We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDrusilla Wade
Modified about 1 year ago
Copyright © Pearson Education Limited 2015. Computer Fraud and Abuse Techniques Chapter 6 6-1
Copyright © Pearson Education Limited 2015. Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. 6-2
Copyright © Pearson Education Limited 2015. Types of Attacks Hacking ▫Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering ▫Techniques or tricks on people to gain physical or logical access to confidential information Malware ▫Software used to do harm 6-3
Copyright © Pearson Education Limited 2015. Hacking ▫Hijacking Gaining control of a computer to carry out illicit activities ▫Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information. 6-4
Copyright © Pearson Education Limited 2015. Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing 6-5
Copyright © Pearson Education Limited 2015. Hacking with Computer Code Cross-site scripting (XSS) ▫Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack ▫Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack ▫Malicious code inserted in place of a query to get to the database information 6-6
Copyright © Pearson Education Limited 2015. Other Types of Hacking Man in the middle (MITM) ▫Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage podslurping 6-7
Copyright © Pearson Education Limited 2015. Hacking Used for Embezzlement Salami technique: ▫Taking small amounts at a time Round-down fraud Economic espionage ▫Theft of information, intellectual property and trade secrets Cyber-extortion ▫Threats to a person or business online through e-mail or text messages unless money is paid 6-8
Copyright © Pearson Education Limited 2015. Hacking Used for Fraud Internet misinformation E-mail threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy 6-9
Copyright © Pearson Education Limited 2015. Social Engineering Techniques Identity theft ▫Assuming someone else’s identity Pretexting ▫Using a scenario to trick victims to divulge information or to gain access Posing ▫Creating a fake business to get sensitive information Phishing ▫Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming ▫Redirects Web site to a spoofed Web site URL hijacking ▫Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging ▫Searching trash for confidential information Shoulder surfing ▫Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card Eeavesdropping 6-10
Copyright © Pearson Education Limited 2015. Why People Fall Victim Compassion ▫Desire to help others Greed ▫Want a good deal or something for free Sex appeal ▫More cooperative with those that are flirtatious or good looking Sloth ▫Lazy habits Trust ▫Will cooperate if trust is gained Urgency ▫Cooperation occurs when there is a sense of immediate need Vanity ▫More cooperation when appeal to vanity 6-11
Copyright © Pearson Education Limited 2015. Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you 6-12
Copyright © Pearson Education Limited 2015. Types of Malware Spyware ▫Secretly monitors and collects information ▫Can hijack browser, search requests ▫Adware Keylogger ▫Software that records user keystrokes Trojan Horse ▫Malicious computer instructions in an authorized and properly functioning program Trap door ▫Set of instructions that allow the user to bypass normal system controls Packet sniffer ▫Captures data as it travels over the Internet Virus ▫A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself Worm ▫Stand alone self replicating program 6-13
Copyright © Pearson Education Limited 2015. Cellphone Bluetooth Vulnerabilities Bluesnarfing ▫Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging ▫Taking control of a phone to make or listen to calls, send or read text messages 6-14
Copyright © Pearson Education Limited 2015. Key Terms Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing E-mail spoofing Caller ID spoofing IP address spoofing MAC address Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking 6-15
Copyright © Pearson Education Limited 2015. Key Terms (continued) Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting Internet terrorism Internet misinformation E-mail threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing 6-16
Copyright © Pearson Education Limited 2015. Key Terms (continued) Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware Adware Torpedo software Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging 6-17
Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Computer Fraud Pertemuan XVI Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007.
Principles of Information Security, 2nd Edition1 Threats and Attacks.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Threats To A Computer Network. 11 Most Common Computer Security Threats (Virus) Threat #1: Virus A virus is a piece of software that can replicate itself.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI MIS Paying for Privacy Phishing that bites Pirates.
What is risk online operation: massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily. To unauthorized.
Be Safe Online. Agree, Disagree, Maybe if… Worksheet Activity Discussion.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem Overall size of cybercrime unclear; amount of losses.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click your.
Quiz Review. Threats to a computer network A virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Information Systems Design and Development Security Risks Computing Science.
Any criminal action perpetrated primarily through the use of a computer.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Topic 5: Basic Security. Topic Review... This topic will cover: - Understand the networking threats. :> Describe the risks of network intrusion. :> Sources.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Network and Internet Security and Privacy. Explain network and Internet security concerns Identify online threats.
Chapter 11 Security and Privacy: Computers and the Internet.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
1 Chapter 9 Information Systems Ethics, Computer Crime, and Security Information Systems Today Leonard Jessup and Joseph Valacich.
Lesson 3-Hacker Techniques. Overview Hacker’s motivation. Historical hacking techniques. Advanced techniques. Malicious code. Methods used by untargeted.
Issues for Computer Users, Electronic Devices, Computer and Safety.
Safe Computing. Computer Maintenance Back up, Back up, Back up External Hard Drive CDs or DVDs Disk Defragmenter Reallocates files so they use.
CHAPTER 8 Securing Information Systems. System Vulnerability Security (policies, procedures, technical measures) and controls (methods, policies, procedures)
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Chapter 9 Information Systems Ethics, Computer Crime, and Security Information Systems Today Leonard Jessup and Joseph Valacich.
Introduction to ITE Chapter 9 Computer Security. Why Study Security? This is a huge area for computer technicians. Security isn’t just anti-virus.
What is Spam? d min.
Cyber X-Force-SMS alert system for threats.
SECURITY CHECK Protecting Your System and Yourself Source:
Information Systems Week 7 Securing Information Systems.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Computer Ethics Ms. Scales. Computer Ethics Ethics the right thing to do Acceptable Use Policy A set of rules and guidelines that are set up to regulate.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
© 2017 SlidePlayer.com Inc. All rights reserved.