Online Safety: How to protect personal information on the internet.

Info para la expo

Introduce the subject and give importance

Start with a question (why we have to protect ourselves on the internet).
Well, you should know that not everything on the internet is good and that there are dangers
for which we must be careful, these dangers are found in different forms and are present at all
times.
The purpose of this presentation is to give you an understanding of what dangers abound on
the Internet and how to protect yourself from them.
To begin with, let's talk a little about the dangers that dwell there (tell me what dangers there
are on the internet).

Statement of presentation objectives.

I want to show them how things work

I want to demonstrate the insecurity to which they are exposed.
I want to teach them methods of protection against threats

Development

the way things work

how gogle accounts work

how the internet works

network

osi model
 ip addresses

mac addresses

how information is transmitted

Codification of information

Data packaging

Signal transmission

Wiring

Wireless

Multiplexing and routing

Reception and decoding

Delivery to destination

the insecurity they are exposed to

Unauthorized access: When unauthorized users gain access to resources or data on the
network.

System vulnerabilities: Weaknesses in software or hardware that can be exploited by attackers

to gain unauthorized access.

Packet filtering and firewalls: Inadequate configuration of firewalls or filtering rules that allow
unwanted traffic.
Denial-of-service (DoS) attacks: Attempts to overload a network or service with malicious traffic
to make it inaccessible.

Distributed denial of service (DDoS) attacks: Variant of DoS attacks in which multiple devices
coordinate to carry out the attack.

Internet insecurities:

Phishing: Attacks that seek to trick users into revealing sensitive information, such as
passwords or credit card information.

Malware: Malicious software, such as viruses, Trojans and ransomware, that installs itself on
systems without permission and can damage or steal data.

Brute-force attacks: Repeated attempts to guess passwords by guessing multiple

combinations.

SQL injection: Malicious insertion of SQL code into forms or URLs to gain unauthorized access
to databases.

Session hijacking: Attacks that take control of a valid user session to perform malicious actions
on their behalf.

Network sniffing: Interception of data transmitted on the network to steal confidential

information.

Man-in-the-middle (MITM) attacks: Interception and alteration of communication between two

parties without either party knowing.

Web application attacks: Exploitation of vulnerabilities in web applications to gain unauthorized

access.
DNS insecurities: Corruption or poisoning of DNS servers to redirect traffic to malicious
websites.

Social engineering: Psychological manipulation of users to gain confidential information or

access to systems.

methods of protection against threats

Keep your systems up to date: Make sure your operating system, software and applications
are always updated with the latest security fixes. Updates often fix known vulnerabilities.

Use strong passwords: Create unique and complex passwords for your online accounts. Avoid
obvious passwords such as "123456" or "password". Consider using password managers to
securely manage passwords.

Two-factor authentication (2FA): Enable two-factor authentication whenever possible. This

adds an additional layer of security by requiring a second method of verification in addition to
the password.

Guard your personal data: Be cautious about the personal information you share online. Don't
reveal sensitive information such as your social security number, address or financial details
unless it is necessary and reliable.

Avoid phishing: Be wary of suspicious emails or messages asking for personal information or
passwords. Don't click on links or download attachments from untrusted sources.

Use secure connections: When entering sensitive information, make sure you are on a secure
website (HTTPS) and avoid using unsecured public Wi-Fi networks for sensitive transactions.

Maintain antivirus software: Install and regularly update antivirus and antimalware software on
your device to protect against online threats.

Set up firewalls: Use a firewall to monitor network traffic and block potential threats. Most
operating systems have built-in firewalls.

Do not share passwords: Do not share your passwords with anyone. Also, do not write your
passwords in public or shared places.
Protect your mobile devices: Make sure your mobile devices have screen locking and remote
tracking and wiping functions in case of loss or theft.

Verify the authenticity of websites and emails: Before providing information online, verify that
websites are legitimate and that emails come from trusted sources.

Cyber security education: Learn about the latest cyber threats and how to protect yourself.
Security education is essential to staying safe online.

Data backup: Make regular backups of your important data in case of data loss due to attacks
or technical problems.

