, serial port
Common Threats for smart devices
Man-in-the-middle: An attacker breaches, interrupts or spoofs
communications between two systems. For example, fake temperature
data ‘generated’ by an environmental monitoring device can be spoofed
and forwarded to the cloud.
Data and identity theft: Data generated by unprotected wearables and
smart appliances provide cyber attackers with an ample amount of
targeted personal information that can potentially be exploited for
fraudulent transactions and identify theft.
Device hijacking: The attacker hijacks and effectively assumes control of
a device. These attacks are quite difficult to detect beause the attacker
does not change the basic functionality of the device. Moreover, it only
takes one device to potentially re-infect all smart devices in the home.
For example, an attacker who initially compromises a thermostat can
theoretically gain access to an entire network and remotely unlock a
door or change the keypad PIN code to restrict entry.
1. Smart devices are naturally vulnerable to ________ threats.

25
Sensors
Heterogeneity
Security
Connectivity

Distributed Denial of Service (DDoS): A denial of service attack(DoS

attack) attempts to render a machine or network resource unavailable
to its intended users by temporarily or indefinitely disrupting services of
a host connected to the Internet. In the case of a distributed denial-of-
service attack (DDoS), incoming traffic flooding a target originates from
multiple sources, making it difficult to stop the cyber offensive by simply
blocking a single source.
Permanent Denial of Service (PDoS):Permanent denial-of-service attacks
(PDoS), also known as phlashing, is an attack that damages the device so
badly that it requires replacement or reinstallation of hardware.
The dangers of smart speakers
At a fundamental level, the devices that power connected homes are
inherently insecure. Ironically, the factors that drive that underlying
insecurity are also the things that make these devices so popular and
useful.
In order to be useful to their owners, smart speakers and other
connected devices are always listening. Whether the device is powered
by Amazon alexa, Google Home or another platform, it must listen
constantly for its wakeup call. But beyond the inherent creepiness, the
always-on nature of these devices can also create real security risks.
Since smart speakers and other always-on devices often serve as hubs
for a network of connected equipment, they can provide easy entry for
hackers and other criminals. Even if your home network is otherwise
secure, a weak spot in the security of a smart speaker could put all your
other devices at risk. That is why it is so important to do what you can
to increase the security of all the devices that share your home.
1. With smart speakers in your home and they are listening. is it possible
to set the speaker to listen only when prompted?
Yes it is possible
No it is not possible
Ways to improve security of smart devices at home
Avoid Connecting Security-Critical Devices
One of the best features of connected devices is their versatility. Once
your smart speaker or other device is installed, you can use it to control
the lights, turn down the thermostat or even greet you when you get
home.

26
You can also connect your door locks, home security system and
surveillance cameras to your smart speaker, but that does not mean you
should do it. Connecting these security-critical devices could do more
harm than good, giving hackers easy access to your home and burglars
easy access to your family and your possessions.
Ways to improve security of smart devices at home..contd
Delete Old Commands : Your smart speaker has a long memory, but that
is not necessarily a good thing. If your past searches included sensitive
or private information, it may be time to reset the device by removing
those old commands.
Keep Personal Information to Yourself : Your smart speaker is always
listening, so watch what you say while it is within earshot. Sharing
things like credit card numbers, bank account information and online
passwords could put your security at risk.
1. How to prevent unwanted purchases by clicking a few settings in each
device's respective apps.
disable voice enabled purchasing
app eanbled purchasing
in app purchases
Ways to improve security of smart devices at home..contd
Delete Old Commands : Your smart speaker has a long memory, but that
is not necessarily a good thing. If your past searches included sensitive
or private information, it may be time to reset the device by removing
those old commands.
Keep Personal Information to Yourself : Your smart speaker is always
listening, so watch what you say while it is within earshot. Sharing
things like credit card numbers, bank account information and online
passwords could put your security at risk.
1. How to prevent unwanted purchases by clicking a few settings in each
device's respective apps.
disable voice enabled purchasing
app eanbled purchasing
in app purchases
Turn Off Automatic Purchasing: If you have kids in the house, turning off
the ordering feature can protect you, and your credit card, from future
damage. Ordering may take a few extra steps, but at least you will avoid
unintended purchases.
Follow these basic practices to secure your home networks & smart
devices:
Regularly update your smart apps & devices.
Try using the remote feature instead of voice activation for better
control & security.

27
Create complex passwords & have two-factor authentication to protect
your smart devices.
Frequently monitor & control permissions granted to Smart Devices.
Passwords & Authentication
Importance of Passwords:
A password is a string of characters used along with username to login
to any online account. The username along with password verifies the
identity of a user during the authentication process. Authentication
ensures that only genuine customer/user, uses the account. Passwords
are like 'key' or 'first line of defense' to your online account. It ensures
safety to your personal Information and hard earned money.
Password being a very vital information related to any of your online
accounts makes it a first choice of information for any fraudster to steal.
Fraudster's use fraudulent practices with various pretexts through
methods like phishing, smishing, vishing, request for remote access on
devices etc.,
Safety Measures to ensure safety of Password
The following safe practices need to followed to ensure safety of
passwords.
Once you register for online services, you receive a username &
password provided by bank. Immediately change your username &
password.
Ensure that you don’t create a password which contains your personal
information like name, date of birth, your family members details etc.,
For Example: Showing use of personal information in password
Name of account holder : Ramkishan
Date of Birth: 31/12/1984
Password: ram3112 < weak >
Safety Measures to ensure safety of Password...contd
Also, having password same as your username will make your account
easy for a fraudster to log in.
For example:
Username: kiran4756
Password: Kiran4756

Here the user name has the user's name and the password is same as
user name making the login details susceptible to attack by any
fraudster.
Passwords need to be always kept as a secret, even with your family
members.
If you have more than one online bank account, it is not advisable to use
same passwords for all your online bank accounts. If a fraudster gets

28
your password he will be able to use all your accounts. Fraudster can
then do unauthorized transaction and leave you bankrupt. It is also
recommended to have different passwords for banking accounts and
social media accounts to ensure safety.
The Following are the password creation criteria for creating a strong
password:
Must be at least 8 characters long.
Must contain at least:
one uppercase letter[A-Z]
one lowercase letter[a-z]
one numeric character [0-9]
one special character from this set:` ! @ $ % ^ & * ( ) – _ = + [ ] ; : ‘ ” , < .
>/?
Must not contain your login ID, email address, first, or last name.
It cannot contain repeating character strings of 3 or more identical
characters. (E.g. ‘1111’ or ‘aaa’)
Any individual may find it difficult to follow these password safety
recommendations to create multiple passwords as well as remember
them, so to make your passwords smart and strong try to use
passphrases

Create personalized passphrases that makes easy to correlate and

difficult to guess.
Make use of combination of letters, numbers, alphanumeric in the
passphrase and also try to make it a lengthy one.
A password which is lengthy is much harder to crack than a shorter
password.
Also , Change your passwords frequently. and try not to repeat your
password
For Example: Use of password and pass phrase following the password
safety characteristics recommended
Password 1: c0mPlx3$ Password 2: iL0v3Bl@Ckc0L0r
Password 1 has used more than eight characters and special characters,
but password 2 is very difficult to crack being it a passphrase which
personalized to an individual.
The passphrase used to create password is 'I love black color' where the
letter 'o' is replaced with zero' 0'; letter 'a' is replaced with @; letter 'e'
is replaced with 3; and also the rest of the alphabets follow a pattern of
small letter capital letter, small letter capital letter..for easy
remembrance.
Safety Measures to Protect your Online account while Logging In

