PASSWORD

MANAGEMEN
T:
Creating and managing
passwords to be as
secure as possible
 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password security

and its importance

3. Tiered password system - review and categorize your

existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password

security and its importance

3. Tiered password system - review and categorize your

existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

 WHAT’S A PASSWORD?

 A password is a string of characters that gives you

access to a computer or an online account.
 COMMON THREATS AGAINST
YOUR PASSWORD
Password cracking is the process of breaking passwords in
order to gain unauthorized access to a computer or account.
Guessing: Social
Method of gaining access to Engineering/Phishing:
an account by attempting Deceiving users into
to authenticate using revealing their username and
computers, dictionaries, or password. (easier than
technical hacking)
large word lists.
 Usually by pretending to be
Brute force – uses every
an IT help desk agent or a
possible combination of legitimate organization
characters to retrieve a such as a bank.
password  DO NOT EVER SHARE YOUR
Dictionary attack – uses PASSWORDS, sensitive data,
every word in a dictionary or confi dential banking
of common words to details on sites accessed
identify the password through links in emails.
 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password security

and its importance

3. Tiered password system - review and categorize

your existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

 HOW MANY PASSWORDS DO YOU
HAVE?
Banking and Personal Social media Work
Business Emails & news related
services accounts
DON’T FORGET YOUR COMPUTER
AND PHONE LOGINS!
 TIERED PASSWORD SYSTEMS

Tiered password systems involve having diff erent levels of

passwords for diff erent types of websites, where the
complexity of the password depends on what the consequences
would be if that password is compromised/obtained.
 Low security: for signing up for a forum, newsletter, or
downloading a trial version for a certain program.
 Medium security: for social networking sites, webmail and
instant messaging services.
 High security: for anything where your personal fi nance is
involved such as banking and credit card accounts. If these
are compromised it could drastically and adversely aff ect
your life. This may also include your computer login
credentials.

Keep in mind that this categorization should be based on

how critical each type of website is to you. What goes in
which category will vary from person to person.
 HANDS-ON PART 1: REVIEW AND
CATEGORIZE YOUR PASSWORDS
1. Categorize your passwords into 3 categories:
high, medium, or low. Categorization should be
based on how critical each type of website is
to you. Take 5 minutes to categorize some of
your online accounts.
2. Your high security passwords are the most
important. Keep in mind:
 You should change any password that is weak.
 If you have used any of your passwords for more than 1
site, you should change.
 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password security

and its importance

3. Tiered password system - review and categorize your

existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

COMMON
MISTAKES
IN
CREATING
PASSWORD
S
 RISK EVALUATION
OF COMMON MISTAKES
Mistake Example Risk Evaluation
123456789
Too risky. These are most criminal’s first
Using a Common Password. password
guesses, so don’t use them.
qwerty
Too risky: anyone who knows you can easily
Gladiator guess this information. Basing a password on
Using a Password that is
“Bobby” your social security number, nicknames, family
based on personal data
“Jenny” members’ names, the names of your favorite
“Scruffy” books or movies or football team are all bad
ideas.

John12 The shorter a password, the more opportunities

Using a Short Password
Jim2345 for observing, guessing, and cracking it.

Using one Too risky: it’s a single point of failure. If this

Using the same password password on every password is compromised, or someone finds it,
everywhere. site or online the rest of your accounts – including your
service. sensitive information – are at risk.

Writing your Very high risk, especially in corporate

Writing your passwords password down on environments. Anyone who physically gets the
down. a postit note stuck piece of paper or sticky note that contains your
to your monitor. password can log into your account.
 WHAT MAKES A PASSWORD
SAFE?
 Strong passwords:
 are a minimum of 8 characters in length, it’s highly
recommended that it’s 12 characters or more
 contain special characters such as @#$%^& and/or
numbers.
 use a variation of upper and lower case letters.
WHAT MAKES A PASSWORD
SAFE? (CONT.)
It must not contain
easily guessed
information such
your birth date,
phone number,
spouse’s name,
pet’s name, kid’s
name, login name,
etc.
It shouldn’t contain
words found in the
dictionary.
 HOW TO MAKE A STRONG
PASSWORD
 “Treat your password
like your toothbrush.
Don’t let anybody else
use it, and get a new
one every six months.”
~ Cliff ord Stoll
 The stronger your
password, the more
protected your account
or computer is from
being compromised or
hacked. You should make
sure you have a unique
and strong password for
each of your accounts.
 MOZILLA’S SAFE
PASSWORD METHODOLOGY
1. Pick up a familiar phrase or quote, for example, “May the
force be with you” and then abbreviate it by taking the fi rst
letter of each word, so it becomes “mtfbwy”

2. Add some special characters on either sides of the word to

make it extra strong (like #mtfbwy!)

