Cybercrime Survival Guide

1
Cybercrime Survival Guide 2014

Table of Contents
Introduction ............................................................................................................................................................................... 3
Cybercrime Survival Tips.......................................................................................................................................................... 5
1) Use your common sense.......................................................................................................................................... 6
2) Keep your software up to date.............................................................................................................................. 8
3) Install antivirus on all devices..............................................................................................................................10
4) Inspect links before clicking.................................................................................................................................14
5) Don’t open emails or attachments from untrusted sources.....................................................................16
6) Review app permissions before installing an application.........................................................................18
7) Create strong and unique passwords...............................................................................................................20
8) Protect your data......................................................................................................................................................22
9) Log off...........................................................................................................................................................................25
10) Be cautious when using Bluetooth and Wi-Fi.................................................................................................26
Where to apply the cybercrime survival tips.................................................................................................................28
Glossary.......................................................................................................................................................................................30
Disclaimer
Wolfpack Information Risk does not guarantee or offer assurance that this
document will completely protect or keep you 100% safe from cybercrime. The
information and applications mentioned in this document may contain errors and
are subject to change. Wolfpack Information Risk is not responsible for any loss,
damage, or disruption that may be caused by errors, omissions or the use of the
applications / software mentioned, whether such errors or omissions result from
negligence, accident, or any other cause. Moreover, Wolfpack Information Risk is
not responsible for the functioning of any of the links to related websites (including
ease of downloading programs, or purchase support and fulfilment).
The Cybercrime Survival Guide publication is owned by Wolfpack Information Risk
(Pty) Ltd. No part of this publication may be reproduced or transmitted in any form
without explicit prior permission from Wolfpack. The opinions expressed in The
Cybercrime Survival Guide are not those of the publishers, who accept no liability
whatsoever arising in connection with the contents of the publication.
All rights reserved.

© 2014 Wolfpack Information Risk (Pty) Ltd
www.wolfpackrisk.com
2
Introduction
Cybercrime is a very real threat.
Victims today are losing substantial volumes
of money and data. In many instances
their privacy and even personal safety may be
compromised.
The perpetrators realise the rewards are high

and the risks are low.
Modern cyber criminals are relentless
opportunists - patient, strategic, bold and
well organised - operating below the radar
for as long as possible.
With the rapid evolution of

cyber threats, it is understandable
that the average person may feel
paralysed by the sheer volume of
dangers out there. Where can the average
person obtain reliable guidance
and the tools to protect their
families, assets and information?
3
Cyber criminals are not just after
money - your personal information
may just be as valuable!
The goal of the Cybercrime Survival Guide is to firstly raise awareness of the
potential cyber risks you may face and to provide you with a non-technical
approach to PROTECT yourself online. The guidance offers valuable tips for
cloud users, personal computers and mobile devices to ensure that your own
private and financially sensitive information is kept safe.
You don’t have to be a computer guru to use this guide.
Each Cyber Survival Tip (CST) has the Icon keys are used to indicate where each CST
following sections: can be used:
Quick Tips
This section gives you a number of things Personal Computer:
that you can do quickly in order to achieve
the goals of the CST.
Getting Hands On
This section provides more detailed
guidance on how to better protect
yourself and / or your device. Internet:
Why should I care?

This section highlights why the
specific CST is necessary and what the
consequences could be of not using the
CST.
Mobile Devices:
Helpful Websites/Applications
This section contains a list of websites
and / or applications which can assist you
to meet the objectives of the specific CST.
4
The matrix below gives you a quick reference to find the Cyber Security Tip (CST) that addresses a specific impact
given in the first column, for example, to prevent your identity from being stolen you should use CSTs 1 to 10. Impacts
are separated into four categories: Personal, Children, Devices and Data.
To return to this matrix, click on the arrow icon  at the end of each tip.
PERSONAL Cybercrime Survival Tip Number

Your identity can be stolen.
1 2 3 4 5 6 7 8 9 10
Your personal information can be stolen.

1 2 3 4 5 6 7 8 9 10
Your social media accounts (Facebook, Twitter

etc) can be compromised.
1 2 3 4 5 6 7 8 9 10
You may suffer reputational damage should

hackers post unsavoury content to hacked 1 2 3 4 5 6 7 8 9 10
accounts.
Your bank accounts could be compromised and
money stolen.
1 2 3 4 5 6 7 8 9 10
Your credit record can be damaged.

