Projeto de um dispositivo de autenticação e assinatura. / Design and implementation of an authentication device.

Vieira, Gustavo Yamasaki Martins

15 October 2007

Atualmente o uso de senhas, método comum para efetuar autenticação em páginas da internet, mostra-se uma alternativa com problemas de segurança devido ao aumento de ataques baseados em spyware e phishing. O objetivo desses ataques é obter a senha do usuário, isto é, sua identidade digital sem que o usuário perceba o ocorrido. Para conter esse tipo de ataque, instituições financeiras começaram a adotar a autenticação forte, técnica que emprega o uso simultâneo de múltiplos autenticadores. A combinação das vantagens dos diferentes autenticadores resulta em uma atenuação mútua de suas vulnerabilidades e, em conseqüência, um método mais seguro de verificação de identidade. Esse trabalho apresenta o projeto e a implementação de um dispositivo de autenticação, permitindo combinar o uso de senhas e autenticadores baseados em objeto. As principais características do dispositivo são o seu custo reduzido e o uso de algoritmos criptográficos com código aberto. Algoritmos de código aberto possuem a sua segurança averiguada de forma ampla e independente, característica que dá maior confiabilidade ao sistema, permitindo a qualquer pessoa avaliar o código executado pelo dispositivo. / Currently, password-based authentication is the most widespread identity verification method for web pages access. However it presents security issues due to the growth of attacks based on spywares and phishing. The main purpose of both techniques is the digital identity theft, that is, stealing users\' passwords in an unnoticed way. In order to counter this type of attack, many financial institutions have adopted strong authentication, a technique that employs a simultaneous use of different authentication factors. By synergistically combining the advantages of distinct factors, such arrangement results in the mutual mitigation of the vulnerabilities of each one, yielding an architecturally safer identity verification method. This work presents the design and implementation of an authentication device, which combines passwordbased and object-based authenticators. Its main distinguishing features are the reduced cost and the use of open sourced cryptographic algorithms. Open source algorithms have their security widely and independently verified, a characteristic that helps increase the system\'s reliability, since third parties may check the source code running on the device.

Authentication

Phishing

Scam

Security

Segurança na internet

Token

Projeto de um dispositivo de autenticação e assinatura. / Design and implementation of an authentication device.

Gustavo Yamasaki Martins Vieira

15 October 2007

Atualmente o uso de senhas, método comum para efetuar autenticação em páginas da internet, mostra-se uma alternativa com problemas de segurança devido ao aumento de ataques baseados em spyware e phishing. O objetivo desses ataques é obter a senha do usuário, isto é, sua identidade digital sem que o usuário perceba o ocorrido. Para conter esse tipo de ataque, instituições financeiras começaram a adotar a autenticação forte, técnica que emprega o uso simultâneo de múltiplos autenticadores. A combinação das vantagens dos diferentes autenticadores resulta em uma atenuação mútua de suas vulnerabilidades e, em conseqüência, um método mais seguro de verificação de identidade. Esse trabalho apresenta o projeto e a implementação de um dispositivo de autenticação, permitindo combinar o uso de senhas e autenticadores baseados em objeto. As principais características do dispositivo são o seu custo reduzido e o uso de algoritmos criptográficos com código aberto. Algoritmos de código aberto possuem a sua segurança averiguada de forma ampla e independente, característica que dá maior confiabilidade ao sistema, permitindo a qualquer pessoa avaliar o código executado pelo dispositivo. / Currently, password-based authentication is the most widespread identity verification method for web pages access. However it presents security issues due to the growth of attacks based on spywares and phishing. The main purpose of both techniques is the digital identity theft, that is, stealing users\' passwords in an unnoticed way. In order to counter this type of attack, many financial institutions have adopted strong authentication, a technique that employs a simultaneous use of different authentication factors. By synergistically combining the advantages of distinct factors, such arrangement results in the mutual mitigation of the vulnerabilities of each one, yielding an architecturally safer identity verification method. This work presents the design and implementation of an authentication device, which combines passwordbased and object-based authenticators. Its main distinguishing features are the reduced cost and the use of open sourced cryptographic algorithms. Open source algorithms have their security widely and independently verified, a characteristic that helps increase the system\'s reliability, since third parties may check the source code running on the device.

