THE NETIQUETTE AND THE

COMPUTER ETHICS
MADE BY:
KAIRA PEREZ
DANIELA MARIE CASTANARES
CONNIE CASANE
CONTENTS

• Netiquette
• Cybercrimes
• Internet threats
COMPUTER ETHICS AND
NETIQUETTE
WHAT ARE COMPUTER ETHICS?

• set of commonly agreed principles that govern the use of computers.

• Computer ethics are essentially a set of philosophical guidelines or moral
standards that aim to influence behavior and prevent harm.
• Computer ethics work to ward off technology misuse and also help to steer
social conduct and user interactions when using computer systems –
particularly where the internet is concerned
WHAT IS NETIQUETTE?

• Netiquette is a made-up word from the words net and etiquette. Netiquette
thus describes the rules of conduct for respectful and appropriate
communication on the internet.
• Netiquette is often referred to as etiquette for the internet. These are not
legally binding rules, but recommended rules of etiquette.
WHAT’S THE DIFFERENCE?

NETIQUETTE COMPUTER ETHICS

• refers to the code of behavior or • refers to the moral principles that
conduct that is considered govern the use of computers and
appropriate while communicating technology.
on the internet
What they have in common:
They keep users, you, and me safe
and keep the peace for everyone
online.
WHY IS THIS IMPORTANT?
ANSWERS:

• Firstly, the Internet has a global scope. This means that anyone who wants to
express his views can do so. While this is not bad in itself, the problem is that
the Internet also allows users to remain anonymous. This means that names,
identities, and/or sources do not have to be made known. Thus, while the
Internet gives some users a high degree of power, it also puts many people at
risk of abuse.
ANSWERS:

• Secondly, it is very, very easy to copy information published over the

Internet. This helps users gather information for research purposes. On the
other hand, you cannot be sure that the information is correct and up-to-date.
You cannot be sure either that the author of any page really owns the text he
claims to have written. This increases the chances for abusing intellectual
property rights.
ANSWERS:

• Because it is so easy to copy information, it also becomes easy for Internet

users to note down communications, dealings, and events. This can destroy
people's privacy. And since those who do this can remain anonymous, many
are not brought to court.
SO HOW DO WE FOLLOW
THESE
NETIQUETTE/COMPUTER
ETHICS?
THE TEN COMMANDMENTS OF COMPUTER
ETHICS

• The Computer Ethics Institute promotes a set of rules written by Dr. Ramon
C. Barquin in 1992 to serve as a guide to proper computing behavior. These
rules are not official but laws about computer use have been based on these.
These commandments are as follows on the next slide:
• Thou shalt not use a computer to
harm other people.
• Thou shalt not interfere with other
people's computer work.
• Thou shalt not snoop around in other
people's computer files.
• Thou shalt not use a computer to
steal.
• Thou shalt not use a computer to bear
false witness.
• Thou shalt not copy or use proprietary software for
which you have not paid.
• Thou shalt not use other people's computer
resources without authorization or proper
compensation.
• Thou shalt not appropriate other people's intellectual
output.
• Thou shalt think about the social consequences of
the program you are writing or the system you are
designing.
• Thou shalt always use a computer in ways that
ensure consideration and respect for your fellow
humans.
GENERAL NETIQUETTE RULES

