Professional Documents
Culture Documents
in
PREFACE
Women play a crucial role in the growth of the economy. Over the years Indian women have con-
tributed to the development of the nation. A large number of women are in the forefront leading
various corporate organizations. They have contributed well to the entrepreneurial programs as
well. But still there are women who need to be empowered through education and motivate to
come forward to dream bigger and to realize their dreams. Digital India movement the flagship
programme of Indian government has given importance to empowering women digitally and also
to make them more liberated, strong and empowered by participating in the development of the
nation. Digital India has the main mandate of digital services accessible for all class of people in
India and also has a focus on social and economic empowerment of women.
At present Internet users India are near to 500 million with an estimate of 143 million female
internet users overall, which is approximately 30% of total Internet users in India. Cyber crimes
against women are on the rise and have been drastically victimized in the cyberspace. Some neg-
ative minded people try to defame women by sending obscene e-mails, stalking women by using
chat rooms, websites etc, spoofing e-mails, morphing of images for pornographic content etc.
Massive awareness needs to be created among women regarding the safe use of Mobile Phones,
Computers and the Internet. While digital India is paving its way in urban and rural India, the
underlining digital gender gap still persists. Digital literacy is therefore a key to ensure everyone
stays informed, engaged and safe online.
Even though today’s women and are strong and equally contributing towards the development of
the society, women still face issues of abuse in physical as well as cyber world. Even though cyber
crimes in general are considered to be gender neutral the problems and issues faced by women
are different and more damaging and creates intense agony. Considering the sensitivity behind
the issues faced by women in India, Information Security Education & Awareness has created a
Handbook exclusively for women in India. This Cyber Security Handbook for women would help
women to follow safety measures while using the cyber space and derive benefits by safe use of
cyber space.
CONTENTS
page 6 page 8 page 12 page 16
APPS DESKTOP PASSWORD E-MAIL BASED
USED SECURITY THREATS CYBER THREATS
Ministry of Electronics
Introduction
and Information Technology
Government of India India, with its major population hooked on to social me-
dia where women use Internet for daily requirements
is in steep rise. Being a part of a connected community
many women rely on Internet for online shopping, online
transactions, social media, travel assistance, messaging,
Shri.Sitaram Chamarthy ( TCS )
email, cooking videos, job search, yoga videos, parent-
ing advice for new mothers, entrepreneurial assistance
Shri U Rammohan Rao, CID, on starting new business online etc., Most women tend
Telangana State to use internet in their available free time. In general, a
woman’s nature is a very good. They are caring, innocent,
Shri G V Raghunathan, dedicated, honest and also they tend to believe what they
(Retd) Sr Director, MeitY see which may not be true always. Cyber criminals take
advantage of women’s vulnerable nature resulting in
Shri Magesh E, Director, steep increase in cyber crimes against women.
C-DAC Hyderabad
Internet made our life in this digital world much more
Shri S K Vyas, MeitY
Shri Ch A S Murty
convenient, but it also has negative effects. Internet of-
Mrs Soumya M fers various opportunities to individuals who want to ex-
Mrs G Jyostna ploit the internet for their selfish motives. This result in
Mrs Indrakeerthi K & various threats like Malware, Phishing, Pharming, Identi-
ISEA Team Members, ty theft, Spoofing, Online scams, Virus, Trojan, Ransom-
C-DAC Hyderabad ware and many more. This leave with us a big question in
our mind how safe is women in this cyber world. In this
digitally connected world, women are abused harassed,
Honorary Professor. N Balakrishnan
Prof. Sukumar Nandi threatened, stalked and violated on daily basis. But there
Prof. V Kamakoti is no need of worry; by taking small step to secure them-
Prof. M S Gaur selves, they can be very much safe in this cyber world.
4 5
Shopping They don’t even check Job Portals er these can also cause
Applications for the privacy settings Online job portal threat to your identity.
Online shopping of these applications you will find all Identity thieves scan
websites now before they download. current vacan- through the prominent
possess mobile This can result in com- cies and job of- job sites to find people
friendly applications promising your per- fers worldwide. You can looking for change of
to provide more ease sonal sensitive infor- submit your job appli- jobs. They collect the
to users. Social media mation stored in mobile cation through this job keywords of your job
is flooded with adver- phones. These applica- portal and ensure that search and make calls
tisements of different tions can also cheat the your application gets offering you fake job
shopping applications customer with cheaper immediate attention. A .They offer job related to
with attractive offers. products than which few renown job portal the keywords you were
Women get attracted was shown during the applications are Naukri, browsing in job portals
with these offers for the purchase. Times Jobs, Indeed, and gain your trust.
products they showcase shine etc. as said earli-
in the advertisements.
6 www.infosecawareness.in
2 3
Education cult than you think. Banking applications for online
Applications Many applications offer Applications transactions and pay-
Mothers always free trial with informa- With the develop- ment for online sho
look for the best tive content during the ment of Banking ping etc, with all its pos-
for their children. trial period. Once the Applications, the itive features that exists
Some educational apps trial period is over and banks process has be- it has negative effect as
are tailored for high- they pay for the pur- come faster and more well where cyber crimi-
school students, some chase of the applica- reliable and the record nals can send email with
for soon-to-be college tion, the quality of the keeping and retrieval link for transactions with
graduates; some are content degrades and becomes much easi- logos/ texts resembling
more apt for those who the customer results in er. Banking apps help the legitimate bank
provide an education. loss of money and feels users understand and websites. When you
Educational Applica- cheated. A few reliable analyze their spending perform transactions
tions has got lot of at- ones are Google class habits on an annual, through these links the
tention among moth- room, Class tree, Byjus monthly and even daily money will be directly
ers. But locating the App, Khan Academy, basis. transferred to the cyber
best ones is more diffi- edmodo etc. Women rely on banking criminal’s account.
6 7
Chatting / In- Women tend to use In- Travel and Hotel often provide flight and
stant Messaging stant messaging apps. Booking Apps hotel deals which are
Applications It can be used to call Travel and ho- available exclusively to
Nowadays e-mail/ friends/family. It also al- tel booking Apps Apps.
SMS/Instant Mes- lows group chats. Even occasionally,give
saging(IM) are main though it helps you in you combo offers while Seeing the offers many
communication me- many ways, there are booking flight tickets or book the travel tickets
dia among women. It many security issues. hotels. Most travel com- and end up with loss of
is hard to find anyone Your profile picture can panies offer a discount money as there was no
without using a smart be viewed and used by when you get your tick- ticket/hotel booked in
phone. The mobile IM anyone. This can cause ets done through their their name. There are
apps have overtaken a threat to your identity. app for the first time. a few reliable apps like
the Short Message Ser- Mobile instant message Another major benefit make my trip, trivago,
vice (SMS). (IM) applications such is that these travel apps yatra, agoda etc.
as WhatsApp, WeChat,
Because of user friend- and LINE etc. are widely
liness of the IM apps used by everyone.
An unfortunate number of women are becoming victims of cyber crimes. The grow-
ing reach of the Internet and the rapid spread of information through mobile devices
have presented new opportunities that could put some women at risk, so it is impor-
tant to be mindful of the dangers.
A personal computer used without proper security measure could lead to exploiting
the system for illegal activities using the resources of such in secured computers.
These exploiters could be Virus, Trojans, Key loggers and sometimes real hackers.
This may result in data theft, data loss, personal information disclosure, stealing of
credentials like passwords etc. So, protect and secure your Personal Computer be-
fore it is compromised.
