Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter 6 6-1.

Published byMalcolm Cook Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter 6 6-1."— Presentation transcript:

1 Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter 6 6-1

2 Copyright © 2015 Pearson Education, Inc. Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. 6-2

3 Copyright © 2015 Pearson Education, Inc. Types of Attacks Hacking ▫Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering ▫Techniques or tricks on people to gain physical or logical access to confidential information Malware ▫Software used to do harm 6-3

4 Copyright © 2015 Pearson Education, Inc. Hacking ▫Hijacking  Gaining control of a computer to carry out illicit activities ▫Botnet (robot network)  Zombies  Bot herders  Denial of Service (DoS) Attack ▫Spamming  Dictionary attacks ▫Spoofing  Makes the communication look as if someone else sent it so as to gain confidential information. 6-4

5 Copyright © 2015 Pearson Education, Inc. Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing 6-5

6 Copyright © 2015 Pearson Education, Inc. Hacking with Computer Code Zero-day attack ▫An attack between the time a new software vulnerability is discovered and a patch is released. Cross-site scripting (XSS) ▫Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack ▫Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack ▫Malicious code inserted in place of a query to get to the database information 6-6

7 Copyright © 2015 Pearson Education, Inc. Other Types of Hacking Man in the middle (MITM) ▫Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Masquerading/impersonation Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage ▫podslurping 6-7

8 Copyright © 2015 Pearson Education, Inc. Hacking Used for Embezzlement Salami technique: ▫Taking small amounts at a time  Round-down fraud Economic espionage ▫Theft of information, intellectual property and trade secrets Cyber-extortion ▫Threats to a person or business online through e-mail or text messages unless money is paid 6-8

9 Copyright © 2015 Pearson Education, Inc. Hacking Used for Fraud Cyber-Bullying Internet Terrorism Internet misinformation E-mail threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy 6-9

10 Copyright © 2015 Pearson Education, Inc. Social Engineering Techniques Identity theft ▫Assuming someone else’s identity Pretexting ▫Using a scenario to trick victims to divulge information or to gain access Posing ▫Creating a fake business to get sensitive information Phishing ▫Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming ▫Redirects Web site to a spoofed Web site URL hijacking/Typosquatting ▫Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Tabnabbing ▫Secretly changing an already open browser tab 6-10

11 Copyright © 2015 Pearson Education, Inc. Social Engineering Techniques Scavenging ▫Searching trash for confidential information Shoulder surfing ▫Snooping (either close behind the person) or using technology to snoop and get confidential information Lebanese looping ▫Inserting a sleeve into an ATM that prevents it from ejecting the card. Then “helping” the victim in order to see their PIN Skimming ▫Double swiping credit card Chipping ▫Planting a chip in a card reader Eavesdropping ▫Listening to private communications or tapping into data communications 6-11

12 Copyright © 2015 Pearson Education, Inc. Why People Fall Victim Compassion ▫Desire to help others Greed ▫Want a good deal or something for free Sex appeal ▫More cooperative with those that are flirtatious or good looking Sloth ▫Lazy habits Trust ▫Will cooperate if trust is gained Urgency ▫Cooperation occurs when there is a sense of immediate need Vanity ▫More cooperation when appeal to vanity 6-12

13 Copyright © 2015 Pearson Education, Inc. Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you 6-13

14 Copyright © 2015 Pearson Education, Inc. Types of Malware Spyware ▫Secretly monitors and collects information ▫Can hijack browser, search requests ▫adware Scareware ▫Software that is sold using scare tactics ▫ransomware Keylogger ▫Software that records user keystrokes Trojan Horse ▫Malicious computer instructions in an authorized and properly functioning program Time bomb/logic bomb ▫Program that lies idle until some specified circumstance or time Trap door/back door ▫Set of instructions that allow the user to bypass normal system controls Packet sniffer ▫Captures data as it travels over the Internet Steganography ▫Hides data inside a host file Rootkit ▫Conceals system files from the operating system and other programs. Can be used to hide trap doors, sniffers, key loggers, etc. 6-14

15 Copyright © 2015 Pearson Education, Inc. Types of Malware Superzapping ▫The unauthorized use of a program to bypass regular controls and perform illegal acts. Virus ▫A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself Worm ▫Stand alone self replicating program 6-15

16 Copyright © 2015 Pearson Education, Inc. Cellphone Bluetooth Vulnerabilities Bluesnarfing ▫Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging ▫Taking control of a phone to make or listen to calls, send or read text messages 6-16

Download ppt "Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter 6 6-1."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © Pearson Education Limited 2015. Computer Fraud and Abuse Techniques Chapter 6 6-1.

Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter
Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.

Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Computer Fraud and Abuse Techniques

Computer Fraud and Abuse Techniques
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Similar presentations

Ads by Google