1 2 3 4 5 6 7 8 9 10
Accounts can be opened in your name without

your knowledge.
1 2 3 4 5 6 7 8 9 10
Criminals may gain access to all information in

your email accounts. They may also attempt to
illicit further information or money from your
1 2 3 4 5 6 7 8 9 10
contacts.
Criminals can make audio and / or video
recordings of you and your surroundings using 1 2 3 4 5 6 10
your device.
Criminals will attempt to extort money from

you.
1 2 3 4 5 6 10
You could fall for scams that end up costing you

money or endanger your family. 1 5 8
Your email inbox could be flooded with

unwanted emails. (Spam)
1 2 3 4 5 6 8 10
CHILDREN
Images of you or your family can be harvested
without your permission and used on 1 2 3 4 5 6 10
unsavoury websites.
Untrusted people can track the movements of

your family from geotags in certain pictures 1 3 6
posted on the web.
Untrusted people (e.g. paedophiles) can gather
intelligence on your family from various online 1 2 3 4 5 6 10
sources and attempt to contact your children.
DEVICES
Criminals can implicate your device in a
cybercrime.
1 2 3 4 5 6 10
Your device can become infected with viruses

(malware).
1 2 3 4 5 6 10
DATA
Devices that get stolen or misplaced risk having
their data compromised.
8
Data that is not backed up properly may be lost

1 2 3 4 5 6 8 10
5
CST
1
Use your common sense
If it looks too good to be

true... it probably is.
QUICK TIPS • Never share personal information such as your ID number on unverified
websites or via e-mail.
• Only engage people on social media you know personally, or referred by a
trusted contact. (verified)
• Limit personal information on your public social media accounts (for example
don’t make your home address publicly accessible on Facebook.)
• Review your privacy settings on your social media accounts.
• Be aware of who might be watching when entering pins and passwords.
• Use strong and unique passwords. (the more complex the password the better!)
• Do not enable GPS location tracking on social media i.e. don’t allow social media
sites or any other sites to automatically track your location.
• Do a background check (e.g. Google search) on people/companies before
engaging with them.
GETTING Avoid being scammed:
HANDS ON
1. Do not click on links in e-mails, especially e-mails that look as if they are from
your bank. (see CST 4)
2. Don’t make hasty decisions. Think about the “opportunity” before proceeding.
Don’t feel pressured to make an immediate decision even if the e-mail demands
immediate action from you.
3. Always read any fine print very carefully.
4. Do not believe everything you read online or in emails.
5. Ask for more information on the person/company to verify that the person
and / or the company is legit.
Don’t become a victim of social engineering:

The following are some of the techniques used by cyber criminals (social engineers):
• SHOULDER SURFING: The social engineer peers over your shoulder while you
are typing in your pin or password. Defence: Always be aware of who is around
Social engineering you and cover the key pad or keyboard when typing in your pin/password.
is when a
cyber criminal • DUMPSTER DIVING: The social engineer scavenges through dustbins for
manipulates improperly disposed information they can use, for example, bank statements.
a person Defence: Never throw away confidential information in the dustbin - rather
psychologically
in order for that shred, burn or cut it into many pieces.
person to provide • BAITING (FREE USB): The social engineer leaves a USB where you are likely to
confidential find it, for example in in the parking lot of where you work, or hand them out for
information and /
or to do a task for free at your local coffee shop. These USB’s are usually loaded with what seems
them. to be information you might be interested in, but instead contains viruses.
Defence: Never use USB’s that were lying around or that are given out for free at
untrusted places.
6
WHY SHOULD I Personal Impact
CARE?
• Identity theft.
• Personal information theft.
• Your social media accounts can be compromised (hacked).
• You may suffer reputational damage should hackers post unsavoury content to
hacked accounts.
• Your bank accounts could be compromised and money stolen.
• Email account compromised (hacked) and used to send spam and scams to
everyone on your address book.
• Criminals can take pictures of you with your webcam / front camera.
• Criminals can make audio and / or video recordings of you and your
surroundings using your device.
• Criminals can use these recordings and pictures for extortion, blackmail or
misrepresentation.
• Your credit record can be damaged.
• Accounts can be opened in your name without your knowledge.
• Your email inbox could be flooded with unwanted emails. (Spam)
Children
• Images of you or your family can be harvested without your permission and
used on unsavoury websites.
• Untrusted people can track the movements of your family from geotags in
certain pictures posted on the web.
• Untrusted people (e.g. paedophiles) can gather intelligence on your family from
various online sources and attempt to contact your children.
Device Security
• Criminals can implicate your device in cybercrime.

• Your device can become infected with viruses (malware).
Data Security
• There are many incidents that could result in you losing some or all of your
valuable data.
HELPFUL • www.alertafrica.com
WEBSITES For general awareness, news and to report a scam or cybercrime.
• www.scambuster.co.za/report-a-scam
For reporting scams and getting news on the latest scams.
• www.cybertopcops.com/shpamee.php
For reporting scams and getting news on the latest scams.
• www.safps.org.za
To report Identity Fraud/Theft and how to protect your identity. 
7
CST
2
Keep your software up to date
Software updates very often

contain critical security
vulnerability fixes!
QUICK TIPS • Activate automatic updates for all your software, including your Operating
System (Windows), Antivirus, Adobe Reader, Adobe Flash and Java.
• Use helpful applications (listed below) to see if your other applications are up to
date.
GETTING How to enable automatic updates for Windows 8.1

HANDS ON
1. Open Windows Update: With your mouse pointer move to the lower-right
corner of the screen and moving the mouse pointer up, click Settings, click
Change PC settings, and then click Update and recovery.
2. Click Choose how updates get installed.
3. Under Important updates, choose Install updates automatically.
4. Under Recommended updates, select the Give me recommended updates the
same way I receive important updates check box.
5. Under Microsoft Update, select the Give me updates for other Microsoft
products when I update Windows check box, and then click Apply.
How to enable automatic updates for Windows 7
1. Click on the Start button, type Update.