Browser Security e-Mail Security Wireless Security Modem Security
• Always update • Always use strong • Change default • Change the default
your Web Browser password for your Administrator passwords.
with latest patches. email account. passwords. • Switch off when
• Use privacy or • Always scan the • Turn On WPA (Wi-Fi not in use.
security settings email attachments Protected Access) /
which are inbuilt in with latest updated WEP Encryption.
the browser. Anti-Virus and An- • Change default
• Also use content ti-Spy ware before SSID.
filtering software. opening. • Enable MAC ad-
• Always have Safe • Always remember dress filtering.
Search “ON” in to empty the Spam • Turn off your wire-
Search Engine. folder. less network when
not in use.
8 www.infosecawareness.in
Internet Security:
• Check the copy- which is secure. rather than third
right issues before • If the site uses SSL, party websites.
using the content verify the certificate • Scan the down-
of Internet. Fol- details like who is loaded files with an
low Internet Ethics the owner, expiry updated Anti-Virus
while browsing. date of the certifi- Software before us-
• Always access the cate etc to confirm ing it.
site which uses whether it is trust- • Install and prop-
https (Hyper Text ed or not. You can erly configure a
Transfer Proto- do this by clicking software firewall,
col Secure) while the lock icon. to protect against
performing on- • Use only original malicious traffic.
line transactions, websites for down-
downloads etc, loading the files
Data Security
Things to
remember
while using
your personal
computer
10 www.infosecawareness.in
PASSWORD
Passwords are the most practical way to protect our
online identities to ourselves.
THREATS
Passwords are used for your personal devices, emails, banking applications and
for almost for everything you need internet. With all of this sensitive data at stake,
creating good passwords is very important to prevent identity theft.
Also passwords are the most commonly used mechanism to authenticate users to
an information system. Passwords play a major role of defence against hacking your
accounts or devices. The techniques used by cyber criminals are almost the same
either for women or anyone else. Let us see few techniques used commonly by cyber
criminals to get hold of your passwords.
12 www.infosecawareness.in
Bruteforce attacks You should not use a password that repre-
Another way of stealing the password is through sents your personal
guess. Hackers try all the possible combinations information like nick-
with the help of personal information of an individ- names, phone num-
ual. They will try with the person’s name, pet name bers, date of birth etc.
(nick name), numbers (date of birth, phone num-
bers), school name…etc. When there are large num- Making passwords
ber of combinations of passwords the hackers uses more complex increases the difficulty of
fast processors and some software tools to crack attacks that rely on brute force or educated
the password. This method of cracking password guessing.
is known as “Brute force attack”. Few tips to avoid
threats from Brute force attack.
Password recovery/reset systems one else. Remember that any rule that applies to
An intruder may not need to get the password from your password also applies to your password recov-
the user if he can persuade the authentication sys- ery question, which should be something no one
tem to either mail it to him or change it to some- should guess – and, like your password, something
thing of his choice. Systems to allow the legitimate you should never reveal to others.
user to recover or change a password they have for-
gotten can also let other people do the same. Help- Use information that is
desk operators need to be particularly careful to not in social media for
check the identity of anyone asking for a password recovery of password
reset. On-line systems that rely on “secret ques-
tions” such as “name of first school” or “birthday” Activate two factor authentication
are trivial to defeat if that information can be found
on a social network. Systems that send reminders
to a backup e-mail address or phone number can
fail if the user changes address or number allowing
the abandoned backup to be registered by some-
You should not write the passwords on the Writing your passwords on the papers or
paper or on any disk drive to store it storing it on hard disk
The strangers search for the papers or the
Do not select ‘Yes’ when ap- disk for passwords where they have been
plications ask you if you want written.
them to remember your pass-
words for you
14 www.infosecawareness.in
Using weak Passwords or blank passwords a website, is a very poor choice as a password.
Weak and blank passwords are one of the easiest
ways to attackers to crack into your system. Cyber Always you need to
criminals can use the same techniques used to “Use Strong Passwords”
guess the answers to secret questions can also be
used to guess passwords. Anything based on some-
thing your friends will know, or that is available from
16 www.infosecawareness.in
sion are allowed. lous Web site operators who sell are targeted at you by unknown
e-mail addresses to them. Also users by offering gifts, lottery,
they may just get lucky by guess- prizes, which might be free of
ing the email. Spam messages cost, and this may ask your per-
may trouble you by filling your sonal information for accepting
inbox or your e-mail database. the free gift or may ask money
Spam involves identical messag- to claim lottery and prizes it is
es sent to various recipients by one way to trap your personal
e-Mail. Sometimes spam e-mails information.
Fake e-Mails come with advertisements and
Sometimes e-Mails are received may contain a virus. By opening
with fake e-mail address like such e-Mails, your system can
services@facebook.com by be infected and your e-Mail ID
an attachment named, “Face- is listed in spammers list. Spam
book_Password_4cf91.zip and can lead to network congestion,
includes the file Facebook_Pass- clutter your mail and also can
word_4cf91exe” that, the e-mail have Malware.
claims, contains the user’s new Look for grammatical errors in
facebook password. When a the e-mail
user downloads the file, it could
cause a mess on their computer Always ignore free gifts offered
and which can be infected with from unknown users.
malicious software.
Hoaxes
Hoax is an attempt to make the
Use a Quality Email Filter: This person believe something which
can prevent you from coming is false as true. It is also defined
into contact with a cyber-threat. as an attempt to deliberately
spread fear, doubt among the
It is always recommended to ig- users.
nore or delete spam e-mails.
Always check and confirm from Since the e-Mail messages are
where the e-mail has been re- Never, ever, unsubscribe or reply transferred in clear text, it is ad-
ceived, generally service people to a spam e-mail. This only con- visable to use some encryption
will never ask or provide your firms to the spammer that your software like PGP (pretty good
password to change. e-mail address is real. privacy) to encrypt email mes-
sages before sending, so that
If you subscribe to e-mail or text Phishing e-mails it can be decrypted only by the
alerts from your bank or finan- These appear very authentic, specified recipient only.
cial institution, you should be fa- and often include graphics and
miliar with the format, content, logos that are actually from your
and address of these messages. bank. There may even be a link
Be suspicious of anything you re- that actually takes you to your
ceive that is out of the norm. bank’s Web site. Even if you don’t
enter any personal information,
Spam e-Mails clicking the link can infect your
Spammers get e-mail addresses computer with data-stealing
from newsgroups, unscrupu- malware. Sometimes e-Mails
Why to secure your web browser ? • Many women computer users are not aware of
the click on the web links.
Securing browser is the first step that needs to be • Software and third party software packages in-
taken in order to assure secure online protection. stalled combined increases the number of vul-
There is an increase in number of threats taking nerabilities
advantage of vulnerabilities present in the web • Many websites request their users enable fea-
browsers through use of malicious websites. This tures or install more software, third- party soft-
problem is made worse by a number of factors, in- ware which doesn’t get security updates put-
cluding the following: ting the computer at additional risk.
• Many users do not know how to configure their
web browsers securely.
18 www.infosecawareness.in
Web Browser Risks information
The browsers are enabled by When users log into a • Clicking on popup with
default with some of the features website, they enter their attractive offers may charge
to improve our online sessions, username and password you without notification
but at the same time these into a login page and, if they Seeta was listening music
options create a big security risk are authenticated, a cookie online from XYZ@music.
for our operating systems and is saved that allows the com, after some couple of
databases. The online criminals website to know the users hours later she came across
use available vulnerabilities in are already a Pop-up which tells to
our browser and in its additional logged in as download the latest songs
features to control operating they navigate with only one click. She filled
systems, retrieve private data, around the the form displayed in my
damage important system files site. This browser download section.
or install data stealing software. permits them After a month she saw her
Some of the features are access to any credit card bill information
important for browser’s functionality which is showing some
functionality and the user should that may be unauthorized charges.
understand their importance available only She was very upset and
and should enable or disable for to logged-in surprised, called repeatedly
securing the browser. users, probably the primary to that particular website
use of cookies at this time. where she downloaded the
Browser Cookies songs but it was of no use.
