Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 6: Computer Fraud & Abuse Techniques - Coggle Diagram
Chapter 6:
Computer Fraud & Abuse Techniques
Computer Attacks & Abuse
Hacking
- unauthorized access, modification, or use of electronic device or some element of a computer system
hijacking
- gaining control of someone else's computer to carry out illicit activities, such as sending spam without computer user's knowledge
zombie
- a hijacked computer, typically part of botnet, that is used to launch a variety of internet attacks
denial-of-service (DoS) attack
- the attacker sends so many e-mail bombs sends so many email bombs or web page requests, often from randomly generated false addresses, that the internet service provider's email server or the web server is overloaded and shuts down
dictionary attack
- using special software to guess company email addresses and send them blank email messages. Unreturned messages are usually valid email addresses that can be added to spammer email lists
spoofing
- altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the reciepent
caller ID spoofing
- displaying an incorrect number on the recipient's caller ID display to hide the caller's identity
email spoofing
- making a sender address and other parts of an email header appear as though the email originated from a different source
1 more item...
botnet
- a network of powerful and dangerous hijacked computers that are used to attack system or to spread malware
bot herder
- the person who creates a botnet by installing software on PCs that responds to the bot header's electronic instructions
spamming
- simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
splog
- spam blogs created to increase a website's Google PageRank, which is how often a web page is reference by other web pages
MAC address
- A Media Access Control address is a hardware address that uniquely identifies each node on a network
zero-day attack
- an attack between the time a new software vulnerability is discovered and "released into the wild" and the time a software developer releases a patch to fix the problem
patch
- code released by software developers that fixes a particular software vulnerability
1 more item...
Social Engineering
meaning
- the techniques or psychological tricks used to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data
human traits to entice a person
compassion
greed
sex appeal
sloth
trust
urgency
vanity
ways to minimize social engineering
never let people follow you into restricted building
never log in for someone else on a computer, especially if you have administrative access
never give sensitive information over the phone or through e-mail
never share passwords or user IDs
be cautious of anyone you do not know who is trying to gain access through you
identity theft
- assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as Social Security number or a bank account or a credit card number
pretexting
- using an invented scenario (the pretext) that creates legitimacy in the target's mind in order to increase the likelihood that a victim will divulge information or do something
skimming
- double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, hand-held card reader that records credit card data for later use
chipping
- planting a small chip that records transaction data in a legitimate credit card reader. The chip is later removed or electronically accessed to retrieve the data recorded on it
eavesdropping
- listening to private communications or tapping into data transmissions intended for someone else. One way to intercept signals is by setting up a wiretap
phising
- sending an electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of a consequence if it is not provided. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim's account
posing
creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the product
vishing
- voice phishing; it is like phishing except that the victim enters confidential data by phone
carding
- activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers
pharming
- redirecting website traffic to a spoofed website
evil twin
- a wireless network with the same name (Service Set Identifier) as a legitimate wireless access point. Users are connected to the twin because it has a stronger wireless signal or the twin disrupts or disables the legitimate access point. Users are unaware that they connect to the evil twin and the perpetrator monitors the traffic looking for confidential information
typosquatting/URL hijacking
- setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site
QR barcode replacements
- fraudsters cover valid Quick Response codes with stickers containing a replacement QR code to fool people into going to an unintended site that infects their phones with malware
tabnapping
secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back into the site
scavenging / dumpster diving
- searching documents and records to gain access to confidential information. Scavenging methods include searching garbage cans, communal trash bins, and city dumps
shoulder surfing
- when perpetrators look over a person's shoulder in a public place to get information such as ATM PIN numbers or user IDs and passwords
lebanese looping
- inserting a sleeve into a ATM that prevents it from ejecting the card. The perpetrator pretends to help the victim, tricking the person into entering the PIN again. Once the victim gives up, the thief removes the card and uses it and the PIN to withdraw money
Malware
meaning
- any software that is used to do harm
spyware
- software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user's permission
causes
download such as file-sharing programs, system utilities, games, wallpaper, screen savers, music and videos
websites that secretly download spyware, called drive-by downloading
hacker using security holes in web browsers and other software
malware masquerading as antispyware security software
worm or virus
public wireless network
adware
- spyware that causes banner ads to pup up on a monitor, collects information about the user's web-surfing and spending habits, and forwards it to the adware creator, often an advertising or media organization.
-comes bundled with freeware and shareware downloaded from the internet
torpedo software
- software that destroys competing malware
-results in "malware warfare" between competing malware developers
scareware
- malicious software of not benefit that is sold scare tactics
ransomware
- software that encrypts program and data until a ransom is paid to remove it
keylogger
- software that records computer activity, such as a user's keystrokes, email sent and received, website visited and chat session participation
trojan horse
- a set of unauthorized computer instructions in an authorized and otherwise properly functioning program
time/logic bomb
- a program that lies idle until some specified circumstances or a particular time triggers it. once triggered, the program sabotages the system by destroying programs and data
1 more item...