Accounting Information Systems: Fifteenth Edition

Accounting Information Systems
Fifteenth Edition
Chapter 9
Computer Fraud and Abuse
Techniques
Copyright © 2021, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Learning Objectives
• Compare and contrast computer attack and abuse tactics.
• Explain how social engineering techniques are used to

