Please enable JavaScript.
Coggle requires JavaScript to display documents.
COMPUTER FRAUD & ABUSE TECHNIQUES - Coggle Diagram
COMPUTER FRAUD & ABUSE TECHNIQUES
SOCIAL ENGINEERING
The techniques or psychological tricks used to get people to comply w/ the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network. it it usually to get the information needed to obtain confidential data.
Identity Theft
Assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as a Social Security no or a bank account or credit card no.
Pretexting
Using an invented scenario (the pretext) that creates legitimacy in the target's mind in order to increase the likelihood that a victim will divulge information or do something.
Posing
Creating a seemingly legitimate business, collecting personal information while making a sale, & never delivering the product.
Phishing
Sending an electronic message pretending to be a legitimate company, usually a financial institution, & requesting information or verification of information & often warning of a consequence if it is not provided. The request is bogus, & the information gathered is used to commit identity theft or to steal funds from the victim's account.
Vishing
Voice phishing, it is like phishing except the victim enters confidential data by phone.
Carding
Activities performed on a stolen credit card, including making a small online purchase to determine whether the card is still valid & buying & selling stolen credit card numbers.
Pharming
Redirecting website traffic to a spoofed website.
Evil Twin
A wireless network with same name (Service Set Identifier) as a legitimate wireless access point. Users are connected to the twin because it has stronger wireless signal or the twin disrupt or disables the legitimate access point. User are unaware that they connected to the evil twin & the perpetrator monitors the traffic looking for confidential information.
Typosquatting/URL Hijacking
Setting up similarly name websites so that users making typographical errors when entering a website name are send to an invalid site.
Scavenging/Dumpster Diving
Searching documents & records to gain access to confidential information. Scavenging methods include searching garbage can, communal trash bin, & city dumps.
Shoulder Surfing
When perpetrator look over a person's shoulder in public place to get information such as ATM PIN no or user IDs & password.
Lebanese Looping
Inserting a sleeve into an ATM that prevents it from ejecting the card. the perpetrator pretends to help the victim, tricking the person into entering the PIN again. Once the victim give up, the thief removes the card & uses it & the PIN w/draw money.
Skimming
Double-swiping a credit card in legitimate terminals or covertly swiping a credit card in a small, hidden, hand-held card card reader that records, credit card data for later use.
Chipping
Plantinga small chip that records transaction data in a legitimate credit card reader. The chip is later removed or electronically accessed to retrieve the data recorded on it.
Eavesdrpping
Listening to private communication or tapping into data transmissions intended for someone else. One way to intercept the signals is by setting up a wiretap.
MALWARE
(Definition) Any software that is used to do harm
Spyware
Software that secretly monitors computer usage, collects personal information about users, & sends it to someone else, often w/o the computer user's permission.
Adware
Spyware that causes banner ads to pop up on a monitor, collects information about user's web-surfing & spending habits, & forwards it to the adware creator, often an advertising or media organization. Adware usually comes bundled w/ freeware & shareware downloaded from the internet.
Torpedo Software
Software that destroys competing malware. This sometimes results in "malware warfare" between competing malware developers.
Scareware
Malicious software of no benefit that is sold using scare tactics.
Cyber-Extortion
Threatening to harm a company or a person if a specified amount of money not paid.
Ransomware
Software that encrypts programs & data until a ransom is paid to remove it.
Keylogger
Software that records computer activities, such as a user's keystrokes, e-mail sent & received, websites visited, & chat session participation.
Trojan Horse
A set of unauthorized computer instructions in an authorized & otherwise properly functioning program.
Time Bomb/Logic Bomb
A program that lies idle until some specified circumstance or a particular time triggers it, Once triggered, the program sabotages the system by destroying programs or data.
Trap Door/Back Door
A set of computer instructions that allows a user to bypass the system's normal controls.
Packet Sniffers
Programs that capture data from information packets as they travel over the internet or company networks Capture data is sifted to find confidential or proprietary information.
Steganography Program
A program that can merge confidential information with a seemingly harmless file, password protect the file, & send it anywhere in the world, where the file is unlocked & the confidential information resembles. The host file can still be heard & viewed because humans are not sensitive enough to pick up the slight decrease in image or sound quality.
Rootkit
A means of concealing system components & malware from the operating system & other programs, can also modify the operating system.
Virus
A segment of executable code that attaches itself to a file, program, or some other executable system component. When the hidden program is triggered, it makes unauthorized alterations to the way a system operates.
Worm
Similar to virus, except that it is a program rather than a code segment hidden in a host program. A worm also copies itself automatically & actively transmits itself directly to other system.
Bluesnarfing
Stealing (snarfing) contact list, images, & other data using flaws in Bluetooth applications.
Bluebugging
Taking control of someone else's phone to make or listen to calls, send or read text massages, connect to the internet, forward the victim's calls, & call the no that charge fees.
Computer Attacks & Abuse
Piggybacking
Tapping into a communications line & electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system.
The clandestine use of a neighbor's WI-FI network.
An unauthorized person following an authorized person through a secure door, bypassing physical security controls.
