Privacy 

is the ability of an individual or group to seclude themselves or information about

themselves, and thereby express themselves selectively.
When something is private to a person, it usually means that something is inherently special
or sensitive to them. The domain of privacy partially overlaps with security, which can
include the concepts of appropriate use and protection of information. Privacy may also take
the form of bodily integrity. The right not to be subjected to unsanctioned invasions of
privacy by the government, corporations, or individuals is part of many countries' privacy
laws, and in some cases, constitutions.

What is data integrity?

Data integrity is the overall accuracy, completeness, and consistency of data. Data
integrity also refers to the safety of data in regard to regulatory compliance — such
as GDPR compliance — and security. It is maintained by a collection of processes, rules,
and standards implemented during the design phase. When the integrity of data is secure,
the information stored in a database will remain complete, accurate, and reliable no matter
how long it’s stored or how often it’s accessed.

The importance of data integrity in protecting yourself from data loss or a data leak cannot be
overstated: in order to keep your data safe from outside forces with malicious intent, you
must first ensure that internal users are handling data correctly. By implementing the
appropriate data validation and error checking, you can ensure that sensitive data is never
miscategorized or stored incorrectly, thus exposing you to potential risk.

Types of data integrity

Maintaining data integrity requires an understanding of the two types of data integrity:
physical integrity and logical integrity. Both are collections of processes and methods that
enforce data integrity in both hierarchical and relational databases.

Physical integrity

Physical integrity is the protection of the wholeness and accuracy of that data as it’s stored
and retrieved. When natural disasters strike, power goes out, or hackers disrupt database
functions, physical integrity is compromised. Human error, storage erosion, and a host of
other issues can also make it impossible for data processing managers, system programmers,
applications programmers, and internal auditors to obtain accurate data.

Logical integrity

Logical integrity keeps data unchanged as it’s used in different ways in a relational database.
Logical integrity protects data from human error and hackers as well, but in a much different
way than physical integrity does. There are four types of logical integrity:

 Entity integrityEntity integrity relies on the creation of primary keys — the unique
values that identify pieces of data — to ensure that data isn’t listed more than once and
that no field in a table is null. It’s a feature of relational systems which store data in
tables that can be linked and used in a variety of ways.
  Referential integrityReferential integrity refers to the series of processes that make
sure data is stored and used uniformly. Rules embedded into the database’s structure
about how foreign keys are used ensure that only appropriate changes, additions, or
deletions of data occur. Rules may include constraints that eliminate the entry of
duplicate data, guarantee that data entry is accurate, and/or disallow the entry of data
that doesn’t apply.
 Domain integrityDomain integrity is the collection of processes that ensure the
accuracy of each piece of data in a domain. In this context, a domain is a set of
acceptable values that a column is allowed to contain. It can include constraints and
other measures that limit the format, type, and amount of data entered.
 User-defined integrityUser-defined integrity involves the rules and constraints created
by the user to fit their particular needs. Sometimes entity, referential, and domain
integrity aren’t enough to safeguard data. Often, specific business rules must be taken
into account and incorporated into data integrity measures.

How to Preserve Data Integrity

To prevent risks and preserve data integrity, organizations should implement these best
practices.

1. Validate Input

Before processing any data sets, organizations need to perform input validation. Information
can either be provided by a known source or an unknown entity. While these entities may be
end-user or another software system, they can also come from a malicious individual.
Therefore, validation will verify that the input is correct and reliable.

2. Validate Data

Once the input is verified, business teams need to validate the data sets. This will ensure that
the data process is not corrupted and that the incoming metrics are accurate. It is
recommended that the organization determine specifications and important attributes of data
to streamline this step.

For example, a business may require that all financial data be processed in U.S. dollars.
Establishing this requirement from the start will ensure the metrics are validated correctly.

3. Remove Duplicate Entries

Confidential information from one database can sometimes be accessed in public documents,
spreadsheets, or shared files online. Business teams should promptly remove any duplicate
sources of data to prevent unauthorized access.

4. Perform Regular Back-Ups

Backing up data regularly will prevent accidental data loss and unintentional alterations. It
also ensures organizations have an original copy of all their data in case of cyber attacks and
threats.

5. Control Access

All database systems should have security systems in place to prevent hackers and
unauthorized users from accessing information. These individuals can compromise the
integrity of data and share sensitive information with the public. Software applications should
have a form of access control for data security, like passwords and two-factor authentication.
Hardware systems should be secured to a floor or wall to prevent theft.

