Cyber Security

● Mobile a n d Wireless Devices In t ro d u c t i o n

● P roli fera tion o f Mobile a n d Wireless
Devices
● Tre n d s in Mobility
● C r e d i t C a r d Fra u d s in Mobile
● Wireless C o m p u t i n g E ra
 Mobile and Wireless Devices Introduction

Mobile and wireless devices are like digital companions that don't need a
physical connection to work. They include smartphones, tablets, and other
gadgets that communicate wirelessly, allowing users to stay connected and
access information on the go.
Features:
1. Portability: These devices are small and easy to carry, allowing users to
stay connected wherever they go.
2. Wireless Connectivity: They use technologies like Wi-Fi, Bluetooth, and
mobile networks to connect to the internet and other devices.
3. M ultifunctionality : Beyond calls and messages, they se rve as c a m e ras,
G P S devices, entertainment hubs, and more.
I m p o r t a n c e o f Mobile and Wireless Devices

1. Communication: Keeping people connected through calls, messages, and

social media.
2. Information Access: Providing instant access to the internet for
information, news, and entertainment.
3. Pr oductivity : Enabling wo rk and p roductivity on the go t h rough
various apps and functionalities.
 Proliferation o f Mobile and Wireless Devices

Proliferation of mobile and wireless devices is like the widespread g ro w t h o r spread of

smartphones, tablets, and ot h er wirelessly connected gadgets. It reflects the increasing
nu mb er of these devices in o u r daily lives.

Key Factors:
1. Technological Advancements: Continuous improvements in technology make
devices m o re a ff ordable and accessible.
2. Increased Connectivity: The rise of high-speed internet and wireless networks
enables seamless communication.
3. Versatility: Mobile devices o ff e r a variety of functions, f ro m communication to
entertainment and productivity.
4. Co n s u mer Demand: People increasingly rely on mobile and wireless devices fo r
convenience and on-the-go access.
 T re n d s in Mobility

1.5G Revolution: The 5G Revolution is like the superhero of internet speed. It's
the fifth generation of mobile networks, bringing faster speeds and more
reliable connections to mobile and wireless devices.
Impact:
● High-Speed Connectivity: Faster internet speeds for quicker downloads
and smoother streaming.
● IoT Advancements: Enables better connections for the Internet of Things
(IoT) devices.
T re n d s in Mobility

2.Mobile App Ecosystem: The Mobile App Ecosystem is like a digital

marketplace. It encompasses the diverse range of applications available for
download on mobile devices.
Impact:
● Diverse Applications: Apps for communication, productivity,
entertainment, and more.
● App Integration: Seamless integration of apps for a smoother user
experience.
T re n d s in Mobility

3.Mobile Security Measures: Mobile Security Measures are like digital

bodyguards for your devices. With the increasing use of mobile devices,
there's a growing focus on ensuring their security.
Impact:
● Biometric Authentication: Fingerprint and facial recognition for
enhanced device security.
● Mobile Device Management (MDM): Tools for businesses to secure
and manage mobile devices.
T re n d s in Mobility

4.Edge Computing: Edge Computing is like having a mini-brain in your device.

Instead of relying solely on a centralized server, computations happen closer to
the source of data.
•Impact:
● Reduced Latency: Faster response times for applications and services.
● Improved Privacy: Processing sensitive data locally without sending it to a
central server.
T re n d s in Mobility

6.Remote Work and Collaboration: Remote Work and Collaboration are like the
new-age workspaces. With the advancement of mobile technology, working
from anywhere and collaborating seamlessly has become a trend.
Impact:
● Fle ibility: Allows professionals to work from di ff erent locations.
● Virtual Meetings: Increased reliance on mobile
devices for virtual collaboration.
T re n d s in Mobility

7.Sustainable Mobility: Sustainable Mobility is like a green approach

to technology. It involves the development and use of mobile solutions
that minimize environmental impact.

Impact:
● Green Technologies: Focus on eco-friendly materials and energy-
e ffi cient designs.
● Reduced E-Waste: E ff orts to extend the lifespan of devices and
promote recycling.
 C re d i t C a r d Fra u d s in Mobile

Credit C a rd Frauds in Mobile are like digital heists targeting your financial
information on mobile devices. It involves unauthorized access to credit card
details, leading to financial losses and potential identity theft.
Common Techniques:
1. Phishing: Fraudsters use fake messages o r emails to trick users into
revealing credit card information.
2. Mobile Malware: Malicious software on mobile devices can capture credit
card details.
3. Fake Apps: Fraudulent mobile applications mimic legitimate ones to steal
credit card information.
4. Unsecured Wi-Fi: Conducting transactions on unsecured Wi-Fi networks
makes it easier for hackers to intercept data.
C re d i t C a r d Fra u d s in Mobile

Preventive Measures:
1. Use Trusted Apps: Only download apps from o ffi cial app stores to avoid fake
applications.
2. Secure Wi-Fi: Avoid sensitive transactions on public Wi-Fi networks; use
secure connections.
3. Two-Factor Authentication: Enable additional layers of security for mobile
transactions.
4. Regular Monitoring: Keep a close eye on credit card statements for any
unauthorized transactions.
Example: Imagine receiving a message that looks like it's from your bank, asking
for your credit card details to resolve an issue. If you provide this information,
you've fallen victim to Credit Card Frauds in Mobile. It's crucial to stay vigilant,
verify messages, and adopt secure practices to protect your financial
information on mobile devices.
Wireless C o m p u t i n g E r a

The Wireless Computing Era is like a technological revolution,

marking a shift from traditional wired connections to a world
where computing devices communicate and connect wirelessly.

Key Elements:
1. Wireless Networks: Use of technologies like Wi-Fi,
Bluetooth, and cellular networks for device connectivity.
2. Mobile Devices: Proliferation of smartphones, tablets, and
wearables, untethered from physical connections.
3. Cloud Computing: Storing and accessing data and
Wireless C o m p u t i n g E r a

Characteristics:
1. Mobility: Computing devices can be used and moved without the constraints
of physical cables.
2. Instant Connectivity: Devices can connect to the internet and each other
instantly, enhancing communication.

Technological Enablers:
3. 5G Technology: High-speed, low-latency wireless networks supporting
advanced applications.
4. IoT Integration: Interconnected devices, from smart homes to industrial
sensors, communicating wirelessly.
5. Edge Computing: Processing data closer to the source, reducing reliance on
centralised servers.
Wireless C o m p u t i n g E r a

Impact on Society:
1. Digital Transformation: Changing the way businesses operate,
communicate, and deliver services.
2. Remote Work Revolution: Allowing individuals to work from anywhere,
transforming traditional workspaces.
3. Smart Living: Integration of wireless technologies in homes, making them
smart and connected.

Example: Imagine a world where you can seamlessly connect to the internet,
work, and communicate without any physical constraints. That's the essence of
the Wireless Computing Era, where the airwaves c a r r y the pulse of our digital
lives, shaping the way we live, work, and connect.
 S e c u r i t y Challenges Posed by Mobile Devices

1.Lost o r Stolen Devices: Challenge: Mobile devices a re small a n d p o rt a b l e , m a k i n g t h e m easy targets

f o r t h e f t o r misplacement . If not s e c u re d , sensitive i n fo rm a t i o n c a n b e accessed.

Mitigation:
● S t r o n g Pa s swo rd s o r Biometrics: P ro te c t devices with s e c u re authentication me t hod s.
● Remote Wipe: Enable fea tures to re mo te ly erase data in case o f loss.

2.Malicious Apps: Challenge: Fake o r malicious a p p s c a n c o m p ro m i s e s e c u r i t y by accessi n g p e rs o n a l

i n fo rm a t i o n o r injecting ma lwa re into the device.

Mitigation:
● O ffi cia l A p p Sto re s : Downloa d a p p s only f r o m t rus te d s o u rc e s like G o o g l e Play o r the Ap ple
A p p S to re .
● A p p Permissions: Review a n d limit a p p p e rmi ssi ons to the essentials.
 S e c u r i t y Challenges Posed by Mobile Devices

3.Phishing Attacks: Challenge: Mobile u s e rs m ay fall victi m to p hishi ng attempts t h r o u g h f ra u d u l e n t

emails, messages, o r websites seeking p e rs o n a l i nformati on.

Mitigation:
● U s e r Education: Tra i n u s e rs to i d enti fy a n d avoid p h i s h i n g attempts.
● S e c u r i t y S o f t wa r e : U s e mobile s e c u r i t y a p p s to detect a n d b l o c k p h i s h i n g threats.

4.Ins ecu re Wi-Fi N e t wo r k s : Challenge: C o n n e c t i n g to u n s e c u re d Wi-Fi n e t wo r k s exp oses mobile

devices to potential e ave s d ro p p i n g a n d data interception.

Mitigation:
● Use VPNs: E m p l oy Vi rtual Private N e t wo r k s f o r s e c u re data transmission.
● Avoid Public Wi-Fi f o r Sensitive Transactions: Refrai n f r o m c o n d u c t i n g financial o r
sensitive tra nsacti ons o n u n s e c u re d n e t wo rks .
 S e c u r i t y Challenges Posed by Mobile Devices

5.Outdated S o f t wa r e : Challenge: Failure to update o p e ra t i n g systems a n d a p p s leaves devices

vuln erab le to k n o w n exploits a n d s e c u r i t y flaws.

Mitigation:
● Re g u l a r Updates: Ke e p b o t h the o p e ra t i n g system a n d a p p s u p to date.
● Automatic Updates: Enable automatic updates f o r a d d e d conve nie nce .

6.L a c k o f E nc ry p t io n: Challenge: U n e n c r y p t e d data transmission a n d stora ge c a n lead to

u n a u t h o r i s e d access a n d data b re a c h e s .