Segurança na internet

Authentication

Phishing

Scam

Security

Token

SCAM et modélisation 3-D du canal TRPV5

Dionne, François

January 2007

Mémoire numérisé par la Division de la gestion de documents et des archives de l'Université de Montréal

Modélisation 3D

TRPV5

Alignement de structures secondaires

SCAM

Canaux ioniques

Canaux urinaires

Filtre de sélectivité

To deceive the receiver : A genre analysis of the electronic variety of Nigerian scam letters

Bredesjö Budge, Susanne

January 2006

This essay analyses fifty electronic Nigerian scam letters or spam in order to find out whether they can be considered a genre of their own according to Swales’ (1990) definition. It is comparing the Nigerian scam letters to sales promotion letters, as presented by Bhatia (1993). The functional moves Bhatia (1993) found in the sales promotion letters were applied to the Nigerian scam letters, and three functional moves unique for the scam letters were established. The functional moves specific to the Nigerian scam letters together with the scam letters’ compatibility with Swales’ (1990) definition of genre, give support for this essay’s argument that the Nigerian scam letters constitute a genre of their own.

Spam

Nigerian scam letters

Genre analysis

Specific Languages

Studier av enskilda språk

El impacto del scam advertising social de Cannes Awards en la ética publicitaria / The impact of social scam advertising of Cannes Awards in advertising ethics

Longaray Kovalchuk, Enrique Vladimir

15 August 2020

El presente artículo analiza las campañas sociales que se han valido de anuncios falsos (scam ads) con el propósito de ganar premios. Identificaremos si los premios de la industria publicitaria están fomentando una cultura de publicidad social antiética y cómo lo están haciendo. Para ello se realizará un análisis cualitativo de una campaña social reciente ganadora de premios en Cannes Lions que fue identificada como scam ad. El caso es “A Love Song Written By a Murderer” de la agencia Circus GREY (Perú, 2017). Esta campaña será analizada desde el enfoque de la ética. Esto se debe a que consideramos que el scam advertising genera un debate ético sobre la pertinencia de estas prácticas en la industria publicitaria y sus premiaciones en festivales como Cannes Lions a lo largo de los años. En ese sentido, utilizaremos las posturas del utilitarismo ético, la deontología Kantiana, y la ética publicitaria. A su vez, el análisis será complementado con entrevistas a publicistas con experiencia en el campo de la publicidad social. / This paper is focused on analyzing social campaigns that used fake ads (scam ads) with the purpose of winning awards. We will identify if the festival awards of the advertising industry are encouraging a culture of anti-ethic social advertising and how are they doing it. Because of that, we are going to do a qualitative analysis of a recent social campaign that won in Cannes Lions and was identified as a scam ad. The selected campaign is “A Love Song Written By a Murderer” by Circus GREY (Peru, 2017). This campaign will be analyzed from the perspective of ethics. The reason of that is because scam advertising represents a problem that generates an ethic debate about la pertinence of this practices in the advertising industry and it´s festival awards like Cannes Lions. Because of that, we are going to use the ethic utilitarianism, the ethic deontology (specifically Kant´s deontology) and the advertising ethics. In addition, we´re going to complement the analysis by interviewing publicists that are experienced in the field of social advertising. / Trabajo de investigación

Ética publicitaria

Publicidad social

Publicidad

Scam advertising

Cannes awards

Advertising ethics

Social advertising

Advertising

Characterizing Bitcoin Spam Emails : An analysis of what makes certain Bitcoin spams generate millions of dollars

Flodmark, Axel, Jakum, Markus

January 2022

Bitcoin scams cause billions of dollars worth of damage every year, targeting both large corporations as well as individuals. A commonly used method for these scams is spam emails. These emails all share the same intention of trying to trick people into sending Bit- coin to the address attached in the emails, which can be done using various methods like threats and social engineering. This thesis investigates Bitcoin spam emails and tries to dis- tinguish the characteristics of the successful ones. The study was conducted by collecting data on 250,000+ Bitcoin addresses from emails that have all been reported as spam to the Bitcoinabuse website. These addresses were analyzed using their number of transactions and final balance, which were extracted with a Python script using Blockchain’s public API. It was found that the successful Bitcoin spam emails only made up a tiny percentage of the entire data set. Looking at the most successful subset of spams, a few key aspects were found that distinguished them from the rest. The most successful spam emails were using blackmail techniques such as sextortion and ransomware to fool their victims. This method is believed to work so well because of the emotional response it invokes from the victims, which in many cases is enough for them to fold. In addition, luck seemed to play a rather big role for the scams to work. The emails had to reach the perfect target: a per- son that would fall for the trick, have money to send as well as the knowledge to buy and transfer Bitcoin. To increase the odds of finding these types of people, the scammers send emails in large volumes.