29
Captcha with distorted letters and graphics will help to prevent online
password attacks where fraudster's try to enter every word in a
dictionary as a password to log into the account.
Using Virtual key board is an extra step to ensure safety as it protects
from malicious key logger programs which can capture your key strokes
on key board and identify your login credentials.
*key logger is software that tracks or logs the keys struck on your
keyboard, typically in a covert manner so that you don't know that your
actions are being monitored.
Safety measures while setting your password Recovery options
Since most people tend to forget password most of the online
accounts provides password recovery options. When you create your
password, you will be asked to create password recovery questions and
answers. It would be advisable to use answers not related to your
personal information which is publically available to avoid any hacking
attempts by fraudsters. Create your own password safety policy on how
to remember, where to store, when to change etc.,
Authentication methods and importance
Two Factor Authentication
Enable Two Factor authentication (2-FA) to improve the security of your
account.
2-FA is process where the user provides two different authentication
factors like initial login password and OTP (One Time Password)
received as message or via e-mail to verify themselves to complete the
transaction.
Two forms of authentication can come from any combination of at least
two of the following elements:
(1)"Something you know," such as a password or PIN, (2)"Something
you are," such as a fingerprint or other biometric ID,(3) "Something you
have," such as a trusted smart phone that can generate or receive
confirmation codes (OTP).
This provides an additional layer of security, i.e if you enable 2-FA ,a
fraudster won't be able to login to your account even if the fraudster
has your user name and password. At that time fraudsters use social
engineering tactics to get the OTP from you and there by bypasses the
protection provided by 2- FA and hack into your bank accounts.
Be alert towards the messages from bank, Understand that 2FA cannot
ensure full proof safety to your account.
Test your Knowledge
1. Is two factor Authentication and two step verification the same?
yes
No

30
2. How does 2FA work?
asking password recovery questions
asking pas word rest questions
asking your personal info
Pledge yourself with the policy you created to follow password
etiquette meticulously.
I will not use my username as my password
I will not use my personal information to create my passwords
I will change my passwords with ____days.
I will not make my social media account and banking account same
password
I will enable two factor authentication
I will not reuse my passwords
I will not share my passwords to anyone even to my near ones
I will not auto save my passwords in banking websites or apps
I will not use any common passwords
I will not give any relatable answers to password recovery questions
Need of VPN
As Netizens of the current cyber world, we need to be responsible users
of digital resources. Remotely accessing the systems and networks has
become inevitable during the current times. As working from home has
become essential for most of us, it is to be ensured that any endpoint
that an individual uses is aptly protected. This is necessary to safeguard
ourselves against data breach, intrusion of privacy, phishing and
malware attacks.
A VPN, or Virtual Private Network, allows you to create a secure
connection to another network over the Internet. VPNs can be used to
access region-restricted websites where users cannot access the
website if IP address is outside the authorized geographical area, it can
also shield your browsing activity from prying eyes on public Wi-Fi, and
more. Most operating systems have integrated VPN support
How VPN works?
Let us look into how VPN or Virtual Private Network can play role in
online protection of user’s data and privacy.

Traffic or data that is exchanged on internet is interceptable and prone

to attacks. Your sensitive data and information like your user names,
passwords, account numbers can be seen by fraudsters using some
tools. Thus, data on internet can be hacked, leaked and misused by
Fraudsters.
VPN encrypts the data sent online and also protects your privacy

31
Individual Internet Protocols or IP addresses are traceable and can be
tracked when you are online, your browsing history and activities may
be tracked and your privacy may be compromised.
Using VPN provides a safe online tunnel that hides your browsing
history and makes your IP address anonymous.
1. __________ provides an isolated tunnel across a public network for
sending and receiving data privately as if the computing devices were
directly connected to the private network.
Visual Private Network
Virtual Protocol Network
Virtual Protocol Networking
Virtual Private Network
2. Which of the statements are not true to classify VPN systems?
Protocols used for tunnelling the traffic
Whether VPNs are providing site-to-site or remote access connection
Securing the network from bots and malwares
Levels of security provided for sending and receiving data privately
How VPN Works Contd...
Public or Open Wi-Fi is open to everyone including hackers/fraudsters
and are not safe. They use unencrypted networks where all your data
can be viewed, intercepted and misused.

Your data and information is accessible to attackers, your devices can be

prone to malware attacks, your privacy is compromised by snooping and
sniffing, you may be tricked to use malicious hotspots which
compromises your device and data security.
If at all using public/open Wi-Fi is inevitable, using VPN for your
personal and organization use can help to ensure your Internet
transactions are secured in public network.
Increased internet penetration and advanced use of technology makes
users even more vulnerable to cyber-attacks leading to data
vulnerability. Even the most tech savvy users and secured environments
can be prone to data breach and attacks by hackers.
Using VPN adds additional layer of protection and ensures data safety.
Every digital device you use like mobile, laptop, desktop, tablet etc. is
prone to security threat and data breach. When you are online each of
your digital device you use can be prime target for hackers and
therefore securing any one of your device will not suffice.
Using VPN on all your devices can help protect the data exchanged on
devices so that the hackers would not be able to intercept.
1. VPNs uses encryption techniques to maintain security and privacy
which communicating remotely via public network.

32
True
False
2. A ______ can hide a user’s browsing activity.
Firewall
b) Antivirus
Incognito mode
VPN
VPN provides online users:
Low maintenance safety and security solution for your privacy and
sensitive data.
Keeps hackers at bay by encrypting your communication
Secret and private tunnel to transmit your classified data in most
secured manner.
utmost privacy and secrecy without compromising on speed of
transmission.
One stop security solution for all your devices.
Need of Encryption
Encryption is a system of mathematical algorithms that encodes user
data so that only the intended recipient can read it.
Phone calls, emails, online purchases, social media, and general
browsing are online activities we can no longer live without. While
we’re constantly looking or sharing information online, our data is
fundamentally stored somewhere. Most people aren’t sure where that
“somewhere” is, but that data should only be available to the service
provider brokering your conversation. It could, however, be visible to
the telecom companies carrying your Internet packets, and your
supposedly private and secure communications could be intercepted.
As many cases have proven, user and company data is increasingly
being targeted by hackers and cybercriminals resulting in data
breeaches and targeted attacks. This reason alone should serve as
enough warning to those who haven’t considered protecting their
communications via encryption.
What is encryption and how does it work?
Encryption enhances the security of a message or file by scrambling the
content. To encrypt a message, you need the right key, and you need
the right key to decrypt it as well. It is the most effective way to hide
communication via encoded information where the sender and the
recipient hold the key to decipher data. The concept isn't that different
from children who come up with secret code words and other discreet
ways to communicate, where only they can be able to understand the
message. Encryption is like sending secret messages between parties—if

33
someone tries to pry without the proper keys, they won't be able to
understand the message.

There are two methods of encryption: symmetric and asymmetric

encryption. Symmetric encryption, also known as secret key encryption,
pertains to the sender and the recipient holding the same keys to
encrypt and decrypt a message. Asymmetric encryption, or public key
encryption uses what is called a key pair—a public key for encrypting a
message, and a private key to decrypt it.

Encrypting your connection

Using Wi-Fi to connect to the Internet is convenient, but in terms of
security, there’s always a trade-off as it won't be difficult for an intruder
to intercept any connection, which could result in stolen user
credentials and other sensitive data. This is why many websites use a
protocol called HTTPS for encrypting data that's being sent between
sites. While this doesn’t necessarily guarantee absolute security, the
risks are reduced as information being transmitted can only be
decrypted by the site it was sent to.
1. Encryption is a way of ______________________
securing Information on a network
Securing Viruses
Deleting applications
Hacking Passwords
2. What can be found in our browsers that keeps a record of our
movements on the Internet?
Hackers
Virus
Cookies
Phishing scam
Need of Antivirus
A system without an antivirus is just like a house with an open door. An
open and unprotected door will attract all the intruders and burglars
into your home. Similarly, an unprotected computer will end up inviting
all the viruses to the system. An antivirus will act as a closed door with a
security guard for your computer fending off all the malicious intruding
viruses. So, will you leave your door open for intruders?
Secure your home network
Wifi Security
Anyone with Wi-Fi connectivity in his computer, laptop or mobile can
connect to unsecured Access Points(wireless routers). Anyone in the
range of Access point can connect to an Access Point if it is unsecured.

