Online Security

****************************************************************************************************************************************************

Disclaimer

The Bharat Co-operative Bank will not be held liable to anyone for any damage or complication arising out of use or improper use of the instructions and the software mentioned in this document.  These tips are given solely for the purpose of educating the Bank’s customers, to enable them to protect themselves against cyber threats.

****************************************************************************************************************************************************

 Last Edited on : 12th  August, 2013

Contents :

 

1.   Securing your Computer

2.   Internet Security

3.   ATM/Debit Card Security

4.   Mobile Phone Security

5.   Social Network Security

6.   How-To Guide

7.   Frequently Asked Questions (FAQ)

__________________________________________________________________________________________________________________

1. Securing your Computer

 

o   Update your Operating System  :  Keep the auto-update option ON for your OS. Many security updates are released on regular basis by Microsoft to protect your PC.

 

o   Use a good Anti-Virus Software :  A good Antivirus Software with Personal Firewall and Anti-spy (or Anti-hacker) capabilities is a must for every computer. Enable your anti-virus software's 'always on' virus-detection feature if it has one. It may be called 'Realtime Protection,' 'Resident Protection,' or something similar.

 

o   Set up a Firewall : A firewall can be a protective barrier between your PC and the outside world. Without a firewall it becomes easy for hackers to steal the confidential information stored in your PC. Most of the antivirus software come with their own firewall. Windows has buit-in firewall. Just make sure it is ON. A better alternative is Comodo Firewall  (see section 5 of How-to Guide for details).  However, experts advise to run only one firewall at a time.

 

o   Use a Complex Password for Login : This means that you should already have a password to login to your computer. Not having a password at all is not a good idea. Create a password for all user accounts and make sure it’s complex. Complex means it should have numbers, upper case characters, lower case characters, and symbols. This makes it way more difficult for a hacker to get into your computer.

 

o   Restrict Administrator Access :  For households and small businesses where people share computers, only one person should have administrator access to install new programs. This applies even when there are several adults in the house. After all, it only seems fair that the person responsible for keeping your computer secure also have the privilege of controlling what software gets installed.

 

o   Use a Limited-user Account : The single most important step you can take to protect your computer from viruses, worms and hackers is to use a “limited user” account for everyday computer use.  If you work in a Limited User account, you will be able to decrease the effect of a virus or other malicious software.  If the attack happens while you’re in an Administrator account, the attack will have full access to your computer and the results can range from annoying to catastrophic.  If a Trojan horse or virus makes it onto your computer while you’re using an administrator account, it can get deep into the operating system (often without your knowledge).

 

o   Update the Essentials: Use the latest/updated versions of essential software like Adobe Reader, Flash, Java Runtime Environment, Silverlight, Shockwave Player, VLC etc.

 

o   Update your Browser: Use a good browser like Firefox and make sure you are using the latest version of the browser.

 

o   Clean up : Clean browser cache after you finish browsing. Applications like CCleaner do this job very well. It deletes all the junk files in your computer.  It also helps you to securely delete files and to optimize the registry, thereby increasing the performance of the computer.

 

o   Disable auto-complete : If your log-in IDs or passwords appear automatically on the sign-in page of a secure web site, you should disable the auto-complete function to increase the security of your information. Go to your browser settings to disable the feature.

 

o   Install DoNotTrackMe a free application from abine.com. It stops identity thieves, advertisers, social networks, and spammers from tracking you.  

o    Install Ghostery from ghostery.com . It monitors third-party trackers on sites. By default, Ghostery will only show you which trackers are operating on the websites you visit. Blocking/erasing these trackers must be enabled in the Ghostery settings.

o   Be wary of using freeware software unless they are known to be safe.

 

o   Always lock your computer or even shut it down, whenever you are going away. Even if you are leaving it for a short time, keep it locked, as anyone can assess it secretly while you are away. So, don’t take the risk. Set up your computer to lock itself after a specified period of inactivity. This way, the information on your computer will remain protected even if you forgot to lock it before leaving it. See section 1 of How-to guide.

 

o   Encrypt files containing confidential information: Always encrypt the files containing sensitive information. By encrypting your folders and files, you will protect them from unwanted access.

See section 2 of How-to guide.