3. And then associate it with the website by adding a few

characters from the website name into the original password
as either a suffi x or prefi x. So the new password for Amazon
could become #mtfbwy!AmZ, #mtfbwy!FbK for Facebook and
so on.

*While this technique lets us reuse the phrase-generated part

of the password on a number of diff erent websites, it would still
be a bad idea to use it on a site like a bank account which
contains high-value information. Sites like that deserve their
own password selection phrase.
 USING A PASSPHRASE TO WRITE A
SECURE PASSWORD
While generating a password you should follow two rules; Length
and Complexity. Let’s start by using the following sentence: “May
the force be with you”. Let’s turn this phrase into a password.

1. Take the fi rst letter from each word: Mtfbwy.

2. Now increase its strength by adding symbols and numbers: !

20Mtfbwy13!
 The 20 and 13 refer to the year, 2013.
 Secondly, I put a “!” symbol on each end of the password
 Try using the name of your online account in the password
 !20Mtfbwy13!Gmail (for gmail)
 fb!20Mtfbwy13! (for Facebook)

 That’s one password developing strategy. Let’s keep adding

complexity, while also attempting to keep things possible to
memorize. *you actually should not use a should not be a
common phrase.
HAYSTACKING YOUR PASSWORD:
A S I M P LE AN D PO W E R F U L WAY O F S E C U R I N G YO U R
PA SS W O R D

 Password Haystack is a methodology of making your

password extremely diffi cult to brute force by
padding the password with a pattern like (//////)
before or/and after your password.
Here’s how it works:
1. Come up with a password, but try to make it as a mix of
uppercase and lowercase letters, numbers and symbols
2. Come up with a pattern/scheme you can remember, such as the
first letter of each word from an excerpt of your favorite song or a
set of symbols like (…../////)
3. Use this pattern and repeat using it several times (padding your
password)
Let’s have an example of this:
Password:
!20Mtfbwy13!
By applying this approach, the password becomes a Haystacked
 HANDS-ON PART 2:
TESTING YOUR PASSWORDS
Use these tools to test the strength of a password. As a
precaution, you probably shouldn’t use these services
to test your actual password. Instead, simply use it to
learn what works and what doesn’t work. Just play with
the strength checkers by constructing fake passwords
and testing them.

 http://rumkin.com/tools/password/passchk.php
 https://www.microsoft.com/security/pc-security/passw
ord-checker.aspx

 http://www.grc.com/haystack.htm
 http://howsecureismypassword.net/
 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password security

and its importance

3. Tiered password system - review and categorize your

existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

PASSWORD OVERLOAD: HOW CAN
ANYONE REMEMBER THEM ALL?
 Many people use a few passwords for
all of their major accounts.
 The average Web user maintains 25
separate accounts but uses just 6.5
passwords to protect them.
 PASSWORD SECURITY

 More than

60% of people
use the same password
across multiple sites

If one of your accounts is hacked,

it’s likely that your other accounts
that used the same password will
quickly follow.
 PASSWORD MANAGEMENT
TECHNIQUES
(WAYS TO STORE YOU PASSWORDS)
 Human memory is the safest database for storing all
your passwords
 Writing passwords down on a piece of paper
 Storing passwords on a computer in a Word document
or Excel fi le
 Password Manager is software that allows you to
securely store all of your passwords and keep them
safe, typically using one master password. This kind
of software saves an encrypted password database,
which securely stores your passwords either on your
machine or on the Web.
 You should not rely totally on any type of password
manager
 Your single master password must be unique and complex
 HUMAN MEMORY

