Computer Fraud and Abuse Techniques

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter
Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Lecturer: Fadwa Tlaelan
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Unit 18 Data Security 1.
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security, Privacy, and Ethics Online Computer Crimes.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network
Computer Fraud Pertemuan XVI Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007.
Threats and Attacks Principles of Information Security, 2nd Edition
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Quiz Review.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Chapter Nine Maintaining a Computer Part III: Malware.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Chapter 11 Security and Privacy: Computers and the Internet.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Viruses & Destructive Programs
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Software Security Testing Vinay Srinivasan cell:
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Information Systems Week 7 Securing Information Systems.
Be Safe Online. Agree, Disagree, Maybe if…  Worksheet Activity  Discussion.
Any criminal action perpetrated primarily through the use of a computer.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Security Risks Todays Lesson Security Risks Security Precautions
Operating Systems Services provided on internet
3.6 Fundamentals of cyber security
IT Security  .
Instructor Materials Chapter 7 Network Security
Protect Your Computer Against Harmful Attacks!
Computer Applications Unit B
HOW DO I KEEP MY COMPUTER SAFE?
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

Computer Fraud and Abuse Techniques Chapter 6

Types of Attacks Hacking Social Engineering Malware Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm

Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information.

Forms of Spoofing E-mail E-mail sender appears as if it comes from a different source Caller-ID Incorrect number is displayed IP address Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system Address Resolution Protocol (ARP) Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN SMS Incorrect number or name appears, similar to caller-ID but for text messaging Web page Phishing DNS Intercepting a request for a Web service and sending the request to a false service

Hacking with Computer Code Cross-site scripting (XSS) Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions. SQL injection (insertion) attack Malicious code inserted in place of a query to get to the database information

Other Types of Hacking Man in the middle (MITM) Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. These types of hacking are used to gain unauthorized access into a computer system or confidential data. Piggybacking can be using a neighbors unsecured wifi, an unauthorized person following an authorized person through a door bypassing screening or the security code needed to gain access into a secure area, and tapping into a communications line and electronically latching onto an authorized user as they enter the system. Password cracking is penetrating the system to steal passwords. War dialing is using a program to dial phone lines looking for an unsecured dial-up modem line. War driving is driving around looking for an unsecured wireless network, this invites unauthorized access into your network. Phreaking is attacking the phone system to get free service. Data diddling is falsifying data entry (e.g., timecards for payroll). Data leakage is unauthorized copying of data. Podslurping is using a flash drive to download the unauthorized data.

Other Types of Hacking Password Cracking Penetrating system security to steal passwords War Dialing/War Driving Computer automatically dials phone numbers looking for modems/ or look for wireless network. Phreaking Attacks on phone systems to obtain free phone service. Data Diddling Making changes to data before, during, or after it is entered into a system. Data Leakage Unauthorized copying of company data. These types of hacking are used to gain unauthorized access into a computer system or confidential data. Piggybacking can be using a neighbors unsecured wifi, an unauthorized person following an authorized person through a door bypassing screening or the security code needed to gain access into a secure area, and tapping into a communications line and electronically latching onto an authorized user as they enter the system. Password cracking is penetrating the system to steal passwords. War dialing is using a program to dial phone lines looking for an unsecured dial-up modem line. War driving is driving around looking for an unsecured wireless network, this invites unauthorized access into your network. Phreaking is attacking the phone system to get free service. Data diddling is falsifying data entry (e.g., timecards for payroll). Data leakage is unauthorized copying of data. Podslurping is using a flash drive to download the unauthorized data.

Hacking Used for Embezzlement Salami technique: Taking small amounts at a time Round-down fraud Economic espionage Theft of information, intellectual property and trade secrets Cyber-extortion Threats to a person or business online through e-mail or text messages unless money is paid

Hacking Used for Fraud Internet misinformation E-mail threats Using the Internet to spread false or misleading information E-mail threats Internet auction Using an Internet auction site to defraud another person Unfairly drive up bidding Seller delivers inferior merchandise or fails to deliver at all Buyer fails to make payment Internet pump and dump Using the Internet to pump up the price of a stock and then selling it Internet misinformation is used to spread false or misleading information. E-mail threats that require an action by the victim causing them great expense. Internet auction fraud can unfairly bid up the price, deliver inferior products, or not deliver anything at all, or the buyer fails to make a payment. Internet pump and dump uses the Internet to inflate the price of the stock and then sell it. Usually occurs with penny stocks buying large volumes of the stock, then posts false information to drive up the stock and sells shares to pocket profit before the price falls back down. Click fraud uses botnets to click on ads to get Web click-through commissions. Webcramming is a scam that offers a free Web site and then continuing to charge the person for months after they don’t want or use the Web site. Software piracy is unauthorized copying or distribution of copyrighted software. This can occur by: Selling a computer preloaded with unauthorized software, installing single license software on more than one computer, and loading software on a server allowing unrestricted access.