• When communicating on the internet, you should always remember that you
are communicating with people and not simply with computers or
smartphones. As in the real world, rules of etiquette are necessary on the
internet. Netiquette is therefore important to avoid adverse consequences.
GENERAL NETIQUETTE RULES
• 1. Stick to the rules of conduct online that
you follow in real life:
When communicating online, remember the
rules of etiquette that you follow in your
everyday life. Refrain from insulting,
provoking, threatening, or insulting others.
Respect the opinions of your chat
counterparts and express constructive
criticism. Remember that you can be
prosecuted for insulting people online.
• 2. Netiquette: Think of the person
Think of the person behind the computer
when you compose your messages. You are
not communicating with a machine, but with
real people. Also, consider what and how
you write. Because the internet doesn't
forget anything! A screenshot or a copy of
your messages is quickly made and still
exists even if you delete your messages
afterward.
GENERAL NETIQUETTE RULES
• 3. Present your best side online • A tip: You should generally refrain
Communication on the internet comes with
from writing messages or individual
a certain anonymity that does not exist in
words entirely in capital letters –
real life when you are talking to someone
face to face. Often this anonymity leads to even if you want to give these
a lower inhibition threshold for many users sections more expression. After all,
and they behave rudely online if, for capital letters on the internet mean
example, you disagree with them. shouting and are generally
• Make sure that you show your best side considered impolite.
online. Remain friendly and respectful,
even if you disagree. Good netiquette is
characterized by respect, politeness and
professionalism.
GENERAL NETIQUETTE RULES
• 4. Read first, then ask
Do you have a question about
something? Then take the time to
carefully read the answers in the
previous discussion posts first.
There is a good chance that
someone has already answered your
question.
• If you write an answer similar to someone
else's, it shows the other chat participants
that you have paid little attention to the
conversation so far.
• Remember that conversations online can
happen very quickly. It is therefore
important to gather all the information
before responding or asking questions.
GENERAL NETIQUETTE RULES
• 5. Netiquette: Pay attention to
grammar and punctuation
• Take time to read through your
answers again. Check them for
grammar, punctuation and correct message.
spelling.
• It can be very frustrating for the other person if
they have to decipher poorly written sentences in
order grasp the meaning behind them. In addition,
faulty grammar distracts from the goal of your
• Grammar, spelling and punctuation become
especially important when composing emails or
other correspondence that you submit to colleagues
or superiors. If you have a weakness in grammar
and spelling, don't be discouraged. Use spelling
aids before you send messages.
GENERAL NETIQUETTE RULES
• 6. Respect the privacy of others
• This rule should be followed not only in
everyday use of online communication, but
also at work. Do not simply forward
information that has been sent to you
without first obtaining permission from the
original sender.
• When sending private emails to multiple recipients, use
BCC (blind carbon copy) instead of CC (carbon copy).
Many people do not like their names and email
addresses being passed on to people they do not know
themselves.
• This rule on the internet also applies to uploading and
sharing photos or videos that show other people. Before
circulating such private files, be sure to check with the
people concerned before doing so.
• Last but not least: Respect the privacy of
others and do not sign up for newsletters,
forums or the like with someone else's
name or email address.
GENERAL NETIQUETTE RULES
• 6. Respect the privacy of others
• This rule should be followed not only in
everyday use of online communication, but
also at work. Do not simply forward
information that has been sent to you
without first obtaining permission from the
original sender.
• When sending private emails to multiple recipients, use
BCC (blind carbon copy) instead of CC (carbon copy).
Many people do not like their names and email
addresses being passed on to people they do not know
themselves.
• This rule on the internet also applies to uploading and
sharing photos or videos that show other people. Before
circulating such private files, be sure to check with the
people concerned before doing so.
• Last but not least: Respect the privacy of
others and do not sign up for newsletters,
forums or the like with someone else's
name or email address.
 GENERAL NETIQUETTE RULES
• 7. Respect the time and bandwidth of
others
• We live in a much faster world than our
parents or grandparents are used to.
Information can be sent to different people
around the world in a matter of seconds –
and without much effort.
• Nevertheless, the bandwidth, that is to say the information
capacity of wires and channels, is limited. It is similar with
humans. Think of this limited receptivity of information
when you send messages to your friends, colleagues or
superiors.
• Do you get to the point quickly enough in your emails? Are
your arguments formulated correctly and clearly
recognizable? No one wants to waste time unnecessarily on
an email whose core message is only at the end of the email.
That consumes time and effort, and is simply annoying.
Also, consider who really needs to be on the list of
recipients. After all, respect for other people's time and
bandwidth is also part of netiquette.
 GENERAL NETIQUETTE RULES
• 8. Forgive the mistakes of others
• Everyone who goes online to forums and
networks was once a beginner. As in any
other field, you can make mistakes as a
beginner. In online communication, these
can be a lack of etiquette or manners.
• Often these are spelling mistakes, superfluous questions or
answers that are too long. With this in mind, it's important
to forgive your counterparts' mistakes. If they are only
minor mistakes, it is best not to react to them at all. In the
event of a major error, for example a wrong quote, messages
written only in capital letters or missing grammar and
punctuation, then it is best to point it out to the person in a
private message.
• A tip: Sarcasm in written form is not always recognizable to
everyone on the internet. It is therefore better to remain
objective. If you still want to express sarcasm among
friends or close colleagues, use emojis such as smileys or