 Strength: safest database for storing all your

passwords
 Weakness: Easy to forget
 WRITING PASSWORDS DOWN
ON A PIECE OF PAPER
 Strength: ease of access
 Weaknesses:
 You can lose the paper
 Paper could be easily stolen or viewed by other people
 STORING PASSWORDS ON A
COMPUTER IN A WORD DOCUMENT
OR EXCEL FILE
 Strength: ease of access
 Weaknesses:
 Data is not encrypted, anyone who has access to the
computer that the fi le is saved on can easily read your
passwords
 If your computer breaks, you could possibly permanently
lose the fi le
PASSWORD MANAGER IS SOFTWARE

 Password Manager is software that allows you to

securely store all of your passwords and keep them
safe, typically using one master password. This kind
of software saves an encrypted password database,
which securely stores your passwords either on your
machine or on the Web.
 You should not rely totally on any type of password
manager
 Your single master password must be unique and complex
 SO WHICH ONE IS THE BEST?

 Pa s s w o rd m a n a g e m e n t t o o l s a re re a l l y g o o d s o l u t i o n s f o r re d u c i n g t h e
l i ke l i h o o d t h a t p a s s w o rd s w i l l b e c o m p ro m i s e d , b u t d o n ’ t re l y o n a s i n g l e
s o u rc e . W h y ? B e c a u s e a n y c o m p u t e r o r s y s t e m i s v u l n e r a b l e t o a t t a c k .
Re l y i n g o n a p a s s w o rd m a n a g e m e n t t o o l c re a t e s a s i n g l e p o i n t o f
p o t e n t i a l f a i l u re .
 But before you turn to a password-management service based in the cloud or on
your PC, it's best to review the quality of the service, said Tim Armstrong, malware
researcher at Kaspersky Lab. He pointed out that you've got to ensure against data
leakage or insecure database practices. "Users must be extra careful in choosing a
provider," Armstrong said. "Make sure they're a valid and reputable vendor.“
 Grant Brunner wrote a fascinating article at ExtremeTech about
Staying safe online: Using a password manager just isn’t enough. In it, he wrote,
“using a password manager for all of your accounts is a very sensible idea,
but don’t be lulled into a false sense of security You’re not immune from
cracking or downtime.” Broadly speaking, password managers such as LastPass
are like any software: vulnerable to security breaches. For example,
LastPass experienced a security breach in 2011, but users with strong master pass
words were not aff ected
.

 D i s a d v a n t a g e : I f y o u f o rg e t t h e m a s t e r p a s s w o rd , a l l y o u r o t h e r
p a s s w o rd s i n t h e d a t a b a s e a re l o s t f o re v e r , a n d t h e re i s n o w a y o f
re c o v e r i n g t h e m . D o n ’ t f o rg e t t h a t p a s s w o rd !
 KEEPASS

 KeePass is a popular open-source, cross-platform, desktop-

based password manager. It is available for Windows, Linux
and Mac OS X as well as mobile operating systems like iOS
and Android. It stores all your passwords in a single
database (or a single fi le) that is protected and locked with
one master key. The KeePass database is mainly one single
fi le which can be easily transferred to (or stored on) any
computer. Go to the download page to get your copy.
 KeePass is a local program, but you can make it cloud-based
by syncing the database fi le using Dropbox, or another
service like it. Check out Justin Pot’s article,
Achieve Encrypted Cross-Platform Password Syncing With Ke
ePass & Dropbox
.
 Make sure you always hit save after making a new entry to
the database!
MOZILLA FIREFOX’S
PASSWORD MANAGER
 DO NOT PUT ALL YOUR
EGGS IN ONE BASKET.
 Yo u sho uld never reco rd o r write yo ur passwo rd down on a post-it
no te.
 Never share your p asswo rd with anyo ne, even yo ur colleagues.
 Yo u have to be very careful when using yo ur p assword s on p ublic
PCs like scho ols, universities and libraries…etc. Why? Because
there’s a chance these machines are infected with keylogg ers (or
keystro ke log ging metho ds) o r passwo rd-stealing trojan horses.
 Do not use any p asswo rd -saving features such as Goog le Chrome’s
Auto Fill feature o r Microso ft’s Auto Co mplete feature, esp ecially
o n p ublic PCs.
 Do not fi ll any fo rm o n the Web with yo ur perso nal information
unless you know you can trust it. Nowadays, the Internet is full of
fraudulent web sites, so you have to b e aware o f phishing attemp ts.
 Use a trusted and secure b rowser such as Mo zilla Firefox. Firefox
patches hund reds o f security up dates and makes signifi cant
impro vements just to p rotect yo u fro m malware, phishing
attempts, o ther security threats, and to keep you safe as you
bro wse the Web.
 PWNEDLIST