6. Have an Audit Trail

In the case that a data breach occurs, organizations must perform an audit trail for their
integrity checks. This will allow teams to pinpoint the cause of the threat and prevent
impairments to data integrity in the future.

Generally, an audit trail includes tracking every event pertaining to the data, such as when
metrics were created, deleted, read, and modified. Audits also entail identifying the user that
accessed the system and when.
Cybercrime,
also called computer crime, the use of a computer as an instrument to further illegal ends,
such as committing fraud, trafficking in child pornography and intellectual property, stealing
identities, or violating privacy. Cybercrime, especially through the Internet, has grown in
importance as the computer has become central to commerce, entertainment, and
government.

SNIFFING
The practice or technique of monitoring, gathering, capturing, and logging some or all data
packets passing through a given computer network is called sniffing or packet sniffing.  A
 packet sniffer is composed of two parts namely; a network adapter and software that is used
by a network to observe or troubleshoot network traffic.

Attackers use these sniffers to seize data packets that contain valuable information and
analyze the network traffic. Sniffing is categorized into active sniffing and passive sniffing.
In Active sniffing, there is the constant activity by the attacker to obtain information and sniff
the traffic from the switch network. In passive sniffing, the attacker is hidden and sniffs
through the hub.

SPOOFING
Any kind of behavior where an attacker mask as an authentic user or a device to secure
something beneficial or crucial information for their gain is called spoofing. There are
various kinds of spoofing such as website spoofing, E-mail spoofing, and IP spoofing. Other
common methods include ARP spoofing attacks and DNS server spoofing attacks.

An E-mail spoofing targets the user while an IP spoofing is predominantly targeted at a

network. 

In an IP spoofing attack, the attacker attempts to obtain illicit and illegal access to a network
through messages with a bogus or spoofed IP address to deceive and show it off as a message
from a trusted source. This is achieved by using a genuine host’s IP address and varying the
packet headers led from their personal system to mimic it as an original and a trusted
computer’s IP address.

B) DIFFERENCE BETWEEN SNIFFING AND SPOOFING

Now that we have understood what is sniffing and spoofing, the spoofing and sniffing
definition, let’s now compare packet sniffing and packet spoofing. 

 During the process of sniffing, the networks’ data traffic is the main target of the attacker
who captures data packets that flows across a computer network using packet sniffers. 
Whereas in spoofing, the attacker rip-offs the authorizations of a user and deploys those
details in a system as an authentic user to unveil attacks against network hosts, take data,
disburse malware, or circumvent access controls.
 In spoofing, the attackers use another person’s IP address to produce TCP/IP. In packet
sniffing, a sniffing program is on a part between two interactive endpoints where the attacker
pretends to be one end of the connection to the target and snoop on files delivered between
the two endpoints. 
The software or method depleted to achieve this is called a packet sniffer, which is a function
that sniffs without altering the network’s packets in any way.

 In short, packet sniffing means eavesdropping on other people’s conversations.  Packet

spoofing refers to dynamically presenting phony network traffic impersonating to be
someone else.
 In packet sniffing, an attacker can’t cause any mutilation to the system per se and hence is a
passive attack. Packet spoofing is an active attack where it is possible for an attacker to
introduce a harmful program to taint the victim’s system.
 The attackers get access to the device or system through which the traffic is directed in packet
and packet spoofing, the attack is done by transferring packets with incorrect source address
i.e., modifying routing tables.
 A popular method to defend sniffing is by way of encryption while the top method to tackle
spoofing is by use of digital signatures.

Spoofing definition

In cybersecurity, ‘spoofing’ is when fraudsters pretend to be someone or something else to

win a person’s trust. The motivation is usually to gain access to systems, steal data, steal
money, or spread malware.

What is spoofing?

Spoofing is a broad term for the type of behavior that involves a cybercriminal masquerading
as a trusted entity or device to get you to do something beneficial to the hacker — and
detrimental to you. Any time an online scammer disguises their identity as something else,
it’s spoofing.

Spoofing can apply to a range of communication channels and can involve different levels of
technical complexity. Spoofing attacks usually involve an element of social engineering,
where scammers psychologically manipulate their victims by playing on human
vulnerabilities such as fear, greed, or lack of technical knowledge.
How does spoofing work?

Spoofing typically relies on two elements – the spoof itself, such as a faked email or website,
and then the social engineering aspect, which nudges victims to take action. For example,
spoofers may send an email that appears to come from a trusted senior co-worker or manager,
asking you to transfer some money online and providing a convincing rationale for the
request. Spoofers often know what strings to pull to manipulate a victim into taking the
desired action – in this example, authorizing a fraudulent wire transfer – without raising
suspicion.
 A successful spoofing attack can have serious consequences – including stealing personal or
company information, harvesting credentials for use in further attacks, spreading malware,
gaining unauthorized network access, or bypassing access controls. For businesses, spoofing
attacks can sometimes lead to ransomware attacks or damaging and costly data breaches.