GIFs. Carefully chosen, emojis can reinforce your message.
GENERAL NETIQUETTE RULES
• 9. Netiquette: Don't abuse your
power
• On the internet, as in real life, some
people have more power than
others. Moderators in a forum,
experts in companies or system
administrators. If you have more
power than others, you do not have
the right to exploit this power.
• Don't spy on colleagues or chat
participants just because you have the
technical means to do so. For
example, system administrators
should never read private emails or
find out about the salary structure in
the company.
GENERAL NETIQUETTE RULES
10. Help keep flame wars under • Also remember that insults and
control threats on the internet can have legal
• Flame wars are messages that contain consequences for you. For this
aggressive personal criticism or attacks on a reason, do not be tempted to make
person. In group chats, heated discussions often
degenerate into so-called flame wars. If you get
such comments, even in heated
into such a discussion, you should stay out of it. discussions. Instead, demonstrate
Always remember that you should treat others exemplary conduct on the internet.
as you would like to be treated. Profanity is not
part of netiquette.
GENERAL NETIQUETTE RULES
11. Know where you are in cyberspace
Netiquette is interpreted differently in
different places on the internet. For
example, it is perfectly normal to spread
gossip in a TV discussion group.
However, if you do this in a serious
discussion group, you will quickly make
yourself unpopular. It is therefore
important that you know where you are
on the internet.
• This also means that if you are in a
new area that is unfamiliar to you, you
need to look around and learn the
ropes. Get an idea of how other people
in this area of cyberspace
communicate with each other and
adapt to them.
 GENERAL NETIQUETTE RULES
12. Hate speech and netiquette
So-called hate speech on the internet is an increasing problem,
especially in social media. It is often found in offensive
comments under photos or posts. However, time and again there
are coordinated actions by specific actors who join forces for the
sole purpose of spreading hate comments. Not infrequently,
social or religious fringe groups, foreigners or black people
become victims of such actions.
• What can you do against hate speech? If you come
across such statements on the internet, you should
report them to the provider of the website. Often
you will find the option to report a post directly
underneath it on social media. The providers are
legally obliged to delete content which is evidently
illegal within 24 hours.
• In addition, you can actively approach the spreaders of
hate speech and try to invalidate their statements and
subsequently educate theperpetrators. It is advisable to ask
for the alleged "facts" and take a clear position against
hate. Steer the discussion in a more positive direction.
However, under no circumstances should you react with
hate or insults. You could also be held accountable for this.
 GENERAL NETIQUETTE RULES
13. Children on the internet: Do not give out
personal information
In these times of social media, identity theft and
social engineering, keeping personal information
secret is essential! Under no circumstances
should your child share passwords or personal
information such as their name, address or
telephone number online. The name of the
school or clubs should also be kept secret.
• 14. Use a neutral nickname
• Make sure that your child uses a
neutral nickname in chat rooms. This
should under no circumstances reveal
your child's identity. In addition, a
neutral nickname ensures that other
people do not feel insulted or
ridiculed.
 GENERAL NETIQUETTE RULES
15. Netiquette and bots/troll posts
So-called bots are computer programs that
usually automatically follow up on a task
without requiring any interaction with humans.
In social media channels, bots often post
comments or even their own posts.
• They often spam in forums or in the
comments under posts. This is
annoying and time-consuming, as
these responses have to be identified
and removed. Bots are therefore not
part of netiquette and should be
avoided if at all possible.
 GENERAL NETIQUETTE RULES
16. Rules for children on the internet: Do not
trust chat participants
Your child should always approach strangers
with a healthy skepticism. You never know who
is really hiding behind the funny profile name
and picture. For example, your child should
never meet a stranger just because they got along
well in a chat conversation. It could be an adult
with bad intentions.
• Similarly, you should explain to your
child that they should not add
strangers as friends on social media
such as Facebook or Instagram. Your
child should also not simply open
emails and other messages and
download attachments. In doing so,
your child could accidentally
download a Trojan or other malware.
 GENERAL NETIQUETTE RULES
17. Fairness first: Do not exclude anyone
If your child is communicating in a private
group, they should refrain from making insider
jokes that not everyone in the group will
understand. It is better to send a private message
to this person. Other chat participants should not
feel excluded. Netiquette includes values such as
tolerance, respect and helpfulness. This also
means that only the language used by everyone
should be used.
• In a school group chat, your child
should always make sure that all chat
members are on the same level, for
example during a review or
presentation. When your child is
explaining a topic that may not be
clear to everyone, it is a good idea to
answer questions about the topic.
 GENERAL NETIQUETTE RULES
18. Netiquette for children: Keep it short and
clear
Posts, answers and even questions should be
kept as short and clear as possible. No one wants
to read an unnecessary amount of text that does
not contribute to answering the issue.
• Cumbersome language and repetitions
only clog up chats and forums; in
addition, spelling mistakes can make it
more difficult to read and understand
what is being said. Forwarding chain
letters also has no place in respectful
online communication.
GENERAL NETIQUETTE RULES
19. Trust your child
Last but not least, the most important rule for children's use of
the internet: Trust your child. After all, you cannot
permanently look over their shoulder, whether your child is
learning via computer, smartphone or tablet. Your child learns
best through their own experiences. Trust in your offspring's
abilities, and refrain from constantly monitoring their internet
activities. It is usually enough to know that your child can ask
you for help if the worst happens.
CYBERCRIMES
WHAT IS CYBERCRIME?