34
Once the connection is established the attacker can send mails,
download classified / confidential stuff, initiate attack on other
computers in the network, send malicious code to others, install a
Trojan or botnet on the victims computer to get long term control on it
through Internet, etc.
1. Why is it important to secure your network at home ?
To ensure that your data on your system is safe and well protected.
As any one within the range of access point can access point if it is not
appropriately secured and initiate malicious attacks that may affect your
data & system.
To prevent your computer from being attacked and corrupted
All the above
2. Ram had installed wifi for home and did not bother to set a password
for accessing it? Is it a hygienic computer usage practice and how do
you think will it effect his network security?
Yes, it is a hygienic computer usage practice. It will help him and his
family members in easily & conveniently accessing wifi while at home.
No, it is not a hygienic computer usage practice, as it will make his
home network quite vulnerable for attacks from cyber attackers which
can put his data and computers at risk.
Guidelines for securing Wireless Communications
Always use strong password for encryption:A strong password should
have atleast 15 characters, uppercase letters, lowercase letters,
numbers and symbol. Also it is recommended to change the encryption
key frequently so that it makes difficult for the cracker to break the
encryption key. Do not use WEP for encryption, rather use WPA/WPA2.
Always use the maximum key size supported by accesspoint for
encryption: If the keysize is large enough, then it takes more time to
crack the key by the hacker. Also it is recommneded to change the
encryption key frequently so that it makes difficult for the cracker to
break the encryption key.
Isolate the wireless network from wired network with a firewall and a
antivirus gateway:Do not connect the accesspoint directly to the wired
network. As there is a chance of comprimised wireless client inturn
effecting the systems in the wired network, a firewall and an antivirus
gateway should be placed between the accespoint and the wired
network.
Restrict access to the Access Point based on MAC address:In order to
allow authorized users to connect to the Access Point, wireless clients
should be provided access based on MAC address.
Change the default username and Password of the Access Point:Most
of the users do not change the default passwords while configuring the

35
Access Point.But it is recommended to keep a strong password, as this
default password information can be known from product
manufacturers.
1. Seetha had recently installed a wifi at home and kept the password as
“seetha@wifi’, do you think it is effective password to safeguard her
network/wifi from being accessed by attackers? Why?
Yes, it is a good password as it is easy to remember
No, it is not a secured password as it is easy to guess and identify it with
the specific user. This makes is prone to attacks.

Guidelines for securing Wireless Communications …… contd.

Shutdown the Access Point when not in use:Hackers try to brute force
the password to break the keys, so it is good practice to turn off the
Access points during extended periods of Non-use
Do not broadcast your network name:SSID information is used to
identify a Access Point in the network and also the wireless clients
connect to the network using this information. Hence, in order to allow
authorized users to connect to the network, the information should not
be provided in public.
Always maintain a updated firmware:Updating the firmware of
accesspoint is recommended, as it will reduce the number of security
loop holes in the accesspoint.
Use VPN or IPSEC for protecting communication:When the information
flowing from wireless client to the wired network receiver is critical,
then it is recommended to use VPN or IPSEC based communication so
that the information is protected from sniffers in the network.
Do not make the SSID information public:SSID information is used to
identify a accesspoint in the network and also the wireless clients
connect to the network using this information. Hence, in order to allow
authorised users to connect to the network, the information should not
be provided in public.
Disable DHCP service :When the number of users accessing the Access
Point is less, it is recommended to disable the DHCP service. As this may
make the attackers easy to connect to the network once they get
associated with the Access Point.
1. Hari was a bachelor living alone, he had gone out of station during
the weekend, however he did not think it was necessary to switch off
his network/ wifi? What do you think can be the effect of not switching
off the wifi ?
An unattended access to network point gives hackers enough time and
space to use brute force attacks to hack wifi password and access it for
unauthorized usage

36
 It will result in wastage of data and wastage of resources.
Other users in the vicinity can access the network and use the data.
Social Engineering Threats
Social Engineering is an approach to gain access to information through
misrepresentation. It is the conscious manipulation of people to obtain
information without making the victim realize that a security breach is
occurring. It may take the form of impersonation via telephone or in
person or through email.
1. What do you think is a social engineering threat?
Manipulation by fraudsters to get access to your private and sensitive
information for committing frauds.
Fraudsters making a scheme or plan to commit financial frauds.
Fraudsters socially cheating general public by stealing their money.
Types of Social Engineering Techniques

Public Places Vishing Pursuasion Pretexting

Gossips Phishing Dumpster diving

Personal Pride or Baiting Hoaxing

Confidence

About Social Engineering Threats

Public Places

Social Engineering can be done through public places like cafes, pubs, movie theatres or through various
social media platforms etc. You may casually give some sensitive information to a social engineer or
someone may overhear your conversation to get the information from you.

Gossips

Your causal talks over a cup of coffee with your friend at a coffee shop or at your office can lead to
disclosure of sensitive information about you or about others.

1. You are in a public place and your mother calls you and asks for the credit card password, what do
you do?

Tell her the password over the mobile instantly

37
You will send her an SMS over her personal mobile and ask her to check the same without sharing with
anyone.

You will come a little away from the crowd and then tell her the password.

Social Engineering Techniques .....contd.

Personal Pride or Confidence

You may give sensitive information of your family or organization to boast your achievements, pride,
and confidence to unknown persons.

Vishing

It is one of the methods of social engineering over the telephone system, most often using features
facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the
public for the purpose of financial reward. The term is a combination of "voice" and phishing.

Phishing

Phishing is a type of deception designed to steal your valuable personal data, such as credit card
numbers, passwords, account data and or other information.

Social Engineering Techniques .....contd.

Personal Pride or Confidence

You may give sensitive information of your family or organization to boast your achievements, pride,
and confidence to unknown persons.

Vishing

It is one of the methods of social engineering over the telephone system, most often using features
facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the
public for the purpose of financial reward. The term is a combination of "voice" and phishing.

38
Phishing

Phishing is a type of deception designed to steal your valuable personal data, such as credit card
numbers, passwords, account data and or other information.

Test your Knowledge

1. Ramesh had shared the information of his company falling into a critical debt situation and how he
played a vital role in resolving the issue, publicly online in a group? How do you think it may effect him
or the company?

The share price of the company may go down due to speculation of losses and bad word of mouth.

The manager came to know about it and severely reprimanded Ramesh for divulging company
information online.

It may create disturbance among other employees in the company, who were unaware of these matters
of company.

All the above

2. What is the difference between Vishing and Phishing ?

Phishing is an online attempt to grab private information through mails, messages, links, attachments,
while Vishing makes use of phone calls/VoIP.

Phishing deals with of debit/credit card frauds, while Vishing deals with theft of online banking related
frauds.

None of the above

Social Engineering Techniques ......contd.

Baiting

It is one of the methods of social engineering which uses physical media and relies on the curiosity or
greed of the victim. Here the attacker leaves the malware inserted or infected USB or pen Drive, CD/DVD
ROM in a location that to be found and gives a legitimate looking and makes victim curiosity and waits
for them to use the device.