 

o   Use a Router: A router is in some ways better than a regular firewall. Routers are dumb, which makes them hard to hack. Even if a hacker finds a fault in your firewall, he’ll still need to get past your dumb router, which increases your security. Better yet, every connection attempt blocked by your router is a connection attempt your firewall won’t need to block. Blocking connection attempts takes a small amount of computer processing time, which slows down your computer slightly—but blocking thousands of attempts when your computer is under attack can measurably slow down your computer. Your router does all of that work for you without slowing down your computer one bit.

 

o   Secure your wireless Router : When on a wireless network realize that all information being sent to and from your computer can be intercepted and read by someone nearby. Prevent this from happening by only logging into a secure network using WEP or WPA. If this is a home wireless network, make sure it is secure. See point no 3 in How-to-do list.

 

o   Shut down services you don't use (For expert users): Often, computer users don't even know which network accessible services are running on their systems. Telnet and FTP are common offenders that should be shut down on computers where they are not needed. Make sure you're aware of every single service running on your computer, and have a reason for it to be running. In some cases, this may require reading up on the importance of that service to your particular needs so that you don't make a mistake like shutting off the RPC service on a Microsoft Windows machine and disallow logging in, but it's always a good idea to have nothing running that you don't actually use.

 

o   Disable Remote Registry Editing: Only you should be editing your Windows registry, so make sure this service is disabled by clicking Start, Run, and then typing "services.msc." Scroll down to Remote Registry and make sure the service is stopped, and then set it to either manual or disable.

 

o   Wipe the Drive before Donating your Old Computer : If you are getting rid of a hard drive and want to render all or some of its data unrecoverable, you have two options. You can download Eraser to securely wipe any file or folder, and you can use Darik's Boot and Nuke SE (DBAN) to write over the entire drive. To use DBAN, download it and burn it as an ISO disc, then boot from it. It will provide you with instructions on the welcome screen.

 

o   Enable S.M.A.R.T for Your Hard Drives : S.M.A.R.T (self-monitoring analysis and reporting technology) allows your drive to report whether it's about to fail, which can give you a heads-up to replace it. All the modern hard drives have it—go into your PC's BIOS (press Del or F2/F10 during bootup) and enable it.

 

o   Enable Extension Viewing : By default, Windows hides file extensions, and virus-makers exploit this feature by giving their executable program names like Popularsong.exe, which appears as a harmless audio file if you have extensions hidden. To enable extension viewing, open any folder and click Tools, Folder Options, and uncheck "Hide extensions for known file types."

 

o   Turn off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being "always on" renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker's connection—be it spyware or a botnet that employs your computer's resources to reach out to other unwitting users.

 

o   Check CPU Use: Viruses are programs, and just like any other program, they need to use your computer’s processor to run. Unlike most other programs, most viruses will try to monopolize computer processor use (CPU). If you press Ctrl-Alt-Delete in Windows, you’ll be able to open task manager and see the amount of CPU each program uses. If you see a program taking up 80% or more of your CPU and you don’t recognize the program’s name, search Google for its name. The top results on Google will tell you whether its legitimate or a virus. This method isn’t foolproof—in order to hide from anti-virus software, some viruses will try to hide their CPU use from Windows. However, this will catch many back-door viruses.

 

o   Check the Running Programs: Some viruses don’t require much CPU—like those viruses that use your computer to send spam email. To detect these viruses, you can use the same method you used to find CPU-intensive viruses—press Ctrl-Alt-Delete and check the program list. In the program list, look for any programs with suspicious names or names you don’t recognize. If you find a virus, use the End Program or End Task buttons to kill it immediately. Then find the file that was running and place it in the Recycle Bin so it doesn’t autostart the next time your reboot your computer.

 

 

 

 

 

 

2. Internet Security

 

o   Always type the website address. Be wary of clicking on links; they could lead to false websites.

 

o   Make sure that the URL of the website begins with https (not http). Https ensures that your username, password, credit card number, expiration date and other information are sent from your computer to the site in encrypted form. Encryption helps to make your connection secure and reduces the risk that malicious people may intercept the information you enter and make illegal use of it.

 

o   Install HTTPS Everywhere: HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure.

 

o   Some websites present a certificate of authenticity when you browse to them as a way to assure you that the site is legitimate. Check to make sure the certificate is valid and has not expired. If you are satisfied with the validity of the certificate, click on the link that takes you to the site itself. An invalid or expired certificate may indicate that the site neither authentic nor secure.

 

o   Do not enter your confidential data in pop-up window while you are carrying out a financial online transaction.