• is any criminal activity that involves a computer, network or networked

device.
• While most cybercriminals use cybercrimes to generate a profit, some
cybercrimes are carried out against computers or devices to directly damage
or disable them.
• can be carried out by individuals or organizations. Some cybercriminals are
organized, use advanced techniques and are highly technically skilled. Others
are novice hackers.
WHAT ARE THE TYPES OF CYBERCRIME?

• Email and internet fraud. • Cyberespionage (where hackers access

• Identity fraud (where personal information is government or company data).
stolen and used). • Interfering with systems in a way that
compromises a network.
• Theft of financial or card payment data.

• Theft and sale of corporate data.

• Infringing copyright.
• Illegal gambling.
• Cyberextortion (demanding money to prevent a
threatened attack). • Selling illegal items online.

• Ransomware attacks (a type of cyberextortion). • Soliciting, producing, or possessing child

pornography.
• Cryptojacking (where hackers mine
cryptocurrency using resources they do not
own).
CYBERCRIME INVOLVES ONE OR BOTH OF
THE FOLLOWING:

• Criminal activity targeting computers using viruses and other types of

malware.
• Criminal activity using computers to commit other crimes.
 WHAT ELSE?
• Cybercriminals that target computers may infect them with malware to damage devices or
stop them from working. They may also use malware to delete or steal data. Or
cybercriminals may stop users from using a website or network or prevent a business from
providing a software service to its customers, which is called a Denial-of-Service (DoS)
attack.
• Cybercrime that uses computers to commit other crimes may involve using computers or
networks to spread malware, illegal information, or illegal images.
• Cybercriminals are often doing both at once. They may target computers with viruses first
and then use them to spread malware to other machines or throughout a network. Some
jurisdictions recognize a third category of cybercrime which is where a computer is used as
an accessory to crime. An example of this is using a computer to store stolen data.
 WHAT ELSE?
• Cybercriminals that target computers may infect them with malware to damage devices or
stop them from working. They may also use malware to delete or steal data. Or
cybercriminals may stop users from using a website or network or prevent a business from
providing a software service to its customers, which is called a Denial-of-Service (DoS)
attack.
• Cybercrime that uses computers to commit other crimes may involve using computers or
networks to spread malware, illegal information, or illegal images.
• Cybercriminals are often doing both at once. They may target computers with viruses first
and then use them to spread malware to other machines or throughout a network. Some
jurisdictions recognize a third category of cybercrime which is where a computer is used as
an accessory to crime. An example of this is using a computer to store stolen data.
EXAMPLES OF CYBERCRIME
MALWARE ATTACKS

• A malware attack is where a computer system or network is infected with a

computer virus or other type of malware. A computer compromised by
malware could be used by cybercriminals for several purposes. These include
stealing confidential data, using the computer to carry out other criminal acts,
or causing damage to data.
PHISHING
• A phishing campaign is when spam
emails, or other forms of communication,
are sent with the intention of tricking
recipients into doing something that
undermines their security. Phishing
campaign messages may contain infected
attachments or links to malicious sites, or
they may ask the receiver to respond
with confidential information.
• Another type of phishing campaign is known as
spear-phishing. These are targeted phishing
campaigns which try to trick specific individuals
into jeopardizing the security of the organization
they work for.
• Unlike mass phishing campaigns, which are very
general in style, spear-phishing messages are
typically crafted to look like messages from a
trusted source. For example, they are made to
look like they have come from the CEO or the IT
manager. They may not contain any visual clues
that they are fake.
DISTRIBUTED DOS ATTACKS

• Distributed DoS attacks (DDoS) are a type of cybercrime attack that

cybercriminals use to bring down a system or network. Sometimes connected
IoT (Internet of Things) devices are used to launch DDoS attacks.