Mitigation:
● Enable E nc ry p t io n: E n c r y p t b o t h data at re s t a n d d u r i n g transmission.
● S e c u r e Co mmu nica t ion Channels: U s e s e c u re p ro to c o l s f o r data t ra n s fe r.
 S e c u r i t y Challenges Posed by Mobile Devices

7.Social E ngineering: Challenge: C y b e rc r i m i n a l s m ay exploit h u m a n p syc h o l o g y to manipulate u s e r s

into revealing sensitive i nformati on.

Mitigation:
● U s e r Education: Tra i n u s e rs to re c o gn i z e a n d resist social e n gi n e e ri n g tactics.
● Multi-Factor Authentication: Imp le men t additional authentication layers f o r a d d e d security.

8.Insu ffi cient U s e r Awareness: Challenge: L a c k o f awareness a m o n g u s e rs ab out mobile s e c u r i t y

best p ra c t i c e s c a n lead to r i s k y b ehaviours.

Mitigation:
● Tra ining P r o g ra m s : C o n d u c t re g u l a r s e c u r i t y awareness tra ini ng f o r users.
● Communication: Ke e p u s e rs i n fo r m e d ab out e m e r g i n g thre ats a n d best p ra c t i c e s .
 Re g i s t r y Se t t i n g f o r Mobile Devices

Mobile devices, especially those r u n n i n g i O S a n d A n d ro i d , typ ica lly d o n ot have a re g i s t r y like

Windows o p e ra t i n g systems. H o weve r, t h ey d o have settings a n d configurati on s that c a n b e m a n a g e d
to e n ha n c e s e c u r i t y a n d c o n t ro l device behavior. H e r e a re some i m p o r t a n t settings a n d con figurat i on s
f o r mobile devices:

1. iO S (iPhone and iPad)

2. And roid
 Re g i s t r y Se t t i n g f o r Mobile Devices: I S O

1. Device Passcode:
● Pu r p o s e : P ro te c t s the device f r o m unauthoriz e d access.
● Co nf igu ra t io n: - S etti ngs > Face ID & Passcode (or To u c h ID & Passcode) > Tu r n Passcode O n

2. Biometric Authentication:
● Pu r p o s e : E n ha n c e s device s e c u r i t y with f i n g e r p r i n t o r face re cogniti on .
● Co nf igu ra t io n: - S etti ngs > Face ID & Passcode (or To u c h ID & Passcode)

3. Find M y iPhone:
● Pu r p o s e : Allows t ra c k i n g a n d re m o te wi p i n g o f a lost o r stolen device.
● Co nf igu ra t io n: - S etti ngs > [Your Name] > F ind M y > F ind M y iPhone
 Re g i s t r y Se t t i n g f o r Mobile Devices: I S O

4.App Permissions:
● Purpose: Control which apps have access to
sensitive data.
● Configuration: - Settings > Privacy > [App Name]

5.Automatic Updates:
● Purpose: Ensures the device is running the latest
security patches.
● Configuration: - Settings > General > Software
Update
 Re g i s t r y Se t t i n g f o r Mobile Devices: An dro i d

1.Screen Lock:
● Purpose: Provides an initial layer of security.
● Configuration: - Settings > Security > Screen lock

2.Biometric Authentication:
● Purpose: Enhances device security with fingerprint o r
facial recognition.
● Configuration: - Settings > Security > Biometrics

3.Find My Device:
● Purpose: Allows tracking and remote wiping of a lost o r
stolen device.
● Configuration: - Settings > Security > Find M y Device
 Re g i s t r y Se t t i n g f o r Mobile Devices: An dro i d

4.App Permissions:
● Purpose: Control which apps have access to sensitive data.
● Configuration: - Settings > Apps & Notifications > [App Name] >
Permissions

5.Google Play Protect:

● Purpose: Scans apps for malware and provides additional security.
● Configuration: - Settings > Google > Security > Play Protect

6.Automatic Updates:
● Purpose: Ensures the device is running the latest security patches.
● Configuration: - Settings > System > Software Update
 Authentication S e r v i c e S e c u r i t y

Authentication s e rvi c e s e c u r i t y is a criti ca l asp ect o f e n s u r i n g that u s e r identities a r e p r o p e r ly

verified a n d p ro te c te d . H e r e a re key considerations a n d me asure s f o r e n h a n c i n g the s e c u r i t y o f
authentication services:
 Authentication S e r v i c e S e c u r i t y

1.Multi-Factor Authentication (MFA):

Purpose: Adds an extra layer of security by requiring users to provide multiple
forms of identification.

Implementation:
● Combine something the user knows (password) with something they have
(token, mobile device, fingerprint).
 Authentication S e r v i c e S e c u r i t y

2.Secure Password Policies:

Purpose: Ensures that users create and maintain strong, unique passwords.

Implementation:
● Enforce password complexity (length, special characters).
● Regularly prompt users to update passwords.
● Discourage password reuse.
 Authentication S e r v i c e S e c u r i t y

3.Encryption:
Purpose: Protects sensitive data transmitted between users and
authentication servers.

Implementation:
● Use strong encryption protocols (e.g., TLS/SSL) for data in
transit.
● Hash and salt passwords before storing them.
 Authentication S e r v i c e S e c u r i t y

4.Session Management:
Purpose: Prevents unauthorised access during an active
session.

Implementation:
● Implement session timeout policies.
● Use secure session tokens.
● Provide users the ability to log out remotely.
 Authentication S e r v i c e S e c u r i t y

5.Brute Force Protection:

Purpose: Mitigates the risk of attackers attempting to guess
passwords.

Implementation:
● Implement account lockout policies after a certain
number of failed login attempts.
● Use CAPTCHA or similar mechanisms to deter automated
attacks.
 Authentication S e r v i c e S e c u r i t y

6.Secure Credential Storage:

Purpose: Ensures that user credentials are stored securely.

Implementation:
● Hash and salt passwords using strong cryptographic
algorithms.
● Regularly audit and update credential storage
mechanisms.
 Authentication S e r v i c e S e c u r i t y

7.User Authentication Logs:

Purpose: Monitors and logs authentication events for analysis
and auditing.

Implementation:
● Keep detailed logs of authentication attempts, including
successful and failed events.
● Regularly review and analyse authentication logs.
 Authentication S e r v i c e S e c u r i t y

8.Monitoring for Anomalies:

Purpose: Detects unusual or suspicious behaviour that may
indicate unauthorised access.

Implementation:
● Implement real-time monitoring for unusual login patterns.
● Set up alerts for multiple failed login attempts or other
suspicious activities.
 Authentication S e r v i c e S e c u r i t y

9. API S e c u r i t y :
Pu r p o s e : E n s ure s that authentication APIs a re s e c u re a n d not vulnerab le to attacks.

Implementation:
● U s e s e c u re API authentication me t h o d s (e.g., OAuth).
● Regularly test a n d update API s e c u ri t y me asure s.

10. Re g u l a r S e c u r i t y Audits:
Pu r p o s e : Identifies vulnerabilities a n d en sures o n go i n g c o mp l i a n c e with s e c u r i t y best
p ra c t i c e s .

Implementation:
● C o n d u c t re g u l a r s e c u r i t y audits a n d p e netra tion testing.
● Ad d re s s identified vulnerabilities p ro mp t ly.
 Authentication S e r v i c e S e c u r i t y

11.User Education:
Purpose: Empowers users to make informed security decisions and
recognize phishing attempts.

Implementation:
● Provide regular security awareness training.
● Communicate best practices for protecting personal
information.
 Attacks o n Mobile/Cell Phones

Mobile phones are susceptible to various types of attacks, ranging from

traditional malware to more sophisticated social engineering tactics. Here are
some common attacks on mobile o r cell phones:
 Attacks o n Mobile/Cell Phones
1. M a lwa re and Mobile Viruses: Malicious s o ft wa re d e signed to i nfe ct mobile devices a n d
c o m p ro m i s e t h e i r functionality.

H ow to Pro te c t :
● Install re p utab le antivirus a n d an ti -malware a p p s .
● Down loa d a p p s only f r o m o ffi c i a l a p p stores.
● Ke e p the device's o p e ra t i n g system a n d a p p s up d ate d .

2.Phishing Attacks: Attempts to t r i c k u s e rs into revealing sensitive i n fo rm a t i o n by p o s i n g as a

t r u s t wo r t hy entity.

H ow to Pro te c t :
● Be cautious o f unsolicited emails, messages, o r calls a s k i n g f o r p e rs o n a l i n format i on .
● Ve r i f y the legitimacy o f websites b e fo re e n te ri n g credentials.
 Attacks o n Mobile/Cell Phones

3.M a n- in- t h e-M id d le (MitM) Attacks: In te rc e p t i n g a n d possibly alte ri ng c o m m u n i c a t i o n b et wee n

t wo p a rt i es without t h e i r knowled ge.

H ow to Pro te c t :
● U s e s e c u re Wi-Fi c o n n e c t i o n s o r VPNs.
● Be cautious wh e n c o n n e c t i n g to p ub li c Wi-Fi n e t wo rks .

4. Ra ns o mwa re : M a lwa re that e n c r y p t s data o n the device, d e m a n d i n g a ra n s o m f o r its release.

H ow to Pro te c t :
● Regularly b a c ku p i m p o r t a n t data.
● Avoid c l i c k i n g o n suspicious links o r downloading u n k n o w n attachments.
 Attacks o n Mobile/Cell Phones

5.S I M C a r d Swa p p i ng : U n a u t h o ri s e d individuals attempt to take c o n t ro l o f a user's p h o n e n u m b e r by

s wa p p i n g the S I M c a rd .

H ow to Pro te c t :
● S e t u p a PIN o r p a s s wo rd f o r S I M c a r d c h a n ge s .
● C o n t a c t yo u r mobile c a r r i e r immediately if yo u ex p e r i e n c e u n ex p e c te d loss o f service.

6.Bluejacking and Bluesnarfing: E xp loi tin g Bluetooth c o n n e c t i o n s to send unsolicited messages o r

gain u n a u t h o r i s e d access to a device.