 This free tool helps users

fi gure out if their account
credentials have been
hacked. If you go to the
website of the service, you
will see up-to -date
statistics of the number of
leaked credentials,
passwords and email
addresses.
 PwnedList keeps monitoring
(or crawling) the Web in
order to fi nd stolen data
posted by hackers on the
public sites and then
indexes all the login
information it fi nds.
 POINTS TO REMEMBER

 ALWAYS use a mix of uppercase and lowercase letters

along with numbers and special characters.
 Have a diff erent strong password for each site,
account, computer etc., and DO NOT have any
personal information like your name or birth details in
your password.
 DO NOT share any of your passwords or your
sensitive data with anyone – even your colleagues or
the helpdesk agent in your company. In addition, use
your passwords carefully, especially in public PCs.
Don’t be a victim of shoulder surfi ng.
 Last recommendation that we strongly encourage is
for you to start evaluating your passwords, building
your tiered password system, alternating your ways
of creating passwords and storing them using
password managers.
 HANDS-ON PART 3:
MANAGING YOUR PASSWORDS
1. Decide which methods you plan to store each
password.
2. Download and practice using KeePass
3. Check your primary emails on PwnedList.com/
 TABLE OF CONTENTS

1. The scale of consumer cyber crime

2. What is a password and facts about password security

and its importance

3. Tiered password system - review and categorize your

existing passwords

4. Writing secure passwords

 Characteristic of strong and weak passwords
 Tips and techniques
 Testing the strength of a password

5. Password management techniques

6. Additional tips to secure your identity

 ADDITIONAL TIPS TO
SECURE YOUR IDENTITY
 Open Wi-fi connection can be easily hacked using a
free packet sniff er software
 Always enable “HTTPS” (also called secure HTTP)
settings in all online services that support it – this
includes Twitter, Google, Facebook and more.
 Spoofed Website
 INTERNET CRIME PREVENTION
TIPS
F R O M T H E I N T E R N E T C R I M E C O M P L A I N T C E N T E R ( I C 3 ) . I C 3 I S A PA RT N E R S H I P B E T W E E N
T H E F E D E RA L B U R E A U O F I N V E S T I G AT I O N A N D T H E N AT I O N A L W H I T E C O L L A R C R I M E C E N T E R
.

 Internet crime schemes that steal millions of dollars each year from victims
c o n t i n u e t o p l a g u e t h e I n t e r n e t t h r o u g h v a r i o u s m e t h o d s . Fo l l o w i n g a r e
preventative measures that will assist you in being informed prior to entering into
transactions over the Internet:
 A u c t i o n Fr a u d
 Counterfeit Cashier's Check
 C r e d i t C a r d Fr a u d
 Debt Elimination
 DHL/UPS
 Employment/Business Opportunities
 E s c r o w S e r v i c e s Fr a u d
 Identity Theft
 Internet Extortion
 I n v e s t m e n t Fr a u d
 Lotteries
 Nigerian Letter or "419"
 P h i s h i n g / S p o o fi n g
 Po n z i / P y r a m i d
 Re s h i p p i n g
 Spam
 T h i r d Pa r t y Re c e i v e r o f Fu n d s
 ONLINE CRIME PREVENTION
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