2. In the list of results, click Windows Update.
3. In the left pane, click Change settings.
4. Under Important updates, choose Install updates automatically.
5. Under Recommended updates, select the Give me recommended updates the
same way I receive important updates check box, and then click OK. If you’re
prompted for an administrator password or confirmation, type the password or
provide confirmation.
8
WHY SHOULD I If any of your devices are infected with viruses (malware), the following could
CARE? happen:
Personal Impact
• Identity theft.
• Personal information theft.
• Your social media accounts can be compromised (hacked).
hacked accounts.
• Your bank accounts could be compromised and money stolen.
• Email account compromised (hacked) and used to send spam and scams to
everyone on your address book.
• Criminals can use these recordings and pictures for extortion, blackmail or
misrepresentation.
Children
used on unsavoury websites
certain pictures posted on the web
Device Security
• Criminals can implicate your device in a Cybercrime.

• Your device can become very slow and sometimes even unresponsive.
• Your data usage will go up, resulting in high telephone bills.
• Slow Internet connection, due to the malicious applications sending and
receiving data.
HELPFUL Commercial
APPLICATIONS   Ninite: https://ninite.com/updater/
Freely Available
 AppFresh: http://metaquark.de/appfresh/mac
 Secunia PSI: http://secunia.com/vulnerability_scanning/personal/
 SUMo: http://www.kcsoftwares.com/index.php?sumo
 Update Checker: http://filehippo.com/updatechecker

9
CST
3
Install antivirus on all devices
Do not install more than one

antivirus per device!
QUICK TIPS • Download and install either a commercial or a free antivirus.
GETTING Choose an Antivirus solution.

HANDS ON
• Free solutions work but often don’t have the added features of commercial
versions.
• The easiest way for more comprehensive protection is choosing an antivirus
suite. These suites are normally called “Internet Security”.
• Reasons to choose an Internet Security Solution (Antivirus suite) over an
antivirus solution i.e. just an antivirus application are:
• In addition to an antivirus, Internet Security suites normally include the
following tools:
• Firewall
• Parental control
• Anti-Spam.
• Before paying for an Internet Security solution use the trial version for 30 days
and see if you like it. Remember don’t install more than one Antivirus and / or
Internet Security suite.
WHY SHOULD I If any of your devices are infected with viruses (malware), the following could
CARE? happen:
Personal Impact
• Identity & personal information theft.

• Social media account breach.
• Reputational damage, extortion and blackmail due to hacked accounts.
• Your bank accounts can be compromised (Hacked).
• Access to email accounts, implicating them as set off points.
• Criminals can use these recordings and pictures for extortion.
• Your email inbox could be flooded with unwanted emails or used to spam your
contacts.
10
WHY SHOULD I Child Safety
CARE?
Device Security

receiving data.
Data Security
valuable data.
HELPFUL • You get more features and better security when using the commercial options.
APPLICATIONS Always download or purchase commercial security software from legitimate
sources, never pirate (illegally copy or install) security software!
Note: This is not a comprehensive
Commercial list of all software solutions.
   Bitdefender:
http://www.bitdefender.com/solutions/internet-security.html
    ESET: http://www.eset.co.za/za/home/
   Kaspersky: http://www.kaspersky.com/internet-security
Freely Available
All three options listed offer commercial versions, with added features.
   Avast: http://www.avast.com
   Avira: https://www.avira.com/en/avira-free-antivirus
   Bitdefender: http://www.bitdefender.com/toolbox/freeapps/desktop/
SOLUTIONS OFFERED BY BANKS:
• Absa - Antivirus Software (Titanium Maximum Security Antivirus )

(http://absa.co.za/Absacoza/Security-Centre/Antivirus-Software/Antivi-
rus-software)
• FNB- Webroot® SecureAnywhere™

(https://www.fnb.co.za/security-centre/webroot-secureanywhere.html)
• Nedbank – Rapport
(http://www.nedbank.co.za/website/content/rapport/)
• Standard Bank - Trusteer

(http://www.securitycentre.standardbank.co.za/Trusteer/Overview.aspx )

11
CST Continued... Install antivirus on all
3 devices
HELPFUL Free Online Scanning:

Note: Maximum file size for online
APPLICATIONS scanning is 64MB
• Go to www.virustotal.com
• Click on “Choose File”
• Choose the file you want to scan and click on “Ok”
• Click on “Scan It!”
• The results of the scan will be shown, delete the file immediately if any ant-
virus product indicated the file is a virus (malicious) i.e. the detection ratio is
greater than 0.
• NOTE: Always click on “Reanalyse” if VirusTotal indicates that the file has
already been analysed.