H ow to Pro te c t :
● Tu r n o ff Bluetooth wh e n not in use.
● S e t devices to n o n -d i s c ove ra b l e m o d e in p ub li c places.
 Attacks o n Mobile/Cell Phones

7. S py wa r e : S o f t w a re installed o n a device without the user's kn o wl e d ge to collect i n format i on .

H ow to Pro te c t :
● Regularly revi ew installed a p p s a n d permissions.
● U s e s e c u r i t y s o ft wa re that sca ns f o r s pywa re .

8.Wi-Fi E aves d ro p p ing: U n a u t h o ri s e d individuals i n te rc e p t i n g u n e n c r y p t e d Wi-Fi t r a ffi c to

c a p t u re sensitive i nformati on.

H ow to Pro te c t :
● U s e s e c u re , e n c r y p t e d Wi-Fi connecti ons.
● Avoid t ra nsmi tting sensitive i n fo rm a t i o n o n p ub li c n e t wo rks .
 Attacks o n Mobile/Cell Phones

9.Social E ng ine e ri ng Attacks: Manipulating individuals to divulge confidential i n fo rm a t i o n o r

p e r f o r m actions that m ay c o m p ro m i s e security.

H ow to Pro te c t :
● Be sceptical o f unsolicited c o mmu n i c a t i o n a s k i n g f o r sensitive i nformat i on .
● Ed uca te yourself a n d o t h e r s ab out c o m m o n social e n gi n e e ri n g tactics.

10.A p p Permissions Abuse: Malicious a p p s exploiting excessive p e rmi ssi on s to access a n d misuse
p e rs o n a l data.

H ow to Pro te c t :
● Review a n d limit a p p permissions.
● O n ly install a p p s f r o m re p utab le s o u rc e s .
 Attacks o n Mobile/Cell Phones

11.U S B C h a r g i n g Po r t Attacks: Malicious U S B c h a r g i n g stations o r cables that c a n install m a lwa re

wh e n c o n n e c te d to a device.

H ow to Pro te c t :
● Avoid using p ub li c c h a r g i n g stations.
● U s e on ly t rus te d c h a r g i n g cables a n d ad ap ters.

12.B rows i n g and Downloading Risks: Visiting malicious websites o r downloading a p p s f r o m

u n t ru s te d s o u rc e s .

H ow to Pro te c t :
● U s e s e c u re a n d up d ate d b ro w s e r s .
● Down loa d a p p s only f r o m o ffi c i a l a p p stores.
 S e c u r i t y Implications f o r Organisation

S e c u r i t y is a c r u c i a l asp ect o f a ny organisation, as it p ro te c t s sensitive i n fo rm a t i o n , systems, a n d

re p ut at i on f r o m h a r m . H o weve r, organisations face va ri ous s e c u r i t y thre at s that c a n lead to
serious con seq uences.
C o m m o n S e c u r i t y T h re a t s
1. Data Brea ch es: U n a u t h o ri s e d access to confidential data like c u s t o m e r r e c o r d s o r
financial i n fo r m a tion can be costly and
d a m ag i n g.

2. M a lwa re Infections: Malicious s o ft wa re like viruses o r ra n s o mwa re c a n steal data,

d i s r u p t o p e rations, or hold sy stems
h o s tag e.

3. Phishing Attacks: De ce p tive attempts to t r i c k u s e rs into revealing sensitive i n fo rm a t i o n like

p assw o rd s or c r edit c a rd
d e tails.

4. D e nia l - o f - S e r v i ce (DoS) Attacks: O ve r wh e l m i n g a system with t r a ffi c to m a ke it

unavailable to legitimate
u se r s .

5. S u p p ly Ch a in Attacks: C o m p ro m i s i n g ve n d o r s o r sup p li ers to gain access to a n

organisation's systems a n d data.
Mitigating S e c u r i t y Risks
1. S t r o n g S e c u r i t y Policies: Establish c l e a r guidelines f o r IT usage a n d incident
re s p o n s e p ro c e d u re s .

2. Robust Authentication: E n fo rc e s t ro n g p a ssword s a n d mu l t i - fa c to r authentication (MFA)

f o r sec u re ac c o u n t
ac c e ss.

3. C y b e r s e c u r i t y Awa reness Training: Ed uca te employees o n i d enti fyi n g c y b e r t hre at s

a n d best
p rac tices.

4. Re g u l a r S o f t w a r e Updates: Ap p ly s o ft wa re p a tche s p ro m p t ly to a d d re s s
vulnerabilities.

5. N e t wo r k Segmentation: S e p a ra te n e t wo r k s to limit the s p re a d o f ma lwa re a n d o t h e r

threats.

6. Firewalls and Intrusion Detection Sys te m s (IDS): Imp le men t firewalls to b l o c k

u n a u t h o ri s e d t r a ffi c a n d I D S to m o n i to r f o r suspicious activity.
 Organisational S e c u r i t y Policies
Organisational S e c u r i t y Policies and M e a s u re s in Mobile C o m p u t i n g E ra : As mobile devices
have b e c o m e indispensable tools f o r businesses, organisations n e e d to i mp le me n t c o m p re h e n s ive
s e c u r i t y policies a n d me asure s to p ro t e c t t h e i r valuable data a n d maintain operational integrity.
 Organisational S e c u r i t y in Mobile C o m p u t i n g E r a
1.Mobile Device M a na g e m e nt (MDM) Solutions: M D M s o ft wa re p rovi d e s centralised c o n t ro l ove r
mobile devices, enabling IT ad mini stra tors to ma n a ge a n d s e c u re devices e ff ectively. Key fea t ures
o f M D M include:
● Device enrollment and provisioning: S trea mli ne device setup a n d e n s ure consistent
con figurati ons.
● Application ma na gement : Deploy, update, a n d re s t r i c t applications based o n
organisational needs.
● Remote a ccess and control: Remotely wi p e o r l o c k devices in case o f loss o r t heft .
● S e c u r i t y e nf o rce m e nt : E n fo rc e p a s s wo rd policies, data e n c r y p t i o n , a n d o t h e r s e c u r i t y
me asure s.
 Organisational S e c u r i t y in Mobile C o m p u t i n g E r a
2.Mobile Device Policy: A c l e a r a n d c o mp re h e n s ive mobile device p olicy outlines accep t a b le usage
guidelines, s e c u r i t y re q ui re me n t s , a n d employee responsibilities. Th e p o l i c y should address:
● Device usage: Define p e rmi t te d a n d p rohib i te d activities o n mobile devices.
● Data s ecu rit y: S p e c i f y data p ro te c t i o n me asure s a n d e n c r y p t i o n p rotocols.
● A p p installation: Establish guidelines f o r installing a n d using applications.
● BYOD (Bring Yo u r O w n Device) Guidelines: S e t rules f o r p e rs o n a l devices used f o r
w o r k p u rp o s e s .
● Employee training and awareness: Ed uca te employees o n the p o l i c y a n d its implications.
 Organisational S e c u r i t y in Mobile C o m p u t i n g E r a
3.Mobile T h re a t Defense (MTD) Solutions: M T D s o ft wa re p rovi d e s re al-ti me p ro te c t i o n against
mobile t hre at s, s u c h as ma lwa re , p h i s h i n g attacks, a n d malicious websites. Key fea t ures o f M T D
include:
● T h re a t detection and prevention: B l o c k malicious applications, websites, a n d
p h i s h i n g attempts.
● Vulnerability assessment: Id enti fy a n d remediate vulnerabilities in mobile devices
a n d applications.
● T h re a t intelligence: L everage re al-ti me thre at intelligence to stay ahead o f e m e r g i n g threats.
● Data loss prevention (DLP): P reve n t sensitive data f r o m leaving the organization t h r o u g h
mobile devices.
 Organisational S e c u r i t y in Mobile C o m p u t i n g E r a
4.S e c u r e Mobile N e t wo r k Connectivity: Organizations should i mp le me nt s e c u re n e t wo r k access
m e t h o d s f o r mobile devices, s u c h as:
● Virtual Private N e t wo r k s (VPNs): E n c r y p t data transmission ove r p ub li c Wi-Fi n e t wo rks .
● Mobile Device M a na g e m e nt (MDM) integrated VPNs: Integrate V P N capabilities into M D M
solutions f o r centralized c o n t ro l .
● Z e r o Tr u s t N e t wo r k Acces s (ZTNA): C o n t i n u o u s ly authenticate a n d ve r i f y u s e r
identities b e fo re g ra n t i n g access to n e t wo r k re s o u rc e s .
 Organisational S e c u r i t y in Mobile C o m p u t i n g E r a
5.Mobile Device S e c u r i t y Awareness: Ed u c a t i n g employees ab out mobile s e c u r i t y r i s ks a n d best
p ra c t i c e s is c r u c i a l f o r p reve n t i n g h u m a n e r r o r. Re gu l a r tra ini ng sessions should c o ve r topics
s u c h as:
● Id en t i fyi ng a n d avoiding p h i s h i n g attacks
● S t r o n g p a s s wo rd p ra c t i c e s
● S e c u r e a p p installation a n d usage
● Re p o r t i n g suspicious activity

6. Mobile Device Prod u ct ivit y Optimization: Orga nisa tions should a d d re s s mobile device
p ro d u c t iv i t y issues to e n s ure optimal employee p e r fo r m a n c e :
● Optimise applications f o r mobile usage
● P ro m o te mo b i l e - fri e n d ly w o r k
p ra c t i c e s
 Cyber Security
unit 3

● P r o x y S e r ve r s a n d
An o nym i z e rs
● Phishing
● Password C r a c k i n g
● Keyl o gge rs a n d S py w a re s
What is P r o y Servers?

● A p r o x y s e r ve r is a n intermediate s e r ve r that sits b etwee n a user's device a n d the i n te rn e t .