A u c ti on Fr a u d Counterfeit Cashier's Check

 Be f o re y o u b i d , c o n t a c t t h e  Inspect the cashier's check.
s e l le r w i t h a n y q u e s t i o n s y o u  E n s u re t h e a m o u n t o f t h e c h e c k
have. m a t c h e s i n fi g u re s a n d w o rd s .
 Check to see that the account
 Re v i e w t h e s e ll e r ' s f e e d b a c k.
number is not shiny in appearance.
 Be c a u t io u s w h e n d e a l i n g w i t h  Be watchful that the drawer's
i n d i v i d u a l s o u t s id e o f y o u r o w n s i g n a t u re i s n o t t r a c e d .
c o u n t ry.  O ffi c i a l c h e c k s a re g e n e r a l l y
 E n s u re y o u u n d e rs t a n d re fu n d , perforated on at least one side.
re t u rn , a n d w a rr a n t y p o li c i e s .  Inspect the check for additions,
 De t e rm i n e t h e s h i p p i n g c h a rg e s deletions, or other alterations.
b e f o re y o u b u y.  C o n t a c t t h e fi n a n c i a l i n s t i t u t i o n o n
 Be w a r y i f t h e s e l l e r o n l y which the check was drawn to
e n s u re l e g i t i m a c y.
a c c e p t s w i re t r a n s f e r s o r c a s h .  Obtain the bank's telephone
 I f a n e s c ro w s e rv ic e i s u s e d , n u m b e r f ro m a re l i a b l e s o u rc e , n o t
e n s u re it i s l e g i t im a t e . f ro m t h e c h e c k i t s e l f.
 C o n s i d e r i n s u ri n g y o u r i t e m .  Be cautious when dealing with
 Be c a u t io u s o f u n s o li c i t e d individuals outside of your own
c o u n t r y.
o ff e rs .
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

Cr edit Car d Fr au d Debt Elimination

 Know who you are doing business
 E nsu re a s ite is s e c u re an d
with — do your research.
re putable be fore prov iding  Obtain the name, address, and
y our c re dit c ard n u mbe r online . telephone number of the individual or
 Don' t tr u s t a s ite ju s t bec ause c o m p a n y.
 Re s e a r c h t h e i n d i v i d u a l o r c o m p a n y
it c laims to b e s e c u re .
to ensure they are authentic.
 If purc h as in g me rc h andise ,  Contact the Better Business Bureau
e nsure it is from a re putable to determine the legitimacy of the
sou rc e. c o m p a n y.
 Be cautious when dealing with
 Promptly re c on c ile c re dit c ard
individuals outside of your own
state me n ts to av oid c o u n t r y.
unauth or iz e d c h arge s.  Ensure you understand all terms and
 Do y ou r re s e arc h to e nsure conditions of any agreement.
 Be wary of businesses that operate
le gitimac y of th e in d iv idual or
f r o m P. O. b o xe s o r m a i l d r o p s .
c ompan y.  Ask for names of other customers of
 Bew are of prov idin g c redit c ard the individual or company and
information w h e n re que ste d contact them.
through u n s olic ite d e mails.  If it sounds too good to be true, it
probably is.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

DH L / U P S Employment/Business Opportunities
 B ew a re o f i n d i v i d u a l s u s i n g th e  B e w a r y o f i n fl a t e d c l a i m s o f p ro d u c t
e ff e c t i v e n e s s .
D H L o r U P S l o g o i n a n y em a i l
 Be cautious of exaggerated claims of
c o m m u n i c a ti o n .
p o s s i b l e e a rn i n g s o r p ro fi t s .
 Be suspicious when payment is  B e w a re w h e n m o n e y i s re q u i re d u p
req u es t ed b y m o n e y tr a n s f er f ro n t f o r i n s t r u c t i o n s o r p ro d u c t s .
b e f o re th e g o o d s w i l l b e  Be leery when the job posting claims
d e l i v ere d . "no experience necessary".
 Rem e m b er t h a t DH L a n d U P S d o  Do not give your social security
not generally get involved in n u m b e r w h e n fi r s t i n t e r a c t i n g w i t h
y o u r p r o s p e c t i v e e m p l o y e r.
d i re c tl y c o l l ec t i n g p a y m en t f ro m
 Be cautious when dealing with
c u s t o m er s .
individuals outside of your own
 Fe es a s s o c i a te d w i t h D H L o r U P S c o u n t r y.
t r a n s a c t i o n s a re o n l y f o r  B e w a r y w h e n re p l y i n g t o u n s o l i c i t e d
s h i p p i n g c o s t s a n d n ev e r f o r emails for work-at-home employment.
o th e r c o s t s a s s o c i a t e d w i t h  Re s e a r c h t h e c o m p a n y t o e n s u re t h e y
online transactions. a re a u t h e n t i c .
 C o n ta c t DHL o r U P S t o c o n fi rm  C o n t a c t t h e B e t t e r B u s i n e s s B u re a u
t o d e t e rm i n e t h e l e g i t i m a c y o f t h e
t h e a u th en t i c i ty o f em a i l
c o m p a n y.
c o m m u n i c a ti o n s rec e i v e d .
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

