Living in IT Era - Chapter 5

MODULE 5: Netiquette,
Cybercrimes, Internet Threats

and Internet Safety
Living in the IT Era
Prepared by: Julie Ann M. Malay

Netiquette
Netiquette is a combination of the words network and etiquette and is
defined as a set of rules for acceptable online behavior.
Netiquette, abbreviation of Internet etiquette or network etiquette,

guidelines for courteous communication in the online environment. It
includes proper manners for sending e-mail, conversing online, and so on.
Much like traditional etiquette, which provides rules of conduct in social
situations, the purpose of netiquette is to help construct and maintain a
pleasant, comfortable, and efficient environment for online communication,
as well as to avoid placing strain on the system and generating conflict
among users.
https://www.webroot.com/us/en/resources/tips-articles/netiquette-and-online-ethics-what-are-they
https://www.britannica.com/topic/netiquette
Seven Rules of Netiquette
a. Remember the Human– Even though you may be

interacting with a computer screen, you are
communicating with a real person who will react to your
message. Make a good impression - treat others with
the same respect that you would like to receive and
avoid confrontational or offensive language.
b. For Professional Messages, Avoid Emoticons - To help
convey meaning when creating messages, it is
sometimes acceptable to include appropriate emoticon
symbols, such as a smiley face :) However, for
professional communications these would be
inappropriate.
https://www.bsmcon.edu/sites/default/files/assets/files/students/Essential%20Rules%20of%20Netiquette(2).pdf
c. Avoid Slang, Acronyms, and Text Talk – Communicating effectively in college and
business environments requires the use of correct terminology, spelling, and
grammar that can easily be understood. For example, use “your” instead of “ur”.
Not correct:
I liek these picture so very nyss. Lol
Correct:
I like these picture so very nice.
d. Avoid “SCREAMING” in Typed Messages – Typing an entire message using all

capital letters is known as “screaming”. It is distracting and generally frowned upon
in professional environments. It is better to draw emphasis to selected words or
phrases by: using italic or bold text; using a different color for text or background
color; or denoting emphasis using special characters (Example: **Important**).
e. Proofread Your Messages Before Sending Them – Proofreading your messages

before you send them is a best practice for effective and efficient communication.
Strive to make your communications concise and free of any:

• Spelling and grammar errors
• Confusing terms or phrases
that could be is understood
• Errors of omission, such as missing
content or recipients
• Errors in accuracy of information
f. Exercise Good Judgment When Sharing Information With Others Online – Email
and chat messages that you send or receive are considered private and should not
be forwarded or copied to others without gaining the consent of all involved
participants. In general, messages posted to discussion boards and social media
sites can be read by the public. You may never know who might read or share what
you post. It is a good practice to always ask a post’s author for permission before
sharing a post with other parties.
• For personal communications with friends, family, it is best to use your own
personal account.
• To protect your privacy and safety, do not share online any sensitive personal
information such as:
o Your home address or phone number
o Personal conversations
o Social plans, such as vacations
o Financial information
o Usernames, passwords, or hints
o Anything personal that you would not want
shared by others over the Internet
• If the material you share with others online came from another source, make
every effort to gain permission from the original author or copyright holder.
Copying someone else's work and passing it off as your own is plagiarism. It
damages your reputation and could subject you to serious academic and legal
consequences.
g. Respect Diversity in Viewpoints - Be constructive and respectful when sharing

opinions, beliefs, and criticisms, or responding to those of others in the
conversation.
• When sharing a viewpoint that differs from someone else’s, it is a best practice to
first acknowledge the other person by briefly restating what he or she said, but in
your own words. This lets the person know that you are listening and trying to
understand them.
• When presenting an opinion or criticism, it is helpful to use phrases that identify
to whose point of view you are referring. If the opinion is yours, you can begin with
the phrase “In my experience” or “In my opinion.” If it is a viewpoint of someone
else, make sure you identify that in your message (Example: “According to Eric
Ericson” or “The president believes”).
Netiquettes for Email
https://www.facebook.com/raketdotph/photos/pcb.10159657014459470/10159657013729470/
Internet Threat and Cyber Crimes
Internet threats are malicious software programs like adware, trojan horse,
bots, viruses and worms, etc. These type of programs can make use of the
Web for widen, conceal, update and transmit theft data back to criminals or
hackers.
Internet Threats and Prevention – A Brief Review

