AIS Chapter 6 Computer Fraud and Abuse Techniques

78 terms by Albino_Ryno

Create a new folder

Advertisement Upgrade to remove ads

FHSU AIS class.

adware

software that collects and forwards data to advertising companies or causes banner ads to pop up as the Internet is surfed

carding

Verifying credit card validity; buying and selling stolen credit cards.

data diddling

changing data before, during, or after it is entered into the system

data leakage

unauthorized copying of company data

denial-of-service attack

An attack designed to make computer resources unavailable to its users

dictionary attack

using software to guess company addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail lists

eavesdropping

listening to private voice or data transmissions

economic espionage

theft of information, trade secrets and intellectual property

e-mail spoofing

making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source

hacking

unauthorized access, modification or use of computer system, usually by means of a PC and a communications network.

hijacking

gaining control of someone else's computer for illicit activities

key logger

using spyware to record a user's keystrokes

logic bombs and time bombs

software that sits idle until a specified circumstances or time triggers it, destroying programs, data or both

malware

software that can be used to do harm

packet sniffing

inspecting information packets as they travel the Internet and other networks

phishing

communications that request recipients to disclose confidential information by responding to an e-mail or visiting a website

phreaking

attacking phone systems to get free phone access; using phone lines to transmit viruses and to access, steal and destroy data

piggybacking

clandestine use of someone's wi-fi network

piggybacking

tapping into a communications line and entering a system by latching onto a legitimate user

piggybacking

bypassing physical security controls by entering a secure door when an authorized person opens it

round-down fraud

truncating interest calculations at two decimal places and placing truncated amounts in the perpetrator's account

salami technique

stealing tiny slices of money over time

scavenging / dumpster diving

searching for confidential information by searching for documents and records in garbage cans, communal trash bins and city dumps

sexting

exchanging explicit text messages and pictures

shoulder surfing

watching or listening to people enter or disclose confidential data

social engineering

techniques that trick a person into disclosing confidential information

spamming

e-mailing an unsolicited message to many people at the same time

spyware

software that monitors computing habits and sends that data to someone else, often without the user's permission

spoofing

making electronic communications look like someone else sent it

superzapping

using special software to bypass system controls and perform illegal acts

trap door

a back door into a system that bypasses normal system controls

virus

executable code that attaches itself to software, replaces itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays messages.

worm

Similar to a virus; a program rather than a code segment hidden in a host program. Actively transmits itself to other systems. It usually does not live long but is quite destructive while alive.

Address Resolution Protocol (ARP) spoofing

Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network hots's hardware address when only its IP or network address is known.

Bluebugging

Taking control of someone else's phone to make calls, send texts, listen to phone calls or read their texts.

Bluesnarfing

Stealing contact lists, images, and other data from other devices using Bluetooth.

Botnet, bot herders

a network of hijacked computers. Bot herders use these hijacked computers, called zombies, in a variety of Internet attacks.

Buffer overflow attack

Inputting so much data that the input buffer overflows. The overflow contains code that takes control of the computer

Caller ID spoofing

Displaying and incorrect number on the recipient's caller ID display to hide the identity of the caller.

Chipping

Planting a chip that records transaction data in a legitimate credit card reader.

Cross-site scripting (XSS) attack

Exploits Web page security vulnerabilities to bypass browser security mechanisms and create malicious link that injects unwanted code into a website.

Cyber-bullying

Using computer technology to harm another person

Cyber extortion

Requiring a company to pay money to keep an extortionist from harming a computer or person.

DNS spoofing

Sniffing the ID of a Domain Name System (server that converts a Web site name to an IP address) request and replying before the real DNS server.

E-mail threats

Sending a threatening message asking recipients to do something makes it possible to defraud them.

Evil Twin

A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.

IP address spoofing

Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system.

Identity theft

Assuming someone's identity by illegally obtaining confidential information such as Social Security number

Internet auction fraud

Using an Internet auction site to commit fraud

Internet misinformation

Using the Internet to spread false or misleading information.

Internet terrorism

Using the Internet to disrupt communication and ecommerce.

Internet pump-and-dump fraud

Using the Internet to pump up the prices of a stock and then sell it.

Lebanese looping

Inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means to discover his or her PIN, and then using the card and PIN to drain the account.

Man-in-the-middle (MITM) attack

A hacker placing him self between a client and a host to intercept network traffic; also called session hijacking

Masquerading/impersonation

Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user.

Password cracking

Penetrating system defenses, stealing passwords, and decrypting them to access system programs, files, and data.

Podslurping

Using a small device with storage capacity (iPod, Flash Drive) to download unauthorized data from a computer

Posing

Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering items sold.

Pretexting

Acting under false pretenses to gain confidential information.

Rootkit

Software that conceals processes, files, network connections and system data from the operating system and other programs.

Ransomware

Software that encrypts programs and data untill a ransom is paid to remove it.

Scareware

Malicious software of no benefit that is sold using scare tactics

Shoulder surfing

Watching or listening to people enter or disclose confidential data.

Skimming

Double-swiping a credit card or covertly swiping it in a card readers that records that data for later use.

SMS spoofing

Using short message service (SMS) to change the name or number a text message appears to come form.

Software piracy

Unauthorized copying or distribution of copyrighted software.

Splog

A spam blog that promotes Web sites to increase their Google PageRank (how often a Web page is referenced by other pages).

Spyware

Software that monitors computing habits and sends the data to someone else, often without the user's permission.

SQL injection attack

Inserting a malicious SQL query in input in such a way that is passed to and executed by an application program

Steganography

Hiding data from one file inside a host file, such as a large image or sound file.

Tabnapping

Secretly changing an already open browser tab using JavaScript.

Trojan horse

Unauthorized code in an authorized and properly functioning program.

Typosquatting/URL hijacking

Websites with names similar to real Web sites; users making typographical errors are sent to a site filled with malware.

Vishing

Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to divulge confidential data

War dialing

Dialing phone lines to find idle modems to use to enter a system, capture the attached computer, and gain access to its network(s).

War driving/rocketing

Looking for unprotected wireless networks using a car or a rocket

Web-page spoofing

Also called phishing

Zero-day attack

Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set