 

o   Use Virtual Keyboard while entering your Account/Debit/Credit card numbers and CVV numbers and passwords online. Keyloggers cannot detect what you enter using the Virtual Keypad. Many AntiVirus Software have the Virtual Keypad feature.

 

o   Ignore questionable emails. If you receive an email from an unknown sender, the best thing to do is ignore it at first. Also, never open an email if it contains questionable text, files, or attachments.

 

o   Delete suspicious emails without opening them. If you do open a suspicious email, do not open or respond to online solicitations for personal information.

 

o   Avoid accessing your Internet Banking account from a cyber cafe or a shared computer. However, if you happen to do so change your passwords from your own computer as soon as you get access to your computer.

 

o   Every time you complete your online banking session, LOGOFF from Bharatabank.com. Do not just close your browser.

 

o   To access Bharat Bank's Internet Banking, always type in the correct URL (https://online.bharatbank.com/internetbanking/) into your browser window. Never click an outside link that offers to take you to our website. However, you may follow the link provided at www.bharatbank.com.

 

o   Change your Internet Banking passwords (both log-in password and transaction password) after your first log-in, and thereafter regularly (at least once in a quarter).

 

o   Rather than linking Facebook, Twitter, newsgroups, forums, shopping and banking sites to one email address, use multiple addresses. As a minimum, use one for social activities and one for financial business. Your social address will rightly draw more attention than your business one – that's the way you want it to be. If the former is hacked, it won't be as nightmarish as losing control of your financial address.

 

o   Avoid using P2P file sharing : If you must use file sharing, do so with the utmost paranoia about security. When you've downloaded a file, isolate it and, if possible, execute it from a virtual environment to ensure it is safe before letting it into your true computing environment.

 

o   Disable the “SAVE PASSWORD” option: Never assume that you are the only one using your computer. You never know if an intruder is watching out for when you are away. So, avoid automatically saving your password, as this out rightly defeats the objective of having a password in the first place. Each time your computer presents a “save password” option, always choose “NO”.

 

o   Encrypt emails when necessary: When sending emails containing information that is critical to your business or otherwise highly confidential, encrypt the email and any files you attach to it. Such email can only be opened by recipients who have the private key matching the public key you used while encrypting the message. Passwords should be shared through another medium like SMS. Your mail could be intercepted/accessed by your mail administrator or Govt. Agencies.

 

o   Stay alert when browsing websites: Watch for browser windows that appear automatically, and read them carefully instead of just clicking YES or OK. When in doubt, you should close 'pop up windows' by clicking the X in the upper right-hand corner, rather than by clicking Cancel. This can help prevent web-pages from tricking you into installing malware on your computer.

 

o   Improve the security of your Web browser by preventing it from automatically running the potentially dangerous programs that are sometimes contained within web-pages you visit. It's not the browser you need to be concerned about. Nor is it a matter of simply avoiding certain 'types' of sites. Known, legitimate websites are frequently being compromised and implanted with malicious javascript that foists malware onto visitors' computers. To ensure optimum browsing safety, the best tip is to disable javascript for all but the most essential of sites -- such as your banking or regular ecommerce sites. Not only will you enjoy safer browsing, you'll be able to eliminate unwanted pop-ups as well.  If you are using Mozilla Firefox, you can install the NoScript add-on, as described in section 4 of How-to guide.

 

o   Browse Privately : Use InPrivate /Incognito/Private Browsing Mode while browsing the Internet. This prevents your browsing history being saved in the browser. Neither your login and password details are stored in the browser.

 

 

3. ATM & Debit Card Security

 

o   Memorize your PIN. Do not keep your card and PIN together.

o   Change your PIN only at a Bharat Bank ATM.

o   Stand close to the ATM while entering your PIN.

o   Do not take the help of strangers for using the card or handling cash.

o   Always press the 'Cancel' key before moving away from the ATM.

o   Sign on the back of your card as soon as your receive it from the Bank.

o   Hide the 3 digit CVV number on the back of your card after you memorize it. Use a permanent black marker for this purpose.

o   Do not store your ATM PIN with the card. Memorize the PIN and destroy the PIN mailer.

o   SMS “BLOCK” to 9664 000000 if your card is lost or stolen.

o   Do not reveal your PIN to anyone, not even to the bank-staff.

o   Do not use PIN numbers like 1234, 5555, 2266 etc.

