Scams
Frieda ordered a water bottle from Amazon, immediately after she places her order and pays for it, she receives a text telling her there was an error with her order and she needs to click the link to login to remedy it.
What does this situation describe?
A Wide Net
A scam artist sends out hundreds of the same message, hoping that at least one person will receive it and click the link
A Facebook post claims that “Most people can’t remember the name of their childhood street name after age 25!” Many people have commented with the names of their old street names.
What could these street names be used for?
Possible answers:
Password hacking
Setting up an account in your name
Locating personal information about you
Oh no! You’ve unwittingly clicked on the link from a spam email! What do you do now?
A: Check to see if there are any programs or browsers you don’t recognize is running on your pc, run an antivirus scan, and restart your computer
B: Close the tab and move on with your day
C:Scream, then cry. Then move to Peru and proceed to live off the grid :)
A
You have recently passed your road test and received your N! You want to take a picture of you and your car with the N on it to post to your Instagram.
Should you?
No! With your license plate information someone could easily find more information about that you may not be willing to share with the public or possibly even incriminate you in a crime. If you must post a picture of your car, either blur out your license plate or leave it out entirely!
True or false: If your toaster could connect to the internet, could it be hacked?
Yes! Any smart device that can connect to the Internet and or communicates with other smart devices can be hacked and used to access other devices on the same network.
Lisa receives an email from someone she works with saying "you have won a lottery for 300,000. click here to claim your prize"
Is this a phishing or spear phishing attack?
Phishing!
You get a call from your bank asking you to “review and verify” some account information, as there has been some unusual activity. The caller number matches the local branch of your bank, when you check it out. The caller asks you to confirm your four-digit debit card passcode.
What technique is the caller using to make their phone number appear legit?
Phone spoofing
Name 1 resource you can use to educate yourself on scams
Example Answers:
RCMP Frauds and Scams website
ScamBusters
Vancouver Police department crime and fraud prevention website
Canadian Anti-Fraud centre
Government of Canada Cyber incident website
Consumer protection BC
Robert posts a picture of himself at a wild costume party in an embarrassing costume. A year later he remembers he posted the picture and deleted it from his account. Is this picture now permanently gone?
No! Anything that is posted to the Internet will likely outlive you! Just because it was deleted does not mean it cannot be recovered. Think before you post!
True or False: A URL that has “HTTPS” at the beginning and the associated padlock symbol on the URL bar is a sure sign of a safe website.
False! While a URL with HTTPS does ensure communication with the website is secure, it does not guarantee that the website itself is safe!
John receives a strange email from his coworker Robert telling him that he needs him to download and review a document, despite there being no project requiring this. John obliges and downloads the document to check it over and sends it back to Robert.
2 hours later he is notified that the company’s network has been hacked and the company’s data is being held for ransom.
Name what just happened
John has unwittingly fallen for a spear phishing scam
You receive an e-mail with information about a work-from-home job for a charity. You look up the charity and it seems legit. The e-mail asks you to follow a survey link to fill out an application, including your full name, date of birth, address and banking information for electronic payments.
This is an example of what kind of technique?
Phishing!
You receive a Google security alert notifying you that your Google account has been accessed from the country of Greece. What do you do?
Use Google’s “sign out of all devices” feature and immediately change your security details. Make sure to also change the security details of everything linked to your Google email.
Using a handle on social media will keep you anonymous. (T/F)
Not necessarily!
Your account can be hacked.
Someone with IP tracking tools could locate your information.
Someone could match up your handle with known details about you or similar handle on other sites
Nowadays, how long does it take a hacker to brute force a 8 character password featuring lowercase and uppercase letters, numbers, and symbols?
According to hive systems, only 5 minutes! So make sure your passwords are complicated!
You pass by a flyer at school advertising a party with a QR code on it to RSVP. Name 1 way you can safely verify if it is a scam or not
Possible answers:
Check with the front office at the school to see if the party is real
Type in the link, rather than scanning the QR code
“Preview” the QR code by scanning on camera app
Can you name at least three ways function creep has enabled companies to gather your data outside of computers?
Many data gathering methods outside of the online space involves function creep, which is when a function that was originally designed to do something, is now doing another thing. Some answers include:
-Fingerprint data (from phone’s fingerprint locks)
-Voice data (From using smart voice recognition technology)
-Facial data (From facial recognition technology)
-Movement patterns (From google maps, car GPS systems)
You’ve been careful, but eventually you got pulled into a rental scam that has cost you a damage deposit and first month’s rent.
Where are the places you can report this crime and get advice and help?
Report the crime to police right away
If the scam was on a website, report it to the admins
Report to your bank or credit card company
Report to the Canadian Anti-Fraud Center website
Talk to people about it! There’s no shame.
You get an upset DM from a friend, saying that they clicked on a link you sent them, and their laptop got hit with a virus. What are some steps you can take?
Sign out of whatever program sent it, then change your password right away.
Ask the person to send you a screenshot of the message. Does it match your account?
Has your account been duplicated, and your friends told to follow this new bogus account?
Report fraud account if so, and ask friends to do so as well.
Has your account been hacked, and a link sent to your followers?
Send your followers a note saying that you are looking into a possible hack, and not to click on any links sent by your account
If this is a case of identity impersonation, also report to police and request a file number.
One day walking into work, you notice an envelope addressed to you with a USB drive inside of it. You flip it around and find out that the sender is one of your coworkers. What do you do with the USB drive?
Confirm with the sender that it was indeed them that sent you the USB!
Remember that everyone plays a role in security no matter what their line of work is! Taking a few minutes to confirm the USB drive is better than having malware being injected directly into whatever system you could have plugged it into!