12
NCE
ELLIGE GO
NT PROJECTS VE
TI ION
RN
EA RAT A
BO
CO HR
NC KILL
T
E,
A
ICT
H&
LL
RIS
S
D
ARC
E
K&
SED
2.
S AS
RESE
COMP
1. P
ASS
SPECIALI
SESSMENTS
LIANCE ADV
ESS
Services Portfolio
3.
TR A
ISO
Level 2 BBBEE Contributor IM P
TAL
RY
ROVE
IN
G
EN
IN
&
We are trusted advisors to a growing number
TS
UR AW S
AR ME
O
of Government & Private organisations in CI ENES M
NG S PRO GR A
&G T
Africa R AD EN
UATE DEVELOPM
Proudly driving Cyber Security initiatives on

the African continent
Research and
Threat Intelligence
Training Cyber Threat Intelligence Reports
Local & Industry Analysis

IT Governance, Information Risk, Cyber
Security & Privacy Training Quarterly Cybershield Publications
Foundation | Intermediate | Advanced
Graduate Development Programme

Awareness
Executive Threat Assessments

Talent Management
Phishing Assessments
Specialist Governance, Risk and Compliance
Recruiting Grey Wolf Assessment & Learning Platform
Co-Sourcing and Outsourcing Animated Video | Poster | Cartoon Series
Skills and Competency Assessments
Advisory
+27 11 794 7322
IT Governance, Information Risk, Cyber
 info@wolfpackrisk.com Security & Privacy Consulting
Vulnerability & Threat Assessments

 www.wolfpackrisk.com 13
ISO 27001 Certification
ISO 27001 Certification
“Protection in the pack”
CST
4
Inspect links before clicking
Banks will never request

your password via email.
QUICK TIPS • Banks will never ask you to send your password or supply other personal
information in an email.
• If it sounds too good to be true it probably is - don’t click on the link.
GETTING Determine if a link is malicious

HANDS ON
• Copy the link. (right-click, copy link – or highlight and press ctrl-C for PC)
• Go to www.virustotal.com.
• Click on the URL tab.
• Paste the link copied earlier.
• The result will show if the link is safe or not.
• Using VirusTotal is better than just clicking on the link, but it’s important to
remember that VirusTotal could indicate that a dangerous link is safe.
• If you have a bad feeling about the link - don’t click it, even if VirusTotal says it’s
safe!
Inspect links (Hyperlinks)
• Look for obvious signs of tampering i.e. the sender email & web link are different
(i.e. Sender: MyBank.com, Link: www.hackerbank.com).
• Hover your mouse pointer over the link (without clicking) then…
• (A) compare it to the link (B) in the bottom left hand corner:
Google and the Google logo are registered trademarks of Google Inc., used with permission.
14
GETTING Inspect short links (Compressed Links)
HANDS ON
Periodically, you might encounter a short link or compressed link, such as:
http://is.gd/FZMBx2
When encountering a short link:

• Go to www.longurl.org
• Copy short link (right-click, copy link – or highlight, press ctrl-C for PC)
• Paste it in at longurl.org
• The full link will then be displayed and you can make your decision from
there.
WHY SHOULD I Clicking on a malicious link could result in you giving out personal information
CARE? and / or your device getting infected with malware which could result in the
following:
Personal Impact

• Your email inbox could be flooded with unwanted emails – or used to spam
your contacts.
Child Safety
Device Security

receiving data.
Data Security
valuable data.

15
CST
5
Don’t open email or attachments
from untrusted sources
Always be suspicious when

opening emails and their
attachments.
QUICK TIPS • Always be suspicious when opening emails and their attachments.
• Business email accounts usually have a linked business-related domain
(i.e. nameofbusiness.com) and not Gmail or Yahoo accounts. For example,
abcBankSales@gmail.com would not be a legitimate e-mail address for ABC
Bank but sales@ABCBank.com would be.
• Banks will never send you emails requesting that you send your password via
e-mail or that you click on a link to reset your password
GETTING Spot a fake Email

HANDS ON • Always be a little suspicious. “Guilty till proven innocent”
• The “From” field does not match the sender (the email is about your Facebook
account, yet the “From” field indicates that the e-mail was sent from a Gmail
account.)
• Obvious spelling and grammar mistakes.
• Other signs to look out for, if the email:
• is from a different country, (co.uk, .il etc.)
• asks for money, promising a reward in return.
• is very vague i.e. “Dear Sir/Madam” or “To whom it may concern”
• implies urgency (“Your account will be closed if you do not reset your
password”.)
• requests personal information or requires you to reset your password
by clicking on a link in the email.
Spot dangerous attachments