Social networking: Set up privacy settings on your social networking accounts and be selective
about the people you accept as contacts.

Safe downloads: Download software and applications only from trusted sources, such as
official app stores.

Interactive Activity: Phishing Email Identification Simulation

Goal: I want to help all of you develop practical skills in identifying phishing emails
and increase awareness of online security risks.

Materials:

We will all need our computers or mobile devices with Internet access.

I will provide examples of phishing emails for us to analyze together.

Steps:

Introduction (5 minutes):

Let's start with a brief review of key online security concepts.

I will explain what the objective of the activity is.

Examples of Phishing Emails (10 minutes):

I will show on screen several examples of phishing emails and discuss the common
characteristics we should look for to identify them.

Identification Simulation (20 minutes):

I will break you into small groups.

I will distribute examples of phishing emails to each group.

I will ask them to analyze the emails and discuss whether they think they are legitimate or
phishing.

Then, each group will present their findings and justifications.

Discussion and Feedback (15 minutes):

We will compare the groups' responses and discuss the differences in their analyses.

I will highlight the key indicators of phishing present in the emails.

Evaluation and Questions (10 minutes):

I will conduct a short phishing identification test with multiple choice questions.

I will invite them to ask questions or share their experiences about online security.

Conclusion (5 minutes):

I will summarize the key points and lessons learned during the activity.

I will reinforce the importance of staying vigilant online and responsible use of technology.

Engagement Activity (20 minutes):

I will provide more examples of phishing emails and allow them to practice identification in
groups.

I will facilitate collaboration and brainstorming.

Closing (5 minutes):

I will thank everyone for their participation.

I will provide additional resources, such as links to online safety websites and tips for staying
safe on the Internet.

Multiple choice questions for the activity

 Which of the following is a common indicator of a phishing email? a) Known
sender name b) Link to a secure website c) Spelling and grammar errors d)
Inclusion of a digital signature.

What is phishing? a) A method of safe Internet browsing. b) A type of malware that infects
devices. c) An attempt to trick people into revealing personal information. d) An online data
protection service.

What is the best practice when receiving a suspicious email? a) Click on all links to verify its
authenticity. b) Reply to the email with personal information. c) Ignore the email altogether. d)
Verify the legitimacy of the email through other sources.

Which of the following actions is NOT recommended when identifying a phishing email? a)
Forward the email to your contacts. b) Click on the links to see where they take you. c) Verify
the sender of the email. d) Do not provide personal or financial information.

Why is it important to verify the domain of a suspicious email? a) To earn points in an online
game. b) To make sure the email is legitimate. c) To block the sender immediately. d) To share
the information with friends and family.

What is a key indicator of phishing in an email? a) Known sender's name. b) Use of clear and
concise language. c) Urgent request for personal information. d) Inclusion of a contact phone
number.

What is the primary purpose of a phishing attack? a) To steal personal or financial information.
b) To provide online security advice. c) To promote legitimate products and services. d) To
disseminate information of public interest.

What should people do if they believe they have fallen for a phishing scam? a) Ignore the
incident and wait for it to go away. b) Immediately report it to cybersecurity authorities. c) Share
the experience on social networks. d) Provide more information to the scammers.

What role does two-factor authentication (2FA) play in online security? a) Provide a basic level
of Internet security. b) Ensure that all emails are legitimate. c) Add an additional layer of
protection to online accounts. d) Slow down online browsing.
What should people do if they receive an email requesting confidential information, such as
passwords or credit card numbers? a) Provide the requested information. b) Share the email
with friends and family. c) Ignore the email completely. d) Do not provide information and
contact the entity in question through official sources.

answers
c) Spelling and grammatical errors.

c) An attempt to trick people into revealing personal information.

d) Verifying the legitimacy of the email through other sources.

b) Click on the links to see where they take you.

b) To make sure that the mail is legitimate.

c) Urgent request for personal information.

a) To steal personal or financial information.

b) To immediately inform cybersecurity authorities.

c) To add an additional layer of protection to online accounts.

d) Do not provide information and contact the entity in question through official sources.