Skip to main content

Threats to Internet Safety

ARD

There are many Threats to Internet Safety for Filipinos and our government have long started passing laws that would enable us to counter the effects, prevent it from happening, and be made aware of its consequence.

Let's start by understanding the official and legal definitions of these threats. Among them are: Cyberbullying, Online Scam, Online Libel, Identity Theft, and Photo & Video Voyeurism


Threats and/or Effects

Cyberbullying

The Anti Cyber-bullying Act of 2015 is still a House Bill - HB 5718. Pending that we can look into the definition of Cyber-bullying from Implementing Rules and Regulations of RA No. 10627 (RA 10627 is the Anti-Bullying Act of 2013) which I believe is already a sufficient definition of Cyber-bullying.

Cyber-bullying - any bullying done through the use of technology or any electronic means. The term shall also include any conduct resulting to harassment, intimidation, or humiliation, through the use of other forms of technology, such as, but not limited to texting, email, instant messaging, chatting, internet, social media, online games, or other platforms or formats as defined in DepED Order No. 40, s. 2012

Online Scam

You've probably heard the prince or princess of a tribe somewhere in need of help to donate money to charitable institution but some law in their tribe prohibits them from doing so. So their recourse is to ask you, you above anyone else simply because they believe you are an honest individual. They're not exactly beyond the fact that it would cost you time and possible money if you help them, so in return (to sweeten the pot) they'll leave a certain percent of the sum they'll transfer in your account to compensate your help. Sweet, right? Well, not really. Why? Because it is all part of a spiel to scam you. It's the line and the hook... and the sinker is what we call a scam! They're not philanthropic, they're after something else about you. Identifiable information, banking information, etc.

There's a lot of form of online scam but above is most common one would encounter via email.

Identity Theft

Photo and Video Voyeurism

Types of Attack

Spoofing

This is often done by making something non-official look as if it's the official item. The goal of this type of attack is to gather personal information which can be used in identification and banking.

An example would be is to create a banking website that looks exactly like the official site of a bank but actually simply collects customer banking information in order to steal the money. This would rely on getting a domain name or web address that could resemble as closely as possible with the official or legitimate bank web address. i.e.: https://bdoexpress.online.com for https://bdoexpressonline.com

Another example would be an email coming from info@bdoexpress.online.com instead of info@bdoexpressonline.com informing you that there is an activity in your account which is being flagged by automated scanners as suspicious and prompts you to update your banking information using a link provided in the email.

ClickJacking

ClickJacking is hijacking of a click a user makes in a user interface. Like spoofing, the goal of this type of attack is to gather personal information which can be used in identification and banking.

An example would be that of a form where when the submit button is click, the data is copied and submitted to another server which is not the intended recipient of the form.

Among the most common click jacking exercises done on the web is to monitor every mouse click and send it to an analytic system somewhere to process mouse movement behavior in ecommerce systems. In analytics, this would allow online shops to properly position items and elements where users usually gravitate to park their mouse cursor, thereby making clicks easier. This is an effective user profiling method.

Drive-by-Download

A drive-by-download is usually automatic download and utilization of the downloaded item into the browser's current process or execution thread in order to exploit a vulnerability.

A clickjacking may also be employed in order to lead a user to a webpage where an auto-download is possible. The downloaded item is usually a malicious software and could sometimes bring in other malwares once it has successfully infected an operating system.

Denial-Of-Service

As the attack name suggests, this is done to deny a user a service. The underlying technique is to keep the computer busy so that the user will not be able to access or manage resources needed for work or leisure.

This is also used as diversion tactic so that users can not be made aware that a fraudulent activity is on-going in their account or resource.

LABELS:

Popular Posts

Protect Personal Information - Present and Future Value

Net Safety PH
Dear Mothers, We understand you are proud of your child. You can shout to the world that you are but please do not share your child's personal information online.
Post a Comment
Read More

Like Farming - Not All You Like Is What It Is

Net Safety PH
Only a few people will really believe warnings such as the one we're about to quote. It goes like this:
Post a Comment
Read More