COMPUTER LAB

IT CELL,
FTR HQR SSB, SILIGURI
 C
ORGANIZE Y
BY B
IT CELL, FTR HQR SSB SILIGURI E
R
Workshop on :- Cyber Security Awareness Program
S
E
C
U
R
I
T
Y
 Contents of workshop :-
IMPORTANCE OF CYBER SECURITY C
Y
TYPES OF CYBER CRIME B
E
IDENTITY THEFT
R
PSYCHOLOGICAL TRICKS
S
SOCIAL MEDIA FRAUDS E
C
DIGITAL BANKING FRAUDS
U
MOBILE APP FRAUDS R
I
VIRUS ATTACKS ON COMPUTER SYSTEMS T
GENERAL TIPS TO MAINTAIN THE CYBER HYGIENE Y

Incident Reporting of Cyber Crime

 IMPORTANCE OF CYBER SECURITY
Advanced technologies have changed the modern way of life.
 Internet provides us with many benefits. Be it communicating with
friends, searching for information, doing banking transactions, availing
online services, finding job, finding life partner or even running entire
businesses.
 The internet touches almost all aspects of our lives. However, it also
makes us vulnerable to a wide range of threats.
 A study by a leading industry research organization, 90% of all cyber-
attacks are caused by human negligence. Therefore, cyber security
awareness is important for everyone today.
 Be vigilant while making use of technology to reduce the risk of cyber
threats. (Google Data Centre Tour)
 TYPES OF CYBER CRIME
 A cybercrime is a crime involving computers and networks.
 In Cyber crime a wide range of activities, from illegally downloading
music files to stealing money from online bank accounts.
 Cyber criminals are not always financially motivated, cybercrimes include
non-monetary offenses as well.
 In Cyber crime job related frauds, matrimonial frauds, stealing and
misusing sensitive personal information (Aadhaar details, credit/debit card
details, bank account credentials, etc.), defamation of an individual on social
media; distribution of computer viruses etc.
.
 IDENTITY THEFT
Identity theft is the act of wrongfully obtaining someone’s personal information (that
defines one’s identity) without their permission. The personal information may include
their name, phone number, address, bank account number, Aadhaar number or credit/debit
card number etc.

Identity theft can have many adverse effects. The fraudster can use stolen personal
information and identity proofs to :-
• Gain access to your bank accounts
• Apply for loans and credit cards or open insurance accounts
• File a tax refund in your name and get your refund
• Obtain a driver’s license, passport or immigration papers
• Create new utility accounts
• Get medical treatment on your health insurance
• Assume your identity on social media
• Give your name to the police during an arrest etc.
 Tips to Protect yourself from IDENTITY THEFT

 Do not close the browser window without logging out of the account.
 Use 2-step verification such as one-time password (OTP) while using someone
else’s computer.
 Do not save your username and password in the web browser.
 Register your mobile number and working e-Mail with social networking sites
to get alerts in the event of un-authorized access.
 Permanently delete all documents downloaded on computers in cybercafé.
 Never provide details or copy of identity proofs (e.g. PAN Card, Aadhaar
Card, Voter Card, Driving License, Address Proof) to unknown
person/organization.
 Tips to Protect yourself from IDENTITY THEFT

Be careful while using identity proofs at suspicious places.

Do not share sensitive personal information (like Date of Birth, Birth Place, Family
Details, Address, Phone Number) on public platforms.
Always strike out the photo copy of the identity proof; write the purpose of its usage
overlapping the photo copy. This way, it becomes difficult to reuse the photo copy.
Do not leave your credit, debit or ATM card receipts behind, in places such as a
bank/ATM or a store; never throw them away in public.
Always ensure that credit/debit card swipes at shopping malls, petrol pumps, etc. are
done in your presence. Do not allow the sales person to take your card away to swipe
for the transaction.
Look out for credit/debit card skimmers anywhere you swipe your card,
especially at petrol pumps, ATMs etc.
If you notice a credit/debit card reader that protrudes outside the face of the rest of
the machine, it may be a skimmer.
 Tips to Protect yourself from IDENTITY THEFT