● W h e n a u s e r ma ke s a re q ue s t to access a website, the re q ue s t first goes to the p r o x y s e r ve r,
wh i c h t hen f o r w a r d s the re q ue s t to the website.
● T h e website's re s p o n s e is sent b a c k to the p r o x y s e r ve r, wh i c h then sends it b a c k to the
user's device.
Ty p e s o f P r o y Servers

T h e re a r e several d i ff e re n t t yp e s o f p r o x y s e r ve r s , including:
● O p e n o r Fo r wa r d P r o y: A f o r w a r d p r o x y is a s e r ve r that sits b et wee n a client a n d the
i n te rn e t . Th e client sends a re q ue s t to the f o r w a r d p ro x y, wh i c h then sends the re q ue s t to the
i n te rn e t o n b eha lf o f the client .
● Reverse P r o y: A re ve r s e p r o x y is a s e r ve r that sits b etwee n the i n te rn e t a n d a s e r ve r. T h e
re ve r s e p r o x y re ceives req uests f r o m the i nte rne t a n d then f o r w a r d s those re q ue st s to the
a p p ro p r i a te s e r ve r.
● Tra n s p a re n t P r o y: A t ra n s p a re n t p r o x y is a p r o x y that does not m o d i f y the re q ue s t o r
re sp on se , b u t si mp ly passes the t r a ffi c along. Tra n s p a re n t p roxi e s a re ofte n used in c o r p o ra t e
e nv i ro n me n t s to m o n i to r a n d c o n t ro l access to the i nte rne t .
● A no ny m o u s P r o y: An a n o ny m o u s p r o x y is a p r o x y that hide the user's IP ad d ress, p rov i d i n g
a n additional laye r o f p rivacy.
What a re An o ny m i zer s ?

● An a n o nym i z e r is a tool that is used to hide a user's identity wh e n accessi n g the i n te rn e t .

● An o nym i z e rs w o r k by hid i ng the user's IP ad d ress, m a k i n g it d i ffi c u l t f o r websites to t r a c k
the user's online activity.
D i ff e re n t Ty p e s o f An o ny m i zer s

● VPN: A Vi rtual Private N e t w o r k (VPN) is a t y p e o f a n o nymi z e r that create s a n e n c r y p t e d

c o n n e c t i o n b etwee n the user's device a n d the i nte rne t . All t r a ffi c b et wee n the device a n d the
i n te rn e t is ro u te d t h ro u g h the VP N, wh i c h hide the user's IP ad d ress a n d p rovi d e s a n
additional laye r o f security.

● TO R: T h e O n i o n Ro u te r (TOR) is a f re e s o ft wa re p r o g r a m that is used to H i d e a user's online

activity by ro u t i n g t h e i r t r a ffi c t h ro u g h a n e t wo r k o f s e r ve r s . T O R is d e sign ed to b e ex t re m e ly
d i ffi c u l t to t ra c e , m a k i n g it a p o p u l a r c h o i c e f o r u s e rs w h o n e e d to H i d e t h e i r identity.

● Web-based anonymizers: Web-based a n o nym i z e rs a re online tools that allow u s e r s to b ro w s e

the i n te rne t without disclose t h e i r IP ad d ress. These tools w o r k by ro u t i n g t r a ffi c t h r o u g h a
t h i r d - p a r t y s e r ve r, m a k i n g it d i ffi c u l t f o r websites to t r a c k the user's online activity.
Phishing Attack
● Phishing is one t y p e o f c y b e r attack.
● Phishing got its n a m e f r o m “ p hish” m e a n i n g fish. It’s a c o m m o n p h e n o m e n o n to p u t bait f o r the
fish to get t ra p p e d .
● Similarly, p h i s h i n g wo r k s . It is a n unethical way to d u p e the u s e r o r vict i m to c l i c k o n
h a r m f u l sites.
● T h e a t t a c ke r c r a f t s the h a r m f u l site in s u c h a way that the victim feels it to b e a n authentic
site, thus falling p r e y to it.
● T h e most c o m m o n m o d e o f p hishi ng is by sen d ing s p a m emails that a p p e a r to b e authentic a n d
thus, t a k i n g away all credentials f r o m the victim.
● T h e ma in motive o f the a t t a c ke r b ehi nd p h i s h i n g is to gain confidential i n fo rm a t i o n like
● Password
● C r e d i t c a r d details
● S oci al s e c u r i t y n u m b e r s
● Date o f b i r t h
H o w Do es Phishing O c c u r ?
● Cl icking on an u nk now n file o r Attachment: H e re , the a t t a c ke r deliberately sends a
myste ri ous file to the victi m, as the victi m o p e n s the file, ei ther ma lwa re is injected into his
system o r it p ro m p t s the u s e r to e n te r confidential data.

● Using an op en o r f r e e wifi hotspot: This is a ve r y simple way to get confidential i n fo rm a t i o n

f r o m the u s e r by l u r i n g h i m by givi n g h i m f re e wifi. Th e wifi o w n e r c a n c o n t ro l the user’s
data without the u s e r k n o w i n g it.

● Responding to social media requests: This c o m m o n ly includes social en gin eeri n g. A c c e p t i n g

u n k n o w n f r i e n d re q ue sts a n d then, by mistake, le aki ng s e c re t data a r e the most c o m m o n
mistakes ma d e by naive users.

● Cl icking on unauthenticated links o r ads: Una uthe nticated links have b e e n deliberately
c r a f t e d that lead to a p h i s h e d website that t r i c k s the u s e r into t y p i n g confidential data.
 Ty p e s o f Phishing Attacks
1.Email Phishing: Th e most c o m m o n t y p e w h e re u s e rs a re t r i c ke d into c l i c k i n g unverified s p a m
emails a n d leaking s e c re t data. H a c k e r s i mp ersona te a legitimate identity a n d sen d emails to mass
victims. G e n e ra l ly, the goal o f the a t t a c ke r is to get p e rs o n a l details like b a n k details, c re d i t c a r d
n u m b e r s , u s e r IDs, a n d p a ssword s o f a ny online s h o p p i n g website, installing m a lwa re , etc. A f t e r
getting the p e rs o n a l i n fo rma t i o n , t h ey use this i n fo rm a t i o n to steal m o n e y f r o m the user’s a c c o u n t
o r h a r m the targe t system, etc.

2.S p e a r Phishing: In s p e a r p h i s h i n g o r p h i s h i n g atta ck, a p a r t i c u l a r user(organisation o r individual)

is targeted. In this m e t h o d , the a t t a c ke r first gets the full i n fo rm a t i o n o f the t arge t a n d t hen sends
malicious emails to his/her i n b ox to t ra p h i m into t y p i n g confidential data. Fo r exa mp le , the a t t a c ke r
targets someone(let’s assume a n employee f r o m the finance d e p a r t m e n t o f some organisation). T h e n
the a t t a c ke r p re te n d s to b e like the m a n a g e r o f that employee a n d t hen req uest s p e rs o n a l
i n fo rm a t i o n o r t ra n s fe r s a la rge s u m o f money. It is the most successful attack.
 Ty p e s o f Phishing Attacks
3.Whaling: Wha li ng is just like s p e a r - p h i s h i n g b u t the ma in targe t is the hea d o f the c o m p a ny, like the
C E O, C F O, etc. a p re ssuri z ed email is sent to s u c h executives so that t h ey don’t have m u c h time to
t hin k, t h e r e f o re falling p r e y to phishing.

4.Smishing: In this t y p e o f p hi s h i n g atta ck, the me d i u m o f p h i s h i n g atta ck is S M S . S m i s hi n g w o r k s

similarly to email phishing. S M S texts a re sent to victims contai ning links to p hishe d websites o r
invite the victims to call a p h o n e n u m b e r o r to c o n t a c t the s e n d e r using the given email. T h e vict i m
is t hen invited to e n te r t h e i r p e rs o n a l i n fo rm a t i o n like b a n k details, c re d i t c a r d i n fo rm a t i o n , u s e r
id/ p a s s wo rd , etc. T h e n using this i n fo rm a t i o n the a t t a c ke r h a r m s the victim.

5.Vishing: Vi shi ng is also k n o w n as voice phishing. In this m e t h o d , the a t t a c ke r calls the vict i m usin g
m o d e r n ca lle r id sp oofing to c o nvi n c e the victim that the call is f r o m a t rus te d s o u rc e . At t a ckers also
use IVR to m a ke it d i ffi c u l t f o r legal authorities to t ra c e the attacker. It is ge n erally used to steal
c re d i t c a r d n u m b e r s o r confidential data f r o m the victim.
 Pa s s wo rd C r a c k i n g
It is a c y b e r atta ck techniq ue w h e re u n a u t h o ri s e d individuals attempt to gain access to u s e r a c c o u n t s
or systems by d e c r y p t i n g o r byp a ssing p assword s. This activity is ofte n p e r f o r m e d usin g va ri ous
m e t h o d s a n d tools to exploit weaknesses in p a s s wo rd security.
 Me t h o d s o f Pa s s wo rd C r a c k i n g
1.B r u te Fo rce Attacks: Th e a t t a c ke r systematically tries all possible combinations o f p a s s wo rd s until the
c o r r e c t on e is fo u n d .
● C o u n te r m e a s u re : Imp le men t a c c o u n t lockout policies a n d use s t ro n g , c o m p l e x p a ssword s.

2.D ict iona ry Attacks: Atta ckers use p re c o m p i l e d lists o f c o m m o n p a s s wo rd s (dictionaries) to attempt
login.
● C o u n te r m e a s u re : E n fo rc e s t ro n g p a s s wo rd policies, i nclud i ng the avoidance o f easily
guessable p a ssword s.
 Me t h o d s o f Pa s s wo rd C r a c k i n g
3.Rainbow Table Attacks: Atta ckers use p re c o m p u t e d tables (rainbow tables) o f h a s h e d p a s s wo rd s to
q u i c k ly c r a c k p a s s wo rd hashes.
● C o u n te r m e a s u re : U s e salting a n d s t ro n g , unique h a s h i n g algori thms to p ro t e c t p a s s wo rd hashes.