Click Fraud
Manipulating the no of times an ad is clicked on to inflate advertising bills.
Software Piracy
The unauthorized copying or distribution of copyrighted software.
Cryptocurrency Fraud
Defrauding investors in a variety of cryptocurrency-related fraud scheme, such as fake initial coin offerings & fake exchanges & wallets.
Internet Pump-And-Dump Fraud
Using the internet to pump up the price of a stock & then sell it
Internet Auction Fraud
Using an internet auction site to defraud another person
E-mail Threats
Threat sent to victims by e-mail. the threats usually require some follow-up action, often at great expense to the victim
Cross-Site Scripting (XSS)
A vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanism & instruct the victim's browser to execute code, thinking it came from the desired websites
Vulnerabilities
- (Definition) Software programs flaws that a hacker can exploit to take either crash a system or take control of it
Spamming
simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
Denial-of-Service (DoS) attack
A computer attack in which the attacker sends so many e-mail bombs or web page requests, often from randomly generated false addresses, that the internet service provider's e-mail server or the webserver is overloaded & shuts down.
SQL Injection (Insertion) Attack
Inserting a malicious SQL query in input such that it is passed to & executed by an application program. this allows a hacker to convince the application to run SQL code that it was not intended to execute
Sexting
Exchanging sexually explicit text massage & revealing pictures w/ people, usually by means of a phone
Hijacking
Gaining control of someone else's computer to carry out illicit activities, such as sending spam w/h the computer user's knowledge.
Botnet
A network of powerful & dangerous hijacked computers that are used to attack systems/spread malware.
Zombies
- Hijacked computers, typically part of a botnet, that is used to launch a variety of internet attacks.
Bot Herder
- The person who creates a botnet by installing software on PCs that responds to the bot herder's electronic instructions.
Bot Herder
- The person who creates a botnet by installing software on PCs that responds to the bot herder's electronic instructions.
Dictionary Attack
Software that generates user ID & password guesses using a dictionary of possible user ID & password to reduce the no of guesses required
Economic Espionage
Theft of information, trade secret, & intellectual property.
Salami Technique
Stealing tiny slices of money from many different accounts
Round-Down Fraud
Instructing the computer to round down all interest calculations to 2 decimal places. The fraction of a cent rounded down on each calculation is put into the programmer's account.
Buffer Overflow Attack
When the amount of data entered into a program is greater than the amount of the input buffer. the input overflow overwrites the next computer instruction, causing the system to crash. Hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. this code could open a back door into the system.
Cyber-Bullying
Using computer technology to support deliberate, repeated, & hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or harms another person.
Internet Misinformation
Using the internet to spread false or misleading information
Bruce Force Attack
trial-and-error method that uses software to guess information, such as the user ID & the password, needed to gain access to a system.
Podslurping
Using a small device w/ storage capacity (iPod, flash drive) to download unauthorized data from a computer
Password Cracking
Recovering password by trying every possible combination of upper-and-lower-case letters, numbers, and characters and comparing them to a cryptographic hash of the password
Zero-Day Attack
An attack between the time a new software vulnerability is discovered & "released into the wild" & the time a software developer releases a patch to fix the problem
Patch
- Code released by software developers that fixes a particular software vulnerability
Phreaking
Attacking phone systems to obtain free phone line access, use phone lines to transmit malware, & to access, steal, & destroy data
War Dialing
Programming a computer to dial thousands of phone lines searching for dial-up modem lines. Hackers hack into the PC attached to the modem & access the network to which it is connected
War Driving
Driving around looking for an unprotected home or corporate wireless networks
Man-In-The-Middle (MITM) Attack
A hacker placing himself between a client & a host to intercept communications between them
Masquerading/Impersonation
Gaining access to a system by pretending to be an authorized user. this required that the perpetrator know the legitimate user's ID & password
Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer system.
6 steps criminal use to attack information systems
Conduct Reconnaissance
Learn as much as possible about the target & Identify potential vulnerabilities (study & collect information)
Attempt Social Engineering
(use the information from no 1 to gain access) An unsuspecting employee who plugs the USB that gives the attacker access to the system
Scan & Map The Target
(If no 2 unsuccessful) Use a variety of automated tools & types of software that can identify computers & remotely accessed it
Research
Learn how to take advantage of the target after identifying specific software
Execute The Attack
The attacker takes advantage of vulnerabilities to obtain unauthorized access to the information
Cover Tracks
After penetrating, the attacker covers & creates a "back door" to know if they initially have been discovering and also control it.
Spoofing
(Definition) Altering some part of electronic communication to make it look as if someone else sent the communication to gain the trust of the recipient.
E-mail Spoofing
- Making a sender address & other parts of an e-mail header appear as though the e-mail originated from a different source.
caller ID Spoofing
- Displaying an incorrect no on the recipient's caller ID display to hide the called's identity.
IP Address Spoofing
- Creating Internet Protocol packets w/ a forged IP address to hide the sender's identity or to impersonate another computer system.
SMS Spoofing
- Using short message service (SMS) to change the name or no a text message appears to come from
Web-Page Spoofing