https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.740.468&rep=rep1&type=pdf
1. MALWARE
Malware is an abbreviated form of “malicious software.” This is a type of unwanted software that is
installed without your consent. Malware is specifically designed to gain access to or damage a computer.
a. A virus is a type of malware that, when executed, self-replicates by modifying other computer
programs and inserting their own code. When this replication succeeds, the affected areas are then said
to be infected.
Virus writers use social engineering and exploit vulnerabilities to infect systems and spread the virus. The
Microsoft Windows and Mac operating systems are the targets of the vast majority of viruses that often
use complex anti-detection strategies to evade antivirus software.
Viruses are created to make profit (e.g. ransomware), send a message, personal amusement,
demonstrate vulnerabilities exist, sabotage and denial of service, or to simply
explore cybersecurity issues, artificial life and evolutionary algorithms.
Computer viruses cause billions of dollars worth of economic damage by causing system failure, wasting
resources, corrupting data, increasing maintenance costs, logging keystrokes and stealing personal
information (e.g. credit card numbers).
https://www.upguard.com/blog/types-of-malware
Example of Virus
I Love You, a.k.a. Lovebug/Loveletter Virus, May

2000
A school-aged programmer from Manila who
presumably wasn't very engaged in the classroom
wrote this infamous bug. His amorous creation
spread via email (subject: ILOVEYOU, attachment:
LOVE-LETTER-FOR-YOU.TXT.vbs, message: "kindly
check the attached LOVELETTER coming from me"),
and deleted all "jpeg" and "jpg" files in all
directories of all disks. Not very romantic.
https://gizmodo.com/14-infamous-computer-virus-snippets-that-trace-a-histor-601745022
b. A worm is a self-replicating malware program whose primary purpose is to infect other
computers by duplicating itself while remaining active on infected systems.
Often, worms use computer networks to spread, relying on vulnerabilities or security
failures on the target computer to access it. Worms almost always cause at least some harm
to a network, even if only by consuming bandwidth. This is different to viruses which almost
always corrupt or modify files on the victim's computer.
WannaCry is a famous example of a ransomware, cryptoworm that spread without user
action. While many worms are designed to only spread and not change systems they pass
through, even payload-free worms can cause major disruptions.
Example of Worm
MyDoom, worm, 2004

In 2004, the MyDoom worm became known and famous for
trying to hit major technology companies, such as Google
and Microsoft. It used to be spread by email using attention-
grabbing subjects, such as “Error”, “Test” and “Mail Delivery
System”.
MyDoom was used for DDoS attacks and as a backdoor to
allow remote control. The losses are estimated, according to
reports, in millions of dollars.
Type: Multiple vector worm

Place of Origin: Russia
Number of Computers Infected: More than 100,000
Estimated Cost of Destruction: $38 billion
Author/Originator: Unknown
https://gizmodo.com/14-infamous-computer-virus-snippets-that-trace-a-histor-601745022
c. A trojan horse or trojan is any malware that misleads users of its true intent by
pretending to be a legitimate program. The term is derived from the Ancient Greek story
of the deceptive Trojan Horse that led to the fall of the city of Troy.
Trojans are generally spread with social engineering such as phishing.
For example, a user may be tricked into executing an email attachment disguised to
appear genuine (e.g. an Excel spreadsheet). Once the executable file is opened, the trojan
is installed.
While the payload of a trojan can be anything, most act as a backdoor giving the attacker
unauthorized access to the infected computer. Trojans can give access to personal
information such as internet activity, banking login credentials, passwords or personally
identifiable information (PII). Ransomware attacks are also carried out using trojans.
Unlike computer viruses and worms, trojans do not generally attempt to inject malicious
code into other files or propagate themselves.
https://www.facebook.com/anticybercrimegroup/photos/a.880767855341043/4462548467162946/
Virus Worm Trojan Horses
Virus is a software or computer Worms replicate itself to cause slow Trojan Horse rather than replicate
program that connect itself to down the computer system. capture some important information
another software or computer about a computer system or a
program to harm computer system. computer network.
But Trojan horse does not replicate

