Internet Security Servers Hacking Publicly available information Information

Internet Security § § § Servers Hacking Publicly available information Information storage Intrusion methods – Phishing – Pharming – Spyware § Viruses § Spam § Identity theft MKTG 476 SECURITY Lars Perner, Instructor 1

Concerns Shared by Firms and Consumers § Identity theft § Fraudulent use of credit cards or bank accounts § Loss of privacy § Consumer reluctance to shop online due to fears of fraud § Costs of authentication MKTG 476 SECURITY Lars Perner, Instructor 2

Consumer Privacy Concerns § Large amounts of consumer information can be bought online § Some information is available to the public through government offices—e. g. , – – § Information inadvertently posted online § Information posted without consent of customer Real estate ownership Vehicle registrations Licenses (driver’s /professional) Personal records—e. g. , § § MKTG 476 – E. g. , employment records – E. g. , membership directories Marriage divorce Certain tax liens Certain criminal records Bankruptcies SECURITY Lars Perner, Instructor 3

Consumer Privacy Concerns, Part II § Online services combining information – Information sold by vendors (e. g. , unlisted phone numbers of customers; purchase histories) – Aggregation of databases (e. g. , combining multiple phone directories and real-estate recordings) MKTG 476 § Information that is only supposed to be available when authorized – Credit records – Medical § Some information may be available only to certain kinds of users SECURITY Lars Perner, Instructor 4

Online Data Storage § Types of information stored on customers – Login, passwords – Credit card information – Purchase histories – Home addresses – Other personal info § May or may not have resulted from online transactions—databases are often networked for internal firm use MKTG 476 SECURITY Lars Perner, Instructor 5

“Vulnerable” Information § Social security numbers § Place and date of birth; mother’s maiden name § Home address § Login and passwords § Financial information MKTG 476 SECURITY Lars Perner, Instructor 6

Data Interception § By employees or others with direct access to information § Cyber thieves may attempt to access information through – Phishing/pharming – Host computer § Log-in through insecure passwords § Hacking – Internet traffic – Local networks—especially wireless with limited or no security MKTG 476 SECURITY Lars Perner, Instructor 7

Password Vulnerabilities § § Disclosure to strangers Theft of databases Phishing Use of obvious passwords – Common words – Personal information—e. g. , phone number, address, birthday § Passwords not frequently changed § Password “sniffers” MKTG 476 SECURITY Lars Perner, Instructor 8

Some Security Measures § Encryption § Tracking of IP address of entry into the computer § Secondary passwords § Consumer chosen icon – In e-mails – At site, once origin IP address is recognized MKTG 476 SECURITY Lars Perner, Instructor 9

Servers § “Denial of service” § Hacking – Numerous “requests to identify” are sent to targeted server – The server may slow down or become entirely in accessible – Computers and servers infected through viruses are often targeted – Mostly intended as “vandalism” MKTG 476 SECURITY – “Hackers” break into computer systems – Purposes § Taking on challenge/political expression § Vandalism § Stealing information Lars Perner, Instructor 10

Hacking § Established software has “holes” that are gradually discovered § May be able to “crash” sites and access “core dump” files intended for use by programmers to identify problems § Exploitation of “back doors” left by programmers MKTG 476 SECURITY Lars Perner, Instructor 11

Phishing § Consumer receives an email asking that he or she log in to take care of account issues § This e-mail contains a legitimate-looking hyperlink title but the actual link is to a take site § 1% of consumers are estimated to fall for the hoax MKTG 476 § The consumer logs into a fake site, providing login, password, and other info SECURITY Lars Perner, Instructor 12

Phishing--Remedies § Consumer education § Software safeguards § Quick identification of phishing sites – Cooperation with host – Denial-of-service attacks if needed – Massive entry of fake data – Warning if the internal link does not match the title § Feasible only when the title features an actual address § E-mail filters – – – E-mail programs Server Anti-virus software MKTG 476 § Tracing of logins based from origin of phishing email or site SECURITY Lars Perner, Instructor 13

Pharming § The user attempts to go to a legitimate web site address but is redirected – Through hacking of DNS servers (match domain names with numerical IP address) – Through false report of changed server to DNS registrar – Malicious code in “trojan horse” or virus to redirect traffic MKTG 476 SECURITY Lars Perner, Instructor 14

Viruses § “Malicious code” that attacks a computer to – Cause damage (vandalism) – Serve as spam or denial of service attack server – Transmit data § Spread through – Software (as trojan horse or through infection of legitimate software) – E-mail attachments – Online activity MKTG 476 SECURITY Lars Perner, Instructor 15

Trojan Horses § Legitimate-looking software intended to spread malicious code § User downloads software and once run, malicious code is run with results similar to those of viruses MKTG 476 SECURITY Lars Perner, Instructor 16

“Spyware” § Software that sends back user information through Internet connection § Legal vs. illegal – Legitimate and authorized by user – Non-malicious intent but not authorized – Malicious § May be spread through program, trojan, or virus MKTG 476 SECURITY Lars Perner, Instructor 17

E-mail Spam § Unsolicited e-mail messages § Unsolicited contacts have always happened but telemarketing and bulk mail are more expensive than e-mail § Very low response rate but very low cost of distribution § Usually sent by – Unauthorized vendors – Fraudulent persons/vendors MKTG 476 SECURITY Lars Perner, Instructor 18

Determining When E-mail Is Likely to Be Welcome § Individual vs. mall mailing § Established relationship with receiver – Logistical communication – Offering of new services – Promoting services by others § Opt-in policies MKTG 476 SECURITY Lars Perner, Instructor 19

Spam Remedies § Termination by host § Anti-spam programs – E-mail generally sent through SMTP servers located at the Internet Service Provider (ISP) site – Problems – Locations § § § In e-mail servers On the user’s computer At local server – Problems § Foreign governments may not cooperate § Spammer may move on to other addresses quickly § Distinguishing legitimate messages from nonlegitimate – Imperfect algorithms § Regulatory – Legal limits – Litigation of offenders in reachable jurisdictions MKTG 476 SECURITY Lars Perner, Instructor 20