E s c r o w S e r v ic e s Fr a u d Identity Theft
 Ensure websites are secure prior to
 Always type in the website
s u b m i t t i n g y o u r c r e d i t c a r d n u m b e r.
a d d re ss y o u r se l f r a t h e r t h a n  Do your homework to ensure the
c l i c k i n g o n a l i n k p ro v i d e d . business or website is legitimate.
 A l e g i ti m a t e w e b si te w i l l b e  Attempt to obtain a physical address,
r a t h e r t h a n a P. O. b o x o r m a i l d r o p .
u n i q u e an d w i l l n o t d u p l i c a t e
 Never throw away credit card or bank
the work of other companies. statements in usable form.
 Be cautious when a site  Be aware of missed bills which could
re q u e st s p a y m e n t t o a n " a g e n t " , i n d i c a t e y o u r a c c o u n t h a s b e e n t a ke n
i n st e a d o f a c o r p o r at e e n t i t y. o v e r.
 Be cautious of scams requiring you to
 B e l e e r y o f e sc ro w si t e s t h a t
provide your personal information.
o n l y a c c e p t w i re t r an sf e r s o r e -  Never give your credit card number
c u rre n c y. o v e r t h e p h o n e u n l e s s y o u m a ke t h e
 B e w a t c h f u l o f sp e l l i n g e rro r s , call.
 Monitor your credit statements monthly
g r a m m a r p ro b l e m s, o r f o r a n y f r a u d u l e n t a c t i v i t y.
i n c o n si st e n t i n f o rm a t i o n .  Re p o r t u n a u t h o r i z e d t r a n s a c t i o n s t o
 B e w are o f s i t e s t h at h a v e your bank or credit card company as
e sc ro w f e e s t h at a re soon as possible.
 Re v i e w a c o p y o f y o u r c r e d i t r e p o r t a t
u n re a so n a b l y l o w.
l e a s t o n c e a y e a r.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

Internet Extortion I n v e s t m e n t Fr a u d
 If the "opportunity" appears too good
 Security needs to be multi- to be true, it probably is.
layered so that numerous  B e w a r e o f p r o m i s e s t o m a ke f a s t
obstacles will be in the way p r o fi t s .
 Do not invest in anything unless you
of the intruder.
understand the deal.
 Ensure security is installed at  Don't assume a company is legitimate
every possible entry point. based on "appearance" of the website.
 Be l eery w h en respo ndi ng t o
 Identify all machines
i n v e s m e n t o ff e r s r e c e i v e d t h r o u g h
connected to the Internet and unsolicited email.
assess the defense that's  B e w a r y o f i n v e s t m e n t s t h a t o ff e r h i g h
returns at little or no risk.
engaged.  Independently verify the terms of any
 Identify whether your servers i n v e s t m e n t t h a t y o u i n t e n d t o m a ke .
are utilizing any ports that  Re s e a r c h t h e p a r t i e s i n v o l v e d a n d t h e
nature of the investment.
have been known to
 Be cautious when dealing with
represent insecurities. individuals outside of your own
 Ensure you are utilizing the c o u n t r y.
 Con t ac t t he Bet t er Busi n ess Bu rea u t o
most up-to -date patches for
determine the legitimacy of the
your software. c o m p a n y.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