A cookie is a small piece of text Pop-ups
sent to a browser by a website Popups are a small window Scripts
accessed through the browser. pane that opens automatically Scripts are used to create
The browser stores this data on your browser. Generally, they websites more interactive. It
and uses it in accessing the show advertising, which can is most commonly used as
features of the website or be from legitimate company, part of web browsers, whose
then next time the same site but also may be scams or implementations allow client-
is visited to make the access dangerous software. Pop-ups side scripts to interact with
more personalized. If a website mislead you to click the buttons the user, control the browser,
uses cookies for authentication, on the pop-up window. But communicate asynchronously,
then an attacker may be able to sometimes advertisers create and alter the document content
obtain unauthorized access to pop-up window that look similar that is displayed. The same
that site by obtaining the cookie. to a close or cancel option so script can be used for inclusion
whenever user choose such of malicious code which takes
• Cookie storing the search control of the web browser
requests there in by allowing accessing
Shanti visited a movie website the files of the system. It may
and indicated that she is cause damage to the system by
interested in comedies. The accessing the vulnerabilities in
cookies sent by the website the browser.
remembered her choice and
when she visited the same
website next time, she sees options the button performs an
comedies are displayed on unexpected action like opening
the website. another pop-up window,
performing unauthorized
• Cookie storing login commands on your system.
Do not track
It is a setting that allows
users to opt-out of third-
party tracking, such as
advertisers or sites on a
For example, users may website that you’re visiting.
download and install a plug-in This feature is only for third-
like Adobe Flash Player to view party tracking, which often
a web page which contains tracks users for behavioral
a video or an interactive advertising purposes;
game. But the plugin may be it doesn’t prevent the website that you’re visiting to collect
installed with a key logger information about you. All browsers settings have do not track
which captures all the key option which can be enabled.
strokes of the user typing in
the browser and send it to the Deleting browser history
attacker. Keep in mind that if someone is
monitoring your computer use,
deleting your browser history
Follow the best may appear suspicious. However,
practices in regularly deleting your browsing
using Internet history can increase privacy.
browsers
20 www.infosecawareness.in
USB
STORAGE
DEVICE
SECURITY
USB (Universal Serial Bus) storage devices are very convenient to transfer data be-
tween different computers. You can plug it into a USB port, copy your data, remove
it and be on your way. Unfortunately this portability, convenience and popularity also
brings different threats to your information.
Data thefts and Data leakage are everyday news now! All these can be controlled or
minimized with care, awareness and by using appropriate tools to secure the infor-
mation.
• Design and adopt a good security policy to limit the usage of USB
Storage devices.
• Monitor the employees what they are copying.
• Implement Authentication, Authorization and Accounting to secure
your information.
22 www.infosecawareness.in
What to do when you lose the Device ?
• If you have stored any personal or sensitive information inside the USB drive
like passwords etc, immediately change all passwords along with security
questions and answers provided during any account creation [There may
be chances that hacker can retrieve your online account logon information
by using data in the stolen drive].
• Also ensure that all security measures have been taken against the data
lost.
The mobile phones can be used as USB memory devices when connected to computer. A USB cable is
provided with the mobile phone to connect to computer.
• When a mobile phone is connected to a personal computer, scan the external phone memory and
memory card using an updated antivirus.
• Take regular backup of your phone and external memory card because if an event like a system crash
or malware penetration occurs, at least your data is safe.
• Before transferring the data to Mobile from computer, the data should be scanned with latest Antivirus
with all updates.
• Remember to remove the USB connection from your computer before you walk away.
• Never forward the virus affected data to other Mobiles.
Benefits
• USB device control with password protection
• Data Encryption on USB devices
• Auto run protection and Malware Detection
• Configurable read/write privilege protection
A few of the wireless devices are vulnerable in their default configuration mode.
Since end users especially women are not fully aware of security levels to be set
on these devices, they can be easily vulnerable to cyber threat. Cyber criminals
look for these unsecured Wi-Fi devices for fulfilling their illegal purposes. Anyone
with in his/her computer, laptop or mobile through wifi connectivity can connect
to unsecured Access Points (wireless routers). Also if the Access Point is config-
ured with the default settings or is unsecured, anyone in the range can connect to
it directly. Once the connection is established using the unsecured network ,the
attacker can send mails, download classified/confidential stuff, initiate attack on
other computers in the network, send malicious code to others, install a Trojan or
botnet on the victim’s computer to get long term control on it.
Subscribe us at /c/InformationSecurityEducationandAwareness
Follow us at /InfoSecAwa
Follow us at /infosec_awareness
24 www.infosecawareness.in
Threats to women while using Wi-Fi
Free Wi-Fi s hotspots for cyber tive information such as credit
attacks card numbers, passwords, chat
Most of the women tend to messages, emails etc, It is sug- Never auto-connect to
connect to Wi-Fi if it is available gested that users avoid public open Wi-Fi networks in
for free in the public places to Wi-Fi and instead use secured public places
use their favorite social media networks only. Few of the tips Visit only secured websites
or chatting applications. Brows- to note when using free public while using public Wi-Fi
ing internet using public wire- Wi-Fi Disable sharing of data
less computer network at rail- Keep Wi-Fi Off when you
way stations and airports may don’t Need It
leave you vulnerable to cyber Avoid using sensitive
attacks. Successful exploitation passwords
of these vulnerabilities allows
an attacker to obtain sensi-
Few measures to secure yourself while configuring the router for wireless communi-
cation
• Change the default user- Shutdown the Access Point dresses of all devices that
name and password of the when not in use connect to them.
Access Point • Avoid dynamic IP address • Use firewall and Antivirus
Wifi home networks and for home Wi-Fi rather use for added protection
broadband router are pro- static IP addresses Isolate the wireless network
tected with username and Most home network ad- from wired network with
password so that only au- ministrators use Dynamic a firewall and an antivirus
thorized people can make Host Configuration Protocol gateway.
administrative changes to (DHCP) to assign IP address- • Use default security fea-
the network. es to their devices. Turn off tures provided by the
• Change the default SSID, DHCP on the router or ac- equipment
and Avoid broadcasting cess point, set a fixed private All Wi-Fi equipment support
your network name IP address range instead some form of encryption.
Access points and routers all and then configure each So, enable them. Regularly
use a network name called connected device with an update firmware.
the Service Set Identifier. address within that range. • Use encryption technology
Just by knowing the SSID it’s • Always use strong pass- for sensitive data in wire-
not possible to attack your word for encryption less networks. Always use
network but it shows it’s Avoid using personal data the maximum key size sup-
poorly configured. in passwords. Use passes ported by access point for
• Turn off Wi-Fi when not in phrases which are easy to encryption
use remember. Turn ON file sharing and air-
When you have extended • Enable MAC address filter- drop options only when re-
break from using your home ing on Wi-Fi devices quired.
network it is better to switch Access points and routers
off to avoid misuse. Also keep track of the MAC ad-
26 www.infosecawareness.in
SMART PHONE SECURITY
Cybercrime is on the rising at an alarming rate, and women are its biggest targets.
Smart phone and Internet allow predators to exploit women and girls anonymously
and easily.A study claims that women use smart phones for more than four hours a
day and are likelier to get addicted to them than men. [1] Women use smart phones
mainly for social networking website and online shopping, than just making calls,
games and searches combined. These devices have their own characteristics but
also with security concerns such as sensitive information access. There are various
threats, which can affect the smart phone users in several ways. In current scenario it
is vital for women to be aware of cyber threats through smart phone and the various
dangers that come with it.
