The Secret to Cybersecurity
eBook - ePub

The Secret to Cybersecurity

A Simple Plan to Protect Your Family and Business from Cybercrime

  1. 192 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Secret to Cybersecurity

A Simple Plan to Protect Your Family and Business from Cybercrime

About this book

Cybercrimes are a threat and as dangerous as an armed intruder—yet millions of Americans are complacent or simply uninformed of how to protect themselves. The Secret to Cybersecurity closes that knowledge gap by using real-life examples to educate readers. It's 2 a.m.—do you know who your child is online with? According to author Scott Augenbaum, between 80 to 90 percent of students say they do whatever they want on their smartphones—and their parents don't have a clue. Is that you? What about your online banking passwords, are they safe? Has your email account or bank/debit card ever been compromised? In 2018, there were data breaches at several major companies—If those companies have your credit or debit information, that affects you. There are bad people in the world, and they are on the internet. They want to hurt you. They are based all over the world, so they're hard at "work" when even you're sleeping. They use automated programs to probe for weaknesses in your internet security programs. And they never stop. Cybercrime is on the increase internationally, and it's up to you to protect yourself. But how? The Secret to Cybersecurity is the simple and straightforward plan to keep you, your family, and your business safe. Written by Scott Augenbaum, a 29-year veteran of the FBI who specialized in cybercrimes, it uses real-life examples to educate and inform readers, explaining who/why/how so you'll have a specific takeaway to put into action for your family. Learn about the scams, methods, and ways that cyber criminals operate—and learn how to avoid being the next cyber victim.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Secret to Cybersecurity by Scott Augenbaum in PDF and/or ePUB format, as well as other popular books in Personal Development & Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Forefront Books
Year
2019
eBook ISBN
9781948677097
Topic
Personal Development
Subtopic
Management
Image

CHAPTER 1:

Cybercrime

CYBERCRIME HAS BECOME A FACT of life in the digital world. The threat is incredibly serious—and growing. Cyber-intrusions are becoming more prevalent, more expensive, and far more sophisticated. Our nation’s adversaries target our country’s critical infrastructure, including utilities, defense systems, and air- and traffic-control mechanisms. U.S. companies are targeted for trade secrets and other sensitive corporate data and universities, for their cutting-edge research and development. Identity thieves are attacking our average citizens, and online predators are stalking our children.
Every day, there is another media report of a large-scale data breach. The American public is becoming numb after hearing the same depressing news over and over. According to analysis conducted by Cybersecurity Ventures, the cost of cybercrime might reach $6 trillion by 2021, doubling in the six years since 2015. A recent study by Dr. Michael McGuire, senior lecturer at the University of Surrey in England, found that cybercrime revenue around the world has grown to $1.5 trillion in illicit profits per year, which is roughly equal to the GDP of Russia! In the U.S., the FBI’s Internet Crime Complaint Center received more than three hundred thousand complaints in 2017 with reported losses of more than $1.4 billion.
We have become vulnerable to cybercriminals in nearly every aspect of our lives. If you’ve ever shopped for home-repair products at The Home Depot (where fifty-six million credit card numbers were compromised from April 2014 to September 2014), purchased clothing or home goods at Target (where hackers infected payment-card readers and made off with approximately forty-one million credit- and debit-card numbers used by after-Thanksgiving shoppers in 2013), or attempted to broaden your professional network by registering at LinkedIn (which had more than six million encrypted passwords stolen by a Russian hacker known as Peace, who posted them to a Russian crime forum in May 2016), you might have unknowingly been a victim of cybercrime.
While these massive data breaches involved some of the world’s largest companies and made headlines around the world, there was very little media coverage of what I dealt with on a daily basis while fighting cybercrime at the FBI. Every day, I worked with victims at small- and medium-sized businesses, nonprofit organizations, academic institutions, and, even worse, with retirees who lost their life savings. I witnessed too many horror stories during my career—including several businesses that were forced to close their doors after being victims of cybercrimes. Here are a few of the crimes I investigated during my FBI career:
DIANE, A MOTHER OF TWO from Franklin, Tennessee, came home from a long day at the office. She made dinner for her family, took a shower, and then logged on to her laptop. She still preferred to check her email on her computer and rarely accessed it on her iPhone; she preferred the much larger screen. Her fourteen-year-old daughter liked to tease her about using the aging computer, saying it made her old in the rapidly changing digital world.
As Diane went through her Gmail account, she quickly deleted spam and advertisements and then noticed an email from her sister, Abigail. Diane’s sister regularly sent her articles about health and fitness, and this email seemed to be no different. The email included a hyperlink to an article about the benefits of drinking coconut water and its ability to reduce wrinkles. Diane always read the articles her sister sent, so she clicked the link about coconut water and waited for the article to appear. Nothing happened. She clicked again. No response. She figured her Internet service must be running slow again, which was the cause of most of her computer problems. She grew tired of waiting, read the rest of her emails, browsed a few of her favorite online retailers, and then it was time to watch the latest episode of The Walking Dead.
Diane fought to keep her eyes open as Rick Grimes and his ragtag group tried to survive a zombie apocalypse on TV. Meanwhile, a zombie computer halfway around the world in Eastern Europe was talking to her computer. When Diane clicked the hyperlink to the article about coconut water, she was redirected to a computer controlled by a cybercriminal. Once connected, the computer loaded a malicious program called a keylogger onto Diane’s machine. A keylogger, sometimes called a keystroke logger or system monitor, has one job: to monitor and record each keystroke typed on a specific computer’s keyboard. When Diane entered a username and password for a website, such as Gmail, her work email account, or online banking account, the malicious keylogger program stole her credentials and sent them to the cybercriminal, who now had access to Diane’s websites. Once the bad guy obtained access to Diane’s bank account, he was ready to wipe out her savings.
JONATHAN WAS A RETIRED HIGH school teacher with a love for writing and poetry. His pension covered his living expenses, and he supplemented his retirement income with his salary from a side business as a wedding photographer. Whenever Jonathan wasn’t taking photographs, he spent his time writing. He finally hatched an idea for a novel, which he believed was the idea of a lifetime. It took him eighteen months to write seventy-five thousand words, but he finally finished. He considered the crime novel to be his life’s work and was about to become a published author through Amazon self-publishing.
One weekend, Jonathan was working as a photographer at a ritzy wedding. It was a black-tie affair, and he couldn’t believe how much money he was going to make in one night. It was hard work, but he’d earn as much in one night as he made in one week as a teacher. Once Jonathan returned home from the wedding, he downloaded the photos to his computer and started editing them with his photo-editing software. When he was finished, he saved the photos to his hard drive. Before going to bed, Jonathan checked his Facebook account and clicked on a link from an individual who wanted to become his online friend. It was from an attractive young woman who commented on Jonathan’s exceptional photography skills.
