Safe Computing Lesson HW

[XavierTho]

Safe Computing – IOC-2: Risks to Personal Safety and Identity

IOC-2.A – Risks to Privacy from Collecting and Storing Personal Data

Popcorn Hack #1

Prompt: Think about a website/company/app that has access to your PII. Describe the service and the kind of data they might store on you. Then, answer the question: How would it affect you if this information was stolen, and what might hackers be able to do with it? (Think about fraud, connections to other websites)

Response:
Service: Amazon
Data Stored: Full name, shipping address, phone number, credit card information, purchase history, and possibly saved login credentials.

If this information were stolen:

• Hackers could use my credit card for fraudulent purchases.
• They could attempt credential stuffing attacks on other sites using the same email/password combo.
• My purchase history could be used for targeted phishing attempts.
• Address and name details could potentially be used in physical scams or identity theft attempts.

---

IOC-2.B – Protecting and Misusing Computing Resources

Popcorn Hack #2

Prompt: You receive an email warning that your bank account is locked and that you need to click a link to reset your password. What steps should you take before taking action?

Response:

1. Do NOT click the link.
2. Check the sender’s email address for legitimacy (is it from the official bank domain?).
3. Look for spelling/grammar errors or odd formatting in the message.
4. Open a new browser window and go directly to the bank's official website.
5. Contact the bank’s customer service using their official number (not the one in the email).
6. Report the email as phishing if it's confirmed fake.

---

IOC-2.C – Unauthorized Access to Computing Resources

Popcorn Hack #3

Prompt: How might public Wi-Fi networks be exploited by hackers, and what precautions should users take when connecting to them?

Response:
Public Wi-Fi networks can be exploited in the following ways:

• Hackers can set up rogue access points to intercept user data.
• They may conduct man-in-the-middle attacks to view transmitted data.
• Unencrypted connections can allow attackers to steal login credentials or other sensitive info.

Precautions:

• Avoid accessing sensitive accounts (banking, email) over public Wi-Fi.
• Use a VPN to encrypt your internet traffic.
• Turn off automatic connection to open networks.
• Ensure websites use HTTPS when browsing.

---

Homework MCQs

1. Which of the following is NOT considered PII?
   Correct Answer: C) Favorite movie

2. What is the purpose of multifactor authentication?
   Correct Answer: B) Adding additional verification steps beyond a password

3. What is one way hackers can gain unauthorized access to personal information?
   Correct Answer: A) Using keylogging software to record user keystrokes

4. How does public key encryption enhance security?
   Correct Answer: C) By using separate keys for encryption and decryption

5. Why should users be cautious when clicking links in emails?
   Correct Answer: A) Links can lead to malware-infected websites or phishing scams