28 www.infosecawareness.in
It is advisable not to
store important informa- Exposure of critical informa-
tion like credit card and tion
bank cards passwords, Lack of data protection or data
etc in a mobile phone. leak prevention capabilities on
mobile devices. This can lead to
Make sure you log out of serious threat to identity of any
the Apps after using it individual. Your personal bank-
ing information can also be at
risk.
Threats related to mobile phone connectivity to unknown systems, phones and networks using
technologies like Bluetooth, WI-Fi, USB etc.
Open Wi-Fi. Phishing emails a phone call to confirm that they
Most often open Wi-Fi networks Email users continue to fall sent you the message. Consider
cause lot of threats to our mo- prey to emails that appear to reaching out to your bank – but
bile phones if connected in come from trusted senders like contact them via the usual chan-
these networks. It is often ad- banks and retailers. Manipula- nels, do not click any URLs sent
visable not to make any bank tive language creates a sense via text.
transactions and not to use any of urgency that prompts recipi-
sensitive data using open Wi-Fi ents to make an impulsive deci- Weak Authentication
networks. sion. They click embedded links Criminals love mobile payment
Keep the Bluetooth connection and share data on non-trusted systems that have weak au-
in an invisible mode, unless you sites, download attachments thentication tools. Any payment
need some user to access your that contain hidden data-min- systems that you use, includ-
mobile phone or laptops. If an ing malware or share infected ing e-commerce browser apps
unknown user tries to access the emails with contacts. and virtual wallets, should have
mobile phone or laptop through multi-factor authentication and
blue tooth, move away from the Check that email addresses multi-level data encryption. For
coverage area of blue tooth so always match sender names, example, a secure system might
that it automatically gets discon- visit sender websites via book- require a user ID, password and
nected. marks or typed URL address bar security image confirmation or
submissions and scan all down- message you a one-time-use
Don’t perform financial, medical loads with a trusted anti-virus PIN. The best payment systems
or business tasks while logged program. turn your credit card data into a
in to open Wi-Fi If you have to, token so that it cannot be read
then get a VPN or use a secured SMiShing Messages anywhere else.
network. The same phishing rules above
apply to text messages. If you
Don’t use any passwords and still doubt the origin of a mes-
sensitive data while logged in to sage or a sender’s intentions,
open Wi-Fi contact the assumed sender via
Threats arising from Application on your mobile Avoid downloading the content
vulnerabilities in Mobile known as malware applications. into mobile phone or laptop
Applications and Operating from an unauthorised source.
Systems. Think before grantingapp
When we unknowingly permissions. Does a flashlight
download Applications which really need to know your
are free, we never check on what device’s location?
are the privacy settings we are Consider revoking critical
compromising by downloading permissions when apps are not
those Apps. There are many using them.
Applications which steal your
data after you download the
30 www.infosecawareness.in
IDENTITY THEFT
Identity theft is using information related to personal or financial details of another
person for fraudulent transactions.
Women are the most chosen victims of cyber crimes in India. Whether you are em-
ployed /unemployed/Married/Single, Identity theft can happen. Get to know about
different ways identity theft can happen to women.
www.infosecawareness.in
32 www.infosecawareness.in
Online Dating/Matrimoni-
al websites
Now a day’s marriage proposals
Make sure that the profile have taken a new face through
you viewed has provided the matrimonial websites, through
correct credentials before which online dating/chatting
chatting or exchanging have become common.
information
Meet in person along with Many register their profile with
family and friends fake photos and salary details.
They exchange phone numbers
/e-mail id/family details.
Blogging Scams
Bloggers publish their arti-
cles online. If the access right Better to copyright your
of these articles is open to all, article before publishing
there are chances of using online.
them for financial gain by im-
personating the author.
34 www.infosecawareness.in
INTERNET
ADDICTION
In the current era where internet uses goes round the clock in each and every indi-
vidual’s life, where communication between individuals takes place in cyber spac. This
can end up into Internet addiction disorder (IAD), or more broadly Internet overuse,
problematic computer/smart phone use. Inter addiction is defined as any online re-
lated compulsive behaviour which interferes with normal living and causes severe
stress on family friends, loved ones and ones work environment. It can also be called
as Internet dependency and internet compulsion.
Factors triggering Internet use also on others status, • Stress and escapism:
• Boredom/Depression: number of likes and Many women who are under
Single women out of bore- shares received for self and stress at office or in family
dom become addicted to for others. It becomes an life tend to rely on internet
Internet mainly in social me- obsession for an individual to relieve their stress and
dia. They tend to check their and also affects her mental also consider an easy way to
social media profile for new and physical health. get rid of that stressful situ-
updates on their status and ation.
36 www.infosecawareness.in
Internet related Activities
• Set your Internet usage time • Set time for internet brows- can save you if you are not
limits. ing, but don’t overdo it. on internet.
• Install an app which would • Shift to activities such as • Make a list of reasons why
track my cell phone/Internet reading articles, browsing, you will be happier if you use
usage and plan to reduce it watching videos, sending the internet less.
day by day. emails to laptop. • Remove internet enabled
• Also you can get help from • Turn off app and email notifi- devices from bedrooms.
your friends/family to re- cations • Regulate your sleeping pat-
strict using Internet for a • Try to stay off websites that tern. A lot of people lose
long time. are addictive. sleep while on the internet
• Uninstall computer games, • Switch to reading subject/ and mess up their sleeping
and try to stay away from so- job related books/magazine. pattern. It will be beneficial
cial networks and other rec- This will increase your read- to you as you will become
reational web activities for at ing habit. more organized and self dis-
least a month or two. • Think about money that you ciplined.
38 www.infosecawareness.in
Ethical rules for Internet users
Some of the rules that individuals should follow while using a computer are listed below:
• Does not use to Internet to harm other users.
• Do not use Internet to steal others information.
• Do not access files without the permission of the owner.
• Do not copy copyrighted software without the author’s permission.
• Always respect copyright laws and policies.
• Respect the privacy of others, just as you expect the same from others.
• Do not use other user’s computer resources without their permission.
• Complain about illegal communication and activities, if found, to Internet service Providers and local
law enforcement authorities.
• Users are responsible for safeguarding their User Id and Passwords. They should not write them on
paper or anywhere else for remembrance.
• Users should not intentionally use the computers to retrieve or modify the information of others,
which may include password information, files, etc.,
Access to Internet
The internet is a time-efficient tool for everyone that enlarges the possibilities for curriculum growth.
Learning depends on the ability to find relevant and reliable information quickly and easily, and to select,
understand and assess that information. Searching for information on the internet can help to develop
these skills. Classroom exercises and take-home assessment tasks, where students are required to
compare website content, are ideal for alerting students to the requirements of writing for different
audiences, the purpose of particular content, identifying and judging accuracy and reliability. Since
many sites adopt particular views about issues, the internet is a useful tool for developing the skills of
distinguishing fact from opinion and exploring subjectivity and objectivity.
5 6 7
Avoid Bad language Hide personal While Downloading
We must not use information Internet it can be
rude or bad language We should not give also used to watch
in e-Mail, chatting, personal details like videos and play
blogging and social home address, phone games, browse or
networking; we need numbers, interests, download information.
to respect their passwords. No We must be aware
views and should not photographs should of the importance of
criticize anyone on the be sent to strangers copyrights and issues
internet. because it might be of copyright.
misused and shared
with others without
their knowledge.