4.Credential S t u ffi n g : Atta ckers use k n o w n u s e r n a m e a n d p a s s wo rd p a i rs obtained f r o m p revi o u s

data b re a c h e s to gain u n a u t h o ri s e d access to o t h e r a c c o u n t s w h e re u s e rs have re u s e d p a ssword s.
● C o u n te r m e a s u re : E n c o u ra g e u s e rs to use unique p a s s wo rd s f o r d i ff e re n t a c c o u n t s a n d
i mp le me n t mu l t i - fa c to r authentication.
 Me t h o d s o f Pa s s wo rd C r a c k i n g
5. Keyl ogging: Malicious s o ft wa re r e c o r d s keys t ro ke s to c a p t u re u s e rn a m e s a n d p a s s wo rd s as u s e r s
t yp e.
● C o u n te r m e a s u re : U s e up d ate d antivirus s o ft wa re , e m p l oy i ntrusi on detection systems, a n d
ed ucate u s e rs ab out the ri s ks o f downloading u n k n o w n softwa re.

6.Phishing: At t a ckers t r i c k individuals into revealing t h e i r p a s s wo rd s t h ro u g h d e cep t ive emails o r fake

websites.
● C o u n te r m e a s u re : Ed uca te u s e rs ab out p h i s h i n g ri s ks a n d i mp le me nt email filtering solutions.
What is Ke y l o g g e r ?
● Keyl o g g e r is a malicious p r o g r a m that is specifically d e signed to m o n i t o r a n d log the
keys t ro ke s ma d e by the u s e r o n t h e i r keyb o a rd s .
● It is a f o r m o f s py wa re p r o g r a m used by c y b e rc r i m i n a l s to fe tc h sensitive i n fo rm a t i o n like
b a n k i n g details, login credentials o f social media a c c o u n t s , c re d i t c a r d n u m b e r, etc.
● A keyl o g g e r c a n m o n i to r a n d log s u c h i n fo rm a t i o n a n d send those to the c y b e r c r i m i n a l b ehi n d it.
● A keyl o g g e r c a n not only m o n i to r the keys t ro ke s , b u t it c a n also take note o f e ve r y c l i c k a n d
t o u c h o n yo u r system.
● F irst key - l o g g e r was invented in 1970’s a n d was a h a r dw a r e keyl o g g e r a n d first s o f t wa re
keyl o g g e r was developed in 1983
 Ty p e s o f keyl o g g e r s
1.S o f t w a r e keyloggers: S o f t w a re keyl o gge rs a re c o m p u t e r p r o g r a m s wh i c h a re developed to steal
p a ssword s f r o m the victim's c o m p u te r. H o weve r key l o gge rs a re used in IT organisations to
t roub leshoot technical p ro b l e m s with c o m p u t e r s a n d business n e t wo rks . M i c ro s o f t Windows 10 also
has a keyl o g g e r installed in it.

● J av a S c r i p t based keyl o g g e r: It is a malicious s c r i p t wh i c h is installed into a web page, a n d

listens f o r keys to p re s s s u c h as oneKeyUp(). These s c ri p t s c a n b e sent by va ri ous m e t h o d s , like
s h a r i n g t h ro u g h social me d ia , sen d ing as a mail file, o r RAT file.

● Fo r m Based Keyl o g g e r s : These a re key-l o gge rs wh i c h activate wh e n a p e r s o n fills a f o r m online

a n d wh e n c l i c k i n g the b utton submit all the data o r the wo rd s written a r e sent via file o n a
c o m p u t e r. S o m e key-l o gge rs w o r k as a n API in a r u n n i n g application. It looks like a simple
ap plication a n d wh e n eve r a key is p re s s e d it r e c o r d s it.
 Ty p e s o f keyl o g g e r s
2.H a r dwa r e Keyl o g g e r s : These a re not d e p e n d e n t o n a ny s o ft wa re as these a r e h a r dw a r e key -l o g ge r s .
ke y b o a r d h a r dw a r e is a c i rc u i t wh i c h is attached in a ke y b o a rd itself that wh e n eve r the key o f that
ke y b o a r d is p re s s e d it gets re c o r d e d .

● U S B keyl o g g e r: T h e re a re U S B c o n n e c t o r keyl o gge rs wh i c h have to b e c o n n e c t e d to a c o m p u t e r

a n d steal the data. Also some ci rcui ts a re built into a ke y b o a rd so n o exte rn a l wi re is used o r
shows o n the key b o a rd .

● S m a r t p h o n e sensors: S o m e cool a n d ro i d t r i c k s a re also used as keyl o g ge rs s u c h as a n d ro i d

a c c e l e ro me te r s e n s o r wh i c h wh e n p la ce d n e a r to the ke y b o a rd c a n sense the vibrations a n d the
g r a p h t hen used to c o nve r t it to sentences, this techni q ue a c c u r a c y is ab out 80%. Nowad ays
c r a c k e r s a re using keys t ro ke l o ggi n g Troj a n, a ma lwa re wh i c h is sent to a victim's c o m p u t e r to
steal the data a n d login details.
Prevention F r o m Ke yl o g g e r s
● Ant i- Keylogger: As the n a m e suggests these a re the s o f t wa re wh i c h a re anti / against keyl o g ge rs
a n d ma in task is to d e te ct keyl o gge rs f r o m a c o m p u t e r system.
● Anti-Virus: M a ny an ti -vi rus s o ft wa re also d e te ct keyl o gge rs a n d delete t h e m f r o m the c o m p u t e r
system. These a re s o ft wa re a n t i - s o ft wa re so these c a n not get r i d f r o m the h a r dw a r e keyl o g ge rs .
● Automatic f o r m filler: This techni q ue c a n b e used by the u s e r to not fill f o r m s o n re g u l a r bases
instead use automatic f o r m filler wh i c h will give a shield against keyl o g ge rs as keys will n ot b e
p re s s e d .
● O ne- Time- Pa sswo rd s: U s i n g OTP’s as p a s s wo rd m ay b e safe as e ve r y time we login we have to use
a n e w p a ssword .
● Patterns o r mou se- recognit io n: O n a n d ro i d devices use p a t te rn as a p a s s wo rd o f applications
a n d o n P C use mouse re c o gn i t i o n , mouse p r o g r a m uses mouse ge stures instead o f stylus.
● Voice to Te t C o nve r te r : This s o ft wa re helps to p re ve n t Keyl o ggi n g wh i c h targets a specific p a r t o f
o u r key b o a rd .
What is S p y wa r e ?
● S p y w a r e is malicious s o ft ware that e n te rs a user’s c o m p u t e r, ga t h e rs data f r o m the device a n d
user, a n d sends it to t h i rd p a rti es without t h e i r consent .

● S p y w a r e collects p e rs o n a l a n d sensitive i n fo rm a t i o n that it sends to adve rt i sers, data collection

f i rm s , o r malicious a c to r s f o r a p rofit .

● At t a ckers use it to t ra c k , steal, a n d sell u s e r data, s u c h as i nte rne t usage, c re d i t c a r d , a n d b a n k

a c c o u n t details, o r steal u s e r credentials to s p o o f t h e i r identities.

● S p y w a r e is one o f the most c o m m o n ly used c y b e r atta ck me t h o d s that c a n b e d i ffi c u l t f o r u s e r s

and businesses to i d enti fy a n d c a n d o serious h a r m to n e t wo rks . It also leaves businesses
vuln erab le to data b re a c h e s a n d data misuse, ofte n a ff e c t s device a n d n e t wo r k p e r f o r m a n c e , a n d
slows d o w n u s e r activity.
Ty p e s o f S p y wa r e ?
● Adwa re : It is a t y p e o f S p y w a r e that kee p s t r a c k o f the user’s activity a n d gives adve rt i semen t s
based o n the t ra c ke d activity o f the user.
● Tra c k i n g Cookies: It is a t y p e o f S p y w a r e that t ra c k s a user’s activity a n d supplies the same to
t h i rd parties.
● Trojans: It is a t y p e o f S p y w a r e that is the most d a n ge ro u s . It aims to steal confidential u s e r
i n fo rm a t i o n s u c h as b a n k details, p a s s wo rd s a n d t ra n s fe r s it to a t h i rd p a r t y to p e r f o r m illegal
t ra n sacti ons o r fra u d s .
● Keyl o g g e r s : It is a t y p e o f S p y w a r e that kee p s a t r a c k o f all the keys t ro ke s that the u s e r e n te rs
t h r o u g h the key b o a rd .
● S t a l ke r wa re : It is a t y p e o f S p y w a r e that is installed o n mobile p h o n e s to stalk the user. It
t ra c k s the move m e n t o f the u s e r a n d sends the same to the t h i rd p a rt y.
● Sys te m M onitor: It is a t y p e o f S p y w a r e that mo n i to rs a n d ke e p a t r a c k o f the entire system
i n clud i n g u s e rs activity, sensitive i n fo rm a t i o n , keys t ro ke s , calls, a n d chats. It is ex t re m e ly
d a n g e ro u s to u s e r p rivacy.
H o w to P reve n t S p y wa r e ?
● Installing Antivirus/ Ant ispywa re: Th e best way to p ro t e c t yo u r system f r o m s py wa r e is to
install a g o o d quality An t i - s pywa re o r Antivirus s u c h as M a lwa re Byte s , Ad awa re , AVG Antivirus,
S py wa re B l a s te r, etc. Installing Antivirus/ An t i s pywa re also p ro te c t s the system f r o m h a r m f u l
t hre at s by b l o c k i n g sites that t r y to steal data o r leak the data to t h i r d - p a r t y users.

● B ewa re o f Co okie Settings: T h e re a re some websites that t ra n s fe r confidential i n fo rm a t i o n

alongside cookies. It is always advisable to ke e p a c h e c k o n the c o o ki e settings a n d set the settings
to h i g h security.

