We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDrusilla Wade
Modified about 1 year ago
Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter 6 6-1
Copyright © Pearson Education Limited Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. 6-2
Copyright © Pearson Education Limited Types of Attacks Hacking ▫Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering ▫Techniques or tricks on people to gain physical or logical access to confidential information Malware ▫Software used to do harm 6-3
Copyright © Pearson Education Limited Hacking ▫Hijacking Gaining control of a computer to carry out illicit activities ▫Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information. 6-4
Copyright © Pearson Education Limited Forms of Spoofing spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing 6-5
Copyright © Pearson Education Limited Hacking with Computer Code Cross-site scripting (XSS) ▫Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack ▫Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack ▫Malicious code inserted in place of a query to get to the database information 6-6
Copyright © Pearson Education Limited Other Types of Hacking Man in the middle (MITM) ▫Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage podslurping 6-7
Copyright © Pearson Education Limited Hacking Used for Embezzlement Salami technique: ▫Taking small amounts at a time Round-down fraud Economic espionage ▫Theft of information, intellectual property and trade secrets Cyber-extortion ▫Threats to a person or business online through or text messages unless money is paid 6-8
Copyright © Pearson Education Limited Hacking Used for Fraud Internet misinformation threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy 6-9
Copyright © Pearson Education Limited Social Engineering Techniques Identity theft ▫Assuming someone else’s identity Pretexting ▫Using a scenario to trick victims to divulge information or to gain access Posing ▫Creating a fake business to get sensitive information Phishing ▫Sending an asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming ▫Redirects Web site to a spoofed Web site URL hijacking ▫Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging ▫Searching trash for confidential information Shoulder surfing ▫Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card Eeavesdropping 6-10
Copyright © Pearson Education Limited Why People Fall Victim Compassion ▫Desire to help others Greed ▫Want a good deal or something for free Sex appeal ▫More cooperative with those that are flirtatious or good looking Sloth ▫Lazy habits Trust ▫Will cooperate if trust is gained Urgency ▫Cooperation occurs when there is a sense of immediate need Vanity ▫More cooperation when appeal to vanity 6-11
Copyright © Pearson Education Limited Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you 6-12
Copyright © Pearson Education Limited Types of Malware Spyware ▫Secretly monitors and collects information ▫Can hijack browser, search requests ▫Adware Keylogger ▫Software that records user keystrokes Trojan Horse ▫Malicious computer instructions in an authorized and properly functioning program Trap door ▫Set of instructions that allow the user to bypass normal system controls Packet sniffer ▫Captures data as it travels over the Internet Virus ▫A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself Worm ▫Stand alone self replicating program 6-13
Copyright © Pearson Education Limited Cellphone Bluetooth Vulnerabilities Bluesnarfing ▫Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging ▫Taking control of a phone to make or listen to calls, send or read text messages 6-14
Copyright © Pearson Education Limited Key Terms Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing spoofing Caller ID spoofing IP address spoofing MAC address Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking 6-15
Copyright © Pearson Education Limited Key Terms (continued) Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting Internet terrorism Internet misinformation threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing 6-16
Copyright © Pearson Education Limited Key Terms (continued) Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware Adware Torpedo software Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging 6-17
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Information Technology INT1001 Lecture 12 Privacy, Crime & Security 1.
Securing Information Systems The Challenge of the Digital Edge Management Information Systems Daniel Haryanto
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
Computers Are Your Future Chapter 9: Privacy, Crime, and Security 1.
Common types of online attacks Dr.Talal Alkharobi.
ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware,
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
CYBER SECURITY TRAINING Virginia Marine Resources Commission MIS Dept. October 2012.
Parenting the Online Child. Your Child Is on the Internet The Internet is a wonderful research tool. Reliance on the Internet in schools has grown rapidly.
12/01/ Protection of Information Assets (25%) 3. Protection of Information Assets 3. Protection of Information Assets (25%) Protecting Personal &
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.
CYBER SECURITY October 2009 ARE YOU AWARE? The Federal Trade Commission reports that: For the seventh year in a row, identity theft tops the list, accounting.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Outcomes Why are computer networks vulnerable? Methods used by hacker to gain unauthorised access Viruses –Different type of viruses –How do viruses infect.
Securing Your Computer 1,2,3 The Basics Just the facts…….. In 2003, Symantec documented 2,636 new computer vulnerabilities, an average of seven per.
Boston Springfield Albany Enter Presentation Title Here Presenter Name © 2009 Wolf & Company, P.C. Presentation date Location 1 Boston Springfield Albany.
Phishing, Bot Herding, and Other Emerging Cyber Terms.
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Computer Security What to Know and What to Do Presented to CUGG Jamie Leben IT-Works Computer Services
Identity Theft Don't Be a Victim Revision II. Course Data Author: Lynne Presley, Staff Organization & Development, Oklahoma Dept. of Corrections Course.
HOW TO PROTECT YOURSELF, YOUR COMPUTER, AND OTHERS ON THE INTERNET
Logical IT Security By Prashant Mali.
Computer Vulnerabilities 1. 1.Overview 2. 2.Threats to Computer Systems 3. 3.How Hackers Work 4. 4.Using the Internet Securely 5. 5.How We Make It Easy.
1 CS5038 The Electronic Society Security 1: Security and Crime Online Well begin with a look at whats out there. In Security 2, well think about it all.
Ethical Hacking Module V System Hacking. EC-Council Module Objective Understand the following Remote password guessing Eavesdropping Denial of Service.
Learning Objectives 13.1 Explain how businesses benefit from the use of information technology (IT) Describe the components that enable IT– networks,
The Role of Information Security in Everyday Business.
© 2016 SlidePlayer.com Inc. All rights reserved.