Computer Fraud and Abuse Techniques
Chapter 6

Copyright © 2015 Pearson Education, Inc.

6-1


Learning Objectives

•

Compare and contrast computer attack and abuse tactics.

•

Explain how social engineering techniques are used to gain physical or logical access
to computer resources.

•

Describe the different types of malware used to harm computers.

Copyright © 2015 Pearson Education, Inc.

6-2


Types of Attacks

•

Hacking

▫

Hijacking

▫

Botnet (robot network)








Gaining control of a computer to carry out illicit activities
Zombies
Bot herders
Denial of Service (DoS) Attack
Spamming
Spoofing



Makes the communication look as if someone else sent it so as to gain confidential information.

Copyright © 2015 Pearson Education, Inc.


Cross-site scripting (XSS)

•

Buffer overflow attack

•

SQL injection (insertion) attack

▫
▫
▫

Uses vulnerability of Web application that allows the Web site to get injected with
malicious code. When a user visits the Web site, that malicious code is able to collect
data from the user.
Large amount of data sent to overflow the input memory (buffer) of a program causing
it to crash and replaced with attacker’s program instructions.
Malicious code inserted in place of a query to get to the database information

Copyright © 2015 Pearson Education, Inc.

6-6


Other Types of Hacking

•


•

Salami technique:

▫

Taking small amounts at a time



•

Economic espionage

▫

•

Round-down fraud

Theft of information, intellectual property and trade secrets

Cyber-extortion

▫

Threats to a person or business online through e-mail or text messages unless money
is paid

Copyright © 2015 Pearson Education, Inc.

Identity theft

•

Pretexting

•
•
•

▫
▫

Using a scenario to trick victims to divulge
information or to gain access
Creating a fake business to get sensitive
information

Phishing

▫

URL hijacking

•

Scavenging

•



Snooping (either close behind the person) or using
technology to snoop and get confidential
information



Double swiping credit card

Eeavesdropping

Pharming

▫

Redirects Web site to a spoofed Web site

Copyright © 2015 Pearson Education, Inc.

6-10


Why People Fall Victim

•

Compassion

•


▫

More cooperative with those that are flirtatious or good looking

▫

Lazy habits

▫

Will cooperate if trust is gained

▫

Cooperation occurs when there is a sense of immediate need

▫

More cooperation when appeal to vanity

Copyright © 2015 Pearson Education, Inc.

6-11


Minimize the Threat of Social Engineering

•
•
•


▫

Secretly monitors and collects information

Keylogger

▫

•

normal system controls

•

Packet sniffer

▫

•

Software that records user keystrokes

▫

so it can replicate itself

•

Worm

Bluesnarfing

▫

•

Stealing contact lists, data, pictures on bluetooth compatible smartphones

Bluebugging

▫

Taking control of a phone to make or listen to calls, send or read text messages

Copyright © 2015 Pearson Education, Inc.

6-14


Key Terms
•
•
•
•
•
•
•
•
•
•

Address Resolution Protocol (ARP) spoofing
SMS spoofing
Web-page spoofing
DNS spoofing
Zero day attack
Patch
Cross-site scripting (XSS)
Buffer overflow attack
SQL injection (insertion) attack
Man-in-the-middle (MITM) attack
Masquerading/impersonation
Piggybacking

Caller ID spoofing
IP address spoofing
MAC address

Copyright © 2015 Pearson Education, Inc.

6-15


Key Terms (continued)
•
•
•
•
•
•
•

•
•
•
•
•

Internet terrorism
Internet misinformation
E-mail threats
Internet auction fraud
Internet pump-and-dump fraud
Click fraud
Web cramming
Software piracy
Social engineering
Identity theft
Pretexting
Posing
Phishing
vishing

Cyber-bullying
Sexting

Copyright © 2015 Pearson Education, Inc.

6-16


Key Terms (continued)

Copyright © 2015 Pearson Education, Inc.

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

Adware
Torpedo software
Scareware
Ransomware
Keylogger
Trojan horse
Time bomb/logic bomb
Trap door/back door
Packet sniffers
Steganography program
Rootkit