• Never open any attachments from unknown senders, especially those that have
file names ending with the following:
• “.exe or .msi, .docm, .xlsm, .pptm, .zip, .rar”
• If you know the sender, ask about the file contents before opening
them
16
GETTING Spot dangerous attachments (continued)
HANDS ON • If your Antivirus flags it as dangerous, do not open it.
• For added safety, even if receiving an attachment from a known source, do the
following:
• Go to www.virustotal.com.
• Click on “Choose File”.
• Choose the file you want to scan and click on Ok.
• Click on “Scan It!” The results of the scan will be shown, delete the
file immediately if any antivirus product indicated the file is a virus
(malicious) i.e. the detection ratio is greater than 0.
• NOTE: Always click on “Reanalyse” if VirusTotal indicates that the file has
already been analysed.
following:
Personal Impact

• Your bank accounts can be compromised (hacked).
contacts.
Child Safety
Device Security

receiving data.
Data Security
valuable data.

17
CST
6
Review app permissions before
installing an application
Do the permissions
requested by the app make
sense?
QUICK TIPS • Read app permissions before accepting or installing the app.
• Do the permissions requested by the app make sense? For example, a weather
app should not have access to your contact list.
• Only install apps from trusted sources (Google Play Store, iTunes Store etc.)
• Do not Jail Break (Apple) or Root (Android) your device
GETTING Before installation

HANDS ON • Read through the permission requests and see if they make sense (i.e. the app
requests to access contacts but the app is used to view images)
After installation
• Use apps like “App Permissions” to review permissions other apps have.
• As you review these permissions, think about what the app does and if the
permissions it has fits its use.
HELPFUL Commercial
APPLICATIONS • NOTE: Disabling app permissions can cause apps to stop working properly
(crash), thus these apps are recommended for use by Advanced users ONLY.
 Adv Permission Manager (Pro)
 Permission Manager Pro
 Permissions Viewer
Freely Available
• These apps allow you to see the permissions of the other apps installed on your
device. They do not disable any permissions and can be used without worrying
that you might break something.
•  App Permissions
•  Clueful
•  Permission Manager - App ops
18
following:
Personal Impact

contacts.
Child Safety
Device Security

receiving data.
Data Security
valuable data.

19
CST
7
Ceate strong and unique passwords
Enable passwords on all

your devices: laptops,
mobile phones and tablets.
QUICK TIPS • Enable passwords on all your devices laptops, cell phones and tablets.
• Ensure passwords are longer than 7 characters.
• Use a combination of numbers and special characters (e.g. @ # $ % ! ?)
• Use different passwords for all your different accounts and devices
• Do not share your password with anyone
• Never write your password down
GETTING Avoid weak passwords

HANDS ON • Do not use passwords similar to the following:
• “123456”
• “password”
• “qwerty”
• “iloveyou”
• Do not use dictionary words i.e. single words out of a dictionary.
• Do not include personal references in your password (date of birth, pet names.)
Manually creating a strong password

• Minimum length of 7 characters
• Use spaces and/or a combinations of…
• Upper case and lower case letters
• Numbers
• Special characters (e.g. @ # $ % ! ? . -)
Example : “ r4XSVY_/ ” *Do not use this example
Use a passphrase and add special characters and numbers to it
• Example 1: Take the phrase “Online banking saves me so much time and effort
every day” and then use numbers and letters to recreate it:
• Password “Obsmsmt&eed!2014” The password was created by taking the
first letter of each word. *Do not use this example
20
GETTING Remember PIN’s
HANDS ON • Spell a word using the keyboard/keypad
• Example: Risky -> 74759 *Do not use this example
HELPFUL Commercial
APPLICATIONS • The following applications can be used to automatically generate secure
passwords for each service that you use. The applications typically require that
you set one master password that must be entered to unlock the “vault” storing
all the other passwords. Ensure you set a strong master password according to
the guidelines provided in the previous section.
•    1Password: https://agilebits.com/onepassword
•    F-Secure Key: http://www.f-secure.com/en/web/home_global/key
•  Password Manager: http://www.kaspersky.com/password-manager
Freely Available
•    Identity Safe: https://identitysafe.norton.com/
•    Last Pass: https://lastpass.com/
•    KeePass : http://keepass.info/download.html
WHY SHOULD I Using a weak password may result in the following:

CARE
Personal Impact
• Your identity can be stolen.
• Your personal information can be stolen.
• Your social media accounts (Facebook, Twitter etc) can be compromised.
hacked accounts.
• Your bank accounts could be compromised and money stolen...
• Criminals may gain access to all information in your email accounts. They may
also attempt to illicit further information or money from your contacts.