o   Use different PINs for different cards. Make sure to sign the signature panel on the reverse of your

card as soon as you receive it, using a ballpoint pen.

o   Keep a copy of only the front side of your card in a place other than the wallet that holds your

 card.

o   If going abroad, make note of the Visa emergency number of that country.

o   Ensure that the card is always swiped on the POS machine in your presence.

o   Make sure the card returned to you at the merchant establishment, is yours.

o   Always keep a copy of the bill and the payment charge-slip and ATM receipts for cash  

withdrawals.

o   Always check your billing/bank statement. Check the purchases and compare it with the bills and

 receipts in your possession.

o   Prior to making any online purchase, register your card for Verified By Visa and secure your

online transactions.

o   Avoid scratching the magnetic strip. Do not place two cards with magnetic strip together. Do not

 keep the card near strong magnetic fields like TV and mobile phones.

o   Never sign an incomplete/incorrect sales slip. Make sure it is totalled.

o   Do not keep your card and PIN number together.

o   Don't lend your card to anyone. If your debit card is used by a family member or any other

      person,  with or without your knowledge, you are responsible for their purchase/cash withdrawal.

o   Do not use your card for making payments via telephone/mail.

o   Do not respond to any email asking for your bank account number, card number, expiry date or

 PIN.

o   Do not key in your PIN in the presence of any onlooker at an ATM.

o   Do not bend the card.

o   Do not keep your Bharat Bank Debit card near heat and direct sunlight.

 

o   Protect yourself from ATM Skimming Machines:

 

ü  Check the machine before putting your card in and ask yourself if the card slot is securely in the machine. Has anything been installed around the edges that could conceal a camera? Is any glue or sticky substance around the key pad or card slot?

 

ü  If there is more than one ATM and a sign has been placed on one of the units saying it is out of service, the sign could be an attempt to direct traffic to the machine where skimming equipment is installed.

 

ü  Always cover your hand when you enter your PIN so that if there is a camera, the numbers cannot be captured.

 

ü  Watch your account activity and report any unauthorized credit or debit charges immediately.

 

ü  If the access door to a lobby ATM is broken, don’t use it and go somewhere else.

 

ü  Use a guarded ATM like the Bharat Bank ATMs.

 

 

4. Mobile Phone Security

Coming soon…

 

5. Social Network Security

Coming soon…

 

 

 

 

HOW-TO GUIDE

Sections:

1.     Password protect your Screensaver

2.     Encrypt files and folders

3.     Securing your WiFi network /Router

4.     Comodo Firewall

5.     NoScript

 

__________________________________________________________________________________________

1.  Password protect your Screensaver

To set up screensaver password protection on your PC, simply right click on an empty space on your desktop and click “personalize” in the menu list displayed. Then click the screensaver section and choose the duration of time for which you want your PC to remain active before locking automatically. Select “On Resume, display logon screen” and hit the “apply” button.

 

2.    Encrypt files and folders

Unauthorised access to the information on your computer or portable storage devices can be carried out remotely, if the 'intruder' is able to read or modify your data over the Internet; or physically, if he manages to get hold of your hardware.

 

It is always best to have several layers of defense, however, which is why you should also protect the files themselves. That way, your sensitive information is likely to remain safe even if your other security efforts prove inadequate. There are two general approaches to the challenge of securing your data in this way. You can encrypt  your files, making them unreadable to anyone but you, or you can hide them in the hope that an intruder will be unable to find your sensitive information. There are tools to help you with either approach, including a FOSS application called TrueCrypt, which can both encrypt and hide your file.

 

Encrypting your information is a bit like keeping it in a locked safe. Only those who have a key or know the lock's combination (an encryption key or password, in this case) can access it. The analogy is particularly appropriate for TrueCrypt and tools like it, which create secure containers called 'encrypted volumes' rather than simply protecting one file at a time. You can put a large number of files into an encrypted volume, but these tools will not protect anything that is stored elsewhere on your computer or USB memory stick.

 

While other software can provide similar strength encryption, TrueCrypt contains several important features to allow you to design your information security strategy. It offers the possibility of permanently encrypting the whole disk of your computer including all your files, all temporary files created during your work, all programs you have installed and all Windows operating system files. TrueCrypt supports encrypted  volumes on portable storage devices. TrueCrypt is a free and open source program.