• A DDoS attack overwhelms a system by using one of the standard

communication protocols it uses to spam the system with connection requests.
Cybercriminals who are carrying out cyberextortion may use the threat of a
DDoS attack to demand money. Alternatively, a DDoS may be used as a
distraction tactic while another type of cybercrime takes place.
IMPACT OF CYBERCRIME

• Generally, cybercrime is on the rise. According to • Javelin Strategy & Research published an
Accenture’s State of Cybersecurity Resilience 2021
Identity Fraud Study in 2021 which found
report, security attacks increased 31% from 2020 to
2021. The number of attacks per company increased that identity fraud losses for the year
from 206 to 270 year on year. Attacks on companies totalled $56 billion.
affect individuals too since many of them store
sensitive data and personal information from
customers. • For both individuals and companies, the
• A single attack – whether it’s a data breach, malware, impact of cybercrime can be profound –
ransomware or DDoS attack - costs companies of all primarily financial damage, but also loss
sizes an average of $200,000, and many affected
of trust and reputational damage.
companies go out of business within six months of the
attack, according to insurance company Hiscox.
HOW TO PROTECT YOURSELF AGAINST
CYBERCRIME?
KEEP SOFTWARE AND
OPERATING SYSTEM UPDATED
• Keeping your software and
operating system up to date ensures
that you benefit from the latest
security patches to protect your
computer.
USE ANTI-VIRUS SOFTWARE
AND KEEP IT UPDATED
• Using anti-virus or a comprehensive internet
security solution like Kaspersky Total Security
is a smart way to protect your system from
attacks. Anti-virus software allows you to scan,
detect and remove threats before they become a
problem. Having this protection in place helps
to protect your computer and your data from
cybercrime, giving you piece of mind. Keep
your antivirus updated to receive the best level
of protection.
HOW TO PROTECT YOURSELF AGAINST
CYBERCRIME?
USE STRONG PASSWORDS
• Be sure to use strong passwords that • A classic way that computers get
people will not guess and do not
record them anywhere. Or use a
reputable password manager to
generate strong passwords
randomly to make this easier.
NEVER OPEN ATTACHMENTS
IN SPAM EMAILS
infected by malware attacks and
other forms of cybercrime is via
email attachments in spam emails.
Never open an attachment from a
sender you do not know.
HOW TO PROTECT YOURSELF AGAINST
CYBERCRIME?
DO NOT CLICK ON LINKS IN
SPAM EMAILS OR UNTRUSTED
WEBSITES
• Another way people become
victims of cybercrime is by clicking
on links in spam emails or other
messages, or unfamiliar websites.
Avoid doing this to stay safe online.
DO NOT GIVE OUT PERSONAL
INFORMATION UNLESS
SECURE
• Never give out personal data over
the phone or via email unless you
are completely sure the line or
email is secure. Make certain that
you are speaking to the person you
think you are.
HOW TO PROTECT YOURSELF AGAINST
CYBERCRIME?
CONTACT COMPANIES
DIRECTLY ABOUT SUSPICIOUS BE MINDFUL OF WHICH
REQUESTS WEBSITE URLS YOU VISIT
• If you are asked for personal information or data • Keep an eye on the URLs you are
from a company who has called you, hang up.
Call them back using the number on their
clicking on. Do they look legitimate?
official website to ensure you are speaking to Avoid clicking on links with unfamiliar
them and not a cybercriminal. Ideally, use a or URLs that look like spam. If your
different phone because cybercriminals can hold
the line open. When you think you’ve re-dialed,
internet security product includes
they can pretend to be from the bank or other functionality to secure online
organization that you think you are speaking to. transactions, ensure it is enabled before
carrying out financial transactions online.
HOW TO PROTECT YOURSELF AGAINST
CYBERCRIME?
KEEP AN EYE ON YOUR BANK
STATEMENTS
• Spotting that you have become a victim of •.
cybercrime quickly is important. Keep an eye
on your bank statements and query any
unfamiliar transactions with the bank. The bank
can investigate whether they are fraudulent.