Persuasion

Influence someone to give you confidential information either by convincing them that you are someone
who can be trusted or by just asking for it.

39
1. Raghu got a mail saying ‘Claim your gift of a gold coin’ from a famous jewellery store, out of
excitement he had opened the mail, which said click on the following link and fill up details to claim your
gift? Do you think Raghu should click the link and claim the gift ?

As it is a good offer, there is no harm if Raghu clicks the link to check if he can claim the gift.

He can call up the Jewellery store and confirm if they have sent the link.

He should never click on the links sent from unknown as they can be phihsing links or links that can
download malware on to your system.

2. 6.Sweta was offered a pendrive by a marketing person whom she met in a busstop, claiming that it is
a free launch offer by their company to promote sales and it is of exceptionally good quality. However
when she tried to use the same, her computer became slow and started to malfunction. What are the
social engineering techniques used here by the culprit called ?

Vishing

Phishing

Baiting and Persuasion

None of the above

Social Engineering Techniques ..... contd.

Dumpster diving

Dumpster diving, also known as trashing is another popular method of Social Engineering. A huge
amount of information can be collected through company dumpsters or wastage from home.

Hoaxing

A Hoax is an attempt to trap people into believing that something false as real. This is usually aimed at a
single victim and is made for illicit financial or material gain a hoax is often perpetrated as a practical
joke, to cause embarrassment.

Pre-texting

Pre-texting is the act of creating and using an imaginary scenario to engage a targeted victim in a
manner that increases the chance the victim will reveal information or do actions that would be unlikely
in ordinary circumstances. It is more than a simple lie.

1. How do you think a culprit makes use of dumpster diving for getting hold of your private information?

40
Electricity bills, telephone/mobile bills, Payment receipts etc.,

Photo Copies of your valuable documents like passport/driving licence/PAN card/Aadhar

card/passbooks etc.,

Air travel tickets, Train/Bus Tickets etc.,

All the above

2. Hari received a call from a person saying that his father has met with an accident, and he needs to be
immediately taken to a hospital, the caller said that he has his purse which had his father’s ID card and
credit card with him, with other documents. He started pressurizing and convincing Raghu to share the
credit card pin details for meeting the necessary expenditure? What do you think Hari should do in this
situation and why ?

He can call his father and find out if his purse has been stolen.

He can ask the caller to share his location and reach there immediately to take care of situation.

Hari should remain calm and tell him that he does not have the PIN details, ask the caller to share his
location and take time to verify facts at his end.

3. Ravi received a mail that seemed to be from counter part across country from the same organisation.
He was asking Ravi to share his system or company network as he needed to gather some information
on the technical details to prepare for a important presentation required by the board of directors ,
Ravi’s Boss who had referred him Ravi’s mail id?

It is Pretexting and he should immediately cross verify with his boss.

It is Phishing and he should verify if the mail id is genuine or not.

It is Persuasion and he should simply delete the mail.

Social Engineering - How do you avoid being a victim ?

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about
employees or other internal information. If an unknown individual claims to be from a legitimate
organization, try to verify his or her identity directly with the company.

Do not provide personal information or information about your organization, including its structure or
networks, unless you are certain of a person's authority to have the information.

Do not reveal personal or financial information in email, and do not respond to email solicitations for
this information. This includes following links sent in email.

41
Don't send sensitive information over the Internet before checking a website's security. Pay attention to
the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a
variation in spelling or a different domain (e.g., .com vs. .net).

If you are unsure whether an email request is legitimate, try to verify it by contacting the company
directly. Do not use contact information provided on a website connected to the request; instead, check
previous statements for contact information.

Information about known phishing attacks is also available online from groups such as the Anti-Phishing
Working Group

Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

Take advantage of any anti-phishing features offered by your email client and web browser.

1. What is basic cyber hygiene practice that you should be aware about to protect yourself from social
engineering techniques employed by fraudsters?

Never share your private and sensitive financial information like PIN/OTP/Password with anyone and
never click on links or download attachments received from unknown sources.

It is better to avoid using digital devices for any financial transactions as it can be risky.

2. What is basic cyber hygiene practice that you should be aware about to protect yourself from social
engineering techniques employed by fraudsters?

Never share your private and sensitive financial information like PIN/OTP/Password with anyone &
never click on links or download attachments rom unknown sources.

It is better to avoid using digital devices for any financial transactions as it can be risky.

Social Engineering - What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the
appropriate people within the organization, including network administrators. They can be alert for any
suspicious or unusual activity.

If you believe your financial accounts may be compromised, contact your financial institution
immediately and close any accounts that may have been compromised. Watch for any unexplainable
charges to your account.

Immediately change any passwords you might have revealed. If you used the same password for
multiple resources, make sure to change it for each account, and do not use that password in the future.

Watch for other signs of identity theft .

Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

42
1. What are the measures recommended in case you either doubt or find yourself to be victim of social
engineering technique of fruadsters?

Immediately change the passwords / OTP /PIN & report to the concerned authorities & keep track of
any unusual or unknown financial operations.

Change your SIM card and mobile phone.

Inform your family members and ask them to be aware of any calls from fraudsters.

Financial Frauds / Scams

Online scam is an attempt to trap you for obtaining money. There are many types of online scams, this
includes obtaining money with fake names, fake photos, fake e-mails, forged documents, fake job offers
and many more.

Generally, it happens by sending fake e-Mails for your personal details like online banking details, credit
card details. Sometimes e-Mails are sent from lottery companies with fake notice, when ever you
participate in online auction and e-Mails received for fake gifts.

1. What are online financial scams and how are you affected by them?

Online financial scams are online attempts by fraudsters to trap or cheat you for getting money. They
aim at stealing money from victims.

Online financial scams are related to banking transactions that we do online. It aims at getting sensitive
banking information for stealing money

It is the scam that happen at higher level state/central level. It involves corruption and money
laundering

Types of financial scams

Phishing Scams Online Auction E-mail Scam

Lottery Scams Forwarding product Unscrupulous Website for

or shipping scam Income Tax Refund

About these financial scams

Phishing scam
Online scammers send you an e-mail and ask your account information or credit card details along with
a link to provide your information. Generally, the links sent will be similar to your bank. So when ever
you post your details in the link then the details will be received by scammers and money is misused.

43
Lottery scam
Sometimes you receive an email like “you won a lottery of million dollars” receiving such a kind of mails
is a great thing, and really it’s a happiest thing. By responding to such a kind of mails huge amount of
money will be lost. Because these e-Mails are not true, scammers try to fool and trap you to obtain
money.
Test your Knowledge
1. 2.Keshav got an email that appeared to be from his bank saying that they have updated a software in
the bank and will need the customers to update their data to enable them to continue using their
services without any technical issue. The mail also mentioned that they have to do the needful before
evening to avoid deactivation of account. They had given a link from where the customers can update
their details. What do you think Keshav should do in the above scenario?
Keshav should call up the phone number given in the email and confirm about details given .
He should personally go to the bank and contact the officials.
He should call up the authentic phone numbers taken from original site of the bank and confirm about
the authenticity of mail.
2. Swati received a message ‘Congratulations for winning 1 Lakh rupees’, from ‘Kaun banega lakhpati’,
the message said that her mobile number has been randomly picked up and is now among the lucky few
to have won the guaranteed cash prize. Upon further exploring the option to encash the amount, it said
she has to pay up nominal processing charges of Rs.5000/- for deposit of the amount into her bank
account. Do you think the offer is genuine or fake? If so why?
It may be a genuine offer as the sender is assuring her of depositing the amount into her bank account.
It is a fake message as it was received from unknown number/source, for a event which Swati did not
register at all. Also they are upfront asking her to deposit processing charges.
It may be a fake message as no one gives away huge money just like that.
About Financial Frauds .... contd.
Online Auction
If you bid for a product you never get the product promised or don’t match the product, and the
description given to you may be incomplete, wrong, or fake. The scammer accepts the bid from one
person and goes for some other sites where they can get less than the winning bid so scammers may not
send the product you wanted.
Forwarding Product or Shipping Scam
When ever you answer an online advertisement for a letter or e-mail manager like some US based
corporation which lacks address or bank details and needs someone to take goods and sent to their
address or ship overseas, and you are asked to accept the transfers into your bank.
Generally, it happens for products that are purchased using stolen credit cards and shipped to your
address and then you will be fooled and asked to reship the product to others they might have decieved,
who reship the product overseas. The stolen money will be transferred to your account.
1. 1.Ravi had come across a very good the offer on an online auction platform for Sony Ericsson P900
mobile, for offer price of Rs.10,000/- ( Market price was 40,000/-), he participated in the bid and placed
a bid for 15,000/-. He was asked to deposit the amount into sellers bank account before dispatch the
product. Do you think Ravi should deposit the amount or not? If so why?