21
CST
8
Protect your data
Back-up and protect your

valuable data
QUICK TIPS • Back-up your most valuable information first (e.g. Documents, family pictures)
• Do not keep your back up drive (“External Hard drive”) close to your computer
when you are not using it.
• Encrypt your hard drive
• Back up valuable information to reputable cloud storage providers (e.g.
Dropbox)
• Shred:
• Paper documents that may contain personal information
• Old credit and loyalty cards
• CDs that may contain personal information.
• Delete emails that contain personal information.
• Remember to “Empty” the Recycle Bin (Windows) or Trash (Mac)
• Password protect ALL your devices
GETTING Manually Creating a Backup

HANDS ON • Things you’ll need:
• Storage media (e.g. External Hard drives, DVD’s, USB’s)
• Select the files to back up (Documents, Pictures, Music and Videos)
• Copy the selected files to your Storage Media.
Automatically Creating a Backup

• Things you’ll need
• Storage media (e.g. External Hard drives, DVD’s, USB’s)
• Open the backup program of your choice (some examples given below).
• Follow instructions or prompts.
• NOTE: Do not store your backups on the same device that you need to backup.
Distribute back-ups
• Don’t keep back up drives in your laptop bag or next to your computer.
• Back-up critical (most valued) information to trusted Cloud services like
Dropbox or Google Drive
• Duplicate critical backups to USB’s or DVD’s and store safely elsewhere.
Permanently dispose of paper documents

• Shred unwanted physical documents
22
GETTING Empty the “Recycle Bin”
HANDS ON • Right click on the Recycle Bin icon (image)
• Choose Empty Recycle Bin
Properly Dispose of Hard drives you no longer need

• Physically destroy the hard drive (For example, with a hammer)
• Wipe a hard drive (Formatting does not always wipe a drive.)
Password Protect Devices

• For instructions on how to set a password for Windows visit http://windows.
microsoft.com/en-za/windows/protect-computer-with-password
Set a lock pattern or pin on your mobile devices (including your phones). This can be
typically set on the mobile device’s settings menu under security settings.
HELPFUL BACK-UP APPLICATIONS:

APPLICATIONS Commercial
•  Carbon Copy Cloner:
http://sites.fastspring.com/bombich/product/ccc?option=show_contents
•  Genie Backup Manager 9:
http://www.genie9.com/home/genie_backup_manager_home/Overview.aspx
•  Nova BACKUP Professional 15:
http://www.novastor.com/en/landing/top-ten-reviews-pc-backup
Freely Available
•  AOMEI Backupper: http://www.aomeitech.com/
•  EaseUS Todo Backup:
http://www.todo-backup.com/products/home/free-backup-software.htm
•  FBackUp: http://www.fbackup.com/
•  Time Machine (Installed on Mac )
CLOUD STORGAGE:
Commercial
•    SugarSync: www.sugarsync.com
The service providers below offer an initial quota of free storage, with additional
space available on subscription basis
•     Dropbox: https://www.dropbox.com/ (2GB Storage Free)
•    Google Drive: https://drive.google.com/ (15GB Storage Free)
(If you have a Gmail account you already have Google Drive.)
•    Microsoft One Drive : https://onedrive.live.com/about/en-us/
(7GB Storage Free) (Can link to your Microsoft account if you
have one, if not signing up will create one.)
•     Spider Oak: https://spideroak.com/ (2GB Storage Free)
(Spider Oak Encrypts your data on the fly to ensure your privacy)

23
CST
8
Protect your data (continued)
WHY SHOULD I The following can happen if you do not adequately protect your data on all
CARE? your devices:
Personal Impact
All your personal information can be stolen and misused as follows:

hacked accounts.
• You could fall for scams that end up costing you money or endanger your family.
Data Security
• Devices that get stolen or misplaced risk having their data compromised.
valuable data.
24
CST
9
Log off
Do NOT check
‘Keep Me Logged In’ or
‘Remember Me’
QUICK TIPS • Do NOT check ‘Keep Me Logged In’ or ‘Remember Me’, especially on public
computers!
GETTING Logging in automatically

HANDS ON • When logging into your account ensure that the Keep Me Logged In or
Remember Me check box is NOT checked.
• If your browser (Internet Explorer etc.) prompts you to Remember user name
and password decline the request (Say no).
Log out
• When you are finished with your emails or social media, click the Log Out or Sign
Out button / link. It is normally in the top right hand corner of the webpage.
HELPFUL • Password managers (as mentioned in CST 7, Helpful Applications), can centralise
APPLICATIONS and automate your logins across multiple websites with one central “Master”
password - which is safer than staying logged into accounts when idle or not
used.
CARE ?
hacked accounts.
25
CST
10
Be cautious when using Bluetooth
& Wi-Fi
Only turn on Wi-Fi and

Bluetooth when you need it.
QUICK TIPS • Do not connect to “Free” (open) Wi-Fi networks that public stores offer.
• Do not accept unknown Bluetooth pairing requests.
• Secure your Wi-Fi at home.
GETTING Safely use Free (open) Wi-Fi

HANDS ON • Using a VPN is the safest way to use Free Wi-Fi. However, setting up and using a
VPN is beyond the scope of this guide
• Do not bank, shop online, or surf social media sites using Free Wi-Fi net-
works.
• Always ensure you are using a secure connection (https rather than http).
Simply look for the padlock icon ()

CARE ? • Identity & personal information theft.
• Criminals can make audio and / or video recordings of you and your surround-
ings using your device and use these recordings and pictures for extortion.
contacts.
Child Safety
Device Security
• Your device can become infected with viruses (malware). 
26
Africa’s Leading Cyber
Security Publication
Cybershield Magazine gets distributed quarterly to more than 7000 IT Professionals.