There are many different types of spoofing attacks – the more straightforward ones relate to
emails, websites, and phone calls. The more complex technical attacks involve IP addresses,
Address Resolution Protocol (ARP), and Domain Name System (DNS) servers. We explore
the most common spoofing examples below.

Types of spoofing

Email spoofing

Among the most widely-used attacks, email spoofing occurs when the sender forges email
headers to that client software displays the fraudulent sender address, which most users take
at face value. Unless they inspect the header closely, email recipients assume the forged
sender has sent the message. If it’s a name they know, they are likely to trust it.

Spoofed emails often request a money transfer or permission to access a system.

Additionally, they can sometimes contain attachments that install malware — such as Trojans
or viruses — when opened. In many cases, the malware is designed to go beyond infecting
your computer and spread to your entire network.

Email spoofing relies heavily on social engineering — the ability to convince a human user to
believe that what they are seeing is legitimate, prompting them to take action and open an
attachment, transfer money, and so on.

How to stop email spoofing:

Unfortunately, it is impossible to stop email spoofing completely because the foundation for
sending emails – known as the Simple Mail Transfer Protocol – doesn’t require any
authentication. However, ordinary users can take simple steps to reduce the risk of an email
spoofing attack by choosing a secure email provider and practicing good cybersecurity
hygiene:

 Use throwaway email accounts when registering for sites. This reduces the risk of your
private email address appearing in lists used for sending spoofed email messages in bulk.
 Make sure your email password is strong and complex. A strong password makes it harder
for criminals to access your account and use it to send malicious emails from your account.
 If you can, inspect the email header. (This will depend on the email service you are using and
will only work on desktop.) The email header contains metadata on how the email was routed
to you and where it came from.
 Switch on your spam filter.This should prevent most spoofed emails from coming into your
inbox. 
IP spoofing

Whereas email spoofing focuses on the user, IP spoofing is primarily aimed at a network.
 IP spoofing involves an attacker trying to gain unauthorized access to a system by sending
messages with a fake or spoofed IP address to make it look like the message came from a
trusted source, such as one on the same internal computer network, for example.

Cybercriminals achieve this by taking a legitimate host's IP address and altering the packet
headers sent from their own system to make them appear to be from the original, trusted
computer. Catching IP spoofing attacks early is especially important because they often come
as part of DDoS (Distributed Denial of Service) attacks, which can take an entire network
offline. You can read more in our detailed article about IP spoofing.
How to prevent IP spoofing – tips for website owners:
 Monitor networks for unusual activity.
 Use packet filtering systems capable of detecting inconsistencies, such as outgoing packets
with source IP addresses that don't match those on the network.
 Use verification methods for all remote access (even among networked computers).
 Authenticate all IP addresses.
 Use a network attack blocker.
 Ensure at least some computer resources are behind a firewall.
Website spoofing

Website spoofing – also known as URL spoofing – is when scammers make a fraudulent
website resemble a legitimate one. The spoofed website will have a familiar login page,
stolen logos and similar branding, and even a spoofed URL that appears correct at first
glance. Hackers build these websites to steal your login details and potentially drop malware
onto your computer. Often, website spoofing takes place in conjunction with email spoofing
– for example, scammers might send you an email containing a link to the fake website.

How to avoid website spoofing:

 Look at the address bar – a spoofed website is unlikely to be secured. To check, the URL
should start with https:// rather than http:// - the "s" stands for "secure," and there should be a
lock symbol in the address bar too. This means that the site has an up-to-date security
certificate. If a site does not have this, it doesn’t necessarily mean it has been spoofed – look
out for additional signs as well.
 Look out for poor spelling or grammar, or logos or colors which may appear slightly wrong.
Check that content is complete – for example, spoofed websites sometimes don’t bother to
populate the privacy policy or terms & conditions with actual content.
 Try a password manager – software used to autofill login credentials does not work on
spoofed websites. If the software doesn't automatically complete the password and username
fields, it could indicate that the website is spoofed.
Caller ID or phone spoofing

Caller ID spoofing – sometimes called phone spoofing – is when scammers deliberately

falsify the information sent to your caller ID to disguise their identity. They do this because
they know you are more likely to pick up your phone if you think it is a local number calling
instead of one you don't recognize.
 Caller ID spoofing uses VoIP (Voice over Internet Protocol), which allows scammers to
create a phone number and caller ID of their choice. Once the recipient answers the call, the
scammers try to obtain sensitive information for fraudulent purposes.