• A good antivirus will protect you from the threat

of cybercrime.
INTERNET THREATS
 WHAT ARE INTERNET THREAT
• Web-based threats, or online threats, or Internet Threats are a category of
cybersecurity risks that may cause an undesirable event or action via the internet.
• made possible by end-user vulnerabilities, web service developers/operators, or
web services themselves. Regardless of intent or cause, the consequences of a
web threat may damage both individuals and organizations.
• This term typically applies to — but is not limited to — network-based threats in
the following categories:
 WHAT ARE INTERNET THREAT
• Private network threats - impact sub-networks connected to the wider global
internet. Typical examples can include home Wi-Fi or ethernet networks,
corporate intranets, and national intranets.
• Host threats - impact specific network host devices. The term host often refers to
corporate endpoints and personal devices, such as mobile phones, tablets, and
traditional computers.
• Web server threats - impact dedicated hardware and software that serve web
infrastructure and services.
WHAT ARE WEB THREATS/INTERNET
THREATS?
• Internet-based threats expose people and
computer systems to harm online. A broad
scope of dangers fits into this category,
including well-known threats like phishing
and computer viruses. However, other
threats, like offline data theft, can also be
considered part of this group.
• Web threats are not limited to online
activity but ultimately involve the internet
at some stage for inflicted harm. While not
all web threats are created deliberately,
many are intended — or have the potential
— to cause:
• Access denial. Prevention of entry to a
computer and/or network services.
• Access acquisition. Unauthorized or
unwanted entry into a private computer
and/or network services.
• Unauthorized or unwanted use of
computer and/or network services.
• Exposing private data without
permission, such as photos, account
credentials, and sensitive government
information.
• Unauthorized or undesired changes to a
 HOW DO WEB THREATS WORK?
• When a web threat arises, certain
circumstances align to make it a point-
of-concern.
• Namely, there are a few basic
components to any web threat:
1. Threat motives give an intentional threat agent a
reason or goal to cause harm. Some threat agents
don’t act intentionally or act autonomously and
may, therefore, be absent of motive.
2. Threat agents are anything or anyone that can
negatively impact — with the internet either as a
threat vector or a target itself.
3.Vulnerabilities include any human behavior
weakness, technology systems, or other resources
that can lead to a damaging exploit or incident.
• 4. Threat outcomes are the negative results of a
threat agent acting against one or more
vulnerabilities.
HOW DO WEB THREATS WORK?
• As these components interact, a
threat becomes an attack on
computer systems. Threat motives
can include any of the following:
financial, surveillance, information,
retaliation, sabotage, and more.
• Threat agents are typically people
with malicious intent. By extension,
agents may also be anything that is
manipulated into acting in favor of
the original threat agent. However,
some threat agents— such as
destructive nature events — act
entirely without human intervention.
HOW DO WEB THREATS WORK?
• The types of threat agents include:
• Non-human agents: Examples include
malicious code (viruses, malware, worms,
scripts), natural disasters (weather,
geological), utility failure (electrical,
telecom), technology failure (hardware,
software), and physical hazards (heat,
water, impact).
• Intentional human agents: Based on
malicious intent. Can be internal
(employees, contractors, family, friends,
acquaintances) and external (professional
and amateur hackers, nation-state actors and
agencies, competitor corporations)
• Accidental human agents: Based on human
error. Similar to intentional threats, this type
can include internal and external agents.
HOW DO WEB THREATS WORK?
• Negligence-based human agents:
Based on careless behaviors or
safety oversights. Again, this
category can also include internal
and external agents.
• Vulnerabilities may be points of
weakness where someone or something
can be manipulated. Vulnerabilities can
be considered a web threat and a concern
that enables other threats. This area
typically includes some form of human
or technical weakness that can lead to
penetration, misuse, or destruction of a
system.
HOW DO WEB THREATS WORK?

• Threat outcomes may lead to • Reputation damage: Loss of trust from

clients and partners, search engine
disclosed private info, deceived
blacklisting, humiliation, defamation, etc.
users, disrupted computer system
use, or seized access privileges.
• Operations disruption: Operational
downtime, access denial to web-based
Web threats often result in, but are services such as blogs or message boards,
not limited to, causing: etc.
• Theft: Financial, identity, sensitive
consumer data, etc.
HOW DO WEB THREATS WORK?