bitcoin

spam

scam

blockchain

Computer Engineering

Datorteknik

Other Computer and Information Science

Annan data- och informationsvetenskap

Willing to be scammed : how self-control impacts Internet scam compliance

Modic, David

January 2012

At any given moment in time, there are people complying with fraudulent requests (i.e. scams) on the Internet. While the incidence rates are low (between five and ten percent of the population becoming victims on a yearly basis), the financial and emotional consequences can be high. In this Thesis we composed a unified theory of which factors made individuals more likely to comply with scams and what psychological mechanisms are unwittingly employed by con-men to make their (illegitimate marketing) offers more enticing. The strongest overall predictor of scam compliance (i.e. the extent to which an individual is likely to comply with fraudulent requests) was the level of self-control, regardless of the observed stage of a scam. On the basis of previous research, we postulated and have empirically shown that falling for a scam is a 3-stage process (i.e. assessing a scam to be plausible - plausiblity, responding to scammers - responded and, finally, losing utility to them – lost out). Taking this paradigm into account, we analysed the three stages in separate investigations and tested the viability of various psychological factors that play a role in them. We hypothesized that attitudes towards risky choices would play a role in finding an Internet scam plausible and thus started our investigation by transferring one of the classic economic psychological theories (i.e. Prospect Theory) into a virtual setting and demonstrated that risk preferences remain unchanged between concrete and virtual settings. Our investigation showed that attitudes towards risk are similar across virtual and concrete domains, but did not yield a reliable psychometric scale measuring risk preferences. As a corollary, in Chapter 3, we investigated psychological mechanisms that influence risky preferences as applied to all three stages of scam compliance. The empirical investigation in Chapter 3 of the present Thesis focused on social psychological mechanisms of persuasion. A scale of susceptibility to persuasion was developed, validated and then applied to the phenomena of scam compliance in two studies. Four reliable factors contributing to susceptibility to persuasion emerged: influence of authority, social influence, self-control and the need for consistency. The susceptibility to persuasion scale was then used to predict overall lifetime (study 1) and time-limited (study 2) scam compliance across the three stages of scams. Social Influence weakly predicted the plausibility stage in study 1, while strongly predicting the response stage in study 2. The need for consistency strongly predicted response stages in both studies. While compliance with requests from authorities did not predict responses to any of the stages in study 1, it weakly predicted the plausibility of a scam and strongly predicted responding to it in study 2. Weak self-control was a significant predictor of losing funds in study 1 and a strong predictor of responding to scams in study 2. As lack of self-control (as a personality trait) emerged as one of the significant predictors of scam compliance, this led us to infer that there were other personality traits that would contribute to understanding scam compliance. That became the topic of Chapter 4 of the present Thesis. In Chapter 4, we used the five factor model of personality, a brief self-control scale and the UPPS impulsive behaviour scale to measure the impact of personality traits on scam compliance in the response stage. Results showed that extraversion, openness, self-control, premeditation, sensation seeking and (negative) urgency had an influence on the response rates to fraudulent offers. Lack of self-control (as a personality trait) again emerged as a strong predictor of overall scam compliance, which led us to infer that self-control as a cognitive state would also contribute to measuring scam compliance in general and in specific types of fraud. The investigation reported in Chapter 3 showed fraudulent Internet auctions to be an effective scam. As a consequence of these two findings, in Chapter 5, we investigated the impact of self-regulatory fatigue on compliance with fraudulent Internet auctions. In the empirical investigation in Chapter 5 180 respondents in two groups were exposed to a cognitive task designed to be ego-depleting and then to a constructed fraudulent Internet auction. They were asked a series of questions concerned with the likelihood of them purchasing a desired item (i.e. the third stage of a scam) and its appeal to them. We found no evidence that lowered self-control (as a state) had any impact on the appeal of fraudulent offer or the likelihood of purchasing it. We also demonstrated that the perception of risk in the fraudulent Internet auctions is most strongly influenced by the feedback mechanisms and the sellers’ ability to use correct English. In the conclusion to the present Thesis we discussed the implications of our empirical investigations and constructed a fictional fraudulent offer that would be effective according to our research. It should, for example, be based on the advance fee schemes and should be delivered over the Internet to reach the most potential victims. Once we had created an outline of an effective scam, we used that as our starting point to suggest mechanisms that would be effective in resisting it. For example, individuals could employ heuristics in a better way or conduct reality checks; and software toolkits that would help in resisting scams could be developed on the basis of our findings. We also discussed future research directions (obtaining larger samples, focusing on specific types of scams and specific populations; and others) and general implications of our findings.

