Spam and Phishing Examples: ITGS Revision

With the final ITGS exams just around the corner, it is time to revise some basic computer security topics. Today: spam and phishing. Below are four examples of spam and phishing emails which I have received recently. You can click on the images to see a larger version, and I have written some brief notes about each one. You should be able to:
  1. Explain the potential (negative) impacts of spam and phishing emails
  2. Describe features of spam and phishing emails which help you identify them as such
  3. Describe security precautions that users can take to avoid the negative consequences of these emails.
Note: For several of these emails I downloaded attachments. This is generally a bad idea, so don't do it.

The first example is a classic phishing attempt - I have (of course) won the lottery (although disappointingly the amount is not specified) and has, for some reason, been deposited into the Reserve Bank of India (RBI). The email includes a few features designed to convince me of the email's authenticity: the 'official stamp' of the RBI at the top and a mention of the bank's governor, Mr Raghuram Rajan, and the United Nations Secretary General. Of course, the bank logo is just a simple image that anybody could include in their email, and while Mr Rahuram is indeed the governor of RBI according to Wikipedia, that means precisely nothing.
RBI phishing email
RBI phishing email
Aside from the rather fantastic story, there are several stand-out warning signs in this email: the English is, at best, difficult to comprehend and - most tellingly I am asked to send my personal details to Gmail account and an Outlook email account. Quite a disappointing end really - they couldn't even disguise the email links so they look like they would compose a message to somebody at RBI.

PayPal is another common target for phishing attacks. This email uses an old trick - "confirming" that a large transaction (240 Euros in this case) has been made from my account, in the hope that I will panic and in my rush to reject a transaction which I never made, follow the phisher's links. The email does something to imitate PayPal's style, including using the company's logo and their colours in the text. The email addresses have also been faked to look at though they came from EA (Electronic Arts - to whom the payment has supposedly been made).

However, despite this supposedly personal email there is a generic greeting ("Hello"), rather than my name. Hovering over the "Dispute Transaction" link at the bottom of the email reveals the link's true destination in the status bar - a website in Russia asking. Not something I will be clicking on soon...

PayPal phishing email
PayPal phishing email

The third email here also targets PayPal and uses a different attack strategy. The email itself looks rather unconvincing - poorly formatted and, while it does include a little footer with a PayPal copyright notice, there is no use of the company's logos or colours. The story is very concerning - PayPal have detected login attempts from a "foreign" IP address. Rather than lock my account, "all" I need to do is download the attached file (sure...) and fill in all of my personal details. So I did. Well, I downloaded the file anyway. This is generally not a good idea, but the attachment was HTML so I downloaded it and opened it in a text editor (not a web browser - I don't want to run any code inside it).

PayPal phishing email
PayPal phishing email

As it turns out, the HTML attachment contained markup for the following form which requests all of my personal details including my password and my credit card number. The form looks quite authentic - but of course is a total scam. No organisation is ever going to ask for your password, and you should never, ever send your credit card details in response to an email, or indeed over any unencrypted channel. I can't help thinking this phishing attempt would have been more convincing if the form had been part of the original email rather than a separate download.

PayPal phishing email
PayPal phishing email

The final example here is something I seem to be receiving more of - notices that couriers are unable to deliver packages. I guess everybody likes receiving packages and nobody wants to believe that they have missed a delivery, which should entice people to click on the email's links or (in this case) download the attachments. This email has a fairly bad attempt at writing a personalised greeting, using the username from my email address (author@....).

The email says the delivery label for my missed package has been attached. This particular attachment is a zip file, inside of which is a file ending in .js (JavaScript). Interestingly GMail marked the email as spam but its filters did not detect any threats when I downloaded the zip file (which is something you should not normally do, of course). However, my antivirus software (Avast) detected the threat, saying the zip file contained the JS:Decode-CAP[Tr] trojan, and wouldn't let me extract it (probably quite sensible). JS:Decode-CAP turns out to be a generic spyware trojan that would have secreted itself on my system monitoring keypresses and file access. Attachments are a classic way for criminals to try to deliver malware to users, so this is not surprising at all.