● B ewa re o f the Po p - u p s on Websites: Don’t c l i c k o n the p o p - u p s that a p p e a r o n y o u r website

without re a d i n g them. N e ve r a c c e p t t h e i r te r m s a n d conditions as it is h i g h ly d a n ge ro u s . Always
close the p o p - u p wi nd ows without c l i c k i n g o n ‘ok’.
H o w to P reve n t S p y wa r e ?
● N eve r Install Fre e S o f t wa r e : Always b e ve r y cautious wh e n yo u install f re e s o f t wa re o n y o u r
systems. Fre e s o ft wa re mostly ha s s py wa re attached to t h e m a n d it c a n d i re c t ly leak confidential
u s e r i n formati on.

● Always re a d Te r m s & Conditions: Always re a d Te r m s a n d C o n d i t i o n s b e f o r e installing a p p s o n

yo u r system. N e ve r a c c e p t policies that b re a c h p rivacy. Download only t r us te d a n d verified a p p s
f r o m G o o g l e Play S t o re o r Apple Play S t o re f o r mobile p h o n e s to p ro t e c t t h e m f r o m S py w a r e .
V i ru s es and Wo r m s

● While discussing the v i r u s a n d w o r m , it is i m p o r t a n t to first u n d e r s t a n d the l a r g e r c a t e g o r y

o f malicious p r o g r a m s , called "Malware".
● M a lwa re c a n b e defined as a special k i n d o f c o d e o r application specifically developed to
h a r m electroni c devices o r the p e op le using those devices.
● Vi ruses a n d w o r m s a re b o t h t yp e s o f malware; howeve r, t h e re a re significant d i ff e re n c e s
b et wee n them.
What is V i r u s ?
● A V iru s is a p r o g r a m developed using malicious c o d e with a n a t u re that links itself to the
executable files a n d p ro p a ga te s device to device.
● Vi ruses a re ofte n t ra n s f e r re d t h ro u g h the downloaded files a n d the s h a re d files.
● T h ey c a n also b e attached with a s c ri p t i n g p r o g r a m a n d n o n -exe c u t a b l e files like
images, d o c u me n t s , etc.
● A f t e r the u s e r executes the i nfe cted p r o g r a m , the v i r u s gets activated a n d st art s
re p li cat i ng f u r t h e r o n its own.

Viru ses c a n h a r m the system by the following means:

● Filling u p the d i sk space unnecessa ri ly
● Fo r m a t t i n g the h a r d d i sk d rive automatically
● M a k i n g the system slow
● M o d i f y, o r delete p e rs o n a l data o r system files
● Stealing sensitive data
H o w does a v i r u s s p re a d ?
● T h e v iru s does not have the capability o f s p re a d i n g itself.
● It re q u i re s the host a n d h u m a n s u p p o r t to sp re ad .
● T h e v i r u s is developed in s u c h a way that it attaches itself to the executable files.
● It f u r t h e r s p re a d s wh e n the i nfe cted executable file o r s o f t wa re is t ra n s f e r r e d f r o m on e device
to an ot her.
● As soon as a h u m a n la unches the i nfe cted file o r a p r o g r a m , the v i r u s st art s re p li cat i n g itself.
 What is a Wo r m ?
● Wo r m s a re the t y p e o f v i r u s that c a n self-replicate a n d travel f r o m device to device usin g
a c o m p u t e r n e t wo r k . That me ans w o r m s don't ne ed a ny host to sp re ad .
● T h ey a r e standalone c o m p u t e r ma lwa re that doesn't even re q u i re h u m a n s u p p o r t to execute.
● Usually, w o r m s use c o m p u t e r n e t wo r k s by exploiting vulnerabilities, a n d that m a ke s
t h e m s p re a d m o r e quickly.

H ow does a w o r m s p re a d ?
Unlike viruses, w o r m s don't re q u i re host files to sp re ad . This me ans that w o r m s d o n ot attach
themselves with executable files o r p ro g r a m s . Instead, w o r m s find a we a k sp ot in the system a n d
e n te r t h r o u g h a vulnerability in the n e t wo r k . B e fo re we detect a n d re m ove w o r m s f r o m o u r system,
t h ey replicate a n d s p re a d automatically a n d c o n s u m e all the n e t wo r k b andwid th. This c a n result in
the failure o f the entire n e t wo r k a n d web s e r ve r s . Because w o r m s c a n s p re a d automatically, t h e i r
s p re a d i n g sp e ed is comp a rative ly faster t h a n o t h e r ma lwa re .
 Basis WO R M S VIRU S
Definition A Wo r m is a f o r m o f m a lwa re that repli c ates A V i r u s is a malicious executable c o d e attac hed
itself a n d c a n s p re a d to d i ff e re n t c o m p u t e r s via to a n o t h e r executable file wh i c h c a n b e
N e t wo r k . h a r m l e s s o r c a n m o d i f y o r delete data.

O bje c t ive T h e m a i n objective o f w o r m s is to eat the T h e m a i n objective o f vi ru s e s is to m o d i f y the

system re s o u rc e s . It c o n s u m e s system re s o u rc e s i nfo r m a ti o n.
s u c h as m e m o r y a n d b a n dw i d t h a n d m a ke s the
system slow in s pe e d to s u c h a n exte nt that it
stops re s p o n d i n g.

Host It doesn’t n e e d a hos t to repli c ate f r o m o ne It re q u i re s a hos t to s pre a d .

c o m p u t e r to a no th e r.

Harmful It is less h a r m f u l as c o m p a r e d . It is m o r e h a r m f u l .

Detec ti on a n d Wo r m s c a n b e detected a n d re m ove d b y the Antivi rus s o f t wa re is used f o r p ro te c t i o n

Pro te c t i o n Antivirus a n d firewall. against vi rus es .

C o n t ro l l e d b y Wo r m s c a n b e c o ntro l l e d b y re m o te . V i r u s e s can’t b e c o ntro l l e d remotely.

E xe c u ti o n Wo r m s a re exe c u te d via weaknes s es in the V i r u s e s a r e exe c u te d via executable files.

 Basis WO R M S VIRU S
Preve nti o n ● Ke e p y o u r o p e ra t i n g system a n d ● Installation o f Antivirus s o f t wa re
system in u pd a te d state ● N e ve r o p e n email attac hm ents
● Avoid c l i c k i n g o n links f r o m u n t r u s te d ● Avoid usage o f pi ra te d s o f t wa re
o r u n k n o w n websites ● Ke e p y o u r o p e ra t i n g system u pd a te d
● Avoid o p e n i n g emails f r o m u n k n o w n ● Ke e p y o u r b ro w s e r u pd a te d as old
s o u rc e s ve r s i o ns a r e vu lne ra bl e to linking to
● U s e antivirus s o f t wa re a n d a firewall malicious websites

Ty p e s I nte rne t w o r m s , Instant m e s s a gi ng w o r m s , Boot s e c to r v i r u s , D i re c t Ac tion v i r u s ,

Email w o r m s , File s h a r i n g w o r m s , I nte r ne t Po ly m o r p h i c v i r u s , M a c r o v i r u s , O v e r w r i t e
relay c h a t (IRC) w o r m s a r e d i ff e re n t t y p e s o f v i r u s , File I n fe c to r v i r u s a re d i ff e re n t t y p e s o f
worms. vi r u s e s

E xa m p l e s E xa m p l e s o f w o r m s i nc lude M o r r i s w o r m , E xa m p l e s o f vi r u s e s inc lude C r e e p e r,

s t o r m w o r m , etc. Blaster, S l a m m e r, etc.

I nte r fa c e It does no t n e e d h u m a n acti on to replicate. It ne e d s h u m a n action to replicate.

Speed Its s p re a d i n g s pe e d is faster. Its s p re a d i n g s p e e d is s l owe r as c o m p a r e d

to w o r m s .

Comes from Wo r m s ge ne ra lly c o m e f r o m the V i r u s e s ge ne ra lly c o m e f r o m the s h a re d o r

What is a T ro j an H o r s e ?
● T h e n a m e o f the Troja n H o r s e is taken f r o m a classical s t o r y o f the Troj a n War.
● It is a c o d e that is malicious in n a t u re a n d has the c a p a c i t y to take c o n t ro l o f the c o m p u t e r.
● It is d e signed to steal, d a mage, o r d o some h a r m f u l actions o n the c o m p u t e r.
● It tries to deceive the u s e r to load a n d execute the files o n the device. A f t e r it executes, this
allows c y b e rc r i m i n a l s to p e r f o r m m a ny actions o n the user’s c o m p u t e r like deleting data f r o m
files, m o d i f y i n g data f r o m files, a n d m o re .
● N o w like m a ny viruses o r w o r m s , Troj a n H o r s e does not have the ability to replicate itself.
 Ty p e s o f T ro j an H o r s e ?
N o w t h e re a r e m a ny Troj a ns wh i c h a re d e signed to p e r f o r m specific functi on s. S o m e o f t h e m are: –
● B a c kd o o r trojan: A troj an h o r s e o f this k i n d gives the a t t a c ke r re m o te access to the
c o m p ro m i s e d machine.
● Ra ns om trojan: This k i n d o f troj an h o r s e is intended to e n c r y p t the data o n the
c o m p ro m i s e d system a n d then d e m a n d p ayme n t in exc h a n g e f o r its d e c r y p t i o n .
● Troja n Ba nker: It is d e signed to steal the a c c o u n t data f o r online b a n k i n g , c re d i t a n d debit
c a rd s , etc.
● Troja n D ow nlo a d er: It is d e signed to download m a ny malicious files like the n e w ve rsi on s
o f Troj a n a n d A dwa re into the c o m p u t e r o f the victims.
● Troja n D r o p p e r : It is d e signed to p re ve n t the detection o f malicious files in the system. It c a n
b e used by h a c ke r s f o r installing Troj a ns o r viruses o n the victim’s c o m p u t e r s .
● Troja n GameThief: It is d e signed to steal data f r o m Online G a m e r s .
 Uses o f T ro j an H o r s e ?
● S py : S o m e Troj a ns act as s pywa re . It is d e signed to take the data f r o m the vict i m like
social n e t wo rki n g( u s e rn a me a n d passwords), c re d i t c a r d details, a n d m o re .
● C re a t i n g b a c kd o o r s : Th e Troj a n ma ke s some c h a n ge s in the system o r the device o f the
vict i m, S o this is d o n e to let o t h e r ma lwa re o r a ny c y b e r crimina ls get into y o u r device o r the
system.
● Zombie: T h e re a re m a ny times that the h a c ke r is not at all interested in the victim’s
c o m p u t e r, b u t t h ey want to use it u n d e r t h e i r c o n t ro l .