 

Storing confidential data can be a risk for you and for the people you work with. Encryption reduces this risk but does not eliminate it. The first step to protecting sensitive information is to reduce how much of it you keep around. Unless you have a good reason to store a particular file, or a particular category of information within a file, you should simply delete it securely. The second step is to use a good file encryption tool, such as TrueCrypt.

Returning to the analogy of a locked safe, there are a few things you should bear in mind when using TrueCrypt and tools like it. No matter how sturdy your safe is, it won't do you a whole lot of good if you leave the door open. When your TrueCrypt volume is 'mounted' (whenever you can access the contents yourself), your data may be vulnerable, so you should keep it closed except when you are actually reading or modifying the files inside it.

 

There are a few situations when it is especially important that you remember not to leave your encrypted volumes mounted:

 

 

 

 

 

 

If you decide to keep your TrueCrypt volume on a USB memory stick, you can also keep a copy of the TrueCrypt program with it. This will allow you to access your data on other people's computers. The usual rules still apply, however: if you don't trust the machine to be free of malware, you probably shouldn't be typing in your passwords or accessing your sensitive data.

Note: The password protection of Word, Excel and PDF files may not be strong enough. Even Windows Password may not protect you from intruders. Please do not store sensitive files in My Documents folder as it is open to all users connected to a network.

 

 

 

 

3.  Securing your WiFi network / Router

Having an open wireless network can be a security risk as it may allow anyone who is close enough to your router, having access to your network. To make your home wireless network more secure consider the below mentioned suggestions.

All of the below steps will require access to the router setup, and we also recommend configuring wireless security over a computer with a wired connection to the router if possible.

a.       Close the network.

b.       If you have never been prompted for a key, password, or passphrase when connecting to your wireless network it is an open network, meaning anyone close enough to your router could connect to it and browse your network. To enable security, open your router setup screen and look for a Wireless Security section.

c.       Wireless Security on router setupSelect the wireless security method of either WEP or WPA (we suggest WPA as mentioned later) and enter the passphrase to generate the keys. After enabling security on the router, any wireless device that wants to connect will need to have a key in order to connect to your network.

d.       Change default password.

e.       Make sure the router password is not still set to the default password. If the password can be guessed this could give someone access to the router setup, which could allow them to change your router settings, including viewing any security keys.

f.         If available use WPA, not WEP

g.       Many routers today will offer two different security schemes: WEP and WPA. We recommend WPA security, since it is more secure than WEP. However, for compatibility with some older devices such as gaming consoles, TiVo, and other network devices may only be able to use WEP, and WEP is better than no security.

h.       Disable remote administration

i.         When enabled, remote administration allows anyone close enough to your router to view or change your router settings. If you never plan on remotely administrating your network, e.g. wireless connecting to the router, we recommend disabling remote administration. With routers that support this option, it is often disabled through the Administration section.

j.         After disabled, the router settings can still be changed using any computer connected to the router using a network cable.

k.       Change the default SSID name

l.         The SSID is the name that identifies your wireless router. By default, many routers will use the name of the router as the default SSID, for example, Linksys routers will often use 'Linksys' as the SSID. This is a security risk since it identifies the brand of the router and would let any attacker immediately know what exploits to use.

m.     Tip: When naming the router do not use your family or any other identifiable information. For example, if the SSID contains your families’ last name it can identify by any neighbor.

n.       Enable router firewall

o.       Many routers will also have their own firewall that can be enabled. If available, we also suggest enabling this feature as it will help add an extra layer of security for your network.

p.       Disable SSID broadcast

q.       To help make finding your wireless network easier wireless routers broadcast your SSID, which means anyone looking for a wireless router could see your SSID. To help make it more difficult for someone to find your network when browsing for a wireless network you can disable the SSID broadcast feature. However, when disabling the SSID broadcast it will require that you manually enter your unique SSID when wanting to connect any new device to your network.

r.        Enable wireless MAC filter

s.        The Wireless MAC filter feature will only allow a wireless device to connect to your router if the MAC Address has been entered into the filter list. This can make connecting new devices to your network more difficult; however, will also greatly improve the overall security of your wireless network.

t.         Tip: A quick and easy to set this up is to connect any wireless device you want on your network to your router before enabling wireless MAC filter. After each device has successfully connected, open the DHCP client table, often found in the Status or Local Network section. Each device that has connected to your router thus far will display the MAC Address, which can be copied into a notepad and pasted into the Wireless MAC filter section of the router Security section.