Halfway around the world, there was a cybercriminal sitting in front of a laptop in Eastern Europe. Let’s call him Ivan. Ivan smiled as soon as Jonathan clicked on the link. He knew an unsuspecting American was about to have his world turned upside down. One of Ivan’s zombie computers had sent thousands of spear-phishing emails disguised as spam messages on Facebook. He targeted male Facebook users and offered to friend the unsuspecting victims. Ivan claimed to be an attractive woman who was impressed with an interest that was listed on the men’s Facebook pages. It was like taking candy from a baby. When Jonathan clicked on the link, Ivan’s computer encrypted all the information on his hard drive. Jonathan couldn’t regain access to his photographs or manuscript unless he paid Ivan a ransom of $300. Making matters worse, Ivan’s malicious program also targeted Jonathan’s Apple iCloud account and changed all his passwords. Even if Jonathan had previously backed up his information to iCloud (he didn’t), he wouldn’t be able to retrieve it now without paying the ransom.
IT WAS A TYPICAL MONDAY morning for Heather, a newly hired payroll clerk at a large company, when she received an email from her CEO. He asked if she was enjoying her new job, commended her on her work so far, and told her that the payroll manager believed she was on the fast track for a promotion. Heather was overjoyed that the CEO knew her and believed she was doing a great job. The email also included some instructions for Heather: Since the payroll manager was out of town at a business conference, he needed her to complete a special project. The CEO was headed to a meeting with the company’s board of directors and needed a spreadsheet that included every employee’s name, title, birthday, address, Social Security number, and salary. Heather was eager for added responsibility and replied that she’d complete the task within the hour. She added the personal information of more than two thousand employees to an Excel spreadsheet and attached it to an email she sent to the CEO. At least that’s what she believed was happening.
In a dirty Internet cafĂ© in West Africa, a cybercriminal received Heather’s email, jumped out of his chair, and started celebrating. One of his spear-phished emails went to a payroll clerk in America requesting the W-2 information for a large company’s payroll. The unsuspecting payroll clerk sent him back the sensitive personal information of more than two thousand employees. In a room full of other cybercriminals, the man announced that he was selling the names, birthdays, Social Security numbers, addresses, and salaries for $5 each. The other cybercriminals started handing him money like he was a trader on Wall Street. In only twenty minutes, the villain walked away with more than $5,000. Within months, his criminal customers attempted to file federal tax returns for the victimized employees and access their credit card accounts.
CAROLINE WAS A TWENTY-ONE-YEAR-OLD COLLEGE junior and was not having a great week. Midterms were fast approaching, she’d just had an ugly fight with her boyfriend, and her parents were upset that she’d recently been pulled over for speeding. They knew their insurance premiums were about to skyrocket. As Caroline prepared to leave for her next class, her cell phone rang. The caller ID indicated the call was coming from the local police department. Immediately, Caroline had a sick feeling in her stomach as she answered the phone. The caller identified himself as Detective Miller with the police department. He asked Caroline why she hadn’t yet responded to letters from the police that identified her as a driver running through a red light. He said the letters included a photograph taken by a traffic camera. Caroline told the officer that she hadn’t received the letter. The officer advised her that three letters had been sent to her campus address and that a warrant had been issued for her arrest. Her driver’s license was also going to be suspended for failing to appear in court. Caroline reached her breaking point and broke down in tears.
Miller seemed to take pity on Caroline and told her that she sounded like a nice girl. If she was willing to pay $250 in fines that day, he advised her, the violation would be removed from her driving record and her license wouldn’t be suspended. Caroline was relieved and told the officer that she’d come to the station later that day to pay the fines. But Miller told her that, since the violation was with the state police, she needed to go to Walmart and send a Western Union money order immediately. He then provided her with instructions on where to send the money.
Somewhere in the United States, a cybercriminal climbed off his couch, put on his pants, and drove to his local Walmart to receive $250. His life had changed for the better ever since he watched a YouTube video with instructions on how to make money quickly. The only thing he had to do was find people who had posted information about traffic tickets on their Facebook pages; after that, it wasn’t too difficult to obtain their telephone numbers. It was an easy way to make a living, and most of his victims were relieved to get off so cheaply. At least they wouldn’t lose their driver’s license or go to jail—not that this was ever even possible in this scenario.
MICHAEL WAS THE OWNER OF a successful services company. He was happily married, had two beautiful children, and was active in his church. One night, Michael received an enticing Facebook message from a woman with an exotic Asian name. Against Michael’s better judgment, he exchanged emails with the woman. They engaged in a few online conversations and got to know each other. At some point, she suggested they could talk to each other via Skype. Within five minutes, Michael was looking at a beautiful, young blonde woman, who appeared to be between twenty and twenty-five years old. She told him her name was Melania, and that she was from South Africa.
Somewhere in a remote village in Asia, members of a cybercrime extortion ring were putting their plan into action. The only thing left to do was push a button and record Michael’s Skype call. Michael locked the door of his office to give himself a little privacy; he didn’t know he was being video-recorded. Before long, Melania took off her clothes and started performing sex acts. She told Michael she wanted him to do the same thing. He did. After the call, he logged off and went back to work.
