Follow
Publications: 109 | Followers: 0

Computer Fraud and Abuse Techniques - Pearson Education

Publish on Category: Birds 0

Computer Fraud and Abuse Techniques
Chapter 6
6-1
Learning Objectives
Compare and contrast computer attack and abuse tactics.Explainhow social engineering techniques are used to gain physical or logical access to computer resources.Describethe different types of malware used to harm computers.
6-2
Types of Attacks
HackingUnauthorized access, modification, or use of an electronic device or some element of a computer systemSocial EngineeringTechniques or tricks on people to gain physical or logical access to confidential informationMalwareSoftware used to do harm
6-3
Hacking
HijackingGaining control of a computer to carry out illicit activitiesBotnet (robot network)ZombiesBot herdersDenial of Service (DoS) AttackSpammingSpoofingMakes the communication look as if someone else sent it so as to gain confidential information.
6-4
Forms of Spoofing
E-mail spoofingCaller ID spoofingIP address spoofingAddress Resolution (ARP) spoofingSMS spoofingWeb-page spoofing (phishing)DNS spoofing
6-5
Hacking with Computer Code
Cross-site scripting (XSS)Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.Buffer overflow attackLarge amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker’s program instructions.SQL injection (insertion) attackMalicious code inserted in place of a query to get to the database information
6-6
Other Types of Hacking
Man in the middle (MITM)Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data.PiggybackingPassword crackingWar dialing and drivingPhreakingData diddlingData leakagepodslurping
6-7
Hacking Used for Embezzlement
Salami technique:Taking small amounts at a timeRound-down fraudEconomic espionageTheft of information, intellectual property and trade secretsCyber-extortionThreats to a person or business online through e-mail or text messages unless money is paid
6-8
Hacking Used for Fraud
Internet misinformationE-mail threatsInternet auctionInternet pump and dumpClick fraudWeb crammingSoftware piracy
6-9
Social Engineering Techniques
Identity theftAssuming someone else’s identityPretextingUsing a scenario to trick victims to divulge information or to gain accessPosingCreating a fake business to get sensitive informationPhishingSending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive dataPharmingRedirectsWeb site toa spoofedWeb site
URL hijackingTakes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web siteScavengingSearching trash for confidential informationShouldersurfingSnooping (either close behind the person) or using technology to snoop and get confidential informationSkimmingDouble swiping credit cardEeavesdropping
6-10
Why People Fall Victim
CompassionDesire to help othersGreedWant a good deal or something for freeSex appealMore cooperative with those that are flirtatious or good lookingSlothLazy habitsTrustWill cooperate if trust is gainedUrgencyCooperation occurs when there is a sense of immediate needVanityMore cooperation when appeal to vanity
6-11
Minimize the Threat of Social Engineering
Never let people follow you into restricted areasNever log in for someone else on a computerNever give sensitive information over the phone or through e-mailNever share passwords or user IDsBe cautious of someone you don’t know who is trying to gain access through you
6-12
Types of Malware
SpywareSecretly monitors and collects informationCan hijack browser, search requestsAdwareKeyloggerSoftware that records user keystrokesTrojan HorseMalicious computer instructions in an authorized and properly functioning program
Trap doorSet of instructions that allow the user to bypass normal system controlsPacket snifferCaptures data as it travels over the InternetVirusA section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itselfWormStand alone self replicating program
6-13
Cellphone Bluetooth Vulnerabilities
BluesnarfingStealing contact lists, data, pictures on bluetooth compatible smartphonesBluebuggingTaking control of a phone to make or listen to calls, send or read text messages
6-14
Key Terms
HackingHijackingBotnetZombieBot herderDenial-of-service (DoS) attackSpammingDictionary attackSplogSpoofingE-mail spoofingCaller ID spoofingIP address spoofingMAC address
Address Resolution Protocol (ARP) spoofingSMS spoofingWeb-page spoofingDNS spoofingZero day attackPatchCross-site scripting (XSS)Buffer overflow attackSQL injection (insertion) attackMan-in-the-middle (MITM) attackMasquerading/impersonationPiggybacking
6-15
Key Terms(continued)
Password crackingWar dialingWar drivingWar rocketingPhreakingData diddlingData leakagePodslurpingSalami techniqueRound-down fraudEconomic espionageCyber-extortionCyber-bullyingSexting
Internet terrorismInternet misinformationE-mail threatsInternet auction fraudInternet pump-and-dump fraudClick fraudWeb crammingSoftware piracySocial engineeringIdentity theftPretextingPosingPhishingvishing
6-16
Key Terms(continued)
CardingPharmingEvil twinTyposquatting/URL hijackingQR barcode replacementsTabnappingScavenging/dumpster divingShoulder surfingLebanese loopingSkimmingChippingEavesdroppingMalwareSpyware
AdwareTorpedo softwareScarewareRansomwareKeyloggerTrojan horseTime bomb/logic bombTrap door/back doorPacket sniffersSteganography programRootkitSuperzappingVirusWormBluesnarfingBluebugging
6-17

0

Embed

Share

Upload

Make amazing presentation for free
Computer Fraud and Abuse Techniques - Pearson Education