Contact us at info@wolfpackrisk.com to take advantage of this advertising opportunity.
Missed an Edition?
Previous editions can be downloaded for free at:
27
www.wolfpackrisk.com/publications Cybercrime Survival Guide 2014
Where to apply the
Cybecrime Survival Tips
Online Banking, Shopping and Social Media:
Cybercrime Survival Tips:
• Use your common sense
• Keep your software up to date
• Install antivirus on all devices
• Inspect links before clicking
• Don’t open email or attachments from untrusted sources
• Review app permissions before installing an application
• Create strong and unique passwords
• Log off
• Be cautious when using Bluetooth and Wi-Fi
General Tips
• Type the address yourself
• Always type out the address (URL) of your bank i.e. www.yourbank.co.za
• Secure Connection:
• Ensure that you have a secure connection: https over http.
• Look for the lock icon ()
STAYING SAFE
ON SOCIAL
MEDIA
How to keep your
Implement the above mentioned CSTs to keep your account secure
account secure.
Built in Security Facebook has a range of Twitter has security features Gmail has security features
Features. security features users can users can activate to help users can activate to help
activate to better protect their protect their account. protect their account.
account.
Facebook features: Twitter features: Gmail features:

• Login approvals (Two • Login verification (Two • 2 Step verification
Factor Authentication) Factor Authentication)
• Login notifications
• One time passwords For more information on For more information on 2
• Trusted contacts keeping Twitter safe go to: Step verification go to:
For more information on these https://support.twitter.com/ www.google.com/

Facebook security features articles/76036-safety-keeping- landing/2step/
go to: your-account-secure
http://www.facebook.com/
help ->Security -> Extra
Security Features
© 2012 Google Inc. All rights reserved. Gmail™ is a trademark of Google Inc.
28
STAYING SAFE
ON SOCIAL
MEDIA
How do you know if You cannot access your You cannot access your You cannot access your
your account has been account with your normal account with your normal account with your normal
login credentials. login credentials. login credentials.
hacked.
There are posts on your news There are Tweets from your People receive emails from
feed that you never posted. account that you didn’t you that you didn’t send.
personally make.
These posts encourage your
friends to click on the links.
What to do if your Clean your computer from Clean your computer from Clean your computer from
account has been malicious software before malicious software before malicious software before
changing your password changing your password changing your password
hacked.
Scan your computer for any Scan your computer for any Scan your computer for any
malicious software and make malicious software and make malicious software and make
sure your antivirus is up to sure your antivirus is up to sure your antivirus is up to
date. date. date.
Do not change your password Do not change your password Do not change your password
until you are certain the until you are certain the until you are certain the
computer you are using is free computer you are using is free computer you are using is free
of all malicious software. of all malicious software. of all malicious software.
Change your password. Change your password. Change your password.
If you still have access to If you still have access to If you still have access to
your account change your your account change your your account change your
password (have a look at password (have a look at password (have a look at
Password management). Password management). Password management).
If you do not have access If you do not have access If you do not have access
to your account, reset your to your account, reset your to your account, reset your
password by clicking on the password by clicking on the password by clicking on the
Forgot your password link on Forgot your password link on Forgot your password link on
the log in page. the log in page. the log in page.
Remove any third party Notify followers Notify contacts

applications that you installed
on Facebook Notify all your friends that After taking back your
your account has been hacked account, notify all your
Report a compromised and that any suspicious tweets contacts that your account
account. are as a result of the hack. has been hacked and that
• Go to www.facebook. any suspicious emails they
com/hacked received are as a result of the
• Notify friends hack.
• After getting back
control of your account,
notify all your friends
that your account was
hacked and that any
suspicious posts are as a
result of the hack.
More Information. www.facebook.com/help https://support.twitter.com Go to https://support.google.