Virus replicates itself. Worms are also replicates itself.
itself.
Virus can’t be controlled by Worms can be controlled by Like worms, Trojan horse can also
remote. remote. be controlled by remote.
The main objective of virus to The main objective of worms to eat The main objective of Trojan horse
modify the information. the system resources. to steal the information.
Trojan horse executes through a

Viruses are executed via Worms are executed via
program and interprets as utility
executable files. weaknesses in system.
software.
https://www.geeksforgeeks.org/difference-between-virus-worm-and-trojan-horse/
d. A rootkit is a collection of malware designed to give unauthorized access to a computer
or area of its software and often masks its existence or the existence of other software.
Rootkit installation can be automated or the attacker can install it with administrator
access.
Access can be obtained by a result of a direct attack on the system, such as
exploiting vulnerabilities, cracking passwords or phishing.
e. Ransomware is a form of malware, designed to deny access to a computer system or

data until ransom is paid. Ransomware spreads through phishing emails, malvertising,
visiting infected websites or by exploiting vulnerabilities.
Ransomware attacks cause downtime, data leaks, intellectual property theft and data
breaches.
Ransom payment amounts range from a few hundred to hundreds of thousands of dollars.
Payable in cryptocurrencies like Bitcoin.
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
f. Keyloggers, keystroke loggers or system monitoring are a type of malware used to
monitor and record each keystroke typed on a specific computer's keyboard. Keyloggers
are also available for smartphones.
Keyloggers store gathered information and send it to the attacker who can then extract
sensitive information like login credentials and credit card details.
g. Adware is designed to put advertisements on your screen, often in a web
browser or popup.
Typically it distinguishes itself as legitimate or piggybacks on another program
to trick you into installing it on your computer, tablet or smartphone.
Adware is one of the most profitable, least harmful forms of malware and is
becoming increasingly popular on mobile devices. Adware generates revenue
by automatically displaying advertisement to the user of the software.
h. Bots and Botnet
A bot is a computer that is infected with malware that allows it to be remotely controlled by an
attacker.
The bot (or zombie computer) can then be used to launch more cyber attacks or become part of a
botnet (a collection of bots).
Botnets are a popular method for distributed denial of service (DDoS) attacks, spreading
ransomware, keylogging and spreading other types of malware.
https://map.lookingglasscyber.com/

There are six common ways that malware spreads:
1. Vulnerabilities: A security defect in software allows malware to exploit it to gain
unauthorized access to the computer, hardware or network
2. Backdoors: An intended or unintended opening in software, hardware, networks or
system security
3. Drive-by downloads: Unintended download of software with or without knowledge of
the end user
4. Homogeneity: If all systems are running the same operating system and connected to
the same network, the risk of a successful worm spreading to other computers is
increased
5. Privilege escalation: A situation where an attacker gets escalated access to a computer
or network and then uses it to mount an attack
6. Blended threats: Malware packages that combine characteristics from multiple types
of malware making them harder to detect and stop because they can exploit
different vulnerabilities.
2. Phishing
The main targets of a phishing attack include your

usernames, passwords, and credit card information.
They steal valuable data by pretending to be banks
and financial institutions, and they can also
impersonate reputable websites and even some of
your personal contacts.
They use emails or instant messages that look
legitimate at first glance. Their messages come with
URLs that prompt you to input your personal
information. In turn, they’ll steal your credentials
and use them to access your accounts.
To keep away from phishing attacks, be mindful of
the emails and messages you receive. If you don’t
know the sender, think twice before opening the
message.
https://velecor.com/10-common-internet-security-threats-and-how-to-avoid-them/
2. Phishing
https://velecor.com/10-common-internet-security-threats-and-how-to-avoid-them/
3. distributed denial-of-service (DDoS)
A distributed denial-of-service (DDoS) attack is a

