12/2/2009 COMPUTER FRAUD AND ABUSE TECHNIQUES Identity Theft Perpetrators have devised many methods to commit Privacy and Security computer fraud and abuse. These include: • AssumingDenial of servicesomeone’s attacks identity, typically for economic gain, by illegallyEavesdropping obtaining and using confidential information such as the person’sEmail threats social security number, bank account number, or credit card number. Email forgery (aka, spoofing) • Identity thieves benefit financially by: Hacking – Taking funds out of the victim’s bank account. Hijacking – Taking out mortgages or other loans under the victim’s identity. Identity theft – Taking out credit cards and running up large balances. • If the thief is careful and ensures that bills and notices are sent to an address he controls, the scheme may be prolonged until such time as the victim attempts to buy a home or car and finds out that his credit is destroyed. COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES Perpetrators have devised many methods to commit Perpetrators have devised many methods to commit computer fraud and abuse. These include: computer fraud and abuse. These include: • VictimsDenial canof service usually attacks clear their credit, but the effort requires a • TheDenial U.S. Departmentof service attacks of Justice suggests the following four significantEavesdropping amount of time and expense. ways Eavesdropping to minimize the chances of being victimized by identity theft: • IdentityEmail threats theft was made a federal offense in 1998, but it is a Email threats growingEmail forgery crime (aka,industry. spoofing) – EmailDo not forgery give out (aka, corporate spoofing )or personal information unless there is a good reason to trust the person to whom it is • OneHacking U.S. postal inspector, whose job duties involved investigation Hacking given. ofHijacking identity thefts, was himself a victim. The thief ran up $80,000 in Hijacking – Check financial information regularly for what should be debtIdentity under theft the postal inspector’s identity before the inspector Identity theft discovered the problem. there, as well as for what should not be there. – Periodically review your credit report. – Maintain careful records of banking and financial accounts. COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES Phishing Fraud • One newly graduated college student recently took a job in California • Sending out a spoofed email that appears to come from a legitimate and deposited his first paycheck of approximately $5,000 in the bank. Perpetratorscompany, such have as a devisedfinancial manyinstitution. methods EBay, to PayPal, commit and banks are • PerpetratorsThat same night, have he devisedreceived manyan email methods from the to bank, commit inviting him to computercommonly spoofed.fraud and abuse. These include: computerclick on the fraud link in andthe emailabuse. to setThese up online include: banking for his new bank • The Internet recipient misinformation is advised that information or a security check is needed account. Internet misinformation on hisInternet account, terrorism and advised to click on a link to the company’s website • He Internetfollowed terrorism directions and provided the requested information to set up to provideLogic time the bombs information. online Logic banking. time bombs • The Masquerading link connects or the impersonation individual to a website that is an imitation of the • Two Masquerading hours later, he or impersonationwas nervous and called the bank—only to find out spoofed company’s actual website. These counterfeit websites appear Packet sniffers that Packet his bank sniffers account had been cleaned out and closed. very authentic, as do the emails. Password cracking Password cracking Phishing Phishing 1 12/2/2009 • COMPUTERAs a rule of thumb, FRAUD it is a good AND idea notABUSE to click TECHNIQUESon any link provided in COMPUTER FRAUD AND ABUSE TECHNIQUES an email and to go directly to the website instead. • PayPal, whose email address is commonly spoofed for phishing scams, Perpetratorsoffers the following have advice: devised many methods to commit . PerpetratorsIn 2004, a phishing have- relateddevised scam many took methods place in toSouth commit America with computer– If PayPal fraud ever andsends abuse. you an These email, include: they will include your first and computerrespect to three fraud large and Southabuse. American These include:banks. Once an individual Internetlast name misinformation in the salutation of the email. opened Internet the misinformationrelated email, a script was downloaded on their computer. The script would alter the individual’s web browser so that if the user – InternetIf you need terrorism to enter PayPal’s website, type ―https:‖ in the URL entered Internet the terrorism URL of one of these three banks, the browser would redirect Logicinstead time of bombs ―http:‖ in order to enter on the company’s secured server. them Logic to a time counterfeit bombs website for that bank. The oblivious user would – MasqueradingIf you receive ora suspiciousimpersonation email, get out of your browser and go provide Masquerading ID and password or impersonation information, and was instantly set up for a Packetback in sniffers before proceeding directly to a company website. high Packet-tech sniffersrobbery of his bank account. Password cracking Password cracking Phishing Phishing COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES Logic time bombs Example of a website produced for a phishing scam. Masquerading or impersonation Packet sniffers Password cracking Phishing • Consumer Reports suggests that if you have any questions about the legitimacy of a website, you should try entering the wrong password. A phishing website will typically accept an incorrect password—which cues you that it is a phishing scam. • Usually comes bundled with COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD ANDfreeware ABUSE and TECHNIQUESshareware downloaded from the Internet. Spyware • May be disclosed in the licensing Perpetrators have devised many methods to commit Perpetrators have devised manyagreement, methods but to commitusers are unlikely computer fraud and abuse. These include: computer fraud and abuse. Theseto read include: it. • Software Social engineering that monitors computing habits, such as Social engineering • Reputable adware companies web Software-surfing piracy habits, and sends the data it gathers to Software piracy claim they don’t collect sensitive or identifying data. someone Spamming else, typically without the user’s Spamming permission. – But there is no way for users to Spyware Spyware – One type, called adware (for advertising- control or limit the activity. supported software) does two things: – It is not illegal, but many find it objectionable. • Causes banner ads to pop up on your monitor • Software has been developed to as you surf the net. detect and eliminate spyware, but • Collects information about your Web-surfing it may also impair the downloaded and spending habits and forwards it to a software. company gathering the data—often an – Some is intentionally difficult to advertising or large media organization. uninstall. 2 12/2/2009 COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES Perpetrators have devised many methods to commit Perpetrators have devised many methods to commit computer fraud and abuse. These include: computer fraud and• abuse.A set of These unauthorized include: computer Social engineering Social engineering instructions planted in an authorized and Software piracy otherwise properly functioning program. • Perpetrators trick employees into giving them information they need to get into the system. Spamming • Allows the creator to control the victim’s computer remotely. • A perpetrator might call an employee and indicate he is the Spyware systems administrator and needs to get the employee’s Keystroke loggers • The code does not try to replicate itself but performs an illegal act at some password. Superzapping specific time or when some condition Trap doors arises. Trojan horse • Programs that launch denial of service attacks are often Trojan horses. COMPUTER• Damage FRAUD may AND take many ABUSE forms: TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES – Send email with the victim’s name as the alleged source. Perpetrators have– Destroy devised or many alter datamethods or programs. to commit Perpetrators have devised many methods to commit computer fraud– andTake abuse. control These of the include:computer. computer fraud• andVirus abuse. symptoms: These include: Virus – Destroy or alter file allocation tables. Virus – Computer will not start or – Delete or rename files or directories. execute – Reformat the hard drive. – Performs unexpected read or – Change file content. write operations – Prevent users from booting. – Unable to save files – Intercept and change transmissions. – Long time to load programs – Print disruptive images or messages on the screen. – Abnormally large file sizes – Change screen appearance. – Slow systems operation • As viruses spread, they take up much space, clog – Unusual screen activity communications, and hinder system performance. – Error messages COMPUTER FRAUD AND ABUSE TECHNIQUES COMPUTER FRAUD AND ABUSE TECHNIQUES Perpetrators have devised many methods to commit Perpetrators have devised many methods to commit computer fraud• andViruses abuse. are contagious These include:
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages9 Page
-
File Size-