Prevention f r o m Troja n H o r s e : Th e most basic p reventi on method: –

● D o n ot download a ny t h i n g like the images, a n d audios f r o m a n u n s e c u re d website.
● D o n ot c l i c k o n the ads that p o p u p o n the p a ge with adve rti sements f o r online ga me s.
● D o n ot o p e n a ny atta chme nt that has b e e n sent f r o m a n u n k n o w n use.
● T h e u s e r has to install the antivirus p r o g r a m . This an ti -vi rus p r o g r a m has the c a p a c i t y to
d e te ct those files wh i c h a re a ff e c t e d by a virus.
What a re B a c kd o o r s ?
● A b a c kd o o r is a n u n d o c u m e n te d way to byp a ss existing c y b e r s e c u r i t y me asure s a n d gain
access to the c o m p u t e r system o r device. S o f t w a re a n d h a r dw a r e d eve lop ers sometimes install
b a c kd o o r s into t h e i r o w n p ro d u c t s to retain access f o r troub leshootin g p u r p o s e s .
● B a c kd o o r installation helps s o ft wa re d eve lop ers solve va ri ous p ro b l e m s , f o r exa mp le , re t ri eve
data f r o m a device to aid a crimina l investigation o r re s to re users’ lost p a ssword s. But the
b a c kd o o r s m i g h t also b e exploited by h a c ke r s , b u t h o w ?
 H o w does a B a c kd o o r attack w o r k ?
B a c kd o o r attacks w o r k in two ways.
● In the first sce nario, h a c ke r s use a b a c kd o o r to c i rc u mve n t n o r m a l s e c u r i t y me asure s a n d gain
u n a u t h o ri s e d access to a c o m p u t e r system a n d its data.
● In the s e c o n d one, t h ey exploit system vulnerabilities to gain access into it a n d implant b a c kd o o r
soft wa re. O n c e the b a c kd o o r is in, atta ckers c a n easily re - e n t e r the system wh e n eve r t h ey
like, even if the vulnerabilities a re fixed.
 Ty p e s o f B a c kd o o r Attack

1.Administrative b a c kd o o r s : Lots o f s o ft wa re d eve lop ers include b a c kd o o r s in t h e i r p r o g r a m s to

give t h e m easy administrative access to va ri ous a rea s o f t h e i r o w n systems. D o i n g so c a n help t h e m
to t roub leshoot u s e r p ro b l e m s a n d fix vulnerabilities quickly. H o weve r, if these b a c kd o o r s a r e
d i scove red by c y b e rc r i m i n a l s , t h ey c a n b e used to l a u n c h c y b e r attacks.

2.Malicious b a c kd o o r s : A malicious b a c kd o o r is one c re a te d f o r a malicious p u r p o s e . This p ro c e s s

m ay involve h a c ke r s installing b a c kd o o r ma lwa re t h ro u g h a targe ted p hishi n g email. If the h a c ke r
c a n eventually gain access to the c o d e o f a n o p e ra t i n g system, t h ey c a n a d d b a c kd o o r s to allow f o r
easy access in the fu t u re .
 Ty p e s o f B a c kd o o r Attack
3.Accidental b a c kd o o r s : M a ny b a c kd o o r s a re just the result o f h u m a n e r r o r. W h e n a d eve lop er leaves
a we a k point in t h e i r i nte rne t s e c u r i t y systems, it c a n g o und ete cted f o r a l o n g time. If b ad a c to r s
find the flaw fi rst , t h ey c a n use it as a b a c kd o o r to the o p e ra t i n g system o r application.

4.H a r dwa r e b a c kd o o r s : While most b a c kd o o r attacks involve h a c ke r s ga in i n g re m o te access to

n e t wo r k s a n d devices t h ro u g h s o f t wa re flaws, it’s also possible to include h a r dw a r e b a c kd o o r s in the
physical s t r u c t u re o f a device. A g o o d exa mp l e is the C l i p p e r c h i p that the N S A p ro p o s e d . H o weve r,
this a p p r o a c h is h i g h r i s k f o r a c y b e rc r i m i n a l b ecause it re q ui re s physical access to a t arge ted device.
 H o w to p ro te c t yo u r s e l f f r o m B a c kd o o r Attack
H e r e a r e some steps yo u c a n take to p ro t e c t yourself.
● Don’t use yo u r w o r k device f o r p e rs o n a l i nte rne t
activity
● Re p o r t a ny unusual o r suspicious incidents
● U s e a VP N, especially while travelling
● U s e s t ro n g p a ssword s
● E nable firewalls
● M o n i t o r n e t wo r k t r a ffi c
What is S t e g a n o g ra p hy

● S t e g a n o g ra p hy is like hid i ng a s e c re t message in plain sight .

● Instead o f e n c r y p t i n g the message, yo u hide it within a n o t h e r see mi ngly i n n oce n t file, like
a n image, audio file, o r even a text d o c u m e n t .
● T h e goal is to concea l the existence o f the message, m a k i n g it d i ffi c u l t f o r o t h e r s to detect .
 D i ff e re n t Technique o f S t e g a n o g ra p hy

1.Ima ge S te ga n o g ra p hy : E m b e d d i n g data within images by subtly alte ri ng pixel values. This c a n b e

achieved t h r o u g h the least significant bit (LSB) m e t h o d , w h e re the least significant bits o f pixel values
a r e re p l a c e d with hid d en data.

2.Audio S te ga n o g ra p hy : Concealing i n fo rm a t i o n within audio files by modifying c e rt a i n

c o m p o n e n t s , s u c h as the amplitude o r f re q u e n c y. This c a n b e d o n e without significantly alte ri n g the
p e rc e ive d quality o f the audio.

3.Te t S te ga n o g ra p hy : H i d i n g i n fo rm a t i o n within text by using techniques like white space

manipulation, w o r d o r letter a r ra n g e m e n t , o r e m b e d d i n g messages within see mi n gly i n n oce n t text .
 D i ff e re n t Technique o f S t e g a n o g ra p hy

4.Video S te ga n o g ra p hy : E m b e d d i n g data within video files, ofte n by m o d i f y i n g specific f ra m e s o r

c o m p o n e n t s o f the video stre am. S i m i l a r to image s te ga n o gra p hy, this c a n involve alte ri n g pixel values.

5.File S te ga n o g ra p hy : H i d i n g data within see mi ngly i nnocuous files, s u c h as d o c u m e n t s o r

executable files, by manipulating c e rt a i n asp ects without a ff e c t i n g the overall functionality.
 D o S Attack
D O S At t a ck is a denial o f s e rvi c e atta ck, in this atta ck a c o m p u t e r sends a massive a m o u n t o f t r a ffi c to
a victim’s c o m p u t e r a n d shuts it d o wn . Do s atta ck is a n online atta ck that is used to m a ke the website
unavailable f o r its u s e rs wh e n d o n e o n a website. This atta ck ma ke s the s e r ve r o f a website that is
c o n n e c t e d to the i nte rne t by sen d ing a la rge a m o u n t o f t r a ffi c to it.
 D D o S Attack
A DDoS at t a ck is Di stri b ute d Denial o f S e r v i c e (DDoS) Atta ck wh i c h is involves multiple
c o m p ro m i s e d c o m p u t e r s , k n o w n as botnets, w o r k i n g to ge t h e r to flood a t arge t system with a
massive volume o f t r a ffi c . Th e distributed n a t u re ma ke s D D o S attacks m o r e cha lle n gi n g to mitigate
c o m p a r e d to traditional D o S attacks.
 DOS DDOS

D O S S t a n d s f o r Denial o f s e rvi c e attack. D D O S S t a n d s f o r Di st ri b ute d Denial o f s e r v i c e

attack.

In D o s attacks, a single system targets the victim In D D o S multiple systems at t a ck the victim's system.
system.

Vi ct im P C is loaded f r o m the p a c ke t o f data sent Vi ctim P C is loaded f r o m the p a c ke t o f data sent

f r o m a single location. f r o m Multiple locations.

D o s at t a ck is slower as c o m p a re d to D D o S . D D o S atta ck is faster t h a n D o s Attack.

C a n b e b l o c ke d easily as only one system is used. It is d i ffi c u l t to b l o c k this at t a ck as multiple

devices a re sen d ing p a cket s a n d at t a cki n g f r o m
multiple locations.

In D O S At t a ck only a single device is used with In D D o S attacks,The volume Bots a r e used to at t a ck

D O S At t a ck tools. at the same time.

D O S Attacks a r e E asy to tra ce. D D O S Attacks a re D i ffi c u l t to t ra ce.

Volume o f t r a ffi c in the Do s atta ck is less as D D o S attacks allow the a t t a c ke r to send massive

c o m p a r e d to D D o s . volumes o f t r a ffi c to the vict i m n e t wo r k .
What is S Q L Injection?
● S Ǫ L Injection is a c o d e - b a s e d vulnerability that allows a n a t t a c ke r to re a d a n d access
sensitive data f r o m the database.
● At t a ckers c a n byp a ss s e c u r i t y me asure s o f applications a n d use S Ǫ L q uerie s to m o d i f y,
a d d , update, o r delete r e c o r d s in a database.
● A successful S Ǫ L injection atta ck c a n b ad ly a ff e c t websites o r web applications usin g
relational databases s u c h as M y S Ǫ L , O ra c l e , o r S Ǫ L S e r ve r.
 Ty p e s S Q L Injection?