40 www.infosecawareness.in
Charity scam
The victim is often contacted by email, mail or phone by
someone asking for a donation to be sent by money trans-
fer to an individual to help victims of a recent current event,
such as a disaster or emergency (such as a flood, cyclone, or
earthquake). Legitimate charity organizations will never ask
for donations to be sent to an individual through a money
transfer service.
Fake quizzes that extract your privacy scams that collect your
information answers and then sell them
You must have seen those to third parties. Many of these
posts and quizzes inspired by quizzes come with a “Login with
movies or video games. Basi- Facebook” button in order to
cally, you answer a set of ques- do the quiz. This gives the web-
tions and then the quiz tells site/app pretty much all of your
you what movie character you important information such as
are or some other personal- emails, location, language, job
ity assessment. Often times, and so on.
these quizzes are fronts for
42 www.infosecawareness.in
Tax scam mand immediate payment or
Victim is contacted by some- call about taxes without first
one claiming to be from a gov- having mailed a bill.Generally,
ernmental agency saying that websites feel like official web-
money is owed for taxes, and sites and seek the details of
it must be paid immediately credit card, CVV PIN of ATM and
to avoid arrest, deportation or other personal details of the
suspension of driver’s license/ taxpayers in the name of credit-
passport. The victim is instruct- ing income tax refund through
ed to send a money transfer or electronic mode.
purchase a pre-loaded debit
card to pay the taxes. Govern-
ment agencies will never de-
44 www.infosecawareness.in
What is phishing?
Phishing is the practice of sending fraudulent communications that appear to come from a reputable
source. It is technique used by cyber criminals to trick the email recipient to believe that the message is a
way to acquire information such as usernames, passwords, PIN, bank account and credit card details by
masquerading as a trustworthy entity through e-mail. Phishing is typically carried out by e-mail or instant
message spoofing and it often directs users to enter details at a fake website which look and feel are
almost identical to the legitimate one. Phishing is an example of social engineering techniques used to
mislead users.
Step 4 Step 5
Always view any email request Never respond to the emails
for financial or other personal that ask for your personal infor-
information with suspicion, par- mation like credit
ticularly any “urgent” requests. Card /debit card/bank
When in doubt, do not respond information.
to questionable email or enter An Example of Phishing site,
information on questionable the look and feel of the Punjab
websites. You may also contact national bank is same.
the alleged sender to confirm
the legitimacy of communica-
tions you’ve received.
Threatening mails They may try to create a situa- only encourage the sender or
Sometimes you may receive tion of urgency to make you re- make the situation worse.
a threat mail saying that your veal your sensitive information.
webmail account would be Cybercriminals might call you Take a screen shot of and
closed if you do not respond to on the phone and offer to help retain any letter or message, if
an e-mail message. The e-mail solve your computer problems it is later deleted then you will
message shown above is an ex- or sell you a software license. still have a record of what was
ample of the same trick. Cyber- said.
criminals often use techniques Do not respond to the message,
to make one believe that se- or get someone to speak to
curity has been compromised. them on your behalf, it may
46 www.infosecawareness.in
WHATSAPP
SECURITY
WhatsApp is a good communication tool. The major reason for the popularity of
WhatsApp for a mass crowd is mainly due to ease of use and also with respect to the
use even at lower connectivity. Currently WhatsApp has evolved and sustained as a
communication tool for majority of the people all over the world with India topping
the number of users of WhatsApp. Whether you are looking to text someone or want
to send an image from your holiday to a group of friends, you are likely to pick up
WhatsApp.
It has been observed that Women are the prime target in cyber crimes; WhatsApp
being the most used communication tool, fraudsters will work out new methods to
trap their target. For secure use of WhatsApp follow some security measures to pro-
tect your personal data and avoid being a victim of cyber crimes.
Lock your messaging and other important Apps with a App lock
The best way to protect WhatsApp is by using a password or PIN. WhatsApp by itself does not offer such
a feature. There are third-party apps that can be used to lock your Apps. You may feel it not so necessary
but if you lose your phone, it is going to block access of your chats. At the same time ensure that you use
apps that are having good review and download from trusted website.
48 www.infosecawareness.in
Uncheck WhatsApp photos from saving directly to camera roll
WhatsApp being a messaging App most of us may have WhatsApp conversations might occasionally take a
‘personal’ note. When you are sharing images it can autosave to camera roll. Doing so it may happen that
your personal photos may pop up when any of your friend swipe through your photos.
iPhone Users:
Go to your phone’s Settings menu, in that click
on ‘Privacy’, ‘Photos’, and de-select WhatsApp
from the list of apps whose images are fed
into the camera roll.
Android users:
‘Privacy’ menu, in Android, iOS, Windows or Blackberry. If you turn it off, you won’t be able to see other
users’ ‘last seen’ times either.
50 www.infosecawareness.in
Currently Instant Messaging has evolved as the favourite means of communication
for most of us. The ability to communicate faster and easier makes it an ideal medium
for both business and personal communication. Unfortunately, like any other means
of online communication instant messaging also has threats. Main reason why these
apps are such a big hit with users is because they are easy to use and more impor-
tantly, free. A few Instant Messengers are WhatsApp, Snapchat, Viber, wechat, and
many more.
INSTANT
MESSAGING
THREATS
Let’s see a few risks associated while using Instant Messengers and how we can avoid these
risks.
52 www.infosecawareness.in
Leakage of Sensitive Information:
associated with profile picture space, women safety is para-
of an individual. This can be mount.
seen and accessed by any one
who has your phone number. It is always advisable
So this can cause a major to check the security
Many of the instant messaging threat to privacy of women settings and disable the
applications make it easy for pri- and needs to be taken very seri- feature of your profile
vate information to be exposed ously and need to explore ways picture being viewed by
and could be used for fraudu- to ensure that the women who everyone.
lent purposes. Most of these are use these stay safe. In the Cyber
Information Disclosure – A Case Study mares. The logs includ- sessions. Even though the log-
Some instant messaging allows ed sensitive company files were stolen in this case,
all communication to be saved data regarding business part- sniffing the data-packets could
in log-files. The logs may in- ners, employees and affiliate have caused the same damage.
clude sensitive data. A case was websites. After posting the logs,
several members of the senior https://www.symantec.com/connect/
reported where a hacker stole articles/instant-insecurity-security-is-
logs of the CEO of a compa- staff of the company resigned.
sues-instant-messaging
ny. The hacker posted the logs
to several places on the Web, This case shows how danger-
thereby creating one of the ous it can be if a hacker is able
worst possible corporate night- to monitor instant messaging
Surveillance/Tracking
Sharing of location by shar-
ing the live location is a seri-
ous threat that can happen
to women. Any criminal who Use location services only
knows your number can catch with known people and avoid
hold of the location services to sharing with strangers
identify your general routine of
travel and plan illegal activities
accordingly.