Never share your PIN with anybody, however close they might be.
Do not respond to messages from unknown source requesting personal or financial
details even if it assures credit of money into your bank account.
Do not respond to suspicious e-mails or click on suspicious links.
Do not transfer money to any un-trusted unknown account.
Remember you can never win a lottery if you have not participated in it.
Always verify the correctness of the domain of the e-mail ID, for example, all
government websites have “.gov.in” or “.nic.in” as part of their web address.
Have proper spam filters enabled in your e-mail account.
 PSYCHOLOGICAL TRICKS
C
Y
Psychological tricks are where attackers play with the minds B
of the user to trap them with lucrative offers. Once trapped, E
R
the attackers can exploit the victim by either stealing money
or stealing sensitive personal information (name, Aadhaar S
details, bank account details etc.) or harm the victim in any E
other way. The entire basis of this kind of attack is to make C
U
the victim fall into their trap by sending fake e-mails, calls or R
SMSs. I
T
Y
 PSYCHOLOGICAL TRICKS
C
Y
In Psychological tricks the fraudster can use the following methods as B
under - E
R
 Phishing is the act of sending fraudulent e-mail that appears to be from a
legitimate source, for example, a bank, a recruiter or a credit card company etc. S
E
 Vishing is similar to phishing. But, instead of e-mail, in this type of crime, the C
fraudster uses telephone to obtain sensitive personal and financial information. U
R
Smishing is the SMS equivalent of phishing. It uses SMS to send fraudulent I
text messages. The SMS asks the recipient to visit a website/weblink or call a T
phone number. Y
 PSYCHOLOGICAL TRICKS

Lottery Fraud - fraudster congratulates the victim for winning a handsome lottery
via e-mail/call/SMS. The victim is delighted and is eager to get the lottery money.
The fraudster asks the victim to transfer a token amount and share vital personal
information to get the lottery money. The victim loses his/her money and does not
get anything in return.

Credit/Debit Card Fraud - attacker tries to scare the victim by informing them
that their credit/debit card has been blocked.

Job Related Fraud - attacker sends a fake e-mail to the victim offering a job with
an attractive salary.
 Tips to Protect yourself from PSYCHOLOGICAL TRICKS

 Do not respond to messages from unknown source requesting personal or

financial details even if it assures credit of money into your bank account.
Do not respond to suspicious e-mails or click on suspicious links.
Do not transfer money to any un-trusted unknown account.
Remember you can never win a lottery if you have not participated in it.
Always verify the correctness of the domain of the e-mail ID, for example, all
government websites have “.gov.in” or “.nic.in” as part of their web address.
Have proper spam filters enabled in your e-mail account.
Do not get petrified if you receive a call stating that your card is blocked.
Bank will never convey such information on call.
 Tips to Protect yourself from PSYCHOLOGICAL TRICKS
C
Y
Do not share your PIN, password, card number, CVV number, OTP etc. with B
any stranger, even if he/she claims to be bank employee. Bank will never ask
E
for any vital information.
Keep your bank’s customer care number handy so that you can report any R
suspicious or un-authorized transactions on your account immediately.
Always search and apply for jobs posted on authentic job portals, S
newspapers etc. E
Check if the domain of the e-mail is the same as the one you have applied C
with. For example, all government websites have “.gov.in” or “.nic.in” as U
domain. R
If an e-mail has spelling, grammatical and punctuation errors, it could be
I
a scam.
Beware of the fake calls/e-mails impersonating themselves as recruiters and
T
requesting for personal information or money. Y
 SOCIAL MEDIA FRAUDS
C
Y
B
Social Media has become an integral part of our lives. It is the new E
R
way of communicating, sharing and informing people about the
events in our lives. We share our day to day lives on social media S
in the form of self and family photographs, updates on our E
locations/whereabouts, our views/thoughts on prevalent topics etc. C
U
One can understand the entire history of an individual through R
their social media profile and can even predict future events based I
on patterns in the past. (Facebook Data Centre Tour) T
Y
 SOCIAL MEDIA FRAUDS
C
Y
B
In Social Media Frauds fraudster can use the following methods as E
under - R

