Item A - Risks of Peer-to-Peer Systems

The FBI is educating and warning citizens about certain risks and dangers associated with the use of Peer-to-Peer
systems on the Internet. While the FBI supports and encourages the development of new technologies, we also
recognize that technology can be misused for illicit and, in some cases, criminal purposes.

Peer-to-Peer networks allow users connected to the Internet to link their computers with other computers around the
world. These networks are established for the purpose of sharing files. Typically, users of Peer-to-Peer networks install
free software on their computers which allows them (1) to find and download files located on another Peer-to-Peer
user's hard drive, and (2) to share with those other users files located on their own computer. Unfortunately sometimes
these information-sharing systems have been used to engage in illegal activity. Some of the most common crimes
associated with Peer-to-Peer networks are the following:
Copyright Infringement: It is a violation of federal law to distribute copyrighted music, movies, software, games, and
other works without authorization. There are important national economic consequences associated with such theft.
The FBI has asked industry associations and companies that are particularly concerned with intellectual property theft to
report to the FBIfor possible criminal investigation and prosecutionanyone that they have reason to believe is
violating federal copyright law.
Child Exploitation and Obscenity: The receipt or distribution of child pornography and unlawful obscenity over the
Internet also is a serious federal crime. The FBI cautions parents and guardians that, because there is no age restriction
for the use of Peer-to-Peer services, pornography of all types is easily accessible by the many young children whose
parents mistakenly believe they are only accessing music or movies. In fact, children may be exposed to pornography
and subsequently lured by sexual predatorseven though they were not searching for pornography, as some network
users deliberately mislabel the names of files for this purpose.
Computer Hacking: Peer-to-Peer networks also have been abused by hackers. Because these systems potentially expose
your computer and files to millions of other users on the network, they also expose your computer to worms and
viruses. In fact, some worms have been specifically written to spread by popular Peer-to-Peer networks. Also, if Peer-to-
Peer software is not properly configured, you may be unknowingly opening up the contents of your entire hard drive for
others to see and download your private information.
The FBI urges you to learn about the risks and dangers of Peer-to-Peer networks, as well as the legal consequences of
copyright infringement, illegal pornography, and computer hacking. For more information about the law,
visit www.usdoj.gov/criminal. The FBI takes seriously its mission to enforce the laws against those who use the Internet
to commit crime. To report cyber crime, please contact your local FBI Field Office, or file a complaint through the
Internet Crime Complaint Center at www.IC3.gov.

Source fbi.gov










Item B Smishing and Vishing

You receive a text message or an automated phone call on your cell phone saying theres a problem with your bank
account. Youre given a phone number to call or a website to log into and asked to provide personal identifiable
informationlike a bank account number, PIN, or credit card numberto fix the problem.
But beware: It could be a smishing or vishingscamand criminals on the other end of the phone or website could
be attempting to collect your personal information in order to help themselves to your money. While most cyber scams
target your computer, smishing and vishing scams target your mobile phone, and theyre becoming a growing threat as a
growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)
Smishinga combination of SMS texting and phishingand Vishingvoice and phishingare two of the scams the
FBIs Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season.
These scams are also a reminder that cyber crimes arent just for computers
anymore.
Heres how smishing and vishing scams work: criminals set up an automated
dialing system to text or call people in a particular region or area code (or
sometimes they use stolen customer phone numbers from banks or credit unions).
The victims receive messages like: Theres a problem with your account, or Your
ATM card needs to be reactivated, and are directed to a phone number or website
asking for personal information. Armed with that information, criminals can steal
from victims bank accounts, charge purchases on their charge cards, create a
phony ATM card, etc.

Sometimes, if a victim logs onto one of the phony websites with a smartphone,
they could also end up downloading malicious software that could give criminals
access to anything on the phone. With the growth of mobile banking and the ability
to conduct financial transactions online, smishing and vishing attacks may become
even more attractive and lucrative for cyber criminals.
Here are a couple of recent smishing case examples:
Account holders at one particular credit union, after receiving a text about an
account problem, called the phone number in the text, gave out their personal
information, and had money withdrawn from their bank accounts within 10
minutes of their calls.
Customers at a bank received a text saying they needed to reactivate their
ATM card. Some called the phone number in the text and were prompted to
provide their ATM card number, PIN, and expiration date. Thousands of
fraudulent withdrawals followed.
Other holiday cyber scams to watch out for, according to IC3, include:

Phishing schemes using e-mails that direct victims to spoofed merchant
websites misleading them into providing personal information.
Online auction and classified ad fraud, where Internet criminals post products
they dont have but charge the consumers credit card anyway and pocket the
money.
Delivery fraud, where online criminals posing as legitimate delivery services
offer reduced or free shipping labels for a fee. When the customer tries to ship
a package using a phony label, the legitimate delivery service flags it and
requests payment from the customer.