Impersonation
Too much sensitive information used attack is simply stealing the
is stored online for hackers. A account information of an un-
hacker can obtain passwords, suspecting user.
system configuration informa-
tion, and sensitive files via instant Avoid sharing confidential
messaging. Hackers can imper- information through IM chats
sonate other users in many dif-
ferent ways. The most frequently
IM software Vulnerabilities
Just like any other software ap- Instant Messaging brings a lot access to your PC or mobile
plication, popular Instant mes- of opportunity for hackers when device.
sengers have a history of com- it comes to breaching security
mon security vulnerabilities. because more people are While there are many benefits
Installing an IM application may using this application for a lot while using Instant Messaging
introduce new vulnerabilities to of different purposes including there are also security issues
a Smartphone/desktop. transferring files. Multiple while using this application.
vulnerabilities have been Make sure you enjoy the
Enable real-time virus discovered with others that benefits and use this application
protection by using Antivirus are up and coming that allows with caution.
hackers to easily gain remote
54 www.infosecawareness.in
Network issues
The risk of denial of service at- illegally, and consume other re- become unresponsive. There-
tacks is much greater with an sources that your operating sys- fore, adding the attacking user
Instant Messaging application. tem needs to function properly. accounts to the ignore list of the
These attacks make the instant instant messenger may be very
messenger to crash. It prevents Very often women users are the difficult.
legitimate users from accessing main target. One common type
the network by using the net- of attack is flooding a particu- While using a network,
work excessively to consume re- lar user with a large number of organizations should consider
sources, destroy configurations, messages. However, there are updating their networks to
and alter network components. many tools that allow the hacker separate their internal IM traffic
The intruder is able to intercept to accomplish the flood-attack. from Internet-based IM traffic
messages, set up devices to By the time victim realizes what
communicate with each other has happened, the device may
Today, the criminals have got- Confidentiality Compromise – and currently represents nearly
ten a bit more technologically Where the perpetrator gains 95 percent of all losses. How-
sophisticated, with the most unauthorized access to ATM ever, card skimming can be ef-
common types of ATM “cyber system logs and the confiden- fectively prevented through the
fraud” being: tial information stored therein deployment of comprehensive
that can then be exploited. anti-skimming solutions.
Cassette Manipulation Fraud –
Where the ATM is programmat- Software Compromise Fraud – Card skimming continues to
ically altered to dispense multi- In this method they catch all for evolve, and criminals are be-
ples of the withdrawal amount all other ATM fraud that involves coming more organized, mi-
with a single cash withdrawal the exploitation of software vul- grating to the weakest link.
transaction. nerabilities so as to manipulate Anti-skimming solution helps
the ATM operation itself. everyone to reduce risk and
Surcharge Fraud – protect ATM networks.
it is the programmatic setting Out of the above, card skim-
of the ATM surcharge to zero on ming remains, by far, the most
the attacker’s card. frequent form of ATM attack
56 www.infosecawareness.in
Types of ATM Crimes
Physical Attacks: attacks include solid and cess to the safe. Even per-
This category is related gas explosives, as well as sonal attack on the user to
to any attempt to rob the removing the ATM from get hold of money is quite
ATM of the cash in the the site and then using common now-a –days.
safe. Methods of physical other methods to gain ac-
Card Skimming: action and are usually un- subsequent cash with-
Skimming refers to the able to notice a problem drawals. It is the number
stealing of the electron- until their account is de- one threat globally but
ic card data, enabling the frauded. The card details thanks to deployment of
criminal to counterfeit the and PIN are captured at anti-skimming solutions,
card. Consumers experi- the ATM and used to pro- EMV technology and con-
ence a normal ATM trans- duce counterfeit cards for tactless ATM functionality.
58 www.infosecawareness.in
SOCIAL
NETWORKING
A social networking is a way to stay in touch with your family, friends, colleagues and
make new friends. Social networks are fun to use, helpful for job hunting and great
for keeping in touch with friends, business contacts and relatives and share anything
anywhere. Although women may use general social networking sites to connect to
their friends, family, colleagues etc and share their experience, knowledge and advice.
They can use social networking sites to support one another through motherhood,
meet their career goals, inspire each other or find others who share an interest.
Women may be a parent, professional or general user and with the help of social
networking sites they can connect with the world and may get much useful informa-
tion. They can share their ideas and view other ideas which may help others and also
a good thought can reach many people through a big network. Women can be an
entrepreneur; they may get more profit by spreading their business through social
networking. There are many social networking sites women can use like facebook,
whatsapp, twitter etc.
60 www.infosecawareness.in
Risks and Challenges
5
give you some suggestions site support
and always know with whom Never respond to team immediately
you are meeting harassing or rude
comments which are
posted on your profile
1
Don’t give or post any personal
2
Do not post your friends
3
Avoid posting the plans and
information like your name, information in networking activities which you are going
address of the company / sites, which may possibly put to do in networking sites
home, phone numbers, age, them at risk
sex, credit card details.
6
4
Don’t give out your
5
Don’t use a webcam with
Don’t click the links which you
are getting through social
networking sites. If you want
password to anyone people you do not know to visit the site then directly go
through the original websites
Privacy Issues
You may be in risk if you ignore some privacy issues like-
• Sharing your photos and activities publically.
• Sharing your location on your post give chance to the scammers to track your location.
• Adding friends whom you don’t know without any proper identification become risk for you while
using social networking sites.
62 www.infosecawareness.in
How you can control your privacy settings on
social networking sites?
In social networking sites, by default setting every things will public, by there are many privacy set-
tings they are giving for your security, so you must use all these facility to protect yourself from many
problems online.
1
You can restrict your post/videos/activity from strangers
and can be share to your members in your contact by
using ONLY ME option on privacy settings
2
You can disable the friend request option, so no one
can send request you.
3
You can restrict the comment section from public, so
members on your contact can only comment on your activity.
4
You can restrict your personal /professional information
from strangers
5
You can turn off the online mode so no one can know
how long you are online.
64 www.infosecawareness.in
Gossips
Women are keen to gossip
about different matters. But in Gossiping is not right,
present scenario anything can you may end up help-
lead to cyber threats. When you ing a social engineer to
talk about some colleague with take out details of your
another colleague and may give enemy or friend. Never
some information to other col- gossip with strangers
league who might be a social
engineer.
Vishing
It is one of the methods of social Don’t give any financial
engineering over the telephone information to unknown
system, most often using fea- people over phone, con-
tures facilitated by Voice over IP firm to whom you are
(VoIP), to gain access to private speaking and cross check
personal and financial infor- with the company con-
mation from the public for the cerned or bank before
purpose of financial reward. The giving any information.
term is a combination of “voice”
and phishing.
Baiting
It is one of the methods of social Don’t get tempted in
engineering which uses physical accessing the devices
media and relies on the curios- which left unattended
ity or greed of the victim. Here or found at sidewalk,
the attacker leaves the malware elevator, parking lot etc.
inserted or infected USB or pen
victim curiosity and waits for
Drive, CD/DVD ROM in a loca-
them to use the device.
tion that to be found and gives
a legitimate looking and makes
Persuasion
Be suspicious don’t Influence someone to give you
get influenced by confidential information either
the attractive offers by convincing them you are
and don’t give away someone who can be trusted
the confidential or by just asking for it. A Social
information to them. engineer may ask your identity
card to know about your per-
sonal information about your
School, organization etc.
Dumpster diving
Dumpster diving, also known
as trashing is another popular Don’t dump any
method of Social Engineering. confidential papers into
A huge amount of information trash, before dumping
can be collected through com- make sure you don’t
pany dumpsters or wastage have any important
from home. information in it.
66 www.infosecawareness.in
Hoaxing
A Hoax is an attempt to trap
people into believing that Beware don’t believe
something false as real. This is the e-mails received
usually aimed at a single victim from unknown and don’t
and is made for illicit financial ever give the financial
or material gain a hoax is often information.
perpetrated as a practical joke,
to cause embarrassment.
Pre-texting
Pre-texting is the act of creating
Be cautious because and using an imaginary scenar-
strangers try to fool io to engage a targeted victim
you by creating false in a manner that increases the
situation and make you chance the victim will reveal in-
to believe in order to formation or do actions that
collect the confidential would be unlikely in ordinary
information. circumstances. It is more than a
simple lie.
