Chapter IV.

Computer Fraud and Abuse Techniques

Learning Objective

• Compare and contrast computer attack and abuse tactics.

• Explain how social engineering techniques are used to gain physical or logical access to
computer resources.

• Describe the different types of malware used to harm computers.

A. Types of Attack
1. Hacking
o Unauthorized access, modification, or use of an electronic device or
some element of a computer system

 Gaining control of a computer to carry out illicit activities

o Botnet (robot network)

 Zombies

 Bot herders

 Denial of Service (DoS) Attack

 Spamming

 Spoofing

• Makes the communication look as if someone else sent it so

as to gain confidential information.

Form of Spoofing

• E-mail spoofing

• Caller ID spoofing

• IP address spoofing

• Address Resolution (ARP) spoofing

• SMS spoofing

• Web-page spoofing (phishing)

• DNS spoofing
Hacking with Computer Code

• Cross-site scripting (XSS)

• Uses vulnerability of Web application that allows

the Web site to get injected with malicious code.
When a user visits the Web site, that malicious code
is able to collect data from the user.

• Buffer overflow attack

• Large amount of data sent to overflow the input

memory (buffer) of a program causing it to crash
and replaced with attacker’s program instructions.

• SQL injection (insertion) attack

• Malicious code inserted in place of a query to get to

the database information

Other Types Hacking

• Man in the middle (MITM)

▫ Hacker is placed in between a client (user) and a

host (server) to read, modify, or steal data.

• Piggybacking

• Password cracking

• War dialing and driving

• Phreaking

• Data diddling

• Data leakage

• podslurping

Hacking used for Embezzlement

• Salami technique:

▫ Taking small amounts at a time

 Round-down fraud

• Economic espionage

▫ Theft of information, intellectual property and

trade secrets
 • Cyber-extortion

▫ Threats to a person or business online through

e-mail or text messages unless money is paid

Hacking used Fraud

• Internet misinformation

• E-mail threats

• Internet auction

• Internet pump and dump

• Click fraud

• Web cramming

• Software piracy

2. Social Engineering
o Techniques or tricks on people to gain physical or logical access to
confidential information

Identity theft

o Assuming someone else’s identity

Pretexting

o Using a scenario to trick victims to divulge information or to gain access

Posing

o Creating a fake business to get sensitive information

Phishing

o Sending an e-mail asking the victim to respond to a link that appears

legitimate that requests sensitive data

Pharming

o Redirects Web site to a spoofed Web site

URL hijacking

o Takes advantage of typographical errors entered in for Web sites and

user gets invalid or wrong Web site
 Scavenging

o Searching trash for confidential information

Shoulder surfing

o Snooping (either close behind the person) or using technology to snoop

and get confidential information

Skimming

 Double swiping credit card

Eeavesdropping

2.1. Why People Fall Victim

• Compassion

▫ Desire to help others

• Greed

▫ Want a good deal or something for free

• Sex appeal

▫ More cooperative with those that are flirtatious or good looking

• Sloth

▫ Lazy habits

• Trust

▫ Will cooperate if trust is gained

• Urgency

▫ Cooperation occurs when there is a sense of immediate need

• Vanity

▫ More cooperation when appeal to vanity

2.2. Minimize The Threat of Social Engineering

• Never let people follow you into restricted areas

• Never log in for someone else on a computer

• Never give sensitive information over the phone or through e-mail

• Never share passwords or user IDs

 • Be cautious of someone you don’t know who is trying to gain access
through you

3. Malware
o Software used to do harm

Types of Malware
• Spyware
▫ Secretly monitors and collects information
▫ Can hijack browser, search requests
▫ Adware
• Keylogger
▫ Software that records user keystrokes
• Trojan Horse
▫ Malicious computer instructions in an authorized and properly
functioning program
• Trap door
▫ Set of instructions that allow the user to bypass normal system
controls
• Packet sniffer
▫ Captures data as it travels over the Internet
• Virus
▫ A section of self-replicating code that attaches to a program or
file requiring a human to do something so it can replicate itself
• Worm
▫ Stand alone self replicating program

Cellphone Bluetooth Vulnerabilities

• Bluesnarfing
▫ Stealing contact lists, data, pictures on bluetooth compatible
smartphones
• Bluebugging
▫ Taking control of a phone to make or listen to calls, send or read
text messages

Assignment

This assignment is for group. I ask you to make an illustration video about the process of hacking,
scamming, social enggineering fraud and also malware. Please, choose one of the fraud technique.
I give you want week to finish it!