ข้อควรระวังจากมิจฉาชีพ

IT Security Awareness for Customers

Awareness and Knowledge for Online Banking Services:

Cybercriminal attacks on individuals most of the time so it is important to be aware of the threats and to approach anything on the internet that involves customer identity or account numbers with caution. Cyber criminals have several ways to steal identity such as creating fake websites that mimic legitimate sites such as PayPal or Some Banking Website to steal confidential information.

In some case, theft and fraud is committed by family members and friends or acquaintances of victims who, because of these relationships, have relatively easy access to account numbers and passwords saved on computers.


Security Practices list

  • Verify use of a secure session (https:// and not http://) when entering passwords on the internet.

  • Pay attention to the URL (web address) that you are visiting! Fraudulent websites often create misleading web address like https://www.somecompany.AnotherWebsite.com/ to trick users of a https://www.somecompany.com/ into believing they are visiting a legitimate site where they have an account when they are really at a password harvesting spoof of the legitimate website. This is a quite common trick that scammers use to fool users for steal passwords by fake copies of real websites

  • No website or service will ever lose a user’s login information and request that the user provide it to the website or company. Requests involving this sort of statement are always a scam and usually involve some sort of coercive statement such as threatening the loss of funds if login credentials are not supplied in time.

  • Avoid saving passwords to any computer.

  • Always use Log Out buttons when you are finished to end your secure sessions. This helps prevent session hijacking attacks where hackers keep sessions open when you think they have been closed.

  • Never leave computers unattended when using online banking services.

  • Never access sensitive computer systems or websites from public computers at a hotel, library, coffee shop or when using your own devices over any public wireless access point.

  • Offers for employment as a mystery shopper, payment processor, etc. where you are required to use your personal account for someone else’s business purposes are never legitimate.

  • No legitimate business will attempt to move business funds through anyone’s personal account.

Password Security:

It is difficult to the system to check that user who have the correct password is the truly account holder so it mostly important that customer must keep their passwords private and immediately report any suspected security violations. Below is a list of some common password choices and bad behavior to avoid:

  • Your name, or a family member or pet’s name

  • Social Security, account, or telephone numbers

  • Solitary word in any language. Hackers have dictionary-based systems to crack these types of passwords

  • Any part of your physical address

  • Anybody’s birth date

  • Other information that is easily obtained about the user

  • A word in the English or any foreign dictionary, even spelled backwards

  • A password used on another site

  • Sequences: “12345678”, or “33333333”, “abcdefgh”

  • Write your passwords down, share them with anyone or let anyone see you log into devices or websites.

  • Answer "yes" when prompted to save your password to a particular computer's browser.

 

The password choices and good behavior to do:

  • Use a combination of uppercase and lowercase letters, symbols, and numbers.

  • Make sure your user passwords are at least eight characters long. The more characters and symbols your passwords contain, the more difficult they are to guess.

  • Change your passwords regularly.

  • Log out of websites and devices when you are finished using them.


Aware of Cyber threats:

If customer know what kind of cyber threats they might face these days, then they can avoid and protect themselves better. The list of threats and how to handle show as below

Common spam email security threats:

Spam emails are annoying enough, but some of them can put your digital safety at risk. Some spam messages contain viruses, malware, and other cyberthreats. Here are a few to watch for.

Trojan horses

Trojan horses come disguised as a legitimate program. Even if the customer think they know how to verify whether an email is legitimate, a trojan horse uses deception to get past those defense mechanisms.

For instance, It can hide inside free software downloads or arrive as an email attachment, possibly from someone you know.

When open the email, the trojan installs malicious code — typically spyware or viruses — designed to create problems on their computer.

It may allow an attacker to control the computer, lock you out, steal the data, account information or email addresses. Installing anti-malware software may help you catch these trojans.

To help avoid trojan horses, avoid clicking on pop-up messages on the computer. If you are seeing a lot of pop-ups, consider running an antivirus scan.

Zombies

Zombies are a type of malware that also comes in email attachments. They turn the computer into a server and sends spam to other computers. Customer may not know that their computer is compromised, but it may slow down considerably, or the battery may drain quickly. Meanwhile, the computer may be sending out waves of spam or attacking web pages.