44
 He can deposit the amount as he is doing the transaction through a online auction site, which can be
trusted.
He should initially look into the few important aspects like- user feebacks; secured links (https links);
clear dispute redressal policy mentioned etc., & only then take a decision.
Ravi should not deposit the amount at all, as the price is too less it is a fake offer.
I do not know
।.By e-mails
Generally, fraudsters send you an e-mail with tempting offers of easy access to a large sum of money
and ask you to send scanned copies of personal documents like your address proof, passport details and
ask you to deposit an advance fee for a bank account. So once you deposit the funds, they take money
and stop further communication, leaving you with nothing in return.
E-mail Scam Like --Congratulations you have won Webcam, Digital Camera, etc.- Sometimes you get an
e-mail with a message like -- you have won something special like digital camera webcam , all you need
to do is just visit our web site by clicking the link given below and provide your debit or credit card
details to cover shipping and managing costs. However the item never arrives but after some days the
charges will be shown on your bank account , and you will lose money.
Unscrupulous Websites for Income Tax Refund
Generally, websites feel like official websites and seek the details of credit card, CVV PIN of ATM and
other personal details of the taxpayers in the name of crediting income tax refund through electronic
mode.
1. Varun got an email that appeared to be from Income Tax Department, saying ‘due to COVID 19
pandemic the government has decided to refund the tax amount paid’, they had provided him a link and
asked him to follow the link refund of the amount. What do you think Varun should do in the above case
?
Follow the link and give the details as it can give him some financial benefit.
He should be wary of such offers and immediately delete the mail.
He should try to check the authenticity of mails carefully and ensure that he does not divulge any kind
of financial details or click suspicious links / attachments from unknown sources.
Security Tips to Prevent Online Scams
Confirm whether email is received from bank or not
Be cautious while providing bank details online, before proceeding further confirm with the bank about
the email you received. Think that if something is important or urgent why doesn’t the bank call me
instead of sending email?
Confirm the shipping
Beware of shipping scam. Make sure you get authorized signed document via fax before proceeding
further and make sure you received it from an authorized company.
1. Shyam received a call from someone claiming to be from a bank, saying that the ATM card number
will be blocked because of some technical issue and he has to share the card number and PIN to ensure
that the card is enabled and updated accordingly? What do you think Shyam should do?
He can share the details with the bank official after confirming that he is from the bank.
He can share his details through SMS to the mobile number, from which he received the call.

45
He should never share the details of ATM card number or PIN number with any one claiming to be from
bank or any other trusted source for any purpose.

Security Tips to prevent online scams .....contd.

Be cautious during online auction

Don’t be trapped with discounts and think wisely before you proceed
with online auction. Think why $200 product would be $ 20.

Be aware about the product you received via email

Be aware about the products you get for a discounted price. Think why
you received email for products when you never enter any online
shopping or contest.

Don’t be trapped by lottery scam

Don’t get trapped by scammers and e-Mails with a subject line you won
some $10000 just think why only you received the email without your
participation.
1. What are the safety measures,that you would adopt to protect
yourself for possible financial scams like lottery scam, email scam,
Phishing/Vishing Scams, online auction or shipping scams?
Be alert and take care not to click on links/ download attachments/
never believe in free offers, prizes etc., from unknown sources and take
appropriate care to verify and authenticate before performing any
financial transactions.
Take care to set up anti virus, anti spyware, firewalls and update
software regularly on digital devices.
Never share private details like creditcard / debitcard/ ATM card
related details and password /PIN / OTPs etc.,
All the above
2. Pritam was referred to an online shopping site by a friend that was
offering a a luxury brand watch at a very lucrative price with exceptional
discount with limited sale period. Prem wanted to have the brand of
watch since a long time and was quite eager to grab the offer. What are
the aspects that Pritam should keep in mind and duly verify, before
proceeding to make the online purchase?

46
 He should verify - if the site is secured/trusted/original
one(https/original url); reviews about the site; customer reviews for
product ; check for refund/return policy; if COD option is given.
He should verify the brand , quality, color and size of the watch
displayed on the site.
He should take the advise of his friends before he places the order for
the watch.
Security Tips to prevent online scams .....contd.
Credit Card Frauds:

Credit card fraud is a wide-ranging term for theft and fraud committed
using a credit card or any similar payment mechanism as a fraudulent
source of funds in a transaction. The purpose may be to obtain goods
without paying, or to obtain unauthorized funds from an account. Credit
card fraud is also an adjunct to identity theft.

Tips:

-Be cautious while using the credit card.

-Don't give your credit card pin number to unknown persons.

-Avoid sending credit card details through e-mails.

-Don't write pin number on the credit card, try to remember it.
1. What are the security measures to ensure that the your credit card is
prevented from being misused?
Be cautious while using the credit card and immediately block or report
the loss in case you happen to loose the same.
B)Never share the credit card related details like number/PIN to
unknown people however convincing they may seem either through
email/message/links etc.,
Do not write down the details of your financial cards on sticky notes,
papers etc., in an attempt to remember or keeping information in hand.
All the above
2. Mr. Verma was a retired person who lived alone. He had recently
started interacting with his old friends and others through social media
platforms to engage himself online socially. He received a friend request
from one Mrs. Gupta, who claimed to be his old school mate, from the
same school. After some interaction , she asked him if he could help her
with some amount, as she needs it for some urgent need that will be

47
returned within some time. What do you think Mr. Verma Should do, in
the above situation?
He should give her the amount and see if she returns the amount in
time.
He should give her only some part of the amount asked for.
He should block her account and not entertain her at all.
He should gracefully decline and as a policy not enter into any kind of
financial transactions or exchange financial information with people
online whose identity he is not sure of.
About Safe downloading online
Download is basically receiving files, applications n other data from a
remote system, like a server, such as a web server, an FTP server, an
email server, or other similar systems.

One has to be careful and take a few precautions while downloading

data from remote system , as it can pose threats to the security of the
user’s system and data.
1. Why is important to take care while downloading the files received
from others ?
It is important as it can pose threats to our digital devices and data
It is important as the files being downloaded may be infected with
malware/spyware/virus etc., and can corrupt your system and data.
It is important because most of the time you receive these files from
unknown people.
About Safe Downloading ...contd.
Precautions that should be taken while downloading
Close all the applications that are running on your computer, let only
one set-up file run at a time of downloading.
Set firewalls, set antivirus to actively scan all the files you download.
Scan all the files after you download whether from websites or links
received from emails.
Always use updated antivirus, spam filter and spyware to help detect
and remove virus, spyware from the application you want to download.
Never download any files like music, video, games and many more from
untrusted sites and do not go by the recommendations given by your
friends or recommendation made by any random website's comments.
Check that the URLs are same, and always download games, music or
videos from the secure websites like which use HTTPS websites instead
of HTTP. In the web address, replace “http” to https”. The HTTPS refers
to the Hyper Text Transfer Protocol Secure.
Download only from trust worthy websites. Do not click links to
download anything you see on unauthorized sites.

