Scribd
Upload
54 views3 pages

Week 3 Computer Fraud and Abuse Techniques

The document discusses computer fraud and abuse techniques including social engineering, computer attacks, and malware. Common attack techniques are hacking, hijacking, botnets, and denial of service attacks. Social engineering exploits human traits like compassion, greed, and vanity to trick victims. Malware is any software used to cause harm.

Uploaded by

CPAREVIEW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
54 views3 pages

Week 3 Computer Fraud and Abuse Techniques

The document discusses computer fraud and abuse techniques including social engineering, computer attacks, and malware. Common attack techniques are hacking, hijacking, botnets, and denial of service attacks. Social engineering exploits human traits like compassion, greed, and vanity to trick victims. Malware is any software used to cause harm.

Uploaded by

CPAREVIEW
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

lOMo

WEEK 3 – Computer Fraud and Abuse Techniques


Learning Objectives
1. Compare and contrast computer attacks and abuse techniques tactics.
2. Explain how social engineering techniques are used to gain physical or logical access to computer
resource.
3. Describe the different types of malware used to harm computers.
This chapter discusses some of the more common computer fraud and abuse techniques in three sections:
Computer attacks and abuse
Social engineering
Malware
These classifications are not distinct; there is a lot of overlap among the categories. E.g. social engineering
methods are often used to launch computer attacks.
1. Computer Attacks and Abuse
All computers connected to the internet, especially those with important trade secrets or valuable IT assets,
are under constant attack from hackers, foreign governments, terrorist groups, disaffect employees,
industrial spies, and competitors.
These people attack computers looking for valuable data or trying to harm the computer systems.
Recent Survey on cyber-security show that:
o 70% of security professionals expected their organisations to be hit by a cyber-attack in the next six
months.
o 61% of technology experts expect a major cyber-attack that will cause significant loss of life or
property losses in the tens of billions of dollars.
o This means that preventing attacks is a constant battle.
o On a busy day, large web hosting farms suffer millions of attack attempts.

Most Common Attack Techniques


Hacking – Unauthorized access, modification, or use of electronic device or some element of a computer
system.
o Most hackers break into a system using known flaws in operating systems or application
programs, or a result of poor access controls.
o In any given software that is released, there is approximately 7000 known flaws.

Hijacking – Gaining control of someone else’s computer to carry out illicit activities, such as sending spam
without the computer’s users’ knowledge.

A botnet – short for robot network, is a powerful network of hijacked computers called zombies, that are
used to attack systems or spread malware.
o Bot herders install software that responds to the hacker’s electronic instructions on unwitting PCs.
o Botnets send out over 90 billion unsolicited emails per day.

Bot herder – The person who creates a botnet by installing software on PCs that responds to the bot
herder’s electronic instructions.
o Bot software is delivered in a variety of ways, including Trojans, e-mails, instant messages,
Tweets, or an infected website.
o Bot herders use the combined power of the hijacked computers to mount a variety of internet
attacks.

Denial-of-service (DoS) attack – A computer attack in which the attacker sends so many e-mail bombs or
web page requests, often from randomly generated false addresses, that the internet service provider’s e-
mail server or the web server is overloaded and shuts down.

Downloaded by Leonardo Abiog


lOMo

o Botnets are used to perform denial-of-service (DoS) attacks, which is designed to make a
resource unavailable to its users.

Spamming – Simultaneously sending the same unsolicited message to many people, often in an attempt to
sell them something.
o An estimated 250 billion e-mails are sent every day; 80% are spam and viruses.
o The federal trade commission estimate that 80% of spam is sent from botnets.
o In retaliation, some spammers are spammed in return with thousands of messages, causing their e-
mail service to fail.
o Spams are annoying and costly, and 10 to 15% offer products or services that are fraudulent.
o Spammers scan the internet for addresses posted online, hack into company databases, and steal or
buy mailing lists.

Dictionary attack – using special software to guess company e-mail addresses and send them blank email
messages. Unreturned messages are usually valid e-mail addresses that can be added to spammer e-mail
lists.

2. Social Engineering
Social engineering refers to techniques or psychological tricks used to get people to comply with the
perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network
– usually to get information needed to access a system and obtain confidential data.
Often, the perpetrator has a conversation with someone to trick, lie to, or otherwise deceive the victim.
Often, the perpetrator has information, knowledge, authority, or confidence that makes it appear that he
or she belongs or knows what they are doing.

Fraudsters take advantage of the following seven human traits in order to entice a person to reveal information
or take a specific action.
1. Compassion – The desire to help others who present themselves as really needing your help.
2. Greed – People who more likely to cooperate if they get something free or think they are getting a
once in-a-lifetime deal.
3. Sex Appeal – people are more likely to cooperate with someone who is flirtatious or viewed as “hot.”
4. Sloth – Few people want to do things the hard way, waste time, or do something unpleasant; fraudsters
take advantage of our lazy habits and tendencies.
5. Trust – People are more likely to cooperate with people who gain their trust.
6. Urgency – A sense of urgency or immediate need that must be met leads people to be more
cooperative and accommodating.
7. Vanity – People are more likely to cooperate if you appeal to their vanity by telling them they are
going to be more successful.

Establishing the following policies and procedures – and training people to follow them can help to minimize
social engineering.

1. Never let people follow you into a restricted building.


2. Never log in for someone else on a computer, especially if you have administrative access.
3. Never give sensitive information over the phone or through e-mail.
4. Never share passwords or user IDs.
5. Be cautious of anyone you do not know who is trying to gain access through you.
Social Engineering Techniques
Identity theft – Assuming someone’s identity, usually for economic gain, by illegally obtaining
confidential information such as a Social Security number or a bank account or credit card number.
Pretexting – Using an invented scenario (the pretext) that creates legitimacy in the targets mind in order to
increase the likelihood that a victim will divulge information or do something.
o They call help desks claiming to be employees who has forgotten their password.
Posing – Creating a seemingly legitimate business, collecting personal information while making a sale,
and never delivering the product.

Downloaded by Leonardo Abiog


lOMo

Phishing – Sending an electronic message pretending to be a legitimate company, usually a financial


institution, and requesting information or verification of information and often warning of a consequence if
it is not provided.
o The recipient is asked to either respond to a bogus request or visit a web page and submit data.
o The request is bogus, and the information gathered is used to commit identity theft or to steal funds
from the victim’s account.
o The message often contains a link to a web page that appears legitimate.
o The web page has company logos, familiar graphics, phone numbers, and internet links that appear
to be those of the victimised company.

3. Malware
Malware – Any software that is used to do harm.

Downloaded by Leonardo Abiog

You might also like