Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Fraud and Abuse Techniques

Published byDennis Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Fraud and Abuse Techniques"— Presentation transcript:

1 Computer Fraud and Abuse Techniques
Chapter 6

2 Types of Attacks Hacking Social Engineering Malware
Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm

3 Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information.

4 Forms of Spoofing E-mail
sender appears as if it comes from a different source Caller-ID Incorrect number is displayed IP address Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system Address Resolution Protocol (ARP) Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN SMS Incorrect number or name appears, similar to caller-ID but for text messaging Web page Phishing DNS Intercepting a request for a Web service and sending the request to a false service

5 Hacking with Computer Code
Cross-site scripting (XSS) Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack Malicious code inserted in place of a query to get to the database information

6 Other Types of Hacking Man in the middle (MITM)
Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. These types of hacking are used to gain unauthorized access into a computer system or confidential data. Piggybacking can be using a neighbors unsecured wifi, an unauthorized person following an authorized person through a door bypassing screening or the security code needed to gain access into a secure area, and tapping into a communications line and electronically latching onto an authorized user as they enter the system. Password cracking is penetrating the system to steal passwords. War dialing is using a program to dial phone lines looking for an unsecured dial-up modem line. War driving is driving around looking for an unsecured wireless network, this invites unauthorized access into your network. Phreaking is attacking the phone system to get free service. Data diddling is falsifying data entry (e.g., timecards for payroll). Data leakage is unauthorized copying of data. Podslurping is using a flash drive to download the unauthorized data.

7 Other Types of Hacking Password Cracking
Penetrating system security to steal passwords War Dialing/War Driving Computer automatically dials phone numbers looking for modems/ or look for wireless network. Phreaking Attacks on phone systems to obtain free phone service. Data Diddling Making changes to data before, during, or after it is entered into a system. Data Leakage Unauthorized copying of company data. These types of hacking are used to gain unauthorized access into a computer system or confidential data. Piggybacking can be using a neighbors unsecured wifi, an unauthorized person following an authorized person through a door bypassing screening or the security code needed to gain access into a secure area, and tapping into a communications line and electronically latching onto an authorized user as they enter the system. Password cracking is penetrating the system to steal passwords. War dialing is using a program to dial phone lines looking for an unsecured dial-up modem line. War driving is driving around looking for an unsecured wireless network, this invites unauthorized access into your network. Phreaking is attacking the phone system to get free service. Data diddling is falsifying data entry (e.g., timecards for payroll). Data leakage is unauthorized copying of data. Podslurping is using a flash drive to download the unauthorized data.

8 Hacking Used for Embezzlement
Salami technique: Taking small amounts at a time Round-down fraud Economic espionage Theft of information, intellectual property and trade secrets Cyber-extortion Threats to a person or business online through or text messages unless money is paid

9 Hacking Used for Fraud Internet misinformation E-mail threats
Using the Internet to spread false or misleading information threats Internet auction Using an Internet auction site to defraud another person Unfairly drive up bidding Seller delivers inferior merchandise or fails to deliver at all Buyer fails to make payment Internet pump and dump Using the Internet to pump up the price of a stock and then selling it Internet misinformation is used to spread false or misleading information. threats that require an action by the victim causing them great expense. Internet auction fraud can unfairly bid up the price, deliver inferior products, or not deliver anything at all, or the buyer fails to make a payment. Internet pump and dump uses the Internet to inflate the price of the stock and then sell it. Usually occurs with penny stocks buying large volumes of the stock, then posts false information to drive up the stock and sells shares to pocket profit before the price falls back down. Click fraud uses botnets to click on ads to get Web click-through commissions. Webcramming is a scam that offers a free Web site and then continuing to charge the person for months after they don’t want or use the Web site. Software piracy is unauthorized copying or distribution of copyrighted software. This can occur by: Selling a computer preloaded with unauthorized software, installing single license software on more than one computer, and loading software on a server allowing unrestricted access.