malicious attempt to disrupt the normal traffic of a
targeted server, service or network by overwhelming
the target or its surrounding infrastructure with a
flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing
multiple compromised computer systems as sources
of attack traffic. Exploited machines can include
computers and other networked resources such
as IoT devices.
From a high level, a DDoS attack is like an unexpected
traffic jam clogging up the highway, preventing
regular traffic from arriving at its destination.
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
Cybercrime
- Cybercrime is criminal activity that either targets or uses a computer, a computer

network or a networked device.
- Cybercrime is defined as a crime where a computer is the object of the crime or is used
as a tool to commit an offense.
- Cybercriminals are individuals or teams of people who use technology to commit

malicious activities on digital systems or networks with the intention of stealing
sensitive company information or personal data, and generating profit.
https://www.kaspersky.com/resource-center/threats/what-is-cybercrime
https://www.pandasecurity.com/en/mediacenter/panda-security/types-of-cybercrime/
https://www.britannica.com/topic/cybercrime
Cybercrime
Republic Act No. 10175 or “Cybercrime Prevention Act of 2012
Link: https://www.officialgazette.gov.ph/2012/09/12/republic-act-no-10175/
https://www.britannica.com/topic/cybercrime
There are three major categories of cyber crimes:
1. Crimes Against People
These crimes include cyber harassment and stalking, distribution of child pornography,
credit card fraud, human trafficking, spoofing, identity theft, and online libel or slander.
2. Crimes Against Property
Some online crimes occur against property, such as a computer or server. These crimes
include DDOS attacks, hacking, virus transmission, cyber and typo squatting, computer
vandalism, copyright infringement, and IPR violations.
3. Crimes Against Government
When a cybercrime is committed against the government, it is considered an attack on
that nation's sovereignty. Cybercrimes against the government include hacking,
accessing confidential information, cyber warfare, cyber terrorism, and pirated
software.
https://www.swierlaw.com/faqs/what-are-the-three-types-of-cyber-crimes-.cfm
TYPES OF CYBER CRIME
1. Hacking
In simple words, hacking is an act committed by an intruder by accessing your
computer system without your permission. Hackers (the people doing the ‘hacking’)
are basically computer programmers, who have an advanced understanding of
computers and commonly misuse this knowledge for devious reasons. They’re usually
technology buffs who have expert-level skills in one particular software program or
language. As for motives, there could be several, but the most common are pretty
simple and can be explained by a human tendancy such as greed, fame, power, etc.
Some people do it purely to show-off their expertise – ranging from relatively harmless
activities such as modifying software (and even hardware) to carry out tasks that are
outside the creator’s intent, others just want to cause destruction.
https://www.digit.in/technology-guides/fasttrack-to-cyber-crime/the-12-types-of-cyber-crime.html
a. SQL Injections: An SQL injection is a technique that allows hackers to play upon the security vulnerabilities of the
software that runs a web site. It can be used to attack any type of unprotected or improperly protected SQL database.
This process involves entering portions of SQL code into a web form entry field – most commonly usernames and
passwords – to give the hacker further access to the site backend, or to a particular
user’s account.
b. Theft of FTP Passwords: This is another very common way to tamper with web sites. FTP password hacking takes
advantage of the fact that many webmasters store their website login information on their poorly protected PCs. The
thief searches the victim’s system for FTP login details, and then relays them to his own remote computer. He then
logs into the web site via the remote computer and modifies the web pages as he or she pleases.
c. Cross-site scripting:
Also known as XSS (formerly CSS, but renamed due to confusion with cascading style sheets), is a very easy way of
circumventing a security system. Cross-site scripting is a hard-to-find loophole in a web site, making it vulnerable to
attack. In a typical XSS attack, the hacker infects a web page with a malicious client-side script or program. When you
visit this web page, the script is automatically downloaded to your browser and executed. Typically, attackers inject
HTML, JavaScript, VBScript, ActiveX or Flash into a vulnerable application to deceive you and gather confidential
information. If you want to protect your PC from malicious hackers, investing in a good firewall should be first and
foremost. Hacking is done through a network, so it’s very important to stay safe while using the internet. You’ll read
more about safety tips in the last chapter of this book.
2. Denial-of-Service attack
A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to intended
users of that service. It involves flooding a computer resource with more requests than it can
handle consuming its available bandwidth which results in server overload. This causes the
resource (e.g. a web server) to crash or slow down significantly so that no one can access it.
Using this technique, the attacker can render a web site inoperable by sending massive amounts
of traffic to the targeted site. A site may temporarily malfunction or crash completely, in any
case resulting in inability of the system to communicate adequately. DoS attacks violate the
acceptable use policies of virtually all internet service providers.
Another variation to a denial-of-service attack is known as a “Distributed Denial of Service”
(DDoS) attack wherein a number of geographically widespread perpetrators flood the network
traffic. Denial-of-Service attacks typically target high profile web site servers belonging to banks
and credit card payment gateways. Websites of companies such as Amazon, CNN, Yahoo, Twitter
and eBay.
3. Phishing
This a technique of extracting confidential information such as credit card numbers and
username password combos by masquerading as a legitimate enterprise. Vishing (voice
phishing) involves calls to victims using fake identity fooling you into considering the call to be
from a trusted organization. They may claim to be from a bank asking you to dial a number and
enter your account details.
4. Email bombing and spamming
Email bombing is characterised by an abuser sending huge volumes of email to a target address
resulting in victim’s email account or mail servers crashing. The message is meaningless and
excessively long in order to consume network resources. If multiple accounts of a mail server are
targeted, it may have a denial-of-service impact. Such mail arriving frequently in your inbox can
be easily detected by spam filters. Email bombing is commonly carried out using botnets (private
internet connected computers whose security has been compromised by malware and under
the attacker’s control) as a DDoS attack.
5. Web jacking
Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web site
fraudulently. He may change the content of the original site or even redirect the user to another
fake similar looking page controlled by him. The owner of the web site has no more control and
the attacker may use the web site for his own selfish interests. Cases have been reported where
the attacker has asked for ransom, and even posted obscene material on the site.
The web jacking method attack may be used to create a clone of the web site, and present the
victim with the new link saying that the site has moved. Unlike usual phishing methods, when
you hover your cursor over the link provided, the URL presented will be the original one, and not
the attacker’s site. But when you click on the new link, it opens and is quickly replaced with the
malicious web server. The name on the address bar will be slightly different from the original
website that can trick the user into thinking it’s a legitimate site. For example, “gmail” may direct
you to “gmai1”. Notice the one in place of ‘L’. It can be easily overlooked.
6. Cyber stalking
Cyber stalking is a new form of internet crime in our society when a person is pursued or
followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually by
following his online activity to harvest information about the stalkee and harass him or her and
make threats using verbal intimidation. It’s an invasion of one’s online privacy.
Cyber stalking uses the internet or any other electronic means and is different from offline
stalking, but is usually accompanied by it. Most victims of this crime are women who are stalked
by men and children who are stalked by adult predators and pedophiles. Cyber stalkers thrive on
inexperienced web users who are not well aware of netiquette and the rules of internet safety. A
cyber stalker may be a stranger, but could just as easily be someone you know.
7. Identity Theft and Credit Card Fraud

