Page 24 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 24
Information Security and Privacy
Notes The users should detest themselves from downloading freeware. It is often observed that
organizations block free download software to prevent themselves from the attack of Trojan
horses.
Notes Sometimes, a computer infected with Trojan horse are required to be reformatted,
therefore, it is suggested that preventive steps need to enforced effectively than curing the
infected computer system.
2.3.3 Spam
Spam constitutes 70 to 84 percent of daily emails sent throughout the world that demands an
ever increasing need for IT resources to filter out this irritating and potentially malicious menace.
Spam email comprises of unsolicited emails promoting products and coordinated spam attacks
to consume so much bandwidth on a network so as to cause it to crash. Spam may use techniques
“news service” spam, which uses legitimate news headlines to trick recipients into opening
spam emails. Good email filters are used to filter the spams. And much of what slips through can
be avoided by staying away not to trick with the emails. There should be check for signing of
any online service or freebie.
!
Caution The naming system for creating email accounts should not be easily guessable
because spammers are increasingly going through common name lists in order to harvest
emails to spam.
2.3.4 Phishing
Emails with titles such as, “URGENT: Update Account Status” are all attempts by a spammer to
“phish” the account details. The Phishing refers to spam emails to trick recipients into clicking
on a link to an insecure website and provide details considering the website as genuine one.
Typically, phishing attempts are carried out to steal account information for e-commerce sites
such as banks, eBay or regular financial institutions’ websites. A phishing email tricks the user
to click a link, which will take the user to a page where the user is asked to re-enter all his or her
account details including credit card number(s) and/or passwords. These websites are not actual
site, even though they look like it.
Notes To protect the network, users should be vigilant and detest themselves to opening
and providing vital details requested by any financial institutions. They should confirm
the integrity before supplying such details. Financial institution should also educate their
employees about the most common ways in which hackers try to phish the account
information.
2.3.5 Password Attacks
A ‘Password Attack’ includes a number of techniques used by hackers to steal passwords. Some
of them are listed as follows:
18 LOVELY PROFESSIONAL UNIVERSITY
