62 terms

414 Ch 5

Data that web sites store on your computer to identify their web sites to your computer and to identify you to the web site so you don't have to log on each time you visit the site.
Intent to destroy or harm a system or some of its components.
Gaining an unfair advantage over another person.
White-collar Criminals
Fraud perpetrators.
Misappropriation of Assets
"Employee fraud, or the theft of company assets."
Fraudulent Financial Reporting
"Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements."
A person's incentive or motivation for committing fraud.
"The condition or situation that allows a person or organization to: commit fraud, conceal fraud, and convert the fraud to personal gain."
Lapping Scheme
"When a perpetrator steals the cash or check that is sent in by one customer, then covers it with funds from the next payment received, etc."
Check Kiting Scheme
A perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank.
Computer Fraud
"Any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution."
Gaining control of someone else's computer to carry out illicit activities without the user's knowledge.
Denial-of-service Attack
"When an attacker sends a recipient so many email bombs, or so many requests for a web page that the destination server crashes."
"E-mailing or text messaging the same unsolicited message to many people at the same time, often to try to sell something."
Dictionary Attacks
Using special software to guess addresses.
Making an email look as if someone else sent it.
Zero-day Attack
An attack between the time a new vulnerability is discovered and the software developers and security vendors release a patch.
Password Cracking
"Penetrating a system's defenses, stealing the file containing valid passwords, dectypting them, and using them to gain access."
Masquerading or Impersonation
Gaining access to the system by pretending to be an authorized user.
Data Diddling
"Changing data before, during, or after it is entered into the system to delete, alter, add, or incorrectly update key system data."
Data Leakage
The unauthorized copying of company data.
Salami Technique
"Stealing money a slice at a time from many accounts, which are deposited into a single dummy account."
Round-down Fraud
All interest calculations are truncated at two decimal places and excess decimals put into an account that the perpetrator controls.
Attacking phone systems to obtain free phone line access.
Economic Espionage
"The theft of information, trade secrets, and intellectual property."
Threatening to harm a company if it does not pay a specified amount of money.
Internet Terrorism
When hackers use the internet to disrupt electronic commerce and to destroy company and individual communications.
Internet Misinformation
Using the internet to spread false or misleading information about people or companies.
Click Fraud
Intentionally clicking on ads numerous times to inflate advertising bills.
Software Piracy
Copying software without the publisher's permission.
Social Engineering
"Techniques used to obtain confidential information, often by tricking people."
Identity Theft
"Assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information, such as a Social Security, bank account, or credit card number."
Acting under false pretenses to gain confidential information.
"Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering a product."
"Sending an email, instant message, or text message pretending to be a legitimate company and requesting information."
"Voice phishing, or phishing involving calling a phone number."
Stolen credit card numbers that are bought and sold.
"Redirecting a site's traffic to a bogus web site, usually to gain access to personal and confidential information."
Evil Twin
When a hacker sets up a wireless network witht he same name as the wireless access point at a local hot spot to monitor its traffic.
URL hijacking - setting up web sites with names very similar to real web sites so that typos in URLs will result in reaching a different site - often with fraudulent intentions.
Scavenging or Dumpster Diving
Gaining access to confidential information by searching corporate or personal records.
Shoulder Surfing
Watching or listening to people give out confidential information.
"Double-swiping a credit card in a legitimate terminal or swiping a card in a small, hidden card reader that records credit card data for later use."
Posing as a service engineer and planting a small chip in a legitimate credit card reader.
Observing private communications or transmissions of data.
Any software that can be used to do harm.
Secretly collects personal information about users and sends it to someone else without the user's permission.
A type of spyware that causes banner ads to pop up as a user surfs the net.
Torpedo Software
Software that destroys competing malware.
Key Logger
"Records computer activity, such as a user's keystrokes, emails, sites visited, and chat session. "
Trojan Horse
A set of malicious computer instructions in an authorized and otherwise properly functioning program.
Time Bombs & Logic Bombs
Trojan horses that lie idle until triggered by a specified time or circumstance.
Trap Door
A way into a system that bypasses normal system controls.
Packet Sniffers
Programs that capture data from information packets as they travel over the internet or company networks.
Steganography Program
Hides data from one file inside a host file.
"Software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system."
"The unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail."
"A segment of self-replicating, executable code that attaches itself to a file or program."
"Stealing contact lists, images, and other data from other devices using Bluetooth."
"Taking control of someone else's phone to make calls or send text messages, or to monitor communications. "
"Self-replicating computer program similar to a virus except that it is stand-alone, doesn't require a user input to replicate, and it harms networks (usually by consuming bandwidth)."
input fraud
alter or falsify computer input. Requires little skill