How to stop someone from spoofing my phone number:

 Check to see if your phone carrier has a service or app that helps identify or filter out spam
calls.
 You can consider using third-party apps to help block spam calls – but be aware that you will
be sharing private data with them.
 If you receive a call from an unknown number, often it is best not to answer it. Answering
spam calls invites more spam calls, as the scammers then consider you a potential prospect.

Text message spoofing

Text message spoofing – sometimes called SMS spoofing – is when the sender of a text
message misleads users with fake displayed sender information. Legitimate businesses
sometimes do this for marketing purposes by replacing a long number with a short and easy-
to-remember alphanumeric ID, ostensibly so that it's more convenient for customers. But
scammers also do it – to hide their real identity behind an alphanumeric sender ID, usually
masquerading as a legitimate company or organization. Often, these spoofed texts include
links to SMS phishing (known as “smishing”) sites or malware downloads.

How to prevent text messaging spoofing:

 Avoid clicking on links in text messages as much as possible. If an SMS appearing to be from
a company you know asks you to take urgent action, visit their website directly by typing in
the URL yourself or searching via a search engine, and don’t click on the SMS link.
 In particular, never click on “password reset” links in SMS messages – these are highly likely
to be scams.
 Remember that banks, telecoms, and other legitimate service providers never ask for personal
details via SMS – so don’t give out personal information in this way.
 Exercise caution about any “too good to be true” SMS alerts about prizes or discounts – they
are likely to be scams.
ARP spoofing

Address Resolution Protocol (ARP) is a protocol that enables network communications to

reach a specific device on a network. ARP spoofing, sometimes also called ARP poisoning,
occurs when a malicious actor sends falsified ARP messages over a local area network. This
links the attacker’s MAC address with the IP address of a legitimate device or server on the
 network. This link means the attacker can intercept, modify, or even stop any data intended
for that IP address.

How to prevent ARP poisoning:

 For individuals, the best defense against ARP poisoning is to use a Virtual Private Network
(VPN).
 Organizations should use encryption – i.e., HTTPS and SSH protocols – to help reduce the
chance of an ARP poisoning attack succeeding.
 Organizations should also consider the use of packet filters – filters that block malicious
packets and those whose IP addresses are suspicious.
DNS spoofing

DNS spoofing – sometimes called DNS cache poisoning – is an attack in which altered DNS
records are used to redirect online traffic to a fake website that resembles its intended
destination. Spoofers achieve this by replacing the IP addresses stored in the DNS server with
the ones the hackers want to use. You can read more about DNS spoofing attacks in our full
article here.
How to avoid DNS spoofing:
 For individuals: never click on a link you are unsure of, use a Virtual Private Network (VPN),
regularly scan your device for malware, and flush your DNS cache to solve poisoning.
 For website owners: use DNS spoofing detection tools, domain name system security
extensions, and end-to-end encryption.
GPS spoofing

GPS spoofing occurs when a GPS receiver is tricked into broadcasting fake signals that look
like real ones. This means that the fraudsters are pretending to be in one location while
actually being in another. Fraudsters can use this to hack a car's GPS and send you to the
wrong place or – on a much bigger scale – can even potentially interfere with the GPS signals
of ships or aircraft. Many mobile apps rely on location data from smartphones – these can be
targets for this kind of spoofing attack.

How to prevent GPS spoofing:

 Anti-GPS spoofing technology is being developed, but mainly for large systems, such as
maritime navigation.
 The simplest (if inconvenient) way for users to protect their smartphones or tablets is to
switch it to "battery-saving location mode." In this mode, only Wi-Fi and cellular networks
are used to determine your location, and GPS is disabled (this mode is unavailable on some
devices).
Facial spoofing
Facial recognition technology is used to unlock mobile devices and laptops and increasingly
in other areas, such as law enforcement, airport security, healthcare, education, marketing,
and advertising. Facial recognition spoofing can occur through illegally obtained biometric
data, either directly or covertly from a person’s online profiles or through hacked systems.
How to prevent facial spoofing:

Most facial recognition anti-spoofing methods involve Liveliness Detection. This determines
whether a face is live or a false reproduction. There are two techniques involved:
 Eye blink detection – which observes patterns in blink intervals – fraudsters who can’t match
these patterns are denied access.
 Interactive detection – which asks users to perform specific facial actions to check they are
real.