Hacking Used for Fraud Click fraud Web cramming Software piracy Inflate advertising bills Web cramming Offer free web for month, billing even if people do to want to continue Software piracy Internet misinformation is used to spread false or misleading information. E-mail threats that require an action by the victim causing them great expense. Internet auction fraud can unfairly bid up the price, deliver inferior products, or not deliver anything at all, or the buyer fails to make a payment. Internet pump and dump uses the Internet to inflate the price of the stock and then sell it. Usually occurs with penny stocks buying large volumes of the stock, then posts false information to drive up the stock and sells shares to pocket profit before the price falls back down. Click fraud uses botnets to click on ads to get Web click-through commissions. Webcramming is a scam that offers a free Web site and then continuing to charge the person for months after they don’t want or use the Web site. Software piracy is unauthorized copying or distribution of copyrighted software. This can occur by: Selling a computer preloaded with unauthorized software, installing single license software on more than one computer, and loading software on a server allowing unrestricted access.

Social Engineering Social Engineering(tricking someone) Techniques or psychological tricks used to gain access to sensitive data or information Used to gain access to secure systems or locations

Social Engineering Techniques URL hijacking Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging Searching trash for confidential information Shoulder surfing Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card Eeavesdropping Identity theft Assuming someone else’s identity Pretexting Using a scenario to trick victims to divulge information or to gain access Posing Creating a fake business to get sensitive information Phishing Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming Redirects Web site to a spoofed Web site

Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don’t know who is trying to gain access through you

Type of Malware(software used to do harm) Spyware Secretly monitors and collects personal information about users and sends it to someone else Typical sources Downloads such as games, wallpapers, screensavers, music, videos Web sites that secretly download spyware(drive-by-downloading) Malware masquerading as anti-spyware security software Worm or virus Public networks

Type of Malware(software used to do harm) Adware Pops banner ads on a monitor, collects information about the user’s Web-surfing, and spending habits, and forward it to the adware creator Key logging Records computer activity, such as a user’s keystrokes, e-mails sent and received, Web sites visited, and chat session participation Trojan Horse Malicious computer instructions in an authorized and otherwise properly functioning program

Type of Malware(software used to do harm) Time bombs/logic bombs Idle until triggered by a specified date or time, by a change in the system, by a message sent to the system, or by an event that does not occur Typically destroys programs and/or data Trap Door/Back Door A way into a system that bypasses normal authorization and authentication controls Often used during systems development and removed before system put into operation

More Malware Packet Sniffers Rootkit Superzapping Capture data from information packets as they travel over networks Rootkit Used to hide the presence of trap doors, sniffers, and key loggers; conceal software that originates a denial-of-service or an e-mail spam attack; and access user names and log-in information Superzapping Unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail

More Malware computer virus self-replicating, executable code that attaches itself to software two phases. In the first phase, the virus replicates itself and spreads to other systems or files when some predefined event occurs. attack phase, also triggered by some predefined event, the virus carries out its mission

More Malware computer worm is a self-replicating computer program similar to a virus except for the following three differences A virus is a segment of code hidden in or attached to a host program or executable file, whereas a worm is a stand-alone program.  A virus requires a human to do something (run a program, open a file, etc.) to replicate itself, whereas a worm does not and actively seeks to send copies of itself to other devices on a network.  Worms harm networks (if only by consuming bandwidth), whereas viruses infect or corrupt files or data on a targeted computer.

Reducing Malware Threats Comprehensive security suites Norton, F-secure, McAffee, etc Specialized anti malware software Example: Malwarebytes Anti-Malware Use two user accounts, one with admin privileges and general user account for day to day computing General user account may help to reduce chance of drive-by-downloading

Cellphone Bluetooth Vulnerabilities Bluesnarfing Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging Taking control of a phone to make or listen to calls, send or read text messages Bluesnarfing and bluebugging may take advantage of bluetooth technology on smartphones.

Key Terms – Table 6-1 Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing E-mail spoofing Caller ID spoofing IP address spoofing MAC address

Key Terms (continued) Internet terrorism Password cracking Internet misinformation E-mail threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting

Key Terms (continued) Adware Carding Torpedo software Pharming Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.