Sympathy Fraud - attacker becomes friends with the victim on social S

media. The attacker gains trust by frequent interactions. The attacker E
later extracts money/harms the victim. C
U
Romance Fraud - attacker becomes friends with the victim on social R
media. Over a period, the attacker gains victim’s affection. The attacker I
later exploits the victim physically, financially and/or emotionally. T
Y
 SOCIAL MEDIA FRAUDS
C
Y
B
Cyber Stalking - is a crime in which the attacker harasses a victim using electronic E
communication, such as e-mail, instant messaging (IM), messages posted on a R
website or a discussion group. A cyber stalker relies upon the fact that his/her true
identity is not known in the digital world. A cyber stalker targets the victim with S
threatening/abusive messages and follows them/their activities in the real world.
E
Cyber Bullying - is bullying that takes place over digital devices. Cyber bullying can
C
occur through SMS, social media, forums or gaming apps where people can view, U
participate or share content. Cyber bullying includes sending, posting or sharing R
negative, harmful, false content about someone else. The intention is to cause I
embarrassment or humiliation. At times, it can also cross the line into unlawful T
criminal behaviour. Y
 Tips to Protect yourself from SOCIAL MEDIA FRAUDS
C
Y
Be careful while accepting friend request from strangers on social
B
media. Cyber criminals often create fake social media profile to
E
befriend potential victims with an intention to harm them.
R
Do not share personal details or get into financial dealings with an
unknown person whom you have met on social media platform.
S
Keep family/friends informed, in case you plan to meet a social media
E
friend. Always plan such meetings in public places.
C
Be cautious while responding to unknown friend requests on social
U
media platforms. Do not respond to unknown friend requests
R
I
T
Y
 Tips to Protect yourself from SOCIAL MEDIA FRAUDS
C
Y
Never share intimate pictures with anyone on online platform as they
B
can be misused later.
E
Do not share personal details or get into financial dealings with an
R
unknown person whom you have met on social media platform.
Restrict access to your profile. Social media sites offer privacy settings
S
for you to manage who can view your posts, photos, send you friend
E
request etc.
C
Ensure your personal information, photos and videos are accessible
U
only to your trusted ones.
R
Be careful while uploading your photos on social media which show
I
your location or places you frequently visit as cyber stalkers may keep
T
tabs on your daily life.
Y
 Tips to Protect yourself from SOCIAL MEDIA FRAUDS
C
Be careful :-
Y
 If your child’s behaviour is changing and he/she is more aggressive than B
before. E
If suddenly your child stops talking with you or his/her friends. R
If he/she stops using digital devices or is scared.

Make your children aware that cyber bullying is a punishable crime so that S
neither do they indulge themselves in cyber bullying nor do they let anyone E
tease them.
C
Discuss safe internet practices with your friends and family regularly.
Monitor your kid’s activity on internet/social media. Enable parental controls on U
computer/mobile devices. R
Even if the children or students know about any friend who is a victim of cyber I
bullying, they should help the victim. Report the matter to parents or teachers T
immediately. Y
 DIGITAL BANKING FRAUDS
C
 In present scenario, all banking services are shifting online. Y
B
 Services like retrieving account statement, funds transfer to other E
accounts, requesting a cheque book, preparing demand draft etc. can R
all be done online.
S
Most of these services can be done sitting at home without physically E
visiting the bank. C
 As the services are shifting towards online platforms, cyber frauds U
R
related to banking are also increasing.
I
 Protection of bank accounts with strong passwords becomes highly T
essential. Y
 DIGITAL BANKING FRAUDS
C
In Digital Banking frauds , fraudster can use the following methods as Y
under – B
E
Digital Payments Applications related attacks :- Digital payments have become R
very common in today’s life. However, they do pose a threat if the account is
hacked. S
E
Hacking of Bank Account due to Weak Password :- In this type of attack, the C
attacker hacks into the victim’s account by using a program to guess commonly
U
used passwords. Once the account is hacked, the attacker can steal money or
perform an illegal transaction in order to defame or frame the victim. R
I
Hacking of Multiple Accounts due to same password :- If same password is T
used for multiple accounts, then hacking of one account may also lead to Y
hacking of other accounts.
 Tips to Protect yourself from DIGITAL BANKING FRAUDS
C
Y
Create Strong password to your online banking account and the ttechniques for
strong password which are easy to remember : B
E
• For making unique passwords, create as many pass-phrases and words as R
possible (different passwords for different accounts) For example:
• shopping – $h0pp!n9 (S =$, i=!, g=9, o=0) S
• october – 0cT0b3r9! E
(one more alphabet/number ‘9’ is added as “october” is a 7 letter word) C
• Social Network – $0c!alNetw0rK U
• Windows – w!nD0W$9 R
• NULinux – 9NuL!NuX I
(one more alphabet/number ‘9’ is added as “NULinux” is a 7 letter word) T
Y
 Tips to Protect yourself from DIGITAL BANKING FRAUDS
C
Y
B
• Set your passwords to be at least 8 characters long.
E
• Make the passwords stronger by combining letters, numbers and
R
special characters.
• Use a different password for each of your accounts and devices.
S
• Use 2-step verification (such as OTP) whenever possible.
E
• If one of your online accounts has been hacked, immediately log in
C
and change the password to a strong, unique password. U
• Do not share your passwords/PIN with anyone.
R
• Do not save your usernames and passwords in the web browser.
I
T
Y
 MOBILE APP FRAUDS
C
Y
B
With the increase in the use of smart phones and the consequent E
rise in the use of mobile applications, associated security risks have R
also increased. The number of mobile transactions has increased
four times in the last couple of years, and now, cyber criminals are S
targeting mobile users to extract data and money. E
C
U
R
I
T
Y
 MOBILE APPLICATIONS FRAUDS
C
In Mobile Applications frauds , fraudster can use the cyber attacks Y
using infected Mobile App :- B
People become habitual users of certain mobile applications. As a result, E
they ignore security warnings. R
Fraudsters use this to attack the victim by infiltrating through such
S
popular mobile applications.
E
 They infect the applications with malicious software, called Trojan. C
This Trojan can get access to your messages, OTP, camera, contacts, e- U
mails, photos etc. for malicious activities. R
 It can also show obscene advertisements, sign users up for paid I
subscriptions or steal personal sensitive information from the mobile etc. T
Y
 Tips to Protect yourself from MOBILE APP FRAUDS