 

4.  Comodo Firewall

Comodo Firewall has the ability to effectively and efficiently protect your computer and network security from hostile parties, Internet hackers, malware, viruses and other software or system threats. It has the ability to manage all requests made by programs residing on your computer when accessing the Internet, through an easily configurable software interface.

A firewall acts like a doorman or guard for your computer. It has a set of rules about what information should be let in and what information should be let out of your computer. A firewall is the first program that receives and analyses incoming information from the Internet and the last program that scans outgoing information to the Internet.

 

It prevents hackers or other intruders from accessing personal information stored on your computer, and prevents malware programs from sending information to the Internet without your authorisation. COMODO Firewall is a well-known and respected firewall software. It is free software, which means you can use it without purchasing a license.

 

Running a custom firewall program may initially require considerable time and effort to ensure that all the settings are correct and suited to the way you use your computer. After an initial learning period, the firewall will work seamlessly, requiring minimal intervention on your part.

 

Warning!: Never access the Internet without a firewall installed and running on your computer! Even if your Internet modem or router has its own firewall, it is strongly recommended that you have one installed on your computer as well. Although windows has a built-in firewall, Comodo Firewall is one of the best free firewalls you can use.

 

 

5.  NoScript

NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as being acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you have determined that the content of a particular site presents no harm; at this point, you may then add it to the white list.

NoScript will automatically start blocking all banners, pop-up advertisements, JavaScript and related Java code, as well as other potentially harmful web site attributes. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to you to make exceptions for those sites with content that you think is safe.

 

4.1 How to Use NoScript

 

Before you begin using NoScript ensure that it was successfully installed by selecting Tools > Add-ons to activate the Add-ons window and confirm that it has been installed.

Tip: Although NoScript might seem a little frustrating at first, (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.

37.png

NoScript will run silently in the background until it detects the presence of JavaScript, Adobe Flash or other script-like content. At that point NoScript will block this content and status bar will appear on the bottom of the Firefox window as follows:

The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.

 

Since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing. Some web pages present content, including script-like content, from more than one website.

 

To unblock scripts in these situation, start by selecting the Temporarily Allow [website name] option (in this instance, it would be Temporarily allow youtube.com). However, if this does not allow you to view the page, you may determine, through a process of trial and error, the minimum number of websites you need to permit in order for you to view the content of your choice. For YouTube, you need only select the Temporarily allow youtube.com and Temporarily allow ytimg.com options, in order for YouTube to work.

Warning!: Under no circumstances should you ever select the following option: Allow Scripts Globally (dangerous). As far as possible, avoid selecting the Allow all from this page option. From time to time, you may have to permit all scripts; in this situation, ensure that you only do this for sites you really trust and on a temporary basis - that is, until the end of your on-line session. It only takes a single injection of malicious code to compromise your on-line privacy and safety.

 

 

 

4.2 About Clickjacking and Cross-Site Scripting (XXS) Attacks

 

NoScript can be configured to defend your system against Cross-site scripting and clickjacking attacks. A cross-site script is a computer security vulnerability that permits hackers and other intruders to 'inject' harmful code into the existing web page. A clickjacking occurs for instance, when you click on a button that appears to perform one task, and a certain kind of embedded code or script may execute itself. Both attacks may happen without your knowledge unless you use NoScript.

 

41.pngEvery time a clickjacking attack is launched or under way, a window resembling the following will appear:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Follow the instructions displayed in the window to neutralise the clickjacking attempt, and then click on button15.png.

 

 

 

 

 

 

 

 

 

Frequently Asked Questions (FAQ)

 

 

o   What is Phishing?

Phishing is an attempt by fraudsters to "fish" for your personal and confidential information, like User ID, Password, etc. through e-mails. This information is then used to take money out of your bank account through a funds transfer.

ü  Always type the website address. Be wary of clicking on links; they could lead to fake websites.

ü  Do not transact or share confidential data on non-https websites.

ü  Do not enter your confidential data in any window that may pop-up while you are carrying out a financial transaction online.

ü  Do not open e-mails or attachments in e-mails sent from people you don't know.

 

o   What is Pharming?

Pharming is a  more sophisticated form of phishing. By exploiting the DNS system, pharmers can create a fake website that looks like a real one for instance web bank page, and then collect the information users think they are giving to their real bank.