10 Hacking Used for Fraud Click fraud Web cramming Software piracy
Inflate advertising bills Web cramming Offer free web for month, billing even if people do to want to continue Software piracy Internet misinformation is used to spread false or misleading information. threats that require an action by the victim causing them great expense. Internet auction fraud can unfairly bid up the price, deliver inferior products, or not deliver anything at all, or the buyer fails to make a payment. Internet pump and dump uses the Internet to inflate the price of the stock and then sell it. Usually occurs with penny stocks buying large volumes of the stock, then posts false information to drive up the stock and sells shares to pocket profit before the price falls back down. Click fraud uses botnets to click on ads to get Web click-through commissions. Webcramming is a scam that offers a free Web site and then continuing to charge the person for months after they don’t want or use the Web site. Software piracy is unauthorized copying or distribution of copyrighted software. This can occur by: Selling a computer preloaded with unauthorized software, installing single license software on more than one computer, and loading software on a server allowing unrestricted access.

11 Social Engineering Social Engineering(tricking someone)
Techniques or psychological tricks used to gain access to sensitive data or information Used to gain access to secure systems or locations

12 Social Engineering Techniques
URL hijacking Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging Searching trash for confidential information Shoulder surfing Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card Eeavesdropping Identity theft Assuming someone else’s identity Pretexting Using a scenario to trick victims to divulge information or to gain access Posing Creating a fake business to get sensitive information Phishing Sending an asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming Redirects Web site to a spoofed Web site

13 Minimize the Threat of Social Engineering
Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you

14 Type of Malware(software used to do harm)
Spyware Secretly monitors and collects personal information about users and sends it to someone else Typical sources Downloads such as games, wallpapers, screensavers, music, videos Web sites that secretly download spyware(drive-by-downloading) Malware masquerading as anti-spyware security software Worm or virus Public networks

15 Type of Malware(software used to do harm)
Adware Pops banner ads on a monitor, collects information about the user’s Web-surfing, and spending habits, and forward it to the adware creator Key logging Records computer activity, such as a user’s keystrokes, s sent and received, Web sites visited, and chat session participation Trojan Horse Malicious computer instructions in an authorized and otherwise properly functioning program

16 Type of Malware(software used to do harm)
Time bombs/logic bombs Idle until triggered by a specified date or time, by a change in the system, by a message sent to the system, or by an event that does not occur Typically destroys programs and/or data Trap Door/Back Door A way into a system that bypasses normal authorization and authentication controls Often used during systems development and removed before system put into operation

17 More Malware Packet Sniffers Rootkit Superzapping
Capture data from information packets as they travel over networks Rootkit Used to hide the presence of trap doors, sniffers, and key loggers; conceal software that originates a denial-of-service or an spam attack; and access user names and log-in information Superzapping Unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail

18 More Malware computer virus
self-replicating, executable code that attaches itself to software two phases. In the first phase, the virus replicates itself and spreads to other systems or files when some predefined event occurs. attack phase, also triggered by some predefined event, the virus carries out its mission

19 More Malware computer worm is a self-replicating computer program similar to a virus except for the following three differences A virus is a segment of code hidden in or attached to a host program or executable file, whereas a worm is a stand-alone program.  A virus requires a human to do something (run a program, open a file, etc.) to replicate itself, whereas a worm does not and actively seeks to send copies of itself to other devices on a network.  Worms harm networks (if only by consuming bandwidth), whereas viruses infect or corrupt files or data on a targeted computer.

20 Reducing Malware Threats
Comprehensive security suites Norton, F-secure, McAffee, etc Specialized anti malware software Example: Malwarebytes Anti-Malware Use two user accounts, one with admin privileges and general user account for day to day computing General user account may help to reduce chance of drive-by-downloading

21 Cellphone Bluetooth Vulnerabilities
Bluesnarfing Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging Taking control of a phone to make or listen to calls, send or read text messages Bluesnarfing and bluebugging may take advantage of bluetooth technology on smartphones.

22 Key Terms – Table 6-1 Address Resolution Protocol (ARP) spoofing
SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing spoofing Caller ID spoofing IP address spoofing MAC address

23 Key Terms (continued) Internet terrorism Password cracking
Internet misinformation threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting

24 Key Terms (continued) Adware Carding Torpedo software Pharming
Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware

Download ppt "Computer Fraud and Abuse Techniques"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © Pearson Education Limited 2015. Computer Fraud and Abuse Techniques Chapter 6 6-1.

Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter
Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.

Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.

Similar presentations

Ads by Google