CONT….

ONLINE SAFETY, SECURITY, ETHICS, AND RULES OF

NETIQUETTE
Internet is defined as the information superhighway. This means that
anyone has access to this highway, can place info, and can grab that info.
The introduction of the World Wide Web and internet has made great break
throughs in the field of information sharing and communication. It helped
connect people miles away from each other. However, these advances
carried draw backs wherein the issue of safety, security, and ethics of the
consumers are compromised.
The internet is the guiding technology of the Information Technology
Age just as the electrical engine was of the Industrial Age. In these times,
more and more people are already engaged in the use of technology. These
people who are raised in a digital, media-saturated world are called digital
natives. No doubt, the Internet has been very useful to us but with the rise
of instant messaging, chat rooms, emails and social networking sites, it can
also bring trouble - from cyberbullying to more serious Internet dangers,
including exposure to sexual predators. Thus, internet safety is always our
primary concern.
INTERNET SAFETY- it refers to the online security or safety of people and
their information when using internet.
ONLINE SAFETY refers to the practices and precautions that should be
observed when using the internet to ensure that the users as well as their
computers and personal information are safe from crimes associated with
using the internet.
ONLINE SAFETY AND SECURITY defines how you are going to keep
yourself safe while surfing the web.

INTERNET THREATS (Common Issues and Crimes on the

Internet)
1. MALWARE – Stands for malicious software. Software that is specifically
designed to disrupt, damage, or gain unauthorized access to a computer
system.

5 TYPES OF MALWARES
a) Virus – a malicious program designed to transfer from one computer to
another in any means possible.
b) Worm - a malicious program designed to replicate itself and transfer from
one file folder to another and also transfer to other computers.
c) Trojan – a malicious program that disguises as a useful program but once
downloaded or installed, leaves your PC unprotected and allows hackers
to get your information.
d) Spyware – a program that runs in the background without you knowing it
(thus called “spy”). It has the ability to monitor what you are currently
doing and typing through keylogging.
e) Adware – a program designed to send you advertisements, mostly as
pop-ups.
2. SPAM – Stupid Pointless Annoying Malware. It is an unwanted email
mostly from bots or advertisers. It can be used to send malwares. Irrelevant
or inappropriate messages sent on the internet to a large number of
recipients. Spam is any kind of unwanted, unsolicited digital communication
or advertisement that gets sent out in bulk. It can be via email, text, phone,
or social media.
3. PHISHING – an unwanted acquisition of sensitive personal information
like passwords and credit card details. Phishing is a fraudulent practice in
which an attacker masquerades as a reputable entity or person in an email
or other form of communication. Attackers commonly use phishing emails to
distribute malicious links or attachments that can extract login credentials,
account numbers and other personal information from victims.

TYPES OF PHISHING
 SPEAR PHISHING ATTACKS are directed at specific individuals or
companies. These attacks usually employ gathered information specific to
the victim to more successfully represent the message as being authentic.
Spear phishing emails might include references to co-workers or
executives at the victim's organization, as well as the use of the victim's
name, location or other personal information.
 WHALING ATTACKS are a type of spear phishing attack that specifically
target senior executives within an organization with the objective of
stealing large sums of sensitive data. Attackers research their victims in
detail to create a more genuine message, as using information relevant or
specific to a target increases the chances of the attack being successful.
Because a typical whaling attack targets an employee who can authorize
payments, the phishing message often appears to be a command from an
executive to authorize a large payment to a vendor when, in fact, the
payment would be made to the attackers.
 PHARMING is a type of phishing attack that uses domain name system
cache poisoning to redirect users from a legitimate website to a
 fraudulent one. Pharming attempts to trick users into logging in to the
fake website using their personal credentials.
 CLONE PHISHING ATTACKS use previously delivered but legitimate
emails that contain either a link or an attachment. Attackers make a copy
-- or clone -- of the legitimate email and replace links or attached files
with malicious ones. Victims are often tricked into clicking on the
malicious link or opening the malicious attachment. This technique is
often used by attackers who have taken control of another victim's
system. In this case, the attackers use their control of one system within
an organization to email messages from a trusted sender who is known to
the victims.
 EVIL TWIN ATTACKS occur when hackers try to trick users into
connecting to a fake Wi-Fi network that looks like a legitimate access
point. The attackers create a duplicate hotspot that sends out its own
radio signal and uses the same name as the real network. When the
victim connects to the evil twin network, attackers gain access to all
transmissions to or from the victim's devices, including user IDs and
passwords. Attackers can also use this vector to target victim devices with
their own fraudulent prompts.
 VOICE PHISHING is a form of phishing that occurs over voice-based
media, including voice over IP -- also called vishing -- or plain old
telephone service. This type of scam uses speech synthesis software to
leave voicemails notifying the victim of suspicious activity in a bank
account or credit account. The call solicits the victim to respond to verify
their identity, thus compromising their account credentials.
 SMS PHISHING, or smishing, is a mobile device-oriented phishing attack
that uses text messaging to convince victims to disclose account
credentials or install malware. The victim is usually asked to click on a
link, call a phone number or send an email. The attacker then asks the
victim to provide private data. This attack is more difficult to identify, as
attached links can be shortened on mobile devices.
 CALENDAR PHISHING attempts to fool victims by sending false calendar
invites that can be added to calendars automatically. This type of phishing
attack attempts to appear as a common event request and includes a
malicious link.
 PAGE HIJACK ATTACKS redirect the victim to a compromised website
that's the duplicate of the page they intended to visit. The attacker uses a
cross-site scripting attack to insert malware on the duplicate website and
redirects the victim to that site.