Identity theft occurs when someone steals your identity and pretends to be you to access
resources such as credit cards, bank accounts and other benefits in your name. The imposter
may also use your identity to commit other crimes. “Credit card fraud” is a wide ranging term
for crimes involving identity theft where the criminal uses your credit card to fund his
transactions. Credit card fraud is identity theft in its simplest form. The most common case of
credit card fraud is your pre-approved card falling into someone else’s hands.
7. Identity Theft and Credit Card Fraud
https://www.digit.in/techn
ology-guides/fasttrack-to-cy
ber-crime/the-12-types-of-c
yber-crime.html
https://www.facebook.com
/anticybercrimegroup/phot
os/a.880767855341043/44
79223915495401/
8. Software Piracy
Thanks to the internet and torrents, you can find almost any movie, software or song from any
origin for free. Internet piracy is an integral part of our lives which knowingly or unknowingly we
all contribute to. This way, the profits of the resource developers are being cut down. It’s not just
about using someone else’s intellectual property illegally but also passing it on to your friends
further reducing the revenue they deserve. Software piracy is the unauthorized use and
distribution of computer software. Software developers work hard to develop these programs,
and piracy curbs their ability to generate enough revenue to sustain application development.
This affects the whole global economy as funds are relayed from other sectors which results in
less investment in marketing and research.
The following constitute software piracy:
9. Child Pornography
Child pornography is a form of child sexual exploitation. Federal law defines child
pornography as any visual depiction of sexually explicit conduct involving a minor (persons less
than 18 years old). Images of child pornography are also referred to as child sexual abuse
images.
Example: https://www.pna.gov.ph/articles/1132331
10. Cyber bullying