150

Étude des changements de conformation du cotransporteur de Na⁺/glucose (SGLT1) à l'aide de mesures électrophysiologiques et de marqueurs fluorescents

Gagnon, Dominique

January 2006

Thèse diffusée initialement dans le cadre d'un projet pilote des Presses de l'Université de Montréal/Centre d'édition numérique UdeM (1997-2008) avec l'autorisation de l'auteur.

Biophysique

Protéine membranaire

Famille SLC5

Ovocyte de Xenopus Laevis

Électrophysiologie

Mutagenèse

SCAM

Modèle cinétique

Courants transitoires

Pont disulfure

詐騙集團是說故事高手？－從敘事理論解構詐騙集團的教戰手冊 / Fraud group is expert of storyteller?To interpret the scam guideline of fraud group by narrative theory

何瑞玲

Unknown Date

在近幾年的台灣社會中，民眾對詐騙已經不再陌生了，政府除了成立165反詐騙專線之外，還砸下許多經費對民眾進行反詐騙的宣傳，但卻仍有上百億元的金錢被騙走，被害人除了有知識水準不高的民眾之外更不乏有高社經地位的科技新貴或是退休公務員等，可見詐騙案件與受害者的背景與教育程度無關。難道詐騙集團真的具有某種特殊能力，能讓受害者毫無警覺的付出大筆金錢?他們是如何突破受害者的心防，能夠不著痕跡的讓受害者越陷越深? 綜觀所有的詐騙案件，其實詐騙集團都有一本"教戰手冊"來做為詐騙成員和受害者聯繫的劇本，當我們將這本手冊視為一份故事腳本，透過敘事理論來分析這本"教戰手冊"，我們可以發現最後讓故事產生說服效果的其實是受害者本身的經驗投射，以及當下被詐騙集團所阻絕的情境所衍生出的結果，在這樣的狀況下，即便是政府在反詐騙文宣中極力宣導"檢察官不會監管帳戶或存款"或是"警察不會派人保管民眾的金錢"，由於受害者已經深深的陷入了詐騙情境，很難清楚的思考事件的真假...，在這樣的狀態下，反詐騙的宣傳之所以沒有對受害者產生效應就不難理解了。 政府要讓反詐騙宣傳有效果應改變方式，除了讓民眾能夠辨識事件真假之外，也應讓民眾知道當民眾捲入不法事件時可有哪些措施，同時再透過宣導短片將檢察官或是警察的辦案方式與正式流程讓民眾了解，不會因無知而繼續受騙，這樣才能真正的落實對民眾反詐騙的宣導 / People in Taiwan no longer a stranger on the scam in recent years, the government not only set the 165 anti-fraud hotline, but spent a lot of money for anti-fraud publicity, there are still hundreds of billions of dollars to be cheated. Victims include people who have different degrees of the knowledge and socioeconomic status, e.g. labor, retired civil servants…etc. It seems the occurrences of scam case have nothing to do with the background or education level of victims according to above facts. We may doubt does the fraud gang have the special ability to make people pay large sums of money without alert? How do they bewitch victims and go deeper for more money from victims? Looking at all of the scam cases, we’ve found that there is a “Scam Guideline“ to be the script for communicating between impostor and victim. We finally find the cause to affect the script is actually by the reflection of personal experience from victim as well as the isolated scenario created by fraud gang when we take the script as an appealing story and analyze it with narrative theory. In such circumstances, even though people receive the anti-fraud propaganda from government by strongly deliver "the prosecutors will not manage people’s account" or “the police will not guarantee people’s money” has not so workable; it still hard to distinguish the true or false events for victims due to they have already involved into the storyline. Government should adjust its strategy to implement the anti-fraud propaganda, besides to help people know how to tell the genuineness of the event, government also need to educate people to understand the correct methods they could take when they are related in criminal incidents, meanwhile, try to reveal the standard procedure of investigation by prosecutor or police to people via video clips, thus, people won’t be cheated with their naïve sense and the anti-fraud propaganda could be effective on the public advocacy.

詐騙

反詐騙

教戰手冊

腳本

fraud

anti-fraud

scam guideline

script

Étude des changements de conformation du cotransporteur de Na⁺/glucose (SGLT1) à l'aide de mesures électrophysiologiques et de marqueurs fluorescents

Gagnon, Dominique

January 2006

Thèse diffusée initialement dans le cadre d'un projet pilote des Presses de l'Université de Montréal/Centre d'édition numérique UdeM (1997-2008) avec l'autorisation de l'auteur.

Biophysique

Protéine membranaire

Famille SLC5

Ovocyte de Xenopus Laevis

Électrophysiologie

Mutagenèse

SCAM

Modèle cinétique

Courants transitoires

Pont disulfure