PHISHING TECHNIQUES
Phishing attacks depend on more than simply sending an email to victims
and hoping they click on a malicious link or open a malicious attachment.
Attackers can use the following techniques to entrap their victims.
 URL spoofing. Attackers use JavaScript to place a picture of a legitimate
URL over a browser's address bar. The URL is revealed by hovering over
an embedded link and can also be changed using JavaScript.
 Link manipulation. Often referred to as URL hiding, this technique is
used in many common types of phishing. Attackers create a malicious URL
that's displayed as if it were linking to a legitimate site or webpage, but
the actual link points to a malicious web resource.
 Link shortening. Attackers can use link shortening services, like Bitly, to
hide the link destination. Victims have no way of knowing if the shortened
URL points to a legitimate website or to a malicious website.
 Homograph spoofing. This type of attack depends on URLs that were
created using different characters to read exactly like a trusted domain
name. For example, attackers can register domains that use slightly
different character sets that are close enough to established, well-known
domains.
 Graphical rendering. Rendering all or part of a message as a graphical
image sometimes enables attackers to bypass phishing defenses. Some
security software products scan emails for particular phrases or terms
common in phishing emails. Rendering the message as an image bypass
this.
 Covert redirect. Attackers trick victims into providing personal
information by redirecting them to a supposed trusted source that asks
them for authorization to connect to another website. The redirected URL
is an intermediate, malicious page that solicits authentication information
from the victim. This happens before forwarding the victim's browser to
the legitimate site.
 Chatbots. Attackers use AI-enabled chatbots to remove obvious
grammatical and spelling errors that commonly appear in phishing emails.
Phishing emails using an AI chatbot might make the phishing message
sound more complex and real, making it harder to detect.
 AI voice generators. Attackers use AI voice generator tools to sound like
a personal authority or family figure over a phone call. This further
personalizes the phishing attempt, increasing its likeliness to work.
Attackers just need a voice sample using a small audio clip of the victim's
manager or family member.
4. CYBERBULLYING - Cyberbullying is bullying that takes place over digital
devices like cell phones, computers, and tablets. Cyberbullying can occur
through SMS, Text, and apps, or online in social media, forums, or gaming
where people can view, participate in, or share content. Cyberbullying
happens as, posting comments, images, or videos about the victim to feel
upset and frightened. Hacking into the victim’s personal accounts and
harassing them from within their own user profile.
5. SEXTING – Usually refers to sending and receiving rude messages or
videos of naked pictures/videos, “underwear shots”, or any sexual texts,
images or videos.
6. IDENTITY THEFT – the act of obtaining information illegally about
someone else. Thieves try to find such information as full name, maiden
name, address, date of birth, social security number, passwords, phone
number, e-mail, and credit card.
7. PLAGIARISM - is the act or instance of using or closely imitating the
language and thoughts of another author without authorization and the
representation of that author's work as one's own.
8. INTELLECTUAL PROPERTY (IP) RIGHTS - refers to creations of the
mind, such as inventions, literary and artistic works, designs, and symbols.
9. FLAME WAR – Flame war is a series of flame posts or messages in a
thread that are considered derogatory in nature or are completely off-topic.
Often these flames are posted for the sole purpose of offending or upsetting
other users. The flame becomes a flame war when other users respond to
the thread with their own flame message.
PROTECTING REPUTATIONS ONLINE
 INTELLECTUAL PROPERTY – Intellectual property is a category of
property that includes intangible creations of the human intellect.
Intellectual property encompasses two types of rights: industrial property
rights and copyright.
 COPYRIGHT LAW – It is legal protection extended to the owner of the
rights in an original work.
 COPYRIGHT PAGE – The copyright page is where the publisher places all
the legal notices and information related to a book.

TO AVOID COPYRIGHT INFRINGEMENT

 Understand
 Be responsible
 Be Creative
 Know the Law
ONLINE SAFETY MEASURES
 Never give any personal information out about yourself over the internet.
 Do not give any banking or sensitive information unless you are sure that
it is a reputable business having a secure service. To make sure that you
are in a secured network, the website address should begin with “https://’
as opposed to “http://”. Never access your accounts by following an email
link, instead type your URL by yourself.
 Never open messages or attachments from someone you do not know.
 Regularly review your privacy settings in your online accounts to make
sure you are not sharing important personal information.
 When using a public computer terminal, be sure to delete your browsing
data before leaving.
 Keep your software updated to avoid security holes.
 Do not download or install software or anything on your computer or cell
phone that is unknown to you.