How to prevent spoofing

In general, following these online safety tips will help to minimize your exposure to spoofing
attacks:

1. Avoid clicking on links or opening attachments from unfamiliar sources. They could

contain malware or viruses which will infect your device. If in doubt – always avoid.
2. Don’t answer emails or calls from unrecognized senders. Any communication with a
scammer carries potential risk and invites further unwanted messages.
3. Where possible, set up two-factor authentication. This adds another layer of security to the
authentication process and makes it harder for attackers to access your devices or online
accounts.
4. Use strong passwords. A strong password is not easy to guess and ideally made up of a
combination of upper- and lower-case letters, special characters, and numbers. Avoid using
the same password across the board and change your password regularly. A password
manager tool is an excellent way to manage your passwords.
5. Review your online privacy settings. If you use social networking sites, be careful who you
connect with and learn how to use your privacy and security settings to ensure you stay safe.
If you recognize suspicious behavior, have clicked on spam, or have been scammed online,
take steps to secure your account and be sure to report it.
6. Don’t give out personal information online. Avoid disclosing personal and private
information online unless you are 100% sure it is a trusted source.
7. Keep your network and software up to date. Software updates include security patches,
bug fixes, and new features – keeping up to date reduces the risk of malware infection and
security breaches.
8. Look out for websites, emails, or messages with poor spelling or grammar – plus any
other features that look incorrect, such as logos, colors, or missing content. This can be a sign
of spoofing. Only visit websites with a valid security certificate.
In the US, victims of spoofing can file a complaint with the FCC’s Consumer Complaint
Center. Other jurisdictions around the world have similar bodies with their own complaints
procedures. If you have lost money due to spoofing, you can involve law enforcement.
The best way to stay safe online is by a robust antivirus software solution. We
recommend Kaspersky Total Security: a well-rounded cybersecurity package that will protect
you and your family online and ensure a safer internet experience.

What Is Fraud?

Fraud is an intentionally deceptive action designed to provide the perpetrator with an

unlawful gain or to deny a right to a victim. Types of fraud include tax fraud, credit card
fraud, wire fraud, securities fraud, and bankruptcy fraud. Fraudulent activity can be carried
out by one individual, multiple individuals or a business firm as a whole.
KEY TAKEAWAYS

 Fraud involves deceit with the intention to illegally or unethically gain at the expense
of another.
 In finance, fraud can take on many forms including making false insurance claims,
cooking the books, pump & dump schemes, and identity theft leading to
unauthorized purchases.
 Fraud costs the economy billions of dollars each and every year, and those who are
caught are subject to fines and jail time.

Fraud Explained

Fraud involves the false representation of facts, whether by intentionally withholding

important information or providing false statements to another party for the specific purpose
of gaining something that may not have been provided without the deception.

Often, the perpetrator of fraud is aware of information that the intended victim is not,
allowing the perpetrator to deceive the victim. At heart, the individual or company
committing fraud is taking advantage of information asymmetry; specifically, that the
resource cost of reviewing and verifying that information can be significant enough to create
a disincentive to fully invest in fraud prevention.

Both states and the federal government have laws that criminalize fraud, though fraudulent
actions may not always result in a criminal trial. Government prosecutors often have
substantial discretion in determining whether a case should go to trial and may pursue a
settlement instead if this will result in a speedier and less costly resolution. If a fraud case
goes to trial, the perpetrator may be convicted and sent to jail.

Hacking is an attempt to exploit a computer system or a private network inside a computer.

Simply put, it is the unauthorised access to or control over computer network security
systems for some illicit purpose.

Description: To better describe hacking, one needs to first understand hackers. One can
easily assume them to be intelligent and highly skilled in computers. In fact, breaking a
security system requires more intelligence and expertise than actually creating one. There are
no hard and fast rules whereby we can categorize hackers into neat compartments. However,
in general computer parlance, we call them white hats, black hats and grey hats. White hat
professionals hack to check their own security systems to make it more hack-proof. In most
cases, they are part of the same organisation. Black hat hackers hack to take control over the
system for personal gains. They can destroy, steal or even prevent authorized users from
accessing the system. They do this by finding loopholes and weaknesses in the system. Some
computer experts call them crackers instead of hackers. Grey hat hackers comprise curious
people who have just about enough computer language skills to enable them to hack a system
to locate potential loopholes in the network security system. Grey hats differ from black hats
in the sense that the former notify the admin of the network system about the weaknesses
discovered in the system, whereas the latter is only looking for personal gains. All kinds of
hacking are considered illegal barring the work done by white hat hackers.