One way to avoid zombies is to avoid opening attachments or clicking links in emails from the spam folder.

Lottery scams and fake offers

Sometimes, cyber thieves use old-school scams that might seem legitimate but are fake offers. These play on customer desires or good nature: You've won a lot of money or someone urgently needs your help.

The customer has not won a lottery or a cruise around the world. And they have not been selected by a foreign prince to receive $10 million, in exchange for the use of their current account number. Look for phrases of urgency like, “Immediate,” and “Act Now” in the email’s title to avoid lottery scams and fake offers. Refer to the Delete Emails section of this post for additional characteristics to look for.

How to stay spam free:

So far, there is no such thing as a "do not email" list for spam. Until there is, Customer will have to take care of spam themselves.

Fortunately, there are good tools to help you do that. Most email programs include spam filters that can help detect and isolate spam. Many internet service providers filter out spam, so it never reaches your computer. But it is wise to install and run anti-virus security software that can eliminate viruses that may already live on the computer.

Spam emails, otherwise known as junk mail, are uninvited bulk-sent email messages delivered to an inbox. You probably receive email spam and marketing messages regularly. But there is one difference between a spam message and marketing message: permission.

Spam messages often come from illegitimate email addresses and may contain explicit or illegal content. These emails often use scare tactics, contain typos and misleading information, and are sent in bulk from an anonymous sender. They seldom contain an unsubscribe link, and if it does, that link may be embedded with malware. This could lead to cybercriminals gaining access to your computer, smartphone, and other devices.

There are ways to help slow the tide of unwanted emails. So, here are the few simple ways you can take to help eliminate spam emails.

1. Mark as spam

Most email services, such as Gmail, Yahoo Mail, Microsoft Outlook, and Apple Mail have algorithms that filter out spam and junk mail by tucking them away in a folder.

But if customer find a spam email in their regular inbox, don't delete the message — mark it as spam. Marking a suspicious email as spam will send it to the spam folder. Moving forward, if you receive any more emails from this address, the spam filter will know no to let it into your inbox.

2. Delete spam emails

There is a golden rule to dealing with spam emails: if it looks like a spam message, it probably is — so delete it without clicking or downloading anything. If the message in question appears to come from someone you know, contact them outside of your email.

3. Keep your email address private

Giving out your email address can increase the amount of spam email you receive. So, if it’s not essential to share, keep it private. Also, consider changing your email privacy settings.

4. Unsubscribe from email lists

Unsubscribing from email lists is an ideal way to keep out from spam email. Marketers often get the customer email address from online forms, social media, and scraping tools, and purchase customer information from other companies. So, the less they subscribe to, the less these marketers and spammers can find your address.

 

Common Phishing threats:

Phishing is a cybercrime in which scammers try to lure sensitive information or data from you, by disguising themselves as a trustworthy source. Phishers use multiple platforms.

How does phishing work?

  1. The phisher begins by determining who their targeted victims will be (whether at an organization or individual level) and creates strategies to collect data they can use to attack.

  2. Next, the phisher will create methods like fake emails or phony web pages to send messagesthat lure data from their victims.

  3. Phishers then send messages that appear trustworthyto the victims and begin the attack.

  4. Once the attack has been deployed, phishers will monitor and collect the datathat victims provide on the fake web pages.

  5. Finally, phishers use the collected data to make illegal purchases or commit fraudulent acts.

 

Types of phishing attacks


1. Email Phishing

The basic phishing email is sent by fraudsters impersonating legitimate companies, often banks or credit card providers. These emails are designed to trick you into providing log-in information or financial information, such as credit card numbers or Social Security numbers.

Other spoof emails might try to trick the customer into clicking a link that leads to a fake website designed to look like Amazon, eBay, or bank. These fake websites can then install malware or other viruses directly onto the computer, allowing hackers to steal personal information or take control of the computer, tablet, or smartphone.

How to recognize phishing emails

Scammers have become more sophisticated when it comes to sending out phishing emails. But there are still some signs the customer can look for:

  • Too good to be true offers.Phishing emails may try to hook you with what appears to be incredibly cheap offers for things like smartphones or vacations. The offers may look irresistible but resist them. They are likely phishing emails.