48
If you happen to view any offensive text, bad language on the website,
just close the window no matter how important it is, because spyware
may be installed on your PC from such websites.
1. Preeti was working on her system when Ravi had approached her,
saying that he had forwarded her few files through email and he wanted
her to download those files on her system and give him a print out of
the same? What are the precautions that Preeti should take before
downloading the files on her system?
She should close all the other running programs on her system and scan
all the files being downloaded.
She should ask him to give the files in a pen drive and then scan the
drive.
She should not accept to download the files and give him the print outs
and its not safe to download files.
Precautions that should be taken while downloading ...contd.
Check the size of the file before you download, sometimes it shows a
very small size but after you click it increases the size of the file.
Never believe anything which says click on this link and your computer
settings will be changed and your PC can be turned into XBOX and can
play unlimited games on your computer.
Do not accept anything that offers you free download because that may
contain malicious software.
Do not click the link or file and let it start download automatically,
download the file and save where you want save and then run on the
application.
Set secure browser settings before you download anything.
Read carefully the terms and conditions before you click on install or run
application.
Do not download anything until you know complete information of the
website and know whether it is an original site of an original company.
Never download from the links that offer free antivirus or anti spyware
software, always download from trusted sites, if you are not sure about
the site you are downloading, enter the site into favorite search engine
to see if anyone has posted or reported that it contains unwanted
technologies.
1. What are the possible effects of downloading files from links that
offer you free antivirus/spyware/ games/ caller tunes/ screen savers
etc., ?
Allowing malware, spyware, and other objectionable files to be
downloaded on to your computer.
The device getting corrupted.

49
 Breach of firewall. Also allow culprits to obtain private
information/data from system.
All the above
About Identity Theft
Identity Theft occurs when someone, without your knowledge, acquires
a piece of your personal information and uses it to commit fraud.
Identity theft is a crime used to refer to fraud that involves someone
pretending to be someone else in order to steal money or get other
benefits. The term is relatively new and is actually a misnomer, since it
is not inherently possible to steal an identity, only to use it. The person
whose identity is used can suffer various consequences when he or she
is held responsible for the perpetrator's actions. In many countries
specific laws make it a crime to use another person's identity for
personal gain. Identity theft is somewhat different from identity fraud,
which is related to the usage of a false identity' to commit fraud.
1. What do you mean by online identity theft, why is it generally used?
Identity Theft basically is using personal/private information/details
without knowledge, to commit fraud.
It is using financial details of a person to commit online theft.
It is using the someone else's photograph for your profile.
Identity theft can be divided into two broad categories:
Application fraud

Account takeover

Application fraud

Application fraud happens when a criminal uses stolen or fake

documents to open an account in someone else's name. Criminals may
try to steal documents such as utility bills and bank statements to build
up useful personal information. On the other hand they may create
counterfeit documents.

Account takeover

Account takeover happens when a criminal tries to take over another

person's account, first by gathering information about the intended
victim, then contacting their card issuer masquerading as the genuine
cardholder, and asking for mail to be redirected to a new address. The
criminal then reports the card lost and asks for a replacement to be
sent.

50
1. What are the ways in which the identity theft can be committed by
the fraudsters?
Through application fraud or account take over.
By stealing the password of the user
By stealing the PIN/ OTP details
2. Ravi received a message from his friend Anil, saying he transferred an
amount of Rs.3000/- upon his request over Facebook. Ravi was taken by
surprise as he had not asked for any amount from Ravi? How do you
think Anil received that message and what action do you suggest Ravi
from his end?
Anil must have mistakenly taken some other friends request for money
transfer, to be from Ravi. Anil can ask Ravi to cross verify properly and
inform the other friend.
It is a mystery how Anil got message, Ravi can check his facebook
account and accordingly reply Anil.
It is possible as Ravi’s facebook account must have been taken over by
fraudster who have must have gained access to his password somehow.
He should immediately check his account and if accessible change his
password , otherwise he should report to the facebook helpdesk and
regain access to his account.
Identity Theft -Tips to be safe

Be very careful while sharing personal information online. Like for

example while uploading your photo, video or your account information
which will remain online for long time for any one to see.
Never Share personal/private information online publicly - Personal
information includes full name, date of birth, home address, school
address, email, parent’s details, etc., can be dangerous as it can be
misused by fraudsters.
Avoid downloading the content into mobile phone or laptop from an
unauthorised source.
Think before granting app permissions. Does a flashlight really need to
know your device’s location?
Consider revoking critical permissions when apps are not using them.
Ensure that you have a unique & complex password, that is different for
separate accounts/devices and keep changing it at regular intervals. A
complex password should either be a passphrase or combination of
letters, numbers and symbols.
As an extra layer of protection enable two-factor authentication for
your accounts/devices.
Dispose your documents like mails, receipts, bill or any other papers
that have your sensitive information properly by shredding/burning.

51
Keep track of your financial accounts like bank/credit/debit cards
accounts and check for any unauthorized withdrawals/debits.
1. What are the important measures to safeguard yourself from identity
theft?
Have a complex password and enable 2 factor authentication for your
account access.
Properly dispose your private/personal documents/papers so that they
cannot be misutilized. Also do not share your private and personal
information publicly online.
Avoid downloading the content from unauthorized source or giving
unnecessary permissions while downloading apps.
All the above
Toll Free Number : 1800 425 6235 Sujaysingh Anandrao Patil A- A A+
Select Language
Mobile Device and Data Security Threats:

Threats related to unauthorised or intentional physical access to mobile

phone and Lost or Stolen mobile phones.

Typical impact of attacks against Mobile Phones :

Exposure or Loss of user's personal Information/Data,
stored/transmitted through mobile phone.
Monetary Loss due to malicious software unknowingly utilizing premium
and highly priced SMS and Call Services.
Privacy attacks which includes the tracing of mobile phone location
along with
private SMSs and calls without user’s knowledge.Loosing control over
mobile phone and unknowingly becoming zombie for targeted attacks.
1. What are the security threats that can be caused due to
vulnerabilities that personal devices like mobile phones are prone to?
It can cause malware attacks; loss of important data stored on device or
may lead to misuse of the personal data by fraudsters leading to
identity theft/financial fraud/privacy attacks/spam messages etc.,
The mobile phone SIM can be stolen and internet data can be accessed.
The physical device can be stolen from you.
Mobile Phone Security Threats Categories and appropriate security tips:
Lost or Stolen devices:

Nowadays smart phones have become the inevitable part of an

individual’s life. By any chance we lost/misplaced our phone; it causes a
serious threat to the sensitive data that can reach a cyber criminal. Just
by looking at apps that are installed on the phone, anyone can have an

52
idea about the user’s age, gender, location, interest in workout
activities, possible medical conditions the user is suffering from, even
whether the smart phone user is expecting a baby.

-Always use a password or biometric authentication for unlocking your

phone.