• Always install mobile applications from official application stores or

trusted sources.
• Scrutinize all permission requests thoroughly, especially those
involving privileged access, when installing/using mobile
applications. For example, a photo application may not need
microphone access.
• Regularly update software and mobile applications to ensure there
are no security gaps.
• Beware of malicious applications or malicious updates in existing
applications. Clear all the data related to the malicious application and
uninstall it immediately.
 VIRUS ATTACKS ON COMPUTER SYSTEMS
C
Y
B
Personal Computers or laptops play a very important role in our lives. E
We store our crucial information such as bank account numbers, R
business documents etc. in the computer. We also store personal files
like photos, music, movies etc. in the computer. Therefore, protection of S
all this data is highly essential. Just as we keep a physical lock on our E
C
safe vaults, it is equally important to protect our valuable data from
U
viruses/malicious applications that can damage it.
R
I
T
Y
 VIRUS ATTACKS ON COMPUTER SYSTEMS
C
Y
Virus Attack through external devices :-
B
A virus can enter the computer through external devices like pen drive E
or hard disk etc. This virus can spread across all the computer files. R

Virus Attack by downloading files from un-trusted websites S

The virus can enter the computer by download of files from un-trusted E
websites. The virus can be hidden in the form of music files, video files C
or any attractive advertisement. This virus can spread across all the U
computer files. R
I
T
Y
 VIRUS ATTACKS ON COMPUTER SYSTEMS
C
Y
B
Virus Attack by installation of malicious software
E
The virus can enter into the computer by installing software from un- R
trusted sources. The virus can be an additional software hidden inside
unknown game files or any unknown software. This virus can spread S
across all the computer files. E
C
A Virus/Malicious application can cause various harms such as slowing U
down the computer, lead to data corruption/deletion or data loss. R
I
T
Y
 Tips to Protect Computer System from VIRUS ATTACKS
C
Y
B
• Computers/Laptops should have a firewall and anti-virus installed, E
enabled and running the latest version. R
• Always scan external devices (e.g. USB) for viruses, while
connecting to the computer. S
• Always keep the “Bluetooth” connection in an invisible mode, unless E
you need to access file transfers on your mobile phone or laptops. C
• Before disposing of computers or mobile devices, be sure they are U
wiped of any personal information. For mobile devices, this can be R
done by selecting the option for a secure reset/factory reset of the I
device. T
Y
 Tips to Protect Computer System from VIRUS ATTACKS
C
Y
B
• Never download or install pirated software, applications etc. on your E
computer, laptops or hand-held devices. It is not only illegal but also R
increases your vulnerability to potential cyber threats.
• Do not click on the URL/links provided in suspicious e-mails/SMS even if S
they look genuine as this may lead you to malicious websites. This may E
be an attempt to steal money or personal information. C
• Always check “https” appears in the website’s address bar before U
making an online transaction. The “s” stands for “secure” and R
indicates that the communication with the webpage is encrypted. I
T
Y
 General Tips to Maintain the Cyber Hygiene
C
 Always keep your systems/devices (desktop, laptop, mobile) updated with latest patches.
Y
 Protect systems/devices through security software such as anti-virus with the latest version. B
E
 Always download software or applications from known trusted sources only. Never use
R
pirated software on your systems/devices.
 Ensure all devices/accounts are protected by a strong PIN or passcode. Never share your S