A few minutes later, Michael received an email from Melania, in which she told him she needed $10,000 to pay her mother’s medical bills. She had no choice but to demand the money from Michael to save her dying mother. A link to a private YouTube channel of Michael’s video was included in the email. The video’s quality was excellent, and there was no room for doubt that it was Michael who was unclothed and doing things he shouldn’t have been doing. Melania warned Michael that, if he didn’t send her the money, a link to the video would be sent to his Facebook friends, including his wife, children, fellow church members, and business associates.
Michael should have contacted law enforcement after receiving the ransom letter, but he didn’t. Although losing $10,000 would be a very expensive lesson, Michael believed it was a bargain to avoid public humiliation. He went to his bank and made a wire transfer to a bank in Russia. The location seemed odd to him since Melania claimed she was from South Africa, but he had been assured the video would be destroyed once the ransom was paid. He felt relieved to have dodged a bullet that might have destroyed his marriage and career and ruined his reputation for life.
Michael still felt relieved when he woke up the next morning. It almost seemed like a bad dream. But, when he checked his email, he found another message from Melania. She apologized and said the $10,000 he’d sent wasn’t enough. She needed him to transfer an additional $35,000 to the same bank account. Michael was furious and sent her an angry email, saying she hadn’t lived up to her end of the deal. She emailed him back immediately and reminded him what would happen if he didn’t pay. Michael didn’t think he had a choice, so he sent Melania another $35,000 that afternoon. Over the next several weeks, Michael sent her a total of $150,000.
By the time Michael called the FBI office, he was at the end of his rope. He was humiliated, had wiped out most of his retirement savings, and was actually considering suicide. I’m convinced the bad guys wouldn’t have stopped making demands until they’d drained every penny from Michael or, worse, he’d killed himself.
PATRICK WAS TWENTY-FIVE YEARS OLD and newly married when he and his wife saved $50,000 for a down payment on their first home. After numerous meetings, telephone calls, and emails, Patrick and his wife selected what they thought was their dream home. Shortly before closing on the property, Patrick’s broker told him he was only waiting for instructions from the title company about where to wire his down payment. A few hours later, Patrick received an email from a title company with detailed wire transfer instructions, including a bank account and routing number. Patrick went to his bank and withdrew his hard-earned $50,000. He provided the wire instructions to a bank official and left one step closer to becoming a first-time home buyer—or so he thought.
The next day, Patrick received an email from the actual title company with instructions on where to send the money. Obviously confused because he’d wired the money the previous day, Patrick emailed his broker. Patrick and his broker called the title company, and it took a while for everyone to get on the same page. The title company informed Patrick that it hadn’t sent the previous day’s email. Looking carefully at the title company’s instructions, Patrick became concerned that the routing number and bank account number were different than the ones from the previous day. Upon closer inspection, he also noticed the name of the title company was slightly altered in the email address in the earlier emails. Patrick called his bank to stop the wire transfer, but it was too late. An official from Patrick’s bank called someone from the bank where the money was sent, but the funds had already been withdrawn.
Obviously panicked about losing so much money, Patrick called the title company. Its attorney informed him, in a nice way, that it wasn’t responsible because it hadn’t sent the original email. Patrick contacted the local police, who told him the bank that received the money was located in another state and therefore out of its jurisdiction. Patrick called the state police, who told him it didn’t have the necessary resources to investigative cybercrime. He was instructed to notify the FBI, which directed him to go to the www.IC3.gov website and fill out a complaint to the FBI’s Internet Crime Complaint Center. As far as I know, Patrick is still trying to recover his money.
NOT LONG AGO, A WEALTHY older gentleman named David was comparing rates for certificates of deposits on the Internet. He found a bank in California that was offering a competitive rate; it wasn’t a great rate, but it was better than what local banks were offering. David was interested in investing a sizable amount of money, so even a quarter of a percentage point could mean a few thousand dollars in interest earned. David contacted the bank and spoke to a representative, who was pleasant and knowledgeable on the phone. During their conversation, the bank rep persuaded David to send $750,000 to the bank via wire transfer. David followed the man’s instructions and received a confirmation email.
David ...

Table of contents

  1. Cover
  2. Acknowledgments
  3. Introduction: Fear from Real Experience
  4. Chapter 1: Cybercrime
  5. Chapter 2: The Four Truths
  6. Chapter 3: Phishing
  7. Chapter 4: Think Before You Click
  8. Chapter 5: Mobile Device Safety
  9. Chapter 6: Password Safety
  10. Chapter 7: Strong Passwords
  11. Chapter 8: Two-Factor Authentication
  12. Chapter 9: Social Media Safety
  13. Chapter 10: Is the Cloud Safe?
  14. Chapter 11: Business Email Compromise
  15. Chapter 12: Real Estate Rip-offs
  16. Chapter 13: Work-from-Home Nightmares
  17. Chapter 14: Finding Mr. or Mrs. Wrong
  18. Chapter 15: Ransomware
  19. Chapter 16: Better Online Banking
  20. Chapter 17: Elder Scams
  21. Chapter 18: Keeping Kids Safe
  22. Afterword
  23. Resources to Prevent Cybercrime
  24. Works Cited
  25. About the Author
  26. Copyright