Online shopping — the glorious invention which allows people to buy things from the
comfort of their homes. No more travelling to multiple stores to find the right prod-
uct; no more having to deal with over-enthusiastic sales persons; no more standing
in long lines at the checkout counter. The e-commerce boom has certainly changed
the way we shop for the better. But, like everything else, the world of online shopping
is not all roses. Despite all the efforts of e-commerce companies to alleviate them,
there are a few problems that customers still have to face while shopping online
Let’s look into few ways that cyber criminals may target women
Expensive branded products Natural remedies for weight Expensive Jewelry :
at low cost : loss : Cyber-criminals may spoof cer-
In social networking sites very Most often in our social net- tain online jewelry websites and
often we get advertisements working and Instant messaging give exciting discounted offers
showing expensive branded Applications we get messag- for jewelry products targeting
products at unbelievable prices. es giving tips on weight loss women customer. They pur-
This catches attention of cus- and for further inputs they re- chase products online with cer-
tomer’s most likely women and quest for payment to purchase tain value but end up receiving
they may end up paying money their product. Women who are some other products of less-
for those products which are not desperate to weight loss get er value. And they feel cheated
genuine. For example branded trapped by these messages. and when they raise complaint
bags, clothes, costly phone and They end up paying money for to the original website they just
beauty products. fake products. deny that purchase happened
through their website. This may
lead to loss of your money?
68 www.infosecawareness.in
Risks in Brand- is the e commerce site genuine ?
online shopping
A few questions you Security- Is your credit card safe ?
need to check
before you start Privacy- Is your information being sold ?
online shopping Shipping - Are you getting the correct product at the
requested time?
What makes cyber bullying so dangerous is that it gives bullies the ability to embar-
rass anyone they want in public at any hour of the day, using multiple, different types
of technology. These can be done in many ways like instant messaging platforms,
various social media platforms, interactive gaming websites, and even email. It is
mainly
• Posting any kind of humiliating content of the victim.
• Hacking the victim’s account.
• Sending or posting vulgar messages online.
• Threatening to commit acts of violence.
• Stalking by means of calls, messages, etc…
• Threats of pornography
70 www.infosecawareness.in
Different ways Cyber Bullying can happen
Forwarding a private IM to make the hate group’s job your family money and
communication to others easier. also land you in criminal
Women may create a screen offence.
name that is very similar to Never spread any hatred
another women’s name. The mails, rumours by using Posting embarrassing
name may have an additional e-mail or mobile by photos or video
“i” or one less “e”. They may use impersonating another. A picture or video of women in
this name to say inappropriate a bathroom or dressing room
things to other users while By using web sites or blogs may be taken and posted online
posing as the other person. Women sometimes create web or sent to others on cell phones.
Cyber criminals may forward the sites or blogs which may insult
above private communication to or endanger another woman. Never post pictures/videos
others to spread their private They create pages specifically of someone or self without
communication. designed to insult another proper guidelines.
women or group.
Never forward or share Sending threatening e-mails
your or others private Insulting others in and pictures through e-mail
communications either place is not good or mobile to hurt another
without the permission etiquette. Never do it. Criminals may send hateful
of concerned users in or threatening messages to
Internet Chat Rooms. Humiliating text sent over women, without realizing that
cell phones while not said in real life, unkind
Impersonating to spread Text wars or text attacks are or threatening messages are
rumours when women gang up on the hurtful and very serious.
Forwarding gossip mails or victim, sending thousands of
spoofed mails to spread rumours text-messages related to hatred Never threaten anybody
or hurt another women.They messages to the victim’s cell through either Internet or
may post a provocative message phone or other mobile phones. Mobile communications as
in a hate group chat room the victim who may be a
posing as the victim, inviting an Never send messages child/teen may feel so hurt
attack against the victim, often related to humiliating and depressed that it may
giving the name, address and a kid or teen through even lead to his death.
telephone number of the victim cell phone. It may cost
In India, there is no specific legislation which deals with cyber bullying but there are provisions like IT
Act 67 which can partially deal with such matters.
72 www.infosecawareness.in
only authorized access to • Enable Wireless Securi- Internet security threats.
the equipment, change the ty: Modem routers support • Enable Firewall on Modem
default administrator or ad- wireless security. User can Router as well as Comput-
min password of broadband select any one protocol and er:
router modem, as these de- a protection key. The same Broadband modem routers
tails are given by the manu- wireless security protocol contain built-in firewall fea-
facturer which are common and protection key has to be ture, but this option has to
to all modems and can be enabled in computer. be enabled. Computer con-
misused by anyone. • Turn on (Compatible) WPA nected to the broadband
• Assign Static IP Address- / WEP Encryption : All Wi- modem also needs to be
es to Devices : Most of the Fi enabled modems/router protected with desktop fire-
home users are allotted support some form of en- wall.
dynamic IP addresses, as cryption technology, which • Turn off Modems during
DHCP technology is easy to has to be enabled. extended periods of Non-
setup. This may even helps • Change the Default SSID Use : Shutting down a net-
the attackers who can easi- (Service Set Identifier) : All work will certainly prevent
ly obtain valid address from the access points and rout- outside unauthorized peo-
DHCP pool. Therefore turn ers use a network name ple breaking into the net-
off DHCP option in router or called SSID. Manufacturer work. Since it is very difficult
access point and use fixed IP normally ships their prod- to frequently turn on and off
address range. ucts with the same SSID set. the devices, it can be consid-
• Enable MAC Address Filter- As it can be misused by the ered during travel or extend-
ing : Every device is provided attacker to break into the ed offline period.
with a unique MAC address. net work / computer, it is • In case of USB broadband
Broadband access points necessary to change the de- modem, disconnect and re-
and router and provide an fault SSID while configuring move the device after usage.
option for the user to com- wireless security. • Install broadband Internet
bine the MAC address of the • Use effective end point secu- bandwidth usage monitor-
home equipment for access. rity solution (with anti virus, ing tool.
This facilitates to allow con- anti spyware, desktop fire- • Enable SSH (secure channel)
nections only from those de- wall etc) to protect comput- for remote administration.
vices. er/ laptop from broadband
74 www.infosecawareness.in
Nowadays cyberstalking is becoming a big topic of risk for woman. It can become danger-
ous and can develop into physical abuse. Don’t wait to report cyberstalking. The longer
cyberstalking goes on, the more problem you will face emotionally, mentally or physically.
The fact is that cyberstalking doesn’t involve physical contact doesn’t mean it is any less dangerous than
“real life” stalking. It’s not difficult for an experienced Internet user(cyberstalker) to find enough of the your
personal information, such as phone number or your friends, relatives, your working place etc to stalk you.
}
How you know that you are a victim of cyberstalking?
If you feel
When you feel some anonymous activities like –
these types of
• Someone visiting your profile maximum time in a day or a week
• Someone comment on your post or photos in a bad way or use abusive activities, don’t
words. ignore and
• Someone ask about your personal and sensitive information on social immediately
media
take action with
• Someone ask photos and videos of yours.
respect to it
Cyberstalking is difficult to defeat because the stalker could be in another state or sitting three cubicles
away from the victim. In the anonymous world of the Internet, it is difficult to verify a stalker’s identity,
collect the necessary evidence for an arrest and then trace the cyberstalker to a physical location, so it is
always preferable to be secure and use the online resources very effectively without ignoring the security
issues.