1.In- ba nd SQLi: Th e atta ckers use the same c o mmu n i c a t i o n cha nnel to l a u n c h t h e i r attacks a n d
collect results. Th e two c o m m o n t y p e s o f i n -b a n d S Ǫ L injections are:
● E r r o r - b a s e d S Q L injection: H e re , the a t t a c ke r p e r f o r m s c e rt a i n actions that cause the
database to ge nerate e r r o r messages. U s i n g the e r r o r message, yo u c a n i d en t i fy what database
it utilises, the ve rsi on o f the s e r ve r w h e re the h a n d l e rs a re located, etc.
● Union-based S Q L injection: H e re , the U N I O N S Ǫ L o p e ra t o r is used in c o m b i n i n g the results o f
t wo o r m o r e select statements ge nerated by the database, to get a single H T T P re sp on se . You
c a n c r a f t yo u r q uerie s within the U R L o r c o mb i n e multiple statements within the input fields
a n d t r y to ge nerate a response.
 Ty p e s S Q L Injection?

2.Blind SQLi: H e re , it does not t ra n s fe r the data via the web application. Th e a t t a c ke r c a n n ot see the
result o f a n atta ck i n-b a nd .
● Boolean-based S Q L Injection: H e re , the a t t a c ke r will send a n S Ǫ L q u e r y to the database
a s k i n g the application to r e t u r n a d i ff e re n t result d e p e n d i n g o n wh e t h e r the q u e r y re t u r n s
Tr u e o r False.
● Time-based S Q L Injection: In this atta ck, the a t t a c ke r sends a n S Ǫ L q u e r y to the database,
wh i c h ma ke s the database wait f o r a p a r t i c u l a r a m o u n t o f time b e fo r e s h a r i n g the result . T h e
re s p o n s e time helps the a t t a c ke r to d e cid e wh e t h e r a q u e r y is Tr u e o r False.

3.O u t - o f - b o u n d S Q L Injection: O u t - o f - b o u n d is not so p o p u l a r, as it d e p e n d s o n the fea t ures that a r e

enabled o n the database s e r ve r b e i n g used by the web applications. It c a n b e like a mi scon figurat i on
e r r o r by the database ad ministrator.
 What is B u ff e r O ve r f l o w

B u ff e r s a r e m e m o r y stora ge re gi o n s that te m p o ra r i ly hold data while it is b e i n g t r a n s f e r r e d f r o m

on e location to an other. A b u ff e r ove rflow (or b u ff e r ove rrun) o c c u r s wh e n the volume o f data
exc e e d s the stora ge c a p a c i t y o f the m e m o r y b u ff e r. As a result , the p r o g r a m attempting to write the
data to the b u ff e r ove rwri te s adjacent m e m o r y locations.

Fo r exa mp le , a b u ff e r f o r login credentials m ay b e d e signed to ex p e c t

u s e r n a m e a n d p a s s wo rd inputs o f 8 bytes, so if a tra nsacti on involves
a n input o f 10 bytes (that is, 2 bytes m o r e t h a n expected), the p r o g r a m
m ay write the excess data past the b u ff e r b o u n d a r y.
 What is B u ff e r O ve r f l o w Attacks

A b u ff e r ove rflow a tta ck is a t y p e o f c y b e r s e c u r i t y thre at that o c c u r s wh e n a p r o g r a m o r

ap plication tries to store m o r e data in a b u ff e r ( te m p o ra r y storage) t h a n it c a n actually hold. This
excess data c a n ove rflow into adjacent m e m o r y locations, potentially ove r w r i t i n g i m p o r t a n t
i n fo rm a t i o n o r ca using the p r o g r a m to c ra s h . In some cases, atta ckers c a n exploit this vulnerability
to execute malicious c o d e a n d gain u n a u t h o ri s e d access to a system o r application.

Ty p e s o f B u ff e r O ve r f l ow Attacks
● S t a c k - b a s e d b u ff e r overflows a re m o r e c o m m o n , a n d leverage s t a c k m e m o r y that on ly
exists d u r i n g the executi on time o f a functi on.
● Hea p - ba sed attacks a re h a r d e r to c a r r y out a n d involve flooding the m e m o r y space allocated
f o r a p r o g r a m b eyo n d m e m o r y used f o r c u r r e n t r u n t i m e operations.
What is Identity T h e f t ?

● Identity T h e f t also called Identity Fra u d is a c r i m e that is b e i n g c o m m i t te d by a h u ge

n u m b e r nowadays.
● Identity t h e ft h a p p e n s wh e n someone steals yo u r p e rs o n a l i n fo rm a t i o n to c o m m i t f ra u d .
● This t h e ft is c o mmi t te d in m a ny ways by g a t h e r i n g p e rs o n a l i n fo rm a t i o n s u c h as
transactional i n fo rm a t i o n o f a n o t h e r p e r s o n to m a ke transactions.
Ty p e s o f Identity T h e f t ?

● Criminal Identity Th ef t : This is a t y p e o f t h e ft in wh i c h the victim is c h a r g e d guilty a n d has

to b e a r the loss wh e n the crimina l o r the thief b a c k s u p his position with the false d o c u m e n t s o f
the vict i m s u c h as ID o r o t h e r verification d o c u m e n t s a n d his b l u ff is successful.

● D r ive r ’ s licence ID Identity Th ef t : Drive r’ s licence identity t h e ft is the most c o m m o n f o r m o f

ID t heft . All the i n fo rm a t i o n o n one’s d river’s licence p rovi d e s the n a m e , ad d ress, a n d date o f
b i r t h , as well as a State d river’s identity n u m b e r. Th e thieves use this i n fo rm a t i o n to a p p ly f o r
loans o r c re d i t c a rd s o r t r y to o p e n b a n k a c c o u n t s to obtain c h e c k i n g a c c o u n t s o r b uy c a r s ,
houses, vehicles, electroni c e q u i p me n t , jewellery, a ny t h i n g valuable a n d all a r e c h a r g e d to the
own e r’s name.

● Medical Identity Th ef t : In this t h e ft , the victim’s health-related i n fo rm a t i o n is g a t h e re d a n d

t hen a f ra u d medical s e rvi c e n e e d is c re a te d with f ra u d bills, wh i c h then results in the victim’s
a c c o u n t f o r s u c h services.
Ty p e s o f Identity T h e f t ?

● Ta Identity Th ef t : In this t y p e o f atta ck the a t t a c ke r is interested in k n o w i n g y o u r E m p l oye r

Identification N u m b e r to appeal to get a t a x re f u n d . This is noticeable wh e n yo u attempt to file
yo u r t a x r e t u r n o r the I n c o m e Ta x r e t u r n d e p a r t m e n t sends yo u a notice f o r this.

● Social S e c u r i t y Identity Th ef t : In this t y p e o f atta ck the thief intends to k n o w yo u r S oci al

S e c u r i t y N u m b e r (SSN). With this n u m b e r, t h ey a re also awa re o f all y o u r p e rs o n a l i n fo r m a t i o n
wh i c h is the biggest thre at to a n individual.

● Financial Identity Th ef t : This t y p e o f atta ck is the most c o m m o n t y p e o f attack. In this, the

stolen credentials a re used to attain a financial benefit . Th e victi m is identified on ly wh e n h e
c h e c k s his balances c a re fu l ly as this is p ra c t i s e d in a ve r y slow m a n n e r.
Techniques o f Identity T h e f t ?

● Pre te t Calling: Thieves p re te n d i n g to b e a n employee o f a c o m p a ny o ve r p h o n e a s k i n g f o r

financial i n fo rm a t i o n a re a n exa m p l e o f this theft . P re te n d i n g as legitimate employees t h ey a s k
f o r p e rs o n a l data with some b u t t e r y re t u r n s .

● Mail Th ef t : This is a techni q ue in wh i c h c re d i t c a r d i n fo rm a t i o n with transactional data is

ex t ra c t e d f r o m the p ub li c ma ilbox.

● Phishing: This is a techni q ue in wh i c h emails p e rt a i n i n g to b e f r o m b a n ks a r e sent to a vict i m

with m a lwa re in it. W h e n the victim re s p o n d s to mail t h e i r i n fo rm a t i o n is m a p p e d by the thieves.

● C a r d Verification Value (CVV) C o d e Requests: Th e C a r d Verification Value n u m b e r is located

at the b a c k o f yo u r debit c a rd s . This n u m b e r is used to e n ha n c e t ra n sacti on s e c u r i t y b u t
several atta ckers a s k f o r this n u m b e r while p re te n d i n g as a b a n k o ffi cia l.
S te p o f Prevention F r o m Identity T h e f t ?
● U s e S t r o n g Passwords a n d d o not s h a re yo u r PIN with a nyo n e o n o r o ff the p h o n e .
● U s e t wo - fa c t o r notification f o r emails.
● S e c u r e all yo u r devices with a p a ssword .
● Don’t install r a n d o m s o ft wa re f r o m the i nte rne t .
● Don’t p ost sensitive i n fo rm a t i o n o ve r social media.
● While e n te ri n g p a ssword s at p ayme n t gateway e n s ure its authenticity.
● Ke e p a p ra c t i c e o f c h a n g i n g yo u r PIN a n d p a s s wo rd re gula rly.
● D o n ot disclose yo u r i n fo rm a t i o n ove r the p hone .
● While travelling d o not disclose p e rs o n a l i n fo rm a t i o n with s t ra n ge rs .
● N e ve r s h a re yo u r Aadhaar/PAN n u m b e r (In India) with a nyo n e w h o m yo u d o n ot
know/trust .
● Please n eve r s h a re a n Aa d h a a r O T P re c e ive d o n yo u r p h o n e with someon e ove r a call.
● D o n ot fill p e rs o n a l data o n the website that claims to o ff e r benefits in re t u r n .
● Last , b e a ke e p e r o f p e rs o n a l knowled ge.