AIS Chapter 6 Computer Fraud and Abuse Techniques
FHSU AIS class.
software that collects and forwards data to advertising companies or causes banner ads to pop up as the Internet is surfed
Verifying credit card validity; buying and selling stolen credit cards.
changing data before, during, or after it is entered into the system
unauthorized copying of company data
An attack designed to make computer resources unavailable to its users
using software to guess company addresses, send employees blank e-mails, and add unreturned messages to spammer e-mail lists
listening to private voice or data transmissions
theft of information, trade secrets and intellectual property
making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source
unauthorized access, modification or use of computer system, usually by means of a PC and a communications network.
gaining control of someone else's computer for illicit activities
using spyware to record a user's keystrokes
logic bombs and time bombs
software that sits idle until a specified circumstances or time triggers it, destroying programs, data or both
software that can be used to do harm
inspecting information packets as they travel the Internet and other networks
communications that request recipients to disclose confidential information by responding to an e-mail or visiting a website
attacking phone systems to get free phone access; using phone lines to transmit viruses and to access, steal and destroy data
clandestine use of someone's wi-fi network
tapping into a communications line and entering a system by latching onto a legitimate user
bypassing physical security controls by entering a secure door when an authorized person opens it
truncating interest calculations at two decimal places and placing truncated amounts in the perpetrator's account
stealing tiny slices of money over time
scavenging / dumpster diving
searching for confidential information by searching for documents and records in garbage cans, communal trash bins and city dumps
exchanging explicit text messages and pictures
watching or listening to people enter or disclose confidential data
techniques that trick a person into disclosing confidential information
e-mailing an unsolicited message to many people at the same time
software that monitors computing habits and sends that data to someone else, often without the user's permission
making electronic communications look like someone else sent it
using special software to bypass system controls and perform illegal acts
a back door into a system that bypasses normal system controls
executable code that attaches itself to software, replaces itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays messages.
Similar to a virus; a program rather than a code segment hidden in a host program. Actively transmits itself to other systems. It usually does not live long but is quite destructive while alive.
Address Resolution Protocol (ARP) spoofing
Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network hots's hardware address when only its IP or network address is known.
Taking control of someone else's phone to make calls, send texts, listen to phone calls or read their texts.
Stealing contact lists, images, and other data from other devices using Bluetooth.
Botnet, bot herders
a network of hijacked computers. Bot herders use these hijacked computers, called zombies, in a variety of Internet attacks.
Buffer overflow attack
Inputting so much data that the input buffer overflows. The overflow contains code that takes control of the computer
Caller ID spoofing
Displaying and incorrect number on the recipient's caller ID display to hide the identity of the caller.
Planting a chip that records transaction data in a legitimate credit card reader.
Cross-site scripting (XSS) attack
Exploits Web page security vulnerabilities to bypass browser security mechanisms and create malicious link that injects unwanted code into a website.
Using computer technology to harm another person
Requiring a company to pay money to keep an extortionist from harming a computer or person.
Sniffing the ID of a Domain Name System (server that converts a Web site name to an IP address) request and replying before the real DNS server.
Sending a threatening message asking recipients to do something makes it possible to defraud them.
A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.
IP address spoofing
Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system.
Assuming someone's identity by illegally obtaining confidential information such as Social Security number
Internet auction fraud
Using an Internet auction site to commit fraud
Using the Internet to spread false or misleading information.
Using the Internet to disrupt communication and ecommerce.
Internet pump-and-dump fraud
Using the Internet to pump up the prices of a stock and then sell it.
Inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help the victim as a means to discover his or her PIN, and then using the card and PIN to drain the account.
Man-in-the-middle (MITM) attack
A hacker placing him self between a client and a host to intercept network traffic; also called session hijacking
Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user.
Penetrating system defenses, stealing passwords, and decrypting them to access system programs, files, and data.
Using a small device with storage capacity (iPod, Flash Drive) to download unauthorized data from a computer
Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering items sold.
Acting under false pretenses to gain confidential information.
Software that conceals processes, files, network connections and system data from the operating system and other programs.
Software that encrypts programs and data untill a ransom is paid to remove it.
Malicious software of no benefit that is sold using scare tactics
Watching or listening to people enter or disclose confidential data.
Double-swiping a credit card or covertly swiping it in a card readers that records that data for later use.
Using short message service (SMS) to change the name or number a text message appears to come form.
Unauthorized copying or distribution of copyrighted software.
A spam blog that promotes Web sites to increase their Google PageRank (how often a Web page is referenced by other pages).
Software that monitors computing habits and sends the data to someone else, often without the user's permission.
SQL injection attack
Inserting a malicious SQL query in input in such a way that is passed to and executed by an application program
Hiding data from one file inside a host file, such as a large image or sound file.
Unauthorized code in an authorized and properly functioning program.
Websites with names similar to real Web sites; users making typographical errors are sent to a site filled with malware.
Voice phishing, in which e-mail recipients are asked to call a phone number that asks them to divulge confidential data
Dialing phone lines to find idle modems to use to enter a system, capture the attached computer, and gain access to its network(s).
Looking for unprotected wireless networks using a car or a rocket
Also called phishing
Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.