318                                                     10  E-Commerce Security and Fraud Issues and Protections

             General, Administrative, and Other Controls      becomes a necessity for any successful social networking
                                                              initiative.
           The major categories of general controls are physical   Social networking spans many different applications and
             controls, administrative controls, and other controls. A brief  services. Therefore, many methods and tools are available to
           description of general controls is provided next.  defend such systems. Many of the solutions are technical in
                                                              nature and are outside the scope of this book.
           Physical Controls
           Physical controls protect computer facilities and resources,  Protecting Against Phishing
           including the physical area where computing facilities are  Because there are many phishing methods, there are many
           located. The controls provide protection against natural haz-  defense methods as well. Illustrative examples are provided
           ards, criminal attacks, and some human error.      by Symantec (2009) and the FTC Consumer Information at
              Network access control software is offered by all major secu-  consumer.ftc.gov/articles/0003-phishing. For risk and fraud
           rity vendors (e.g., see symantec.com/endpoint-protection).  insights, see sas.com/en_us/insights/risk-fraud.html.

           Administrative Controls                            Protecting Against Malvertising
           Administrative controls are defined by management and cover  According to TechTarget, malvertising (malicious  advertising)
           guidelines and compliance issuing and monitoring.  “is an advertisement on the Internet that is capable of infecting
                                                              the  viewer’s  computer  with  malware.”  Microsoft  combats
             Protecting Against Spam                          malvertising by taking legal action against malvertisers.

           Sending spam that includes a sales pitch and looks like per-    Protecting Against Spyware
           sonal, legitimate e-mail and may bypass filters is a violation of
           the U.S. Controlling the Assault of Non-Solicited Pornography  In response to the emergence of spyware, a large variety of
           and Marketing (CAN-SPAM) Act of 2003. However, many  antispyware software exists. Antispyware laws, available in
           spammers hide their identity by using hijacked PCs or spam  many jurisdictions, usually target any malicious software
           zombies to avoid detection and identification. For protecting  that is installed without the knowledge of users.  The
           your system against botnet attacks, which also spread a huge  U.S.  Federal  Trade Commission advises consumers about
           volume.                                            spyware infections. For details and resources, see ftc.gov/
                                                              news-events/media-resources/identity-theft-and-data-
             Protecting Your Computer from Pop-Up Ads         security/spyware-and-malware.


           The use of pop-ups and similar advertising methods is grow-    Protecting Against Cyberwars
           ing rapidly. Sometimes it is even difficult to close these ads
           when they appear on the screen. Some of these ads may be  This is a difficult task since these attacks usually come from
           part of a consumer’s permitted marketing agreement, but  foreign countries. The U.S. government is developing tools
           most are unsolicited. What can a user do about unsolicited  that will mine social media sites to predict cyberattacks. The
           pop-up ads? Here are some resources:               tools will monitor all Facebook, Twitter, and other social net-
              Panicware, Inc.’s Pop-Up Stopper Free Edition (pop-up-  works sites to interpret content. The idea is to automate the
           stopper-free-edition.software.informer.com), Softonic’s Pop  process.
           up Blocker (pop-up-blocker.en.softonic.com/download), and
           AdFender (adfender.com); others are available for a fee. For a
           list, see snapfiles.com; and for a list of blocker software for   Business Continuity and Disaster Recovery
           Windows, see download.cnet.com/windows/popup-blocker-
           software. Many ISPs and major browser makers (e.g., Google,  Disasters may occur without warning. A prudent defense is
           Microsoft, Yahoo!, Mozilla) offer tools to stop pop-ups.  to have a business continuity plan, mainly consisting of a
                                                              disaster recovery plan. Such a plan describes the details of
             Protecting Against Other Social Engineering Attacks  the recovery process from major disasters such as loss of all
                                                              (or most) of the computing facilities or the data.
           With the increasing number of social engineering attacks via
           websites and in social networks comes the need for better   Example: Hospital Paid Ransom after Malware Attack
           protection. The open-source environment and the interactive  Hollywood Presbyterian Medical Center paid a ransom of
           nature of the technology also create risks. Thus, EC security  $17,000  in Britain (so the) blackmailer-hacker cannot be