Cyber Safety

INTERPOL suggests following cyber safety measures:-

General Safety

Reduce spam (which can contain viruses or be used for phishing)

• Keep your spam filter switched on;
• Be suspicious of unsolicited advertising and offers;
• Be on the alert if you do not know the sender;
• A trusted website or online payment processor will never ask you to confirm sensitive information like passwords or account details;
• Delete any suspected spam immediately and do NOT open any attachments.

Be alert to phishing scams

A phishing email may appear to come from a trusted source. Some warning signs are if the e-mail:

• Is sent from a free webmail address, not from an organization’s official address;
• Opens with a generic greeting, and is not personalized with your name;
• Contains a threat, for example that your account is not secure or may be shut down;
• Requests personal information such as username, password or bank details;
• Includes a link to a website with a URL (web address) that is different from the organization’s official address.

Browse safely

• Check the URL in the browser address bar and look for any spelling mistakes or unexpected names;
• Be suspicious if a website does not give any contact details;
• Before giving any personal or financial details, check that you are on a secure link. Look out for the ‘s’ in ‘https’, and a padlock symbol. 

Keep your computer safe from viruses and other technical problems by using the following:

• Firewall;
• Anti-virus software;
• OS Update (for security patches and bug fixes);
• Anti-spyware tools.

Other steps to take

• If you install file-sharing software, ensure it’s done properly;
• If you have a wireless network, make sure it’s encrypted;
• Block browser pop ups or try using different browsers;
• Open attachments only if they’re sent by people you know and trust;
• Create strong passwords – at least eight characters long and including a mixture of uppercase and lowercase letters, numbers, punctuation marks or symbols;
• Keep your passwords secret; never give them to anyone.

Simda botnet

Targeted in a global operation coordinated by INTERPOL in April 2015, the Simda botnet was used by cyber criminals to gain remote access to computers, enabling the theft of personal details, including banking passwords, as well as spreading other malware. Simda is believed to have infected more than 770,000 computers worldwide.

The majority of computer owners will be unaware their machine has been infected and are advised to check their devices and run a broad spectrum anti-virus software.

Microsoft has developed a free cleaning agent for Simda. If you have been infected by Simda.AT, run a comprehensive scan of your environment using Microsoft Safety Scanner, Microsoft Security Essentials or Windows Defender.

Kaspersky Lab has set up a self-check webpage where the public can see if their IP address has been found to be part of a Simda botnet: https://checkip.kaspersky.com

Free virus scans are available from:

• Kaspersky Lab: http://www.kaspersky.com/security-scan
• Trend Micro: http://housecall.trendmicro.com/
• Cyber Defense Institute: http://www.cyberdefense.jp/simda/

Computer users should clean their machines regularly, even after Simda has been removed, as other malware could remain.

Ransomware

Ransomware is a type of malware which blocks a computer or mobile device, or encrypts the data on a system, demanding money for restoration of the functionality.

In some cases, the name or logo of INTERPOL or a law enforcement agency will appear to trick the user into believing the police are involved.

In reality, INTERPOL never blocks computer systems, never threatens individual users and never demands money.

If you believe you are the victim of ransomware, cease all contact with the individual making the demand and contact your local or national law enforcement authorities.

Prevention tips

• Back up everything– It’s best to create two back-up copies: one stored in the cloud and one stored physically (portable hard drive, thumb drive, etc.). Disconnect these from your computer – if your back-up device remains connected, ransomware can infect it as well;

• Use robust antivirus software– Do not switch off the ‘heuristic functions’ as these help to catch new or altered samples of ransomware;

• Keep all the software on your computer up to date –When  your operating system (OS) or applications release a new version, install it. If the software offers automatic updating, use it;

• Trust no one– Any account can be compromised and malicious links can be sent from the accounts of people you know. Never open attachments in e-mails from someone you don’t know. Be wary of unsolicited e-mails from seemingly safe sources such as online stores, banks, the police or tax collection agencies;

• Enable the ‘Show file extensions’ optionin the Windows settings on your computer. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’;

• If you discover a rogue or unknown process on your machine,disconnect it immediatelyfrom the Internet or other network connections (such as Wi-Fi) to prevent the infection from spreading.

Additional WannaCry advice

• Disable smb v1, and install the Microsoft security patches to prevents Wannacry from spreading within your network.

No More Ransom

There are ways to protect yourself against ransomware, and to protect your data in case you become a victim. In addition, tools are available which can help infected users regain access to their systems.

INTERPOL supports the No More Ransom project which serves as a global resource on ransomware information and provides free access to tools which can decrypt data locked by many different types of ransomware.

Sextortion

Sextortion is defined as blackmail in which sexual information or images are used to extort sexual favours and/or money from the victim.

This online blackmail is often conducted by sophisticated organized criminal networks operating out of business-like locations similar to call centres.

Though there is no one method by which criminal target their victims, many individuals are targeted through websites including social media, dating, webcam or adult pornography sites.

Criminals often target hundreds of individuals around the world simultaneously, in an attempt to increase their chances of finding a victim.

How does it happen?

The blackmailer might assume the identity of an attractive man or woman then, after gaining the victim’s trust, will record footage of the victim in the nude or performing a sexual act.

The blackmailer threatens to circulate this footage to the victim’s friends or post it online unless a certain amount of money is paid.

In another method, the engagement between the victim and the criminal is interrupted by a child appearing on the screen during the sex act.

The victim then receives a demand, often appearing to come from a police agency, stating that an investigation will be launched unless the victim pays.

What to do if you believe you are being targeted?

Immediately cease all contact with the individual and report the matter to your local police and online service provider. If the blackmail is occurring through a social network, also alert the administrator.

Sinkholing

Sinkholing is an action whereby traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company.

This can be done by assuming control of the domains used by the criminals or IP addresses. When employed at a 100 per cent scale, infected computers can no longer reach the criminal command and control computer systems and so cannot be controlled.

The sinkholing infrastructure captures victims’ IP addresses, which can subsequently be used for notification and follow-up through dissemination to National CERTs and Network Owners.