  • A bank — maybe not even your own — is asking for your account information or other personal financial information.Your bank, or any financial institution, will never ask for your Social Security number, current account number, or PIN by email. Never provide this information in response to an email.

  • Spelling and grammatical mistakes.There was a time when you could easily spot phishing emails because they were littered with spelling and grammar mistakes. Scammers have gotten better at avoiding these errors, but if you do receive an email littered with typos and weird language, that email might be sent from someone phishing.

  • The generic greeting.Phishing emails might not be addressed specifically to you. Instead, the email might start with a generic greeting such as “Dear Sir or Madam” or “Dear Account Holder.”

  • A call for immediate action.Phishers want you to act quickly, without thinking. That is why many will send emails asking you to immediately click on a link or send account information to avoid having your current account or credit card suspended. Never reply hastily to an emergency request. Urgent requests for action are often phishing scams.

  • Senders you do not recognize.If you do not recognize the sender of an email, consider deleting it. If you do decide to read it, be careful not to click on links or download files.

  • Senders you think you recognize.You might get a phishing email from a name you recognize. But here is the catch: That email may have come from the compromised email account of someone you know. If the email requests personal information or money, it is likely it’s a phishing email.

  • If you receive an email that requests you click on an unknown hyperlink, hovering over the option might show you that the link is really taking you to a fake, misspelled domain. This link is created to look legitimate but is likely a phishing scam.

  • The sender included attachments that do not make sense or appear spammy.

 

2.Pop-up phishing

Pop-up phishing is a scam in which pop-up ads trick users into installing malware on their computers or convince them to purchase antivirus protection they do not need.

These pop-up ads sometimes use scare tactics. A common pop-up phishing example is when an ad might pop up on a user’s screen warning the user that their computer has been infected and the only way to remove the virus is by installing a particular type of antivirus software.

Once the user installs this software, it either does not work or, worse, does infect the computer with malware.

 

How can I protect myself from phishing attempts?

Though hackers are constantly coming up with new phishing techniques, there is good news. There are some things that customer can do to protect themselves and their organization. All it requires is some common sense.

  • Do not open suspicious emails.If customer receive an email supposedly from a financial institution with an alarming subject line — such as “Account suspended!” or “Funds on hold” — delete it. If the customer is worried that there is a problem, log in to the account or contact the bank directly. If there really is a problem with the current account or credit card, they can find information once they have logged in.

  • Do not click on suspicious links in emails.If the customer does open an email from someone they do not know and instructed to click on a link, do not. Often, these links will take you to fake websites that will then encourage them to either provide personal information or to click on links that might install malware on your computer.

  • Do not send financial information through email.their bank or credit card provider will never ask them to provide current account numbers, Social Security number, or passwords through email.

  • Do not click on pop-up ads.Hackers can add fraudulent messages that pop up when visit even legitimate websites. Often, the pop-ups will warn the customer that their computer is infected and instruct them to call a phone number or install antivirus protection. Avoid this temptation. Scammers use these ads to either install malware on the computer or scam out for payment for a computer clean-up they do not need.

  • Use spam filters.Spam filters can help block emails from illegitimate sources, but the customer should always use best judgment in case phishing emails get past your blocker.

  • Sign up for antivirus protection.Make sure the computer is protected by strong, multi-layered security software.

Installing and running trusted security software may provide real-time threat protection, help them create and manage unique passwords, and help protect personal files and financial information from phishing attacks and other scams.

 

How to recover after responding to a phishing email

  • Change your passwords:Make sure to change the passwords they use for their banking, credit card and other accounts. Use a combination of numbers, letters, and symbols to make these passwords more difficult to crack. Consider enabling multi-factor authentication if it is available. Multi-factor authentication requires entering a second piece of information — such as a code sent to your smartphone — to access an account.

  • Contact your credit card providers:If the customer has given up credit card information, immediately call the credit card providers. They can freeze the account credit to prevent unauthorized purchases. They can also work with customer to determine which purchases on the accounts are legitimate and which were made by criminals.

  • Check your credit reports:Order free copies of the customer credit reports from Credit Report provider. Check these reports carefully for any unfamiliar activity to make sure no one has opened credit card accounts or loans in the customer’s name.

  • Study your credit card statements:Be on the lookout for any unauthorized or suspicious charges.