-Activate SIM lock for your SIM card, because even if you lock your
phone anyone will easily have a physical access to your SIM card once
you lose your phone.
Exposure of critical information:
Lack of data protection or data leak prevention capabilities on mobile
devices. This can lead to serious threat to identity of any individual. Your
personal banking information can also be at risk.
-It is advisable not to store important information like credit card and
bank cards passwords, etc in a mobile phone.
-Make sure you log out of the Apps after using it.
1. What are the measures that can help in securing your data and
personal information in case your mobile is misplaced or lost?
Enabling biometric authentication; not storing critical information
related debit/cards and activating SIM locks can be helpful security
measures.
Encrypting the data on your mobile and not saving any
personal/private/critical data on mobile.
Locking all the apps and having strong password.
All the above
Mobile Phone Security Threats Categories and appropriate security tips
.....contd.
Open/Public Wi-Fi
Most often open Wi-Fi networks cause lot of threats to our mobile
phones if connected in these networks. It is often advisable not to make
any bank transactions and not to use any sensitive data using open Wi-
Fi networks.
Keep the Bluetooth connection in an invisible mode, unless you need
some user to access your mobile phone or laptops. If an unknown user
tries to access the mobile phone or laptop through blue tooth, move
away from the coverage area of blue tooth so that it automatically gets
disconnected.
-Don’t perform financial, medical or business tasks while logged in to
open Wi-Fi If you have to, then get a VPN or use a secured network.
-Don’t use any passwords and sensitive data while logged in to open Wi-
Fi.

53
1. How can you protect your mobile devices and private data, when you
need to connect to wifi?
Avoid using open / public wifi when connecting for private or critical
exchange of information.
Refrain from doing any banking or financial transaction or sharing
personal private data
In case an open wifi needs tobe use ensure that you use VPN in case of
open wifi
All the above
Mobile Phone Security Threats Categories and appropriate security tips
.....contd.
Phishing emails:
Email users continue to fall prey to emails that appear to come from
trusted senders like banks and retailers. Manipulative language creates
a sense of urgency that prompts recipients to make an impulsive
decision. They click embedded links and share data on non-trusted sites,
download attachments that contain hidden data-mining malware or
share infected emails with contacts.

-Check that email addresses always match sender names, visit sender
websites via bookmarks or typed URL address bar submissions and scan
all downloads with a trusted anti-virus program.

Smishing Messages:
The same phishing rules above apply to text messages. If you still doubt
the origin of a message or a sender’s intentions, contact the assumed
sender via a phone call to confirm that they sent you the message.
Consider reaching out to your bank – but contact them via the usual
channels, do not click any URLs sent via text.
1. Pallavi received an email from a popular banking organization, that
said that she has been shortlisted for an interview and she needs to click
the link given in the mail and submit necessary details for further
processing as soon as possible ? What do you think Pallavi should do
once she reads the mail ?
She can look at the kind of job being offered and if offer is lucrative she
can immediately apply.
She can call the numbers given in the mail and cross verify with them
reg. the offer.
She should check for possible signs of cyber fraud/scam like general
addressing instead of her name, reference to the advt. Published in
Newspapers, spelling mistakes, website id(https) etc., and then call up
the specific bank (with contact no. fm original site) to confirm.

54
Mobile Phone Security Threats Categories and appropriate security tips
....contd.
Weak Authentication:
Criminals love mobile payment systems that have weak authentication
tools. Any payment systems that you use, including e-commerce
browser apps and virtual wallets, should have multi-factor
authentication and multi-level data encryption.
For example, a secure system might require a user ID, password and
security image confirmation or message you a one-time-use PIN. The
best payment systems turn your credit card data into a token so that it
cannot be read anywhere else.
Mobile Phone Security Threats Categories and appropriate security tips
....contd.

Test your Knowledge

1. Ravi was travelling with his family, when he received an OTP for
successful payment authentication through his credit card. Ravi was
surprised as he had not used his credit card for any payment processing.
Why do you think Ravi had received the OTP though he had not used his
credit card and what can be do to safeguard himself from possible
financial fraud?
A fraudster might have got hold of his CVV number and is attempting to
use the same. Ravi should immediately call up the bank authorities to
block his card and issue him new card.
A family/ friend might have used his card details for online purchase.
He can ignore it.
He might have mistakenly saved his credit card details in some website
and must have auto saved it further use, which might be misused. He
can block the card and get it reissued, and henceforth not auto save any
details.
A&C
Mobile Phone Security Threats Categories and appropriate security tips
.... contd.
Mobile Application and Operating System Security Threats:
Threats arising from vulnerabilities in Mobile Applications and Operating
Systems. When we unknowingly download applications which are free,
we never check on what are the privacy settings we are compromising
by downloading those Apps.
There are many Applications which steal your data after you download
the application on your mobile known as malware applications.
Test your Knowledge

55
1. Roshan has downloaded an ‘ mobile torch app’ on his mobile, while
installing the app. it was required to give permissions to it to access to
mobile resources like location, contacts, gmail account etc., Do you
think Roshan should download such an app, that requires permissions?
Why?
Roshan should not download apps that ask for permission to access
personal details which is unnecessary for the application, he should be
wary of any third party apps. This is an unhygienic practice and can lead
to safety/privacy breach causing security threats.
Roshan may only give the permissions and check the performance of
the application and incase it is unsatisfactory he may delete it latter.
Such minor apps do not pose any issues.
It is upto Roshan to download the app or not, as it is his mobile’s
security at stake.
None of the above
Cyber Hygiene policy at home
A cyber hygiene policy is an written/unwritten mutual agreement
among the family members to use the technology and digital devices
accessible to them in a responsible, useful and right manner. This will
enable the members at home understand that just as any other
resource even digital technology can have consequences that are
harmful for them as well as other member of family and outsiders, if
used inappropriately or carelessly.
Points that can be considered while framing cyber hygiene policy for
home:
We will not share our personal/private sensitive Information with others
online.
we will not download or install anything without following necessary
security measures.
We will use polite language and would not post /write/ share false or
disturbing content.
We will inform the members in the family in case we need to meet any
online friend
1. What is a cyber hygiene policy for home and why do you think it is
required ?
It is an agreement among family members for usage digital devices in
responsible and safe way. It is helpful to safeguard the security of data
and digital devices from misuse by fraudsters.
It is a manual that is provided to us to refer while using the digital
devices, it is helpful document for refering in case of any technical issue
or in case of cyber threat.
None of the above

56
 Steps to Protect your children
What you should know about social media and safety of children
Parents should be aware that the children of current cyber age, give a
lot of prominence to their presence or identity in social media
platforms. It has become a means of social interactions, maintain social
connect and social identity for the current generation.
While their active presence on social media can present them positive
opportunities to maintain contact, share and connect with people
across the globe. It may also present them with few risks and dangers,
that they should be made aware about. These online risks include
dangers from online predators, cyber bullying, identity theft, social
media account hacking etc.,

1. What is it that the parents should be aware, about their child’s online
presence in social media?
Social media presence has opportunities to maintain social connect,
however children should be made aware of the dangers and measures
to stay safe.
That Social media has lot of hidden threats and dangers for children like
cyber bullying, online predators and therefore should not be allowed
Some risks on social media /social network platforms for Children
Online chatting : The threat of ‘Stranger Danger’ is always there, when
children connect with unknown people online. They should be made
aware of the presence of online predators, fraudsters and should be
warned against befriending unknown people online.

Online Grooming: Online grooming is tricking/convincing/grooming the

children and emotionally manipulate them to oblige to the
culprits/online predators requests of sexual nature. The online
groomers often befriend a child by appearing to have the same hobbies
and interests as them. Using fake accounts and photos, they may also
pose to be as the same age as the child.
1. Q1. Meenu was chatting in a chat room when a friend she had made
online, claiming to be of same class, started asking her to share her
personal pics in an objectionable attire? What do you think Meenu
should do and Why ?
Meenu should immediately inform her parents about it, and block this
friend. It is quite possible that it is a online predator who is trying to
contact her.
Meenu can reject sending her photographs and tell her she is not
interested to continue chatting with her, as she is not comfortable with
her requests.

