Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © Pearson Education Limited Computer Fraud and Abuse Techniques Chapter
Network and Internet Security and Privacy.  Explain network and Internet security concerns  Identify online threats.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Computer Fraud and Abuse Techniques
Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Security, Privacy, and Ethics Online Computer Crimes.
Cyber X-Force-SMS alert system for threats.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Threats To A Computer Network
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Computer Fraud Pertemuan XVI Matakuliah: F0184/Audit atas Kecurangan Tahun: 2007.
Threats and Attacks Principles of Information Security, 2nd Edition
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Quiz Review.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Copyright © 2015 Pearson Education, Inc. Computer Fraud and Abuse Techniques Chapter
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Chapter 11 Security and Privacy: Computers and the Internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crimes.
Digital Citizenship By: Miranda Scorver.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Mrs. Jefferson Business Information Management I.
Viruses & Destructive Programs
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Software Security Testing Vinay Srinivasan cell:
Computer Security. 2 Computer Crime and Cybercrime Computer crimes occur when intruders gain unauthorized access to computer systems Cybercrime is crime.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Malicious Software.
Computer crimes.
Information Systems Week 7 Securing Information Systems.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Be Safe Online. Agree, Disagree, Maybe if…  Worksheet Activity  Discussion.
Cybersecurity Test Review Introduction to Digital Technology.
Any criminal action perpetrated primarily through the use of a computer.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
Information Systems Design and Development Security Risks Computing Science.
Computer Ethics. Ethics Notes Ethics: standards of honesty, morality, and fairnessEthics: standards of honesty, morality, and fairness Public Data: information.
Issues for Computer Users, Electronic Devices, Computer and Safety.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Security Risks Todays Lesson Security Risks Security Precautions
IT Security  .
Teaching Computing to GCSE
Malware, Phishing and Network Policies
Internet Safety Vocabulary
HOW DO I KEEP MY COMPUTER SAFE?
Computer Security.
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1

Learning Objectives  Compare and contrast computer attack and abuse tactics.  Explain how social engineering techniques are used to gain physical or logical access to computer resources.  Describe the different types of malware used to harm computers. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-2

Computer Attacks and Abuse  Hacking  Unauthorized access, modification, or use of a computer system or other electronic device  Social Engineering  Techniques, usually psychological tricks, to gain access to sensitive data or information  Used to gain access to secure systems or locations  Malware  Any software which can be used to do harm Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-3

Types of Computer Attacks  Botnet—Robot Network  Network of hijacked computers  Hijacked computers carry out processes without users knowledge  Zombie—hijacked computer  Denial-of-Service (DoS) Attack  Constant stream of requests made to a Web-server (usually via a Botnet) that overwhelms and shuts down service  Spoofing  Making an electronic communication look as if it comes from a trusted official source to lure the recipient into providing information Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-4

Types of Spoofing   sender appears as if it comes from a different source  Caller-ID  Incorrect number is displayed  IP address  Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system  SMS  Incorrect number or name appears, similar to caller-ID but for text messaging  Address Resolution Protocol (ARP)  Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN  Web page  Phishing (see below)  DNS  Intercepting a request for a Web service and sending the request to a false service 6-5

Hacking Attacks  Cross-Site Scripting (XSS)  Unwanted code is sent via dynamic Web pages disguised as user input.  Buffer Overflow  Data is sent that exceeds computer capacity causing program instructions to be lost and replaced with attacker instructions.  SQL Injection (Insertion)  Malicious code is inserted in the place of query to a database system.  Man-in-the-Middle  Hacker places themselves between client and host. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-6

Additional Hacking Attacks  Password Cracking  Penetrating system security to steal passwords  War Dialing  Computer automatically dials phone numbers looking for modems.  Phreaking  Attacks on phone systems to obtain free phone service.  Data Diddling  Making changes to data before, during, or after it is entered into a system.  Data Leakage  Unauthorized copying of company data. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-7

Hacking Embezzlement Schemes  Salami Technique  Taking small amounts from many different accounts.  Economic Espionage  Theft of information, trade secrets, and intellectual property.  Cyber-Bullying  Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.  Internet Terrorism  Act of disrupting electronic commerce and harming computers and communications. 6-8

Hacking for Fraud  Internet Misinformation  Using the Internet to spread false or misleading information  Internet Auction  Using an Internet auction site to defraud another person  Unfairly drive up bidding  Seller delivers inferior merchandise or fails to deliver at all  Buyer fails to make payment  Internet Pump-and-Dump  Using the Internet to pump up the price of a stock and then selling it 6-9

Social Engineering Techniques  Identity Theft  Assuming someone else’s identity  Pretexting  Inventing a scenario that will lull someone into divulging sensitive information  Posing  Using a fake business to acquire sensitive information  Phishing  Posing as a legitimate company asking for verification type information: passwords, accounts, usernames  Pharming  Redirecting Web site traffic to a spoofed Web site.  Typesquatting  Typographical errors when entering a Web site name cause an invalid site to be accessed  Tabnapping  Changing an already open browser tab  Scavenging  Looking for sensitive information in items thrown away  Shoulder Surfing  Snooping over someone’s shoulder for sensitive information Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-10

More Social Engineering  Lebanese Loping  Capturing ATM pin and card numbers  Skimming  Double-swiping a credit card  Chipping  Planting a device to read credit card information in a credit card reader  Eavesdropping  Listening to private communications Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-11

Type of Malware  Virus  Executable code that attaches itself to software, replicates itself, and spreads to other systems or files  Worm  Similar to a virus; a program rather than o code segment hidden in a host program. Actively transmits itself to other systems  Spyware  Secretly monitors and collects personal information about users and sends it to someone else  Adware  Pops banner ads on a monitor, collects information about the user’s Web-surfing, and spending habits, and forward it to the adware creator 6-12

More Malware  Key logging  Records computer activity, such as a user’s keystrokes, s sent and received, Web sites visited, and chat session participation  Trojan Horse  Malicious computer instructions in an authorized and otherwise properly functioning program  Time bombs/logic bombs  Idle until triggered by a specified date or time, by a change in the system, by a message sent to the system, or by an event that does not occur  Trap Door/Back Door  A way into a system that bypasses normal authorization and authentication controls Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall 5-13

More Malware  Packet Sniffers  Capture data from information packets as they travel over networks  Rootkit  Used to hide the presence of trap doors, sniffers, and key loggers; conceal software that originates a denial-of- service or an spam attack; and access user names and log-in information  Superzapping  Unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.