• While using any social me- not using it, so the stalker immediately block them.
dia it will always be better to cannot get your location. • If anyone of your social me-
restrict the privacy setting • If your online friend can ask dia friend misbehave with
within your family & known your personal information or you or do some anonymous
friends. demand for any photos/vid- activity report them through
• Before accepting any friend eos never share with them. social media setting or block
request always check the au- • Always be alert what your they , if after that also they
thenticity of the person on online friends are comment- will try to follow you don’t do
social media. ing on your photos or any delay for complaining about
• Always disable your GPS activities, if you feel that the them in police.
from your device if you are comments are anonymous
76 www.infosecawareness.in
Online banking :
• Cyber criminals often account requesting the receiver to
target women to • Cyber criminals send email ‘complete a bank transfer
get user cre- to women online entrepre- to an overseas account’ and
dentials. They neurs, that the Supplier of appears to be sent from the
try to get this their product has changed email Manager’s account
information their bank account num- but in actual money goes in-
through a ber and that all future to the criminals account.
fake phone payments should • They also try sending pass-
call (Vishing) say- be made to the word stealing malicious
ing that they are from their new account, which code URLs to obtain the cre-
bank and ask you to link your actually belongs dentials.
bank account to Aadhaar to the crim- • Most women tend to use the
card and you may give off the inal. This same credentials for multi-
information without thinking e m a i l ple accounts, which in turn
much. Also Other variants of spoofs the help the cyber criminals to
the fraudulent calls involve From: field, so access all your accounts if
the customer’s account be- the email appears to be they earn your banking in-
ing over credited and that from a Manager / Director / formation.
the customer must transfer Senior Staff Member within
money back to a third party the company. The email is
Mobile banking:
• Without being your banking information is and security
digitally literate at wrong hands. informa-
they may tend • Women are advised by their tion for the
to download online friends to download purpose of
fake banking the app from an online store identity theft
apps which which gives good offers for or financial
cyber criminals branded products. This app gain. The
send through mail. They of- may be malicious, once it’s fraudsters
ten send mail with logos of installed it steals one time send text mes-
banks with slight change in SMS authentication pass- sages to women that appear
spelling, making it look like words without their con- to come from legitimate
legitimate websites. They sent. numbers in an attempt to
may install the applica- • Text Message Fraud (Smish- fool you into supplying your
tion by clicking on the link. ing) is a common technique personal details.
They perform transactions used by fraudsters in an at-
through this application and tempt to obtain personal
Aadhaar based payment may put your biometric identity at risk if authentication for
transaction is hacked by a cyber criminal.
• Use a hard-to-guess pass- tions should occur only on formation about new scams
word that contains upper a website that begins with and hacker tricks.
and lower case letters, num- “https://.” Do not trust a • Run virus scans regularly on
bers and symbols vendor without the “S” after your computer.
• Do not use the same user “http” at the start of the web • Use an ad-blocking software
name and password for all address. program and a spyware de-
online accounts. • Keep records of every Inter- tection program. Keep these
• Change passwords as of- net purchase and transac- programs updated and run
ten as possible, but at least tion, and compare them with scans often with them.
every three months. credit card and bank state- • Do not use “easy pay” pay-
• Do not share your pass- ments monthly. Report any ment options or “one-click
words or user identification discrepancies immediately ordering.” It takes a few ex-
information. to the issuer of the card. tra seconds to enter a user
• Always log out of bank, cred- • Learn what each of your name and password on a
it card, and merchant sites credit cards offers as fraud merchant site but often takes
after you have completed protection and liability pro- months to recover from on-
your transaction. tection. Learn what the dol- line credit card fraud.
• Do not allow your comput- lar amount limits are for your • Use the most up-to-date ver-
er to store user names and fraud protection coverage. sion of your Internet brows-
passwords for merchant or • Always use the most up-to- er. They will use the most
banking websites. date version of a strong an- recent technology to scram-
• When setting up security ti-virus and firewall security ble and protect data sent via
questions for sites online, program. the Web.
use false information unre- • Download and apply up-
lated to your personal infor- dates from your antivirus
mation, and keep track of and firewall programs when
your answers. available, to ensure your
• Secure online transac- program has the latest in-
78 www.infosecawareness.in
AADHAAR CARD
Aadhaar card is slowly moving on to be a essential part of our daily life. Aadhaar is
a 12-digit unique identification number based on their biometric and demographic
data issued by the Indian government to every individual resident of India. Aadhaar
is the world’s largest biometric ID system and managed by UIDAI under planning
commission of India
Usefulness of Aadhaar
Aadhaar in near future will be- sion money on Time, Opening fed inside Aadhaar card is very
come the government’s primary Bank Accounts, Voter card Link- much crucial. As the popularity
requirement to avail the public ing, New Passport in 10 days, increases, people fear about the
welfare and citizen services. It Easy Provident Fund disburse- possible misuse of information
can be used for various pur- ment, Digital Locker, Jan Dhan linked and stored in connection
poses across the country like Yojna, Digital Life Certificate with Aadhaar. Let’s get to know
Aadhaar based direct benefit and many more. The security of more about the risk involved in
transfer (LPG subsidy), Get Pen- sensitive information which is using Aadhaar.
80 www.infosecawareness.in
Risks involved in using Aadhaar
Is there any risk to retailers will be equipped with third person is great challenge.
2 link Mobile number
with Aadhaar Card
finger print scanner, computers
and connectivity with Aadhaar
POS/retailers are also able to
access mobile number details
The main challenge server & TSP (Telecom service and Aadhaar number details at
here is with respect to the retail- provider) database. the same time leading to risk of
er/vendor involved. Even though The customer should be authen- Identity theft.
only registered POS/retailers ticated using his finger print
be given rights to link Aadhaar scan before linking his/her mo-
with mobile number, still there bile number to Aadhaar
will be the risk of identity theft card. Here again the
through Insiders. In the process ways in which the sen-
of linking these registered POS/ sor will be handled by a
82 www.infosecawareness.in
Counter measure that can be you feel biometric data is use it. The chances of misuse
taken: at risk. This is a new facility (saving your biometric) by third
• If you feel your biometric data implemented by UIDAI for party vendors while purchasing
is at risk, you can very often AAdhar users to protect your their products will be relieved.
check for your biometric au- biometrics from misuse.
thentication history at UIDAI. • Never share the OTP over
This can help you to reduce If you lock your biometric the phone which is send from
the problems. advantage will be without you UIDAI.
• Lock your biometric data if unlocking, you yourself cannot
Violation of rights would violate people’s right to the apex court will test the valid-
6 It was argued that the
UIDAI might share
privacy. They also thought that
using the biometric data, people
ity of Aadhaar from the aspect
of privacy as a Fundamental
the biometric infor- might be singled out, tracked, Right soon.
mation of people with other harassed and have their rights
government agencies and thus violated. A five-judge bench of
About C-DAC
Centre for Development of Advanced Computing (C-DAC) is the premier R&D organization of the Ministry of Electronics and
Information Technology (MeitY) for carrying out R&D in IT, Electronics and associated areas.
C-DAC has today emerged as a premier R&D organization in IT&E (Information Technologies and Electronics) in the country
working on strengthening national technological capabilities in the context of global developments in the field and responding
to change in the market need in selected foundation areas. In that process, C-DAC represents a unique facet working in
close junction with MeitY to realize nation’s policy and pragmatic interventions and initiatives in Information Technology. As
an institution for high-end Research and Development (R&D), C-DAC has been at the forefront of the Information Technology
(IT) revolution, constantly building capacities in emerging/enabling technologies and innovating and leveraging its expertise,
caliber, skill sets to develop and deploy IT products and solutions for different sectors of the economy, as per the mandate of
its parent, the Ministry of Electronics and Information Technology, Ministry of Communications and Information Technology,
Government of India and other stakeholders including funding agencies, collaborators, users and the market-place.
+91 9490771800
between 9.00 AM to 5.30 PM
Subscribe us on
https://www.youtube.com/c/
InformationSecurityEducationandAwareness
Follow us on Disclaimer
The content is under review. For any
https://twitter.com/InfoSecAwa suggestions / feedback, write us to
isea@cdac.in
Connect us with
https://www.facebook.com/infosecawareness