Lotteries Nigerian Letter or "419“

 If the lottery winnings appear too  If the "opportunity" appears too
g o o d t o b e t r u e , t h e y p ro b a b l y g o o d t o b e t r u e , i t p ro b a b l y i s .
a re .  D o n o t re p l y t o e m a i l s a s k i n g f o r
 Be cautious when dealing with p e r s o n a l b a n k i n g i n f o rm a t i o n .
individuals outside of your own  B e w a r y o f i n d i v i d u a l s re p re s e n t i n g
c o u n t r y. t h e m s e l v e s a s f o re i g n g o v e rn m e n t
 B e l e e r y i f y o u d o n o t re m e m b e r o ffi c i a l s .
 Be cautious when dealing with
entering a lottery or contest.
individuals outside of your own
 B e c a u t i o u s i f y o u re c e i v e a
c o u n t r y.
t e l e p h o n e c a l l s t a t i n g y o u a re t h e  B e w a re w h e n a s ke d t o a s s i s t i n
w i n n e r i n a l o t t e r y. p l a c i n g l a rg e s u m s o f m o n e y i n
 B e w a re o f l o t t e r i e s t h a t c h a rg e a overseas bank accounts.
fee prior to delivery of your prize.  D o n o t b e l i e v e t h e p ro m i s e o f l a rg e
 Be wary of demands to send sums of money for your
additional money to be eligible cooperation.
f o r f u t u re w i n n i n g s .  G u a rd y o u r a c c o u n t i n f o rm a t i o n
 It is a violation of federal law to c a re f u l l y.
p l a y a f o re i g n l o t t e r y v i a m a i l o r  Be cautious when additional fees
phone. a re re q u e s t e d t o f u r t h e r t h e
transaction.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

Phishing/Spoofi ng P o n z i /P y r am i d
 Be suspicious of any  I f t he " o p p o r t un i t y " a p p e a r s t o o
unsolicited email requesting g o o d t o b e t r u e , i t p ro b a b l y i s .
personal information.  B e w a re o f p ro m i s e s t o m a ke f a s t
 Avoid fi lling out forms in p ro fi t s .
 E xe rci s e d i l i g e nc e i n s e l e c t i n g
email messages that ask for
i nv e s t m e n t s .
personal information.  B e vi g i l a n t i n re s e a rc hi n g w i t h
 Always compare the link in w ho m yo u ch o o s e t o i nv e s t .
the email to the link that you  M a ke s ure yo u f u l l y u nd e r s t a n d
are actually directed to. t he i n ve s t m e n t p r i o r t o
 Log on to the offi cial website, i nv e s t i ng .
instead of "linking" to it from  B e w a r y w he n y o u a re re q ui re d
an unsolicited email. t o b r i ng i n s u b s e q ue n t
 Contact the actual business i nv e s t o r s .
 I n d e p e n d e n t l y v e r i fy t he
that supposedly sent the
l e g i t i m a cy o f a n y i n v e s t m e nt .
email to verify if the email is
 B e w a re o f re f e re nc e s g i v e n b y
genuine.
t he p ro m o t e r.
ONLINE CRIME PREVENTION (CONT.)
I F T H E " O P P O RT U N I T Y " A P P E A R S T O O G O O D T O B E T R U E , I T
P R O B A B LY I S .

Reshipping Spam
 B e c a u t i o u s i f y o u a r e a s ke d t o s h i p  Don't open spam. Delete it unread.
packages to an "overseas home  Never respond to spam as this will
o ffi c e . " c o n fi r m t o t h e s e n d e r t h a t i t i s a " l i v e "
 Be cautious when dealing with email address.
individuals outside of your own  Have a primary and secondary email
c o u n t r y. address - one for people you know and
one for all other purposes.
 Be leery if the individual states that
 Av o i d g i v i n g o u t y o u r e m a i l a d d r e s s
his country will not allow direct
unless you know how it will be used.
business shipments from the United
 Never purchase anything advertised
States.
through an unsolicited email.
 Be wary if the "ship to" address is
yours but the name on the package is
T h i r d P a r t y R e c e i v e r o f Fu n d s
not.
 Do not agree to accept and wire
 Never provide your personal
payments for auctions that you did not
information to strangers in a post.
chatroom.  Be leery if the individual states that his
 Don't accept packages that you didn't co u n try m akes recei v i ng these typ e o f
o r d e r. f u n d s d i ffi c u l t .
 If you receive packages that you  Be cautious when the job posting claims
didn't order, either refuse them upon "no experience necessary".
delivery or contact the company  Be cautious when dealing with
where the package is from. i n d i v i d u a l s o u t s i d e o f y o u r o w n c o u n t r y.
 REFERENCES

 Al-Marhoon, M. (n.d.). Password Management Guide.

MakeUseOf. Retrieved April 10, 2013, from
http://www.makeuseof.com/pages/the-password-mana
gement-guide-fulltext

 http://www.slideshare.net/NortonOnline/2012-norton-c
ybercrime-report-14207489

 http://www.ic3.gov/media/annualreports.aspx