414 Ch 5
Data that web sites store on your computer to identify their web sites to your computer and to identify you to the web site so you don't have to log on each time you visit the site.
Intent to destroy or harm a system or some of its components.
Gaining an unfair advantage over another person.
Misappropriation of Assets
"Employee fraud, or the theft of company assets."
Fraudulent Financial Reporting
"Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements."
A person's incentive or motivation for committing fraud.
"The condition or situation that allows a person or organization to: commit fraud, conceal fraud, and convert the fraud to personal gain."
"When a perpetrator steals the cash or check that is sent in by one customer, then covers it with funds from the next payment received, etc."
Check Kiting Scheme
A perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank.
"Any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution."
Gaining control of someone else's computer to carry out illicit activities without the user's knowledge.
"When an attacker sends a recipient so many email bombs, or so many requests for a web page that the destination server crashes."
"E-mailing or text messaging the same unsolicited message to many people at the same time, often to try to sell something."
Using special software to guess addresses.
Making an email look as if someone else sent it.
An attack between the time a new vulnerability is discovered and the software developers and security vendors release a patch.
"Penetrating a system's defenses, stealing the file containing valid passwords, dectypting them, and using them to gain access."
Masquerading or Impersonation
Gaining access to the system by pretending to be an authorized user.
"Changing data before, during, or after it is entered into the system to delete, alter, add, or incorrectly update key system data."
The unauthorized copying of company data.
"Stealing money a slice at a time from many accounts, which are deposited into a single dummy account."
All interest calculations are truncated at two decimal places and excess decimals put into an account that the perpetrator controls.
Attacking phone systems to obtain free phone line access.
"The theft of information, trade secrets, and intellectual property."
Threatening to harm a company if it does not pay a specified amount of money.
When hackers use the internet to disrupt electronic commerce and to destroy company and individual communications.
Using the internet to spread false or misleading information about people or companies.
Intentionally clicking on ads numerous times to inflate advertising bills.
Copying software without the publisher's permission.
"Techniques used to obtain confidential information, often by tricking people."
"Assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information, such as a Social Security, bank account, or credit card number."
Acting under false pretenses to gain confidential information.
"Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering a product."
"Sending an email, instant message, or text message pretending to be a legitimate company and requesting information."
"Voice phishing, or phishing involving calling a phone number."
Stolen credit card numbers that are bought and sold.
"Redirecting a site's traffic to a bogus web site, usually to gain access to personal and confidential information."
When a hacker sets up a wireless network witht he same name as the wireless access point at a local hot spot to monitor its traffic.
URL hijacking - setting up web sites with names very similar to real web sites so that typos in URLs will result in reaching a different site - often with fraudulent intentions.
Scavenging or Dumpster Diving
Gaining access to confidential information by searching corporate or personal records.
Watching or listening to people give out confidential information.
"Double-swiping a credit card in a legitimate terminal or swiping a card in a small, hidden card reader that records credit card data for later use."
Posing as a service engineer and planting a small chip in a legitimate credit card reader.
Observing private communications or transmissions of data.
Any software that can be used to do harm.
Secretly collects personal information about users and sends it to someone else without the user's permission.
A type of spyware that causes banner ads to pop up as a user surfs the net.
Software that destroys competing malware.
"Records computer activity, such as a user's keystrokes, emails, sites visited, and chat session. "
A set of malicious computer instructions in an authorized and otherwise properly functioning program.
Time Bombs & Logic Bombs
Trojan horses that lie idle until triggered by a specified time or circumstance.
A way into a system that bypasses normal system controls.
Programs that capture data from information packets as they travel over the internet or company networks.
Hides data from one file inside a host file.
"Software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system."
"The unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail."
"A segment of self-replicating, executable code that attaches itself to a file or program."
"Stealing contact lists, images, and other data from other devices using Bluetooth."
"Taking control of someone else's phone to make calls or send text messages, or to monitor communications. "
"Self-replicating computer program similar to a virus except that it is stand-alone, doesn't require a user input to replicate, and it harms networks (usually by consuming bandwidth)."
alter or falsify computer input. Requires little skill