Cyber-bullying or any bullying done through the use of technology or any electronic means.
- Anti-Bullying Act of 2013 (RA 10627)
https://www.justice.gov/criminal-ceos/child-pornography
11. Online scams are sophisticated messages, often
using professional looking brands and logos to look
like they come from a business you know. At first
sight this can make it difficult for you to know what
is real and what is fake.
A scam message can be sent by email, SMS, dating
sites, social networking sites, instant messaging or
even through videophone communications such as
Skype or FaceTime.
a. Fake Charities
b. Fake Parcel Delivery Scams
c. Investment Scams
d. Threat-based impersonation scams
e. Unexpected money scams
f. dating and romance scams
https://www.cyber.gov.au/acsc/view-all-content/threats/scams
https://www.justice.gov/criminal-ceos/child-pornography
https://www.facebook.com/anticybercrimegroup/photos/a.884515324966296/4310936785657449
https://www.facebook.com/anticybercrimegroup/photos/pcb.4363312557086538/4363312243753236
Anti Photo and Video Voyeurism
Any person who possesses a nude photo or video
of another person without his/her consent.
The person threatens to post the photos or

videos in social media accounts or porn sites.
He/she blackmails the victim, asking favor or

consideration in exchange of not posting the
photos of videos. The suspect and the victim
may had a previous relationship.
TIPS FOR PROTECTING YOUR INFORMATION ONLINE
Online safety refers to the

considerations of the risks associated
with using and sharing information in
electronic environments.
In simple terms, online safety refers to

the act of staying safe online.
https://library.tiffin.edu/netiquette/safety
https://nationalonlinesafety.com/wakeupwednesday/what-is-online-safety
STAYING SAFE ONLINE
▪ Limit personal and professional information

▪ Turn on your privacy settings
▪ Practice safe browsing habits
▪ Use a secure network
STAYING SAFE ONLINE
▪ Watch what you download

▪ Keep your anti-virus up to date
STAYING SAFE ONLINE
▪ Choose strong passwords

▪ Only enter financial information on secure sites
▪ Be careful who you meet online
https://haveibeenpwned.com/
Thank You !!!!

Living in IT Era - Chapter 5

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Living in IT Era - Chapter 5

Uploaded by

Copyright:

Available Formats

MODULE 5: Netiquette,

Cybercrimes, Internet Threats

Prepared by: Julie Ann M. Malay

Netiquette, abbreviation of Internet etiquette or network etiquette,

a. Remember the Human– Even though you may be

d. Avoid “SCREAMING” in Typed Messages – Typing an entire message using all

e. Proofread Your Messages Before Sending Them – Proofreading your messages

Strive to make your communications concise and free of any:

g. Respect Diversity in Viewpoints - Be constructive and respectful when sharing

Internet Threats and Prevention – A Brief Review

I Love You, a.k.a. Lovebug/Loveletter Virus, May

MyDoom, worm, 2004

Type: Multiple vector worm

But Trojan horse does not replicate

Trojan horse executes through a

e. Ransomware is a form of malware, designed to deny access to a computer system or

The main targets of a phishing attack include your

A distributed denial-of-service (DDoS) attack is a

- Cybercrime is criminal activity that either targets or uses a computer, a computer

- Cybercriminals are individuals or teams of people who use technology to commit

Republic Act No. 10175 or “Cybercrime Prevention Act of 2012

7. Identity Theft and Credit Card Fraud

7. Identity Theft and Credit Card Fraud

10. Cyber bullying

The person threatens to post the photos or

He/she blackmails the victim, asking favor or

Online safety refers to the

In simple terms, online safety refers to

▪ Limit personal and professional information

▪ Watch what you download

▪ Choose strong passwords

You might also like