• Threat outcomes may lead to • Reputation damage: Loss of trust from

clients and partners, search engine
disclosed private info, deceived
blacklisting, humiliation, defamation, etc.
users, disrupted computer system
use, or seized access privileges.
• Operations disruption: Operational
downtime, access denial to web-based
Web threats often result in, but are services such as blogs or message boards,
not limited to, causing: etc.
• Theft: Financial, identity, sensitive
consumer data, etc.
HOW DO WEB THREATS WORK?
• Cybercriminals will use almost any
vulnerability within an operating
system (OS) or an application to
conduct an attack. However, most
cybercriminals will develop web
threats that deliberately target some
of the most common operating
systems/applications, including:
Java: Because Java is installed on over 3 billion
devices (that are running under various operating
systems) exploits can be created to target specific
Java vulnerabilities on several different
platforms/operating systems.
Adobe Reader: Although many attacks have
targeted Adobe Reader, Adobe has implemented
tools to protect the program against exploit
activity. However, Adobe Reader is still a
common target.
HOW DO WEB THREATS WORK?

• Windows and Internet Explorer: Active

exploits still target vulnerabilities that were
detected as far back as 2010 – including
MS10-042 in Windows Help and Support
Center, and MS04-028, which is associated
with incorrect handling of JPEG files.
• Android: Cybercriminals use exploits to gain
root privileges. Then, they can achieve almost
complete control over the targeted device.
HOW DO INTERNET WEB
THREATS SPREAD?
• Web threats of this nature use the internet's many communications channels to
spread. Larger threats use the global internet to respond to threats, while more
targeted threats may directly infiltrate private networks.

• Typically, these threats are distributed through web-based services. Malicious

actors prefer to place these threats in locations where users will often engage with
them. Public websites, social media, web forums, and email are often ideal for
spreading a web threat.

• Users are affected when they engage with malicious URLs, downloads, or provide
sensitive info to websites and message senders. This engagement may also trigger
infection and spread of web threats to other users and networks. It’s not uncommon
for innocent users to unknowingly become threat agents themselves.
HOW TO SPOT WEB THREATS
• Here are some tips to guide you:
• Grammar: Malicious actors may not
always carefully craft their
messages or web content when
assembling an attack. Look for
typos, odd punctuation, and unusual
phrasing.
• URLs: Harmful links can be masked
under decoy anchor text — the
visible text that’s displayed. You can
hover over a link to inspect its true
destination.
• Poor quality images: The use of low-
resolution or unofficial images may
indicate a malicious webpage or
message.
TYPES OF WEB SECURITY
THREATS
TYPES OF WEB SECURITY THREATS
• As mentioned previously, web
threats typically include human and
technical manipulation in order to
attack. Be aware there tends to be
overlap between web threats, and
some may occur simultaneously.
Some of the most common web
threats may include the following.
Social engineering - involves deceiving users to
act unknowingly against their own best interests.
These threats usually involve gaining the trust of
users to deceive them. Manipulating users in this
way can include:
• Phishing: Posing as legitimate institutions or
people to get them to divulge personal details.
• Watering hole attacks: Exploiting popular
websites to fool users into exposing themselves
to harm.
• Network spoofing: Fraudulent access points that
mimic legitimate ones.
TYPES OF WEB SECURITY THREATS
• Malicious code-Includes malware and
harmful scripts (lines of computer
programming commands) to create or
exploit technical vulnerabilities. Where
social engineering is the human side of
web threats, malicious code is the technical •
side. These threats can include but are not
limited to:
• Injection attacks: Insertion of harmful
scripts into legitimate applications and
websites. Examples include SQL injection
and cross-site scripting (XSS).
• Botnet: Hijacking a user device for remote,
automated use in a network of similar
“zombies.” These are used to accelerate
spam campaigns, malware attacks, and
more.
Spyware: Tracking programs that monitor
user actions on a computer device. The
most common examples are keyloggers.
• Computer worms: Scripts that run,
replicate, and spread autonomously without
the help of a related program.
TYPES OF WEB SECURITY THREATS
• Exploits-
• Exploits are intentional abuses of
vulnerabilities that may lead to an
undesirable incident.
• Spoofing: Masking a real identity to
manipulate legitimate computer systems.
Examples include IP spoofing, DNS
spoofing, and cache poisoning.