57
Meenu can send her the pics and ask her to keep it safe and not share it
with any one.

Some risks on social media /social network platforms for Children

....contd.
Cyber Bullying: Cyber bullying takes place when other children or
members in the group target the child and start making embarrassing,
humiliating and personal comments continuously to harass a child. This
can cause lot of emotional & psychological trauma to the child. Ensure
that children well aware about it and seek help at the right time.
Account hacking: It is quite possible that the individual social media
account is hacked by a fraudster and is misused and misrepresented.
Children should be made aware of importance of careful about sharing
their private information and importance of online safety.
1. Preeti got a friend request from a girl named shruti, whom she did
not know . However Shruti claimed that she shared the same
interests/hobbies as preeti and studies in same class. Do you think
Preeti should accept the friend request from Shruti and why?
No, Preeti should not accept friend request as it might be a a fake
request from online predator with wrong intentions.
Preeti can accept the request only after thoroughly verifying about
Shruti by- checking her profile, by finding about her among friends if
they know her personally. As this will ensure that she is making online
friend with the right person.
Preeti can accept the friend request based on the facevalue of the
request request sent to her, as it can be a false request.
2. Rani joined the online group with her new school mates. As she
recently joined school, she thought it will help her making friends.
However, they started posting humiliating remarks about her online in
the group, commenting about her weight, looks, language etc., She felt
quite rejected, sad and was emotionally traumatized, she avoiding going
to school. What do you think is the right way to deal with this issue that
Rani is facing?
Rani should seek help and speak to her parents about it. She opt out of
the online group. Parents can in turn speak to her teachers and friends
help her deal the situation.
Rani can tell her friends to stop bothering her and strictly warn them.
Rani can stop going to school and ask her parents to change her school.

Best online practices to followed online on social networking platforms

* Avoid sharing your personal information like real names, addresses
and other sensitive identity related information on social media.

58
* Be aware of security and privacy features and enable them on social
media accounts
https://www.facebook.com/help/; https://help.twitter.com/en;
https://help.instagram.com/
(select the privacy and security options in the given urls links and follow
instructions )
* Do not share your personal pictures online publicly on social media
accounts
* Never accept friend requests without appropriate verification and
confirmation
*Never click on suspicious links or download anything until you verify
the authenticity of the source.
*Use different passwords for different social media accounts and
emails.
* In case you find anything fishy immediately report to the social media
help center.
*Always be aware to use internet and online medium responsibly
*Never send compromising images, posts, videos of yourself to anyone,
no matter who they are
*Do not open attachments from people you do not know.

*Turn off your electronic devices and web cameras when you are not
using them.
* Educate children on secured digital practices and dangers of
befriending online strangers.
1. What are the online security related hygienic practices to be followed
for your social media/social network related account safety?
Enable your security and privacy features on your accounts and avoid
sharing sensitive information ( pictures/videos/information etc.,) and
Turn off your electronic devices and web cameras when not in use.
Do not accept friend requests from unknown people or accept to meet
online friends in person.
Use different passwords for accounts and never click on suspicious links
or downloads.
All the above
Warning signs your child might be a victim of online issues like
harassment/ cyber bullying
Parents should be aware of the warning signs that indicate that a child
might be affected and is emotionally troubled. This will help them to
reachout to the child and offer necessary help to come out of any issue.
- Self isolation
- Disinterest in any activity

59
- Signs of fear, nervousness, anxiety,
- loss of interest in food or hobbies
- irregular sleep and health complaints
- being very reactive and emotional
- Felling desperate and frustrated
1. Anu’s parents observed were transferred to Delhi, and latter they
changed her to a new school. Off late they observed that she was
becoming dull and disinterested in things, also she was not sleeping or
eating properly and was constantly complaining about having some
problem to skip school. What is it that Anu’s parents can suspect and
how can they help her?
They can suspect some issues that Anu might be facing at her new
school. They should sit with her and try to understand the issue and
help her in resolving it appropriately by speaking to teachers, students
and school authorities.
They can suspect that Anu is not able to adjust to the new location and
try to arrange to send her back to her old school.
They can suspect adjustment issues with new place and school and can
just wait and watch, to see Anu can over come the issue by tackling it by
herself.
Parental controls and filtering
Parents should be in control while pulling the reigns on child’s digital
activity. Parents do need to exercise their authority as adults and keep it
clear that they are in charge of the things. They need to clearly set the
limits and rules on things that are not allowed.
- Setting up priorities on activities that they need to do first and not
indulge in gadgets beyond limits. like finish homework first, go to bed
on time, involve in after school physical activity like games etc.,
- Setting up restrictions on usage of apps, games, TV time and the
downloading, based on age appropriate content, child safety features.
- Use helpful resources like google safe search, white listing specific sites
on your kids device, creating separate accounts with restrictions that
are age appropriate etc.,
1. How can parents keep track of child’s online activity and control them
effectively?
They should discuss with children and set limits on the screen time, set
priorities rightly, not allow gadgets during food, homework, sleep.
Enabling security and privacy features on the gadgets used by children
Set up restrictions in usage of websites, downloading apps etc., using
google safe search, using separate account with restrictions.
All the above
Guidelines for Online Shopping

60
Online shopping can be very interesting for youngsters especially. While
this option can provide them with good range of cost effective options,
it can also pose many threats & dangers like financial theft, fake offers,
unsecured/fraudulent sites, data breach, phishing attacks, malware
attacks etc.,
Parents should let the children know about the threats and online
financial scams that they can affect them while shopping online, on
unsecured sites. They need to be made aware of being careful while
sharing their personal and financial details.
Tips for safe online shopping
Before you go for online shopping make sure your PC is secured with all
core protections like an antivirus, anti spyware, firewall, system updated
with all patches and web browser security with the trusted sites and
security level at high.
Before you buy things online research about the web site that you want
to buy things from, since attackers try to trap with websites that appear
to be legitimate, but they are not. So make a note of the telephone
number’s physical address of the vendor and confirm that the website is
a trusted site. Search for different web sites and compare the prices.
Check the reviews of consumers and media of that particular web site or
merchants.
If you are ready to buy something online check, whether the site is
secure like https or padlock on the browser address bar or at the status
bar and then proceed with financial transactions.
After finishing the transaction take a print or screenshot of the
transaction records and details of product like price, confirmation
receipt, terms and conditions of the sale.
Immediately check the credit card statements as soon as you finish and
get them to know about the charges you paid were same, and if you
find any changes immediately report to concerned authorities.
After finishing your online shopping clear all the web browser cookies
and turn off your PC since spammers and phishers will be looking for the
system connected to the internet and try to send spam e-Mails and try
to install the malicious software that may collect your personal
information.
Beware of the e-Mails like “please confirm of your payment, purchase
and account detail for the product.” Remember legitimate business
people never send such e-Mails. If you receive such e-Mails
immediately call the merchant and inform the same.
1. Pritam was referred to an online shopping site by a friend that was
offering a luxury brand watch at a very lucrative price with exceptional
discount with limited sale period. Prem wanted to have the brand of

61
watch since a long time and was quite eager to grab the offer. What are
the aspects that Pritam should keep in mind and duly verify, before
proceeding to make the online purchase?
He should verifty - if the site is secured/trusted/original
one(https/orignal url); reviews about the site; customer reviews for
product ; check for refund/return policy; wether COD option is given.
He should verify the brand , quality, color and size of the watch
displayed on the site.
He should take the advise of his friends before he places the order for
the watch.
None of the above

62
63
64
65
66
67