 

o   What is a Key-logger?

It is a program designed to record the user’s keystrokes. Keylogging allows criminals to look for particular bits of information that can be used for identity or intellectual property theft.

 

o   What is a Spyware?

Spyware is often secretly installed without users consent when a file is downloaded or a commercial pop-up is clicked. Spyware can reset your auto signature, monitor your keystrokes, scan, read and delete your files, access your applications and even reformat your hard drive. It constantly streams information back to the person that controls spyware.

 

o   What is an Adware?

This malware launches advertisements, mostly in the form of pop-ups. These are customized to you as a user, based on your behavior on the Internet, which may be monitored by a Spyware.

 

o   What is a Virus?

Virus is a program designed to copy itself and propagate, usually attaching itself to applications. It can be spread by downloading files, exchanging CD/DVDs and USB sticks, copying files from servers, or by opening infected email attachments.

 

 

o   What is a Trojan?

It might appear harmless and even useful at first, but it leaves your PC unprotected, enabling hackers to steal sensitive information.

 

o   What is a Worm?

A worm can be injected into a network by any types of means, like an USB stick or an email attachment. Email worm tends to send itself to all email addresses it finds on the infected PC. The email then appears to originate from the infected user, who may be on your trusted senders’ list, and catch you off guard.

 

o   What is a Rogue Security Software?

It is a software that claims to be security software. It tricks users that have installed it to pay a sum of money to be really protected (which they will not be). Most often it pretends to be antivirus and  antispyware programs.

 

o   What is a User-Account?

A user account tells your computer what files and folders you can access, what changes you can make to the computer, and sets your personal preferences (such as your desktop background or color theme).  When you turn on your computer, you are logging onto your computer at the same time that you are connecting to the campus network; up to now (at UMW) some individuals have also been logging onto the Novell network (the shared drive) at the same time that they logged onto their computer.

 

You will have 2 accounts on your computer. You’ll have a Limited Access account that we suggest that you use for your daily work.  This account will provide you with a safe computing environment, and will protect your computer and your data.

 

Your computer will also have an Administrator account that you may use to install software, add printers, etc.. We strongly suggest that you do not use the Administrative account for daily use, as it is much more vulnerable to viruses and spyware.

 

You have to login under the computer’s Administrator’s account to install software, to install new hardware devices, and so on.  Your computer and your data will be safer for doing so.

 

 

o   How important is my Personally Identifiable Information is?

 

The following Personally Identifiable Information is considered Highly Sensitive Data and every caution should be used in protecting this information from authorized access, exposure or distribution:

·         Social Security Number / Aadhar Card No / PAN

·         Drivers License Number

·         Passport Number

·         Personal Banking, Debit, or Credit Card Account Information

·         Full Name (First Name, Middle Initial and Last Name) when used in conjunction with Full Date of Birth (MM/DD/YYYY)

 

This data should only be collected or maintained when there is an approved and authorized business justification.  Unless absolutely required for a particular business function, these personally identifiable data elements should never be collected, stored, shared or distributed.

 

Don't give out personal information on the phone, through the mail or over the Internet (through email or online forms, or any other manner) unless you have initiated the contact or are sure you know who you're dealing with. Identity thieves may pose as representatives of banks, credit card companies and even government agencies to get you to reveal your PAN/Aadhar/Passport number, mother’s maiden name, account numbers and other identifying information.

 

 

o   What is ATM skimming?

 

ATM skimming is when someone illegally copies your account details from the magnetic strip on your credit or debit card when you use an ATM.  The fraudster then uses your details to create a fake or ‘cloned’ card. In most cases, they use the fake card and PIN to withdraw money from an ATM either within India or overseas.

 

o   What is POS?

 

POS or PoS is an abbreviation for Point of Sale (or Point-of-Sale, or Point of Service). The term is applicable to a retail shop or store, the checkout/cashier counter in the store, or a location where such transactions can occur in this type of environment. It can also apply to the actual Point of Sale (POS) Hardware & Software including but not limited to : electronic cash register systems, touch-screen display, barcode scanners, receipt printers, scales and pole displays. Point of Sale Systems are utilized in many different industries, ranging from restaurants, hotels & hospitality businesses, nail/beauty salons, casinos, stadiums, and let's not forget - the retail environments. In the most basic sense, if something can be exchanged for monetary value - a Point of Sale System can be used.