Cyber Stalking, Fraud, Abuse

CSCE 201

Reading

Required: Chapter 3 from textbook

Interesting: Dwyer, Hiltz, Passerini, Trust and privacy concern

within social networking sites: A comparison of Facebook and MySpace, http://csis.pace.edu/~dwyer/research/DwyerAMCIS2007.pdf

Internet Safety

Technical vulnerabilities Software, hardware, applications Assurance Usability

Non-technical vulnerabilities Fraud Scam Social engineering Stalking

Why Internet Fraud?

How Internet Fraud Works?

Investment offers Email News letter

Common Schemes Outrageous sum of money Asks for small amount to be invested

Check US Secret Service bulletin, http://www.sec.gov/investor/alerts

Why would a stranger trust and reward you?

FROM THE OFFICE OF MR.MOHAMMED BELLO.CHIEF ACCOUNTANT NIGERIA NATIONAL PETROLEUM CORPORATION (NNPC),FEDERAL SECRETARIAT IKOYI, LAGOS-NIGERIA REQUEST FOR URGENT CONFIDENTIAL BUSINESS RELATIONSHIP

Dear Sir/Madam. 

I,on behalf of my other colleagues from different federal government of Nigeria owned parastatals decided to solicit your assistance as regards transfer on the above-mentioned amount into your account . This fund arose from over-invoicing of various contract awarded in our parastatals to certain foreign contractors sometime ago.We as holders of sensitive positive positions in our various parastatals were mandated by the federal government to scrutinize all payments made to certain foreign contractors and we discovered that some of the contracts they executed were grossly over-invoiced either by omission or commission.

Also we discovered that the sum of us$33.5M [thirty three million five hundred thousand U.S. Dollars only] was lying in a suspense account, although the foreign contractors were fully paid their contract entitlement after the execution the said contracts.…

We are therefore, soliciting your assistance so that the remaining amount of U.S.$28.5M Can be speedily processed and fully remitted into your

nominated bank account. On successful remittance of the fund into your account, you will be compensated with 30% of the total amount for your assistance and services.So far, much have been said and due to our sensitive positions, we cannot afford a slip in this transaction, neither can we give out our identity, as regards our respective offices , but where relationship is established and smooth operation commences, you will be furnished with all you deserve to know.…

Yours Faithfully,Mr. Mohammed Bello,NNPC Chief accountant.

Investment Advise

Biased advertisement Investment news letters – must disclosed if paid

advertisement (but they don’t always do so) Pump and dump

Purchase worthless stock Artificially inflate stock prices Sell at high price

US Securities and Exchange Commission, http://www.sec.gov/investor/pubs/pump.htm

How to Avoid InvestmentFraud?

Consider source Verify claims Research the company Beware of high-pressure tactics Be skeptical Research investment opportunity

How about Internet pyramid-scheme?

Source: Wikipedia, https://en.wikipedia.org/wiki/Pyramid_scheme

Auction Fraud

US Federal Trade Commission Types of frauds

Failure to sent merchandise Sending something of lesser value Failure to deliver in timely manner Failure to disclose all relevant facts Bidding frauds:

shill biddingbid shieldingbid siphoning

Identity Theft

US department of justice, http://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud

“ Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. ”

It is a CRIME!

Methods of Identity Thefts

Social engineering Phishing Social network Technical (break-ins, RFID readers,

communication compromise, web application insecurity)

How do you accept social network connection requests?

Social Relationships

Communication context changes social relationships

Social relationships maintained through different media grow at different rates and to different depths

No clear consensus which media is the best

Internet and Social Relationships

Internet Bridges distance at a low cost New participants tend to “like” each other

more Less stressful than face-to-face meeting People focus on communicating their

“selves” (except a few malicious users)

Privacy in Social Networks

Current support for security is limited Common Access Categories: Public, Group

Membership, “Friend” No support for differentiating relationship “closeness” “Friend” connections must be symmetric, unlike reality

Users often do not use existing security features Hard-coded into the system Owners have system dependent access categories

Security & Privacy Issues

Malware exploiting social networks Malicious banner ads Adware Phishing attacks’ Customizable scripts

Facebook’s attempt: make visible relationship actions to entire social group

Everyone reading everyone’s shared information

Behavioral Profiling

SN users: post personal information for friends, family, and … the World

Data Mining applications pattern of behavior Misuse of information:Identity thefts, Scam,

Phishing Risk of third party applications!

Facial recognition of friends of friends Relationships Targeted advertisement Marketing tools

Privacy?

SN and privacy issues in early research stage Users tend to give out too much information Privacy thresholds vary by individuals What are the long term effects?

How can we prevent to become victimes?

Lack of LegislationLack of Legislation

Reactive procedures Not addressed improper acts Lack of technical expertise of legal personnel

Ethics vs. LawEthics vs. Law

Law Ethics

Formal, written document Unwritten principles

Interpreted by courts Interpreted by each individual

Established by legislatures Presented by philosophers, religious, professional groups

Applicable to everyone Personal choice

Priority decided by court Priority determined by individual

Court makes final decision No external decision maker

Enforceable by police and courts

Limited enforcement

Next Class

Secure online activities