• Brute force attacks: Manual or automated

attempts to breach security “gates” and
vulnerabilities. This may typically involve
generating all possible passwords to a
private account.
TYPES OF WEB SECURITY THREATS
• Cybercrime Cyber libel: Also known as online
• Cybercrime refers to any unlawful activity defamation, this can involve attacking
conducted via computer systems. These individuals or organizations' reputations. This
threats often use the web to enact their can be done through disinformation
plans. (deliberate distribution of inaccurate
information) or misinformation (mistaken
• Cyberbullying: Mental abuse of victims distribution of inaccurate information).
using threats and harassment.
Advanced Persistent Threats (APTs):
• Unauthorized data disclosure involves the Malicious actors gain access to a private
release of private information, such as network and establish ongoing access. They
email leaks, intimate photos, and combine social engineering, malicious code,
significant corporate data leaks. and other threats to exploit vulnerabilities and
gain this access.
TYPES OF WEB SECURITY THREATS
• Typically, web threats refer to malware • Do not have a security product installed
programs that can target you when you're
• Contain a commonly used operating
using the internet. These browser-based system or application that is vulnerable –
threats include a range of malicious because the user hasn’t applied the latest
software programs that are designed to updates, or a new patch has yet to be issued
infect victims’ computers. The main tool by the software vendor
behind such browser-based infections is the
exploit pack – which gives cybercriminals
a route to infecting computers that either:
TYPES OF WEB SECURITY THREATS
• Most active malicious software programs
involved in web threats. The list includes
the following types of online threats:
• Malicious websites. Kaspersky identifies
these websites by using cloud-based
heuristic detection methods. Most
malicious URL detections are for websites
that contain exploits.
• Malicious scripts. Hackers inject malicious scripts into
the code of legitimate websites that have had their
security compromised. Such scripts are used to
perform drive-by attacks – in which visitors to the
website are unknowingly redirected to malicious
online resources.
• Scripts and executable PE files Generally, these either:
-Download and launch other malicious software
programs
-Carry a payload that steals data from online banking
and social network accounts or steals login and user
account details for other services
TYPES OF WEB SECURITY THREATS
• Trojan-Downloaders. These Trojan viruses
deliver various malicious programs to
users’ computers.
• Exploits and exploit packs. Exploits target
vulnerabilities and try to evade the
attention of Internet security software.
• Adware programs. Often, the adware will
simultaneously install when a user starts to
download a freeware or shareware
program.
HOW TO PROTECT YOURSELF
AGAINST WEB THREATS?
MOST THREATS ARE SUCCESSFUL DUE TO
TWO MAIN WEAKNESSES:

• Human error • General tips to follow for both end-

users and web service providers
• Technical error
include:
Full protection from web threats
1. Always create backups: All valuable
means you will need to find ways to
data should be copied and stored safely
cover these weak points.
to prevent data loss in case of an
incident. Websites, device drives, and
even web servers can be backed up.
• 2. Enable multi-factor authentication (MFA):
MFA allows for additional layers of user
authentication on top of traditional passwords.
Organizations should enable this protection for
users, while end-users should be sure to make
use of it.
• 3. Scan for malware: Regular scans for
infections will keep your computer devices
secured. Personal devices can all be covered
through an antivirus solution like Kaspersky
Total Security. Enterprise endpoint machines
and computer networks should use this
protection as well.
• 4. Keep all tools, software, and OS up
to date: Computer systems are more
vulnerable when they’ve been
unpatched against undiscovered holes
in their programming. Software
developers regularly probe for
weaknesses and issue updates for this
purpose. Protect yourself by
downloading these updates.
• Service providers like website owners and server operators are where true
comprehensive security starts. These parties will need to take precautions for better
protection. They can do this by:

1. Monitoring web traffic to gauge for normal volumes and patterns.

2. Implementing firewalls to filter and restrict unpermitted web connections.
3. Network infrastructure distribution to decentralize data and services. This includes
aspects like backups for various resources and geo server rotations.
4. Internal probing to investigate for unpatched vulnerabilities. This might, for
example, involve self-attacking with SQL injection attack tools.
5. Proper security configuration for access rights and session management.
• Users should protect themselves by doing the following:

1. Scan downloads for malware.

2. Vet links before clicking, only clicking links if you are positive the destination is
safe and trusted.
3. Make strong, secure passwords, and avoid duplicates. Use a secure Password
Manager to help manage all of your accounts and passwords.
4. Throttle login attempts by triggering account lockdown after a limited number of
tries.
5. Look out for phishing red flags in texts, email, and other communications.