PIN or password with anyone. E
 Do not share your net-banking password, One Time Password (OTP), ATM or phone C
banking PIN, CVV number etc. with any person even if he/she claims to be an employee U
or a representative of the bank and report such instances to your bank. R
I
T
Y
 General Tips to Maintain the Cyber Hygiene
C
 Always change the default admin password on your Wi-Fi router to a strong
Y
password known only to you. In addition, always configure your wireless B
network to use the latest encryption (contact your network service provider, in E
case of any doubt). R
 Be cautions while browsing through a public Wi-Fi and avoid logging in to
personal & professional accounts such as e-mail or banking on these networks. S
 Always use virtual keyboard to access net-banking facility from public E
computers; and logout from banking portal/website after completion of online C
transaction. Also ensure to delete browsing history from web browser (Internet
U
Explorer, Chrome, Firefox etc.) after completion of online banking activity.
 Do scan all e-mail attachments for viruses before opening them. Avoid R
downloading e-mail attachments received in e-mails from unknown or un- I
trusted sources. T
Y
 General Tips to Maintain the Cyber Hygiene
C
 Be careful while sharing identity proof documents especially if you cannot verify
Y
the authenticity of the company/person with whom you are sharing B
information. E
 Note the IMEI code of your cell phone and keep it in a safe place. The operator R
can blacklist/ block/trace a phone using the IMEI code, in case the cell phone is
stolen. S
 Observe your surroundings for skimmers or people observing your PIN before E
using an ATM. C
 Discuss safe internet practices and netiquettes with your friends and family U
regularly! Motivate them to learn more about cybercrimes and safe cyber R
practices.
 Do not save your card or bank account details in your e-wallet as it increases the I
risk of theft or fraudulent transactions in case of a security breach. T
 If you think you are compromised, inform authorities immediately. Y
 Incident Reporting of Cyber Crime
C
 Visit the nearest police station immediately.
Y
 To report cybercrime complaints online, visit the National Cyber Crime Reporting B
Portal. This portal can be accessed at https://cybercrime.gov.in E
 You can also file a complaint offline by dialling the helpline number 155260. R
 In case you receive or come across a fraud sms, e-mail, link, phone call asking for
your sensitive personal information or bank details, please report it on web portal S
by visiting www.reportphishing.in E
 Refer to the latest advisories which are issued by CERT-IN on C
https://www.cert-in.org.in/ U
 Report any adverse activity or unwanted behaviour to CERT-IN using following R
channels : E-mail : incident@cert-in.org.in I
Helpdesk : +91 1800 11 4949 T
Y
 Incident Reporting of Cyber Crime
C
Provide following information (as much as possible) while reporting an incident.
Y
• Time of occurrence of the incident B
• Information regarding affected system/network E
• Symptoms observed
R
To report lost or stolen mobile phones, file a First Information Report (FIR) with the
police. Post filing the FIR, inform Department of Telecommunications (DoT) through the S
helpline number 14422 or file an online compliant on Central Equipment Identity Register E
(CEIR) portal by visiting https://ceir.gov.in. After verification, DoT will blacklist the phone, C
blocking it from further use. In addition to this, if anyone tries to use the device using a
different SIM card, the service provider will identify the new user and inform the police.
U
R
Booklets Related to Cyber Security available on SSB Website : ssb.nic.in
I
T
Y
Workshop on Cyber Security Awareness Program
C
Y
B
E
be Cyber Smart R

be Cyber Safe S
E
C

THANKS U
R
I
T
Y