->Hacked Accounts ->Troubleshooting com/ -> Gmail -> Account ->
Security & Privacy -> Gmail ->
Security Checklist
© 2012 Google Inc. All rights reserved. Gmail™ is a trademark of Google Inc.
29
Glossary
419 Scam Government grant scam Remote access tools (RAT’s)
Claim that your help is needed Usually advertisements, claiming Malicious software used to control
to access a large sum of money, that you qualify for a ‘free’ grant your computer remotely.
usually millions of dollars. When to pay for housing or education
in fact the money does not exist. costs. Perpetrators may pose as a Rootkit
Attempt to trick people into ‘government’ or an organisation Malicious software used to control
believing that they had a wealthy with official name. The claim is your computer.
uncle or aunt from overseas who always that your application for
has left a fortune that needs to be a grant is accepted - that you Spy ware
claimed by a person with the same will never have to pay back the Malicious software that monitors
surname. money. computer activities without the
user’s knowledge, and the intent to
Adware Investment scam get private information.
Malicious software that allows Includes investment opportunities
unwanted advertisements on your and expert tip-offs on rising shares. Telemarketing scam
computer. Deals often sound tempting, Targets of this type of fraud are
resulting in victims losing large usually those aged 60-upwards,
Antivirus sums of money. coerced to buy bogus products
Software designed to protect your offerings by telephone including
computer from harmful software Key logger free prizes, low-cost vitamins and
(Malware, Viruses, Trojan, etc.). Malicious software or device that health care products and vacations.
captures everything you type.
Charity scam Criminals can use this to get your Traveling/Holiday scam
Swindling of money by scammers password. Unsuspecting victims are targeted
in the disguise of a worthy cause. by fraudulent holiday/travel
Victims are asked to donate for a Lottery scam tour agents - offered a tempting
‘special cause’. But the charity turns Proceeds hardly go towards holiday at a fraction of normal cost.
out to be a fraud, or a scammer the cause and when they do, it Even though there are genuine
pretending to be a real charity. is usually just a fraction of the holiday discounts it is important to
proceeds. Lottery and competition research holiday vouchers, booking
Classified scam scams also come in varied forms, via accommodation online, or sorting
Scammers enjoy tricking people email, texts, or through social media out a visa for your trip.
into purchasing non-existent and is often a lottery or competition
or sub-standard goods online. that you did not enter. Trojan
Scammers are not always on Malicious software hidden in a
the selling side but also act as Malware normal application or software that
interested parties (clients). Is used to describe all the malicious claims to be legitimate.
software like Viruses, Trojans and
Employment scam Worms. The term Virus is often Operating System
Employment scams are conducted wrongly used to describe all The software that manages
by unscrupulous people that malicious software, the correct term your computer and operation. (
pose as employers. The scammers is Malware. Windows, Mac OS X and Linux. )
may ask you to pay a recruitment
administration fee to assist you Phishing Virus
in getting a job or will ask for When criminals pursue sensitive Malicious software created with
money for visa processing or travel information about you like intent to harm your computer or
expenses. usernames, passwords and ID to be used for cybercrime. The
numbers. term Virus is often confused with
Encryption Malware
Computer algorithms that encode Ransomware
your data, making it unreadable Malicious software that locks Worm
unless you have the correct (encrypts) the computer it infects, Malicious software that can spread
password. and demands payment to unlock itself on computers without user’s
(decrypt) it. interaction. Once a virus is able
to do this it is now classified as a
worm.
30
31

Cybercrime Survival Guide

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Cybercrime Survival Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cybercrime Survival Guide

Uploaded by

Copyright:

Available Formats

1

Cybercrime Survival Guide 2014

All rights reserved.

The perpetrators realise the rewards are high

With the rapid evolution of

You don’t have to be a computer guru to use this guide.

Why should I care?

PERSONAL Cybercrime Survival Tip Number

Your personal information can be stolen.

Your social media accounts (Facebook, Twitter

You may suffer reputational damage should

Your credit record can be damaged.

Accounts can be opened in your name without

Criminals may gain access to all information in

Criminals will attempt to extort money from

You could fall for scams that end up costing you

Your email inbox could be flooded with

Untrusted people can track the movements of

Your device can become infected with viruses

Data that is not backed up properly may be lost

If it looks too good to be

Don’t become a victim of social engineering:

• Criminals can implicate your device in cybercrime.

Software updates very often

GETTING How to enable automatic updates for Windows 8.1

How to enable automatic updates for Windows 7

1. Click on the Start button, type Update.

• Criminals can implicate your device in a Cybercrime.

Do not install more than one

QUICK TIPS • Download and install either a commercial or a free antivirus.

GETTING Choose an Antivirus solution.

• Identity & personal information theft.

• Criminals can implicate your device in cybercrime.

SOLUTIONS OFFERED BY BANKS:

• Absa - Antivirus Software (Titanium Maximum Security Antivirus )

• FNB- Webroot® SecureAnywhere™

• Standard Bank - Trusteer

HELPFUL Free Online Scanning:

Proudly driving Cyber Security initiatives on

Training Cyber Threat Intelligence Reports

Local & Industry Analysis

Foundation | Intermediate | Advanced

Graduate Development Programme

Executive Threat Assessments

Co-Sourcing and Outsourcing Animated Video | Poster | Cartoon Series

Skills and Competency Assessments

Vulnerability & Threat Assessments

Banks will never request

GETTING Determine if a link is malicious

Inspect links (Hyperlinks)

When encountering a short link:

• Identity & personal information theft.

• Criminals can implicate your device in cybercrime.

Always be suspicious when

GETTING Spot a fake Email

Spot dangerous attachments

• Identity & personal information theft.

• Criminals can implicate your device in cybercrime.