Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla - - PowerPoint PPT Presentation

ciberseguridad
SMART_READER_LITE
LIVE PREVIEW

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla - - PowerPoint PPT Presentation

Sep 16, 2022 391 likes •787 views

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber

slide-1
SLIDE 1

INSTITUTO POLITÉCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION

Cyber security A-15

  • Dr. Ponciano Jorge Escamilla Ambrosio

pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/

Laboratorio de Ciberseguridad

slide-2
SLIDE 2

CIC

2.6. Internet Fraud 2.7. Electronic Evidence 2.8. Cybercrime

2

Cyber Cyber security security course course

slide-3
SLIDE 3

CIC

3

Inter Internet Fraud net Fraud

slide-4
SLIDE 4

CIC

Refers to any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions

  • r

to

  • thers

connected with the scheme.

4

Inter Internet Fraud net Fraud

slide-5
SLIDE 5

CIC

 The Internet has transformed our lives.  It offers tremendous opportunities to learn,

share, connect, shop, and bank.

As we increasingly engage online, criminals follow the traffic!

5

Inter Internet Fraud net Fraud

slide-6
SLIDE 6

CIC

 Fraud on the Internet is aimed mostly at

individuals.

 Online fraud victimizes millions of

unsuspecting people every year.

 In the USA the FBI’s Internet Crime

Complaint Center recorded 300,000 fraud complaints in 2011 with an adjusted dollar loss of nearly half a billion dollars.

6

Inter Internet Fraud net Fraud

slide-7
SLIDE 7

CIC

7

Inter Internet Fraud net Fraud

Internet Fraud in Mexico

slide-8
SLIDE 8

CIC

 There is a clear shift in the nature of the

  • peration of computer criminals.

 In the early days, many hackers simply

wanted to gain fame or notoriety by defacing websites.

 There are many more criminals today, and

they are more sophisticated and technical experts.

8

Inter Internet Fraud net Fraud

slide-9
SLIDE 9

CIC

Most popular is the theft of personal information such as credit card numbers, bank accounts, Internet IDs, and passwords.

9

Inter Internet Fraud net Fraud

slide-10
SLIDE 10

CIC

 Today cybercriminals are holding data for

ransom and trying to extort payments from their victims. http://usatoday.com/story/news/nation/2014/05 /14/ransom-ware-computer-dark-web- criminal/8843633

10

Inter Internet Fraud net Fraud

slide-11
SLIDE 11

CIC

 Today laptop computers are stolen for two

reasons:

  • selling them (e.g., to pawn shops, on eBay)
  • trying to find the owners’ personal information

(e.g., social security number, driver’s license details, and so forth).

 A major driver of data theft and other crimes

is the ability to profit from the theft.

  • Today, stolen data are sold on the black market

11

Inter Internet Fraud net Fraud

slide-12
SLIDE 12

CIC

12

Online Online Fraud Life Cycle Fraud Life Cycle

slide-13
SLIDE 13

CIC

 Social engineering refers to a collection of

methods where criminals use human psychology to persuade or manipulate people into revealing their confidential information so they can collect information for illegal activities.

13

Social Engine Social Engineering an ering and Fraud d Fraud

slide-14
SLIDE 14

CIC

 Phishing is a fraudulent process of acquiring

confidential information, such as credit card

  • r banking details, from unsuspecting

computer users.

 Sometimes phishers install malware to

facilitate the extraction of information.

14

Social Phishing Social Phishing

slide-15
SLIDE 15

CIC

15

Phishing Phishing

slide-16
SLIDE 16

CIC

16

Phishing Phishing

slide-17
SLIDE 17

CIC

 These scams use email, text, or social

network messages that appear to come from a reputable organization like your bank or a favourite charity—or, for example, the Outlook team. The message is often so realistic that it can be difficult to tell it is not legitimate.

17

Phishing Phishing scams scams

slide-18
SLIDE 18

CIC

 The convincing message entices you to

divulge sensitive information like an account number or password. Or it might ask you to call a phony toll-free number or to click a link that goes to a fake webpage where you’re asked to reveal personal data.

18

Phishing Phishing scams scams

slide-19
SLIDE 19

CIC

19

Phishing Phishing example example

slide-20
SLIDE 20

CIC

20

Rogue Rogue security security software software

slide-21
SLIDE 21

CIC

21

Fake technical Fake technical support support

slide-22
SLIDE 22

CIC

22

Fraudulent con Fraudulent contest and winnings test and winnings

slide-23
SLIDE 23

CIC

23

Financial Financial scams scams

slide-24
SLIDE 24

CIC

 Similarly to phishing, pharming is a scam

where malicious code is installed on a computer and used to redirect victims website’s traffic to a bogus websites without their knowledge or consent.

 Pharming is directed towards large groups of

people at one time via domain spoofing.

 Pharming can be used for identity theft

scams.

24

Pharming Pharming

slide-25
SLIDE 25

CIC

25

Ransomware Ransomware

slide-26
SLIDE 26

CIC

26

Ransomware Ransomware

slide-27
SLIDE 27

CIC

 Identity theft refers to wrongfully obtaining

and using the identity of another person in some way to commit crimes that involve fraud or deception (e.g., for economic gain).

 Identity fraud refers to assuming the identity

  • f another person or creating a fictitious

person and then unlawfully using that identity to commit a crime.

27

Identit Identity y Theft and Identity Fraud Theft and Identity Fraud

slide-28
SLIDE 28

CIC

28

Spot the signs Spot the signs of online

  • f online fraud

fraud

slide-29
SLIDE 29

CIC

 If it sound to good to be true, suspect!!

29

Defense Defense against against Inter Internet fraud net fraud

slide-30
SLIDE 30

CIC

30

Defense Defense against against Inter Internet fraud net fraud

slide-31
SLIDE 31

CIC

31

Defense Defense against against Inter Internet fraud net fraud

slide-32
SLIDE 32

CIC

32

Defense Defense against against Inter Internet fraud net fraud

slide-33
SLIDE 33

CIC

33

Defense Defense against against Inter Internet fraud net fraud

slide-34
SLIDE 34

CIC

34

EC Security EC Security management management concerns concerns

  • E. Turban et al., Electronic Commerce: A

Managerial and Social Networks Perspective, Springer Texts in Business and Economics, DOI 10.1007/978-3-319-10091-3_10

slide-35
SLIDE 35

CIC

 CIA security triad:

  • 1. Confidentiality is the assurance of data secrecy

and privacy. Namely, the data is disclosed only to authorized people. Confidentiality is achieved by using several methods, such as encryption and passwords.

  • 2. Integrity is the assurance that data are accurate

and that they cannot be altered. The integrity attribute needs to be able to detect and prevent the unauthorized creation, modification, or deletion of data or messages in transit.

35

The The Informat Information Assurance ion Assurance (IA) (IA) model model

slide-36
SLIDE 36

CIC

 CIA security triad:

  • 3. Availability is the assurance that access to any

relevant data, information websites, or other EC services and their use is available in real time, whenever and wherever needed. The information must be reliable.

36

The The Informat Information Assurance ion Assurance (IA) (IA) model model

slide-37
SLIDE 37

CIC

 Computer-based electronic evidence is

information and data of investigative value that is stored on or transmitted by a computer.

 Computer-based electronic evidence is, by

its very nature, fragile. It can be altered, damaged, or destroyed by improper handling

  • r improper examination.

37

Elect Electron ronic ic Eviden Evidence ce