Threats to Data (Cambridge (CIE) IGCSE ICT)

Hacking

What is a hacking?

• Hacking is a generic term used to describe the act of gaining unauthorised access to computer systems or networks to gain control, steal information, or cause damage

• A hacker is a criminal who exploits technical vulnerabilities to break into computer systems and networks

• Hackers seek out opportunities that make this possible, these include:

  • Unpatched software

  • Out-of-date anti-malware

  • Weak passwords

What are the effects of hacking?

• Hacking can cause a number of issues for an organisation or individual, these include:

  • Data breaches

  • Installation of malware

  • Data loss

  • Identify theft

  • Financial loss

How can hacking be prevented?

• Hacking can be prevented by a number of methods, some of these include:

  • Using strong passwords

  • Using two-factor authentication

  • Installing anti-malware software

  • Using firewalls

Phishing

What is a phishing?

• Phishing is a form of social engineering

• It involves sending fraudulent, legitimate-looking emails to a large number of email addresses, claiming to be from a reputable company or trusted source to try and gain access to your details

• Phishing often tries to coax the user to click on a login button to enter their details

What are the effects of phishing?

• The creator of the email can gain unauthorised access to personal data such as login information, bank accounts and more

• Phishing can lead to identity theft or fraudulent activity on credit cards and bank accounts

How can phishing be prevented?

• Phishing can be prevented by:

  • Anti-spam filters to avoid fraudulent emails arriving in a user's inbox

  • Training staff to recognise fraudulent emails and to avoid opening attachments from unrecognised senders

  • User access levels to prevent staff from being able to open files-types such as executable (.exe) files and batch (.bat) files

Pharming

What is a pharming?

• Pharming is typing a website address into a browser and it is redirected to a 'fake' website to trick a user into typing in sensitive information such as passwords

• An attacker attempts to alter DNS settings or change a users browser settings to redirect users to the fraudulent website

What are the effects of pharming?

• The creator of the malicious content can gain unauthorised access to personal data such as login information, bank accounts and more

• Pharming can lead to identity theft or fraudulent activity on credit cards and bank accounts

How can pharming be prevented?

• Pharming can be prevented by:

  • Keeping anti-malware software up to date

  • Checking URLs regularly

  • Make sure the padlock icon is visible

Smishing & vishing

What is a smishing & vishing?

• Smishing (SMS phishing) is a form of phishing where attackers use SMS to trick individuals into sharing sensitive information or downloading malicious content.

• Vishing (voice phishing) is also a form of phishing involving fraudulent phone calls where attackers impersonate legitimate companies to get personal information

What are the effects of smishing and vishing?

• These attacks can result in unauthorised access to personal data such as login information and bank accounts

• They can lead to identity theft

How can pharming be prevented?

• Pharming can be prevented by:

  • Keeping anti-malware software up to date

  • Checking URLs regularly

  • Make sure the padlock icon is visible

Viruses & malware

Why is malware a threat?

• Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system

• Examples of issues caused by malware include

  • Files being deleted, corrupted or encrypted

  • Internet connection becoming slow or unusable

  • Computer crashing or shutting down 

• Malware can exist in many forms, each designed to perform its role in different ways

How can malware be prevented?

• To protect against the threat of malware:

  • Ensure code is written correctly

  • Keep anti-malware software up to date

  • Install a firewall

  • Educate users

Card fraud

Why is card fraud a threat?

• Card fraud is a threat as fraudsters will try to gain illegal access to credit and debit cards

• The main way this is achieved is through:

  • Should surfing (shouldering)

  • Card cloning

  • Keylogging

Should Surfing

• Observing a person's private information over their shoulder e.g. cashpoint machine PINs

• This can be prevented by users ensuring they have covered over their PIN when entering it

Card cloning

• This is the copying of the data from a user's credit or debit card by scanning the magnetic strip through a skimmer machine

• Card cloning can be prevented by ensuring a card with a chip is being used and the chip can not be cloned, though the data on it can still be read

Keylogging

• This is software installed to detect and store keystrokes from the keyboard and send the data back to the criminal

• Data such as passwords and other secure data can be collected this way

• To prevent key logging, users should frequently scan their system using anti-virus software and use cloud password software to prevent having to enter their details manually