IC3 Tips to Protect Yourself
From Cyber Scams

- Dont respond to text messages
or automated voice messages
from unknown or blocked
numbers on your mobile phone.
- Treat your mobile phone like
you would your computerdont
download anything unless you
trust the source.

- When buying online, use a
legitimate payment service and
always use a credit card because
charges can be disputed if you
dont receive what you ordered
or find unauthorized charges on
your card.

- Check each sellers rating and
feedback along with the dates
the feedback was posted. Be
wary of a seller with a 100
percent positive feedback score,
with a low number of feedback
postings, or with all feedback
posted around the same date.

- Dont respond to unsolicited e-
mails (or texts or phone calls, for
that matter) requesting personal
information, and never click on
links or attachments contained
within unsolicited e-mails. If you
want to go to a merchants
website, type their URL directly
into your browsers address bar.
Item C - Internet Social Networking Risks


Vulnerability of Social Networking Sites
Social networking sites are Internet-based services that allow people to communicate and share information with a
group.
Risks:
Once information is posted to a social networking site, it is no longer private. The more information you post, the more
vulnerable you may become. Even when using high security settings, friends or websites may inadvertently leak your
information.
Personal information you share could be used to conduct attacks against you or your associates. The more information
shared, the more likely someone could impersonate you and trick one of your friends into sharing personal information,
downloading malware, or providing access to restricted sites.
Predators, hackers, business competitors, and foreign state actors troll social networking sites looking for information or
people to target for exploitation.
Information gleaned from social networking sites may be used to design a specific attack that does not come by way of
the social networking site.
Tactics:
Baiting - Someone gives you a USB drive or other electronic media that is preloaded with malware in the hope you will
use the device and enable them to hack your computer.
Do not use any electronic storage device unless you know its origin is legitimate and safe. Scan all electronic media for
viruses before use.
Click-jacking - Concealing hyperlinks beneath legitimate clickable content which, when clicked, causes a user to
unknowingly perform actions, such as downloading malware, or sending your ID to a site. Numerous click-jacking scams
have employed Like and Share buttons on social networking sites. Disable scripting and iframes in whatever Internet
browser you use. Research other ways to set your browser options to maximize security.
Cross-Site Scripting (XSS) - Malicious code is injected into a benign or trusted website. A Stored XSS Attack is when
malicious code is permanently stored on a server; a computer is compromised when requesting the stored data. A
Reflected XSS Attack is when a person is tricked into clicking on a malicious link; the injected code travels to the server
then reflects the attack back to the victims browser. The computer deems the code is from a trusted source.
Turn off HTTP TRACE support on all webservers. Research additional ways to prevent becoming a victim of XSS.
Doxing - Publicly releasing a persons identifying information including full name, date of birth, address, and pictures
typically retrieved from social networking site profiles.
Be careful what information you share about yourself, family, and friends (online, in print, and in person).
Elicitation - The strategic use of conversation to extract information from people without giving them the feeling they
are being interrogated. Be aware of elicitation tactics and the way social engineers try to obtain personal information.
Pharming - Redirecting users from legitimate websites to fraudulent ones for the purpose of extracting confidential
data. (E.g.: mimicking bank websites.)
Watch out for website URLs that use variations in spelling or domain names, or use .com instead of .gov, for
example. Type a websites address rather than clicking on a link.
Phreaking - Gaining unauthorized access to telecommunication systems.
Do not provide secure phone numbers that provide direct access to a Private Branch Exchange or through the Public
Branch Exchange to the public phone network.
Scams - Fake deals that trick people into providing money, information, or service in exchange for the deal.
If it sounds too good to be true, it is most likely a scam. Cybercriminals use popular events and news stories as bait for
people to open infected email, visit infected websites, or donate money to bogus charities.
Spoofing - Deceiving computers or computer users by hiding or faking ones identity. Email spoofing utilizes a
sham email address or simulates a genuine email address. IP spoofing hides or masks a computers IP
address.
Know your co-workers and clients and beware of those who impersonate a staff member or service provider to
gain company or personal information.