Please enable JavaScript.
Coggle requires JavaScript to display documents.
Computer Fraud and Abuse Techniques - Coggle Diagram
Computer Fraud and Abuse Techniques
Introduction
Cyber criminals have devised an ever-increasing number of ways to commit computer fraud and abuse
Computer Attacks and Abuse
Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer system
Hijacking
Gaining control of someone else's computer to carry out illicit activities, such as sending spam without the computer user's knowledge
Botnet
A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware
Zombie
A hijacked computer, typically part of botnet, that is used to launch a variety of Internet attacks
Bot Herder
The person who creates a botnet by installing software on PCs that responds to the bot herder's electronic instruction
Denial-of-Service (DoS) attack
Computer attack in which the attacker sends so many e-mail bombs or web page requests, often from randomly generated false addresses, that the Internet service provider's e-mail server or the web server is overloaded and shuts down
Spamming
Simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
Dictionary Attack
Using special software to guess company e-mail addresses and send them blank e-mail messages
Splog
Spam blogs created to increase a website's Google PageRank, which is how often a web page is referenced by other web pages
Spoofing
Altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient
E-mail spoofing
Making a sender address and other parts of an e-mail header appear as though the e-mail originated from a different source
Caller ID Spoofing
Displaying an incorrect number on the recipient's caller ID display to hide the caller's identity
IP Address Spoofing
Creating Internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system
Address Resolution Protocol (ARP) Spoofing
Sending fake ARP messages to an Ethernet LAN.
MAC Adress
A Media Access Control address is a hardware address that uniquely identifies each node on a network
SMS Spoofing
Using short message service (SMS) to change the name or number a text message appears to come from
Web-page Spoofing
See phising
DNS Spoofing
Sniffing the ID of a Domain Name System request and replying before the real DNS server
Zero-day Attack
An attack between the time a new software vulnerability is discovered and "released into the wild" and the time a software developer releases a patch to fix the problem
Patch
Code released by software developers that fixes a particular software vulnarability
Cross-site scripting (XSS)
A vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanisms and instruct the victim's browser execute code, thinking it came from the desired website
Buffer Overflow Attack
When the amount of data entered into a program is greater than the amount of the input buffer
SQL injection (insertion) attack
Inserting a malicious SQL query in input such that it is passed to and executed by an application program
man-in-the-middle (MITM) attack
A hacker placing himself between a client and a host to intercept communications between them
Masquerading or impersonation
Gaining access to a system by pretending to be an authorized user
Piggybacking
The clandestine use of a neighbor's Wi-Fi network
Password Cracking
When an intruder penetrates a system's defenses.
War Dialing
Programming a computer to dial thousands of phone lines searching for dial-up modem lines
War driving
Driving around looking for unprotected home or corporate wireless networks
War rocketing
Using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless networks
Phreaking
Attacking phone systems to obtain free phone line access
Data diddling
Changing data before or during entry into a computer system in order to delete, alter, add or incorrectly update key system data
Data leakage
The unauthorized copying of company data, often without leaving any indication that it was copied
Podslurping
Using a small device with storage capacity to download unauthorized data from a computer
Salami technique
Stealing tiny slices of money from many different accounts
Round-down fraud
Instructing the computer to round down all interest calculation to two decimal places
Economic espionage
Theft of information, trade secrets, and intellectual property
Cyber-extortion
Threatening to harm a company or a person if a specified amount of money is not paid
Cyber-bullying
Using computer technology to support deliberate, repeated and hostile behavior that torments, threatens, harasses, humiliates, embarrasses or otherwise harms another person
Sexting
Exchanging sexually explicit text messages and revealing pictures with other people, usually by means of a phone
Internet terrorism
Using the internet to disrupt electronic commerce and harm computers and communications
Internet misinformation
Using the internet to spread false or misleading information
E-mail threats
Threats sent to victims by e-mail
Internet auction fraud
Using an internet auction to defraud another person
Internet pump-and-dump fraud
Using the internet to pump up the price of a stock and then sell it
Click fraud
Manipulating the number of times an ad is clicked on to inflate advertising bills
Web cramming
Offering a free website for a month, developing a worthless website and charging the phone bill of the people who accept the offer for months, whether they want to continue using the website or not
Software piracy
The unauthorized copying or distribution of copyrighted software
Social Engineering
The techniques or psychological tricks used to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server or network
Compassion
Greed
Sex Appeal
Sloth
Trust
Urgency
Vanity
Identity theft
Assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as a Social Security number or a bank account or credit number
Pretexting
Using an invented scenario that creates legitimacy in the target's mind in order to increase the likelihood that a victim will divulge information or do something
Posing
Creating a seemingly legitimate business, collecting personal information while making a sale and never delivering the product
Phising
Sending an electronic message pretending to be a legitimate company, using a financial institution and requesting information or verification of information and often warning of a consequence if it is not provided
Vishing
It is like phishing except that the victim enters confidential data by phone
Carding
Activities performed on stolen credit card, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers
Pharming
Redirecting website traffic to a spoofed website
Evil twin
A wireless network with the same name as a legitimate wireless access point
URL Hijacking
Setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site
QR barcode replacements
Fraudsters cover valid Quick Response codes with stickers containing a replacement QR code to fool people into going to an unintended site that infects their phones with malware
Tabnapping
Secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back into the site
Scavenging
Searching documents and records gain to access to confidential information
Shoulder surfing
when perpetrators look over a person's shoulders in a public place to get information such as ATM Pin numbers or user IDs and passwords
Lebanese looping
Inserting a sleeve into an ATM that prevents it from ejecting the card
Skimming
Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use
Chipping
Planting a small chip that records transaction data in a legitimate credit card reader
Eavesdropping
Listening to private communications or tapping into data transmissions intended for someone else
Malware
Any software that is used to do harm
Spyware
Software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user's permission
Adware
Spyware that causes banner ads to pop up on a monitor, collects information about the user's web-surfing and spending habits and forwards it to the adware creator, often an advertising or media organization
Torpedo software
Software that destroys competing malware
Scareware
Malicious software of no benefit that is sold using scare tactics
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it
Keylogger
Software that records computer activity, such as a user's keystrokes e-mails sent and received, websites visited and cheat session participation
Trojan horse
A set of unauthorized computer instructions in an authorized and otherwise properly functioning program
Tiger bombs and logic bombs
A program that lies idle until some specified circumstance or a particular time triggers it
A trap door/back door
A set of computer instructions that allows a user to bypass the system 's normal controls
Packet sniffers
Programs that capture data from information packets as they travel over the Internet or company networks
Steganography programs
A program that can merge confidential information with a seemingly harmless file, password protect the file, and send it anywhere in the world, where the file is unlocked and the confidential information is reassembled
Rooktit
A means of concealing system components and malware from the operating system and other programs
Superzapping
The unauthorized use of a special system program to bypass regular system controls and perform illegal acts
Virus
A segment of executable code that attaches itself to a file, program or some other executable system component
Worm
Similar to a virus, except that it is a program rather than a code segment hidden in a host program
Bluesnarfing
Stealing contact lists, images and other data using flaws in Bluetooth applications
Bluebugging
Taking control of someone else's phone to make or listen to calls, send or read text messages, connect to the Internet, forward the victim's calls, and call numbers that charge fees