After reviewing the above examples, a reminder that you should be able to do the following for your upcoming ITGS exams:
  1. Explain the potential (negative) impacts of spam and phishing emails
  2. Describe features of spam and phishing emails which help you identify them as such
  3. Describe security precautions that users can take to avoid the negative consequences of these emails.

Related posts:

5 Big Data infographics for the ITGS Case Study 2015

With the May IB exams just around the corner, it is time to start revision of all topics on the ITGS syllabus, including the paper 3 case study. By now students should have collected a wide range of both secondary and primary research, be extremely familiar with the stakeholders and situation in the case study booklet, and be able to apply their research to the scenario described there.

As a quick reminder of some of the key concepts, here are five infographics that cover some of the key ideas and issues related to Big Data. You can also view my previous posts 7 examples of Big Data and 7 Videos about Big Data. Click on the infographics below to view the full-sized versions:

1. What is Big Data?
This first infographic gives an overview of the topic, covering some key concepts and explaining the sheer size of Big Data - much bigger than any traditional database. It also covers the key idea of structured data and unstructured data.
What is Big Data infographic
(Click for full version)

2. Building a Big Data Dream Team
Several key stakeholders are mentioned in the 2015 Case Study booklet, and this infographic gives an overview of the types of people the Asociación de Supermercados Independientes might need to employ in order to improve their current IT situation.
Big Data infographic
(Source: Dell Tech One)

3. Retailer's Guide to Big Data
Another infographic which explains the size of Big Data, plus the types of structured and unstructured data that are collected and the challenges many companies face when dealing with this volume of information.
Big Data guide - infographic
(Click for full version)

4. From Big Data to Big Personalizatiom
One of the most important uses of Big Data is to personalise the shopping experience for customers. This infographic explains some of the challenges of achieving these goals.
Big Data and personalization
(Click for full version)

5. The Future of Big Data
Big Data technologies and methods change and improve at a pace perhaps even faster than traditional IT developments. This infographic covers one of the key aspects of the 2015 case study - the sources from which data is collected. As students should know, Big Data consists of far, far more than transaction data collected at supermarket checkouts.
The future of Big Data
(Click for full version)

Related posts:

7 Examples of Big Data - ITGS Case Study 2015

Yesterday I posted 7 videos that focused on the first step of the ITGS case study - understanding basic idea of Big Data, the keys concepts and definitions of the term. 

Today I am posting 7 more videos which provide a deeper explanation of the benefits of Big Data in retail. Each of these videos includes specific examples of how Big Data can be used to improve marketing, increase customer loyalty, and improve business efficiency - all of which can be applied to the Asociación de Supermercados Independientes (ASI) in the case study. 

If you know of any more good videos, please do add a comment below.

1. Using Big Data to Improve the Customer Experience
This video from Oracle - who produce Big Data solutions - examines the process and benefits of Big Data analysis using a detailed case study of an online video store. It gives excellent examples of how specific pieces of information can be gathered, clustered, and analysed.

2. Hidden connections - Data analysis in brain and supermarket
A brief video focused specifically on supermarkets which explains some of the ways Big Data can be used - for example, to determine which products to place near each other on the shelves.

3. The Data Storm - Retail and the Big Data Revolution
The Data Storm discusses the advantages of using data in marketing to increase sales and brand loyalty, with examples from Office Depot and Karen Millen.

4. Deliver Personalized Retail Experiences Using Big Data
This analysis of Big Data focuses on "turning customers into fans" - using Big Data to create personalised shopping experiences that encourage customers to return again and again. It features several great examples from the Milano fashion brand, explaining how data from personal profiles and social media like Facebook and Pinterest can be harnessed.

5. Beyond big data: New perspectives on marketing
Focusing specifically on grocery stores and supermarkets, this video examines the collection of use of consumer data. It uses Big Data to answer a number of questions about customers, including which products they are likely to buy, and how likely they are to switch brands - lots of examples which can readily be applied to the supermarkets case study.

6. Big Data Analytics: 11 Case Histories and Success Stories
This video includes a lot good, brief examples of the use of Big Data (not always linked to retail), including the famous example of Target knowing a girl was pregnant before her father did.

7. What is Predictive Analytics?
This presentation is a little bit dry, but still quite accessible for ITGS students. It contains a lot of excellent information about the types of data that can be collected as part of a Big Data system, and the ways that data can be used. Definitely worth a watch, as it covers a lot of the key terminology in the case study document.

Do you know of other videos that would be helpful for the 2015 case study? Please leave a comment below.

Related posts:

7 Videos about Big Data for the ITGS Case Study
The 2015 ITGS case study for the paper 3 exam is entitled Asociación de Supermercados Independientes (ASI) - An investigation into Big Data. In the case study scenario a group of supermarkets are investigating the possibility of using loyalty cards and other systems to collect data about their processes and their customers, and using Big Data analysis techniques to leverage that information for a competitive advantage. To successfully answer questions on the paper 3 exams students will need to understand the general concept of Big Data as well as how it can be applied to supermarkets and the ASI group. Here are seven videos that explain what Big Data is and how it can be used:

1. Big Data
This short animated video highlights the development of data storage systems from standalone computers to networked machines to systems that collect and process Big Data. This is a good video to watch first because it helps establish the scale and reach of modern computer systems.

2. Videographic: What is Big Data?
A short video about Big Data which uses a lot of graphs and charts to explain the falling cost and rapidly rising capacity of data storage, and how the resultant data can be used.

3. What is Better Data?
This is a very short video which asks a variety of industry stakeholders what they believe Big Data is and how it will impact our world in the future.

4. Explaining Big Data
Explaining Big Data is a great introduction to the topic, clearly explaining how Big Data differs from "normal" data sets stored in traditional relational databases. It covers in simple terms issues such as data volume, structure, and variety.

5. What is Big Data?
What is Big Data? Big Data Explained is another video which does a good job of explaining the difference between Big Data sets and more traditional databases that ITGS students may be more familiar with.

6. Big Data 101
In this video Intel start to explain some of the advantages businesses can leverage from Big Data and provide an excellent example of how data-based decision making can improve efficiency.

7. Big Data is Better Data
This TED talk explains the benefits of Big Data not just to business but to humanity as a whole, using a variety of examples to highlight the hidden and previously unknown patterns that can be uncovered.

Related posts:

Studying for the ITGS Case Study 2015

Paper 3 makes up the final 25% of a Higher Level student's ITGS course, and is based on an annually issued case study. The case study for paper 3 in 2015 is Asociación de Supermercados Independientes - An investigation into Big Data. Students must investigate this case study over a series of months, understanding the underlying situation, the relevant technology, and the social and ethical issues raised by both the current system and the system the Asociación de Supermercados Independientes (ASI) intend to implement.

A key part of the case study process is performing primary research, which may be in the form of interviews, trips, or visiting speakers. However, before students can perform primary research they need a clear understanding of the case study situation and the underlying technologies. The following sites have very useful resources that can aid students in this initial secondary research: Stevenson's ITGS class has links to a lot of useful videos covering the technology in the case study (strand 3), as well as videos explaining the more general uses of Big Data, like predicting crime. The site also has links to some very interesting courses on Big Data, which are free to take online (a good link to the Education strand of ITGS too). teacher-run wiki ITGSopedia has a page dedicated to the 2015 case study. It contains a variety of secondary resources - mainly videos - that explain the concepts of Big Data and the issues related to loyalty cards. It also contains a link to the Case Study 2015 Facebook page where new resources are posted on a semi-regular basis. ITGS textbook support website has a range of resources for this year's case study, including lesson ideas, news articles, and secondary research links. The activities cover the various systems and issues that arise in the case study booklet, including system fundamentals, networks, loyalty cards and Big Data schemes, and many real-life examples.

Related posts:

Three ITGS news articles from the last week

Staying up to date to developments in information technology in essential for ITGS. As well as providing excellent real-life examples and case studies, reading news articles helps students development analytical skills which are essential for the exams - especially paper 2. Here are three ITGS related news articles from the last week.

Online Privacy: Regional Differences
With online privacy rarely out of the headlines, this articles examines global approaches to data privacy protection. Legislation in the US, Europe, and Japan are explained in detail, making this a great opportunity to study real-life examples and discuss the benefits and disadvantages of different policies and their impact on privacy. (Read article)

Strong Networks: The Backbone for Modern Learning
New learning technologies and their impact on education are a key part of the ITGS syllabus. This article from EdTech magazines focuses on 'behind the scenes' technology: the network infrastructure needed to support these new developments. Examining the situation in a real-life school in Cicero, Illinois, the article explains the required hardware and software to support a large school with thousands of students. Packed with details of Gigabit routers, virtualization, cloud computing, and staff training, it is perfect for studying networks in strand 3. (Read article)

Controversial mass murder video game
The upcoming video game Hatred has seen quite a lot of press recently. Taking the role of an unnamed character who hates humanity, the goal of the game appears to be simply to kill as many people as possible. The graphic violence, including executions, make it one of the few games in Australia to earn an Adults-Only rating for violence. The article is a good opportunity to link with the Home and Leisure and the Health areas of ITGS, discuss the ethical issues related to such games, and examine the hardware developments which have made such realistic games. (Read article)

You might also like reading:

Use Google Earth Pro to teach GIS (for free!)

Google Earth Pro, once a $399 licence, is now available for free. The professional version of Google's well-known mapping software adds several new features including the ability to make high definition "fly-through" movies of the earth, the ability to take area measurements, and a facility to import GIS data and display it in layers over the digital map. 

Rainfall data layer from NASA Earth Observatory added to Google Earth Pro

This last feature could be particularly useful for ITGS teachers as it allows access to a vast amount of data in industry standard GIS data formats, rather than being limited to Google's KML file format. Many governments and organisations make administrative, cultural, and geographical data sets available online for free, and sites like GISGeography have large lists and descriptions of the best sources, including: Socioeconomic Data and Applications Center (SEDAC) offers daily updates of global data taken by NASA's Earth Observing System Data and Information System. The separate NASA Earth Observatory (NEO) site is also a must-visit. The rainfall map show above is from NEO. Topography provides high resolution topgraphy data acquired using Lidar techniques. At the moment the site primarily features data from the United States, but there are a few examples available from other countries too. Stanford Geospatial Center has gathered a wide range of GIS data sets. They are sorted by theme and tend to focus on physical geography, although there are quite a few data sets with social and economic data too.

While not technically a full Geographic Information System, the Pro version of Google Earth has many competing features and presents ITGS teachers with a great opportunity to add a practical angle to teaching this topic. With such a wide range of data layers available, students could investigate many different questions such as the best location to build a new hospital (perhaps using land value data, health data, population data) or the best way to protect wildlife from human interference (using land use data, road maps, and terrain type information).

As many of the sources above gather their data using Lidar and other remote sensing techniques, this is also a good opportunity to discuss the applications and benefits of these technologies.

You can register online to obtain your Google Earth Pro free licence key.

Related posts:

911 Emergency system failure 'terrifying'

In what the Federal Communications Commission called a 'terrifying' example of software failure, on April 9, 2014 the 911 emergency telephone system in Washington State and Oregon shut down just before midnight, leaving hundreds of callers unable to contact police, ambulance, or rescue services.
 Julian Schüngel CC-BY-NC-ND
A recently released investigation by the Federal Communications Commission eventually revealed that the outage affected not only Washington State and Oregon, but also 81 emergency dispatch centres in "California, Florida, Minnesota, North Carolina, Pennsylvania and South Carolina", and that up to 6,600 emergency 911 calls went unanswered during the two hour long outage. In total up to 11 million people were potentially at risk of being unable to contact emergency services.

The problem, which is explained clearly in IEEE Spectrum, seems to stem from unique identifying codes (primary keys) assigned to each call to keep track of it through the system. On the night of the failure the system hit a pre-set limit for these codes and wouldn't issue any higher (this sounds like a roll-over bug - as a variable reaches the highest number it can store). Unfortunately this problem was compounded by the failure of the failover and monitoring systems, designed to keep the system running in an outage such as this. 
Luckily law enforcement believes that nobody died as a result of being unable to contact the emergency services, but clearly as well as being a significant failure in its own right, this system highlights our reliance on modern telecommunications systems and the dangers that failures pose. No wonder, then, that telephone networks are often cited as potential targets for cyber-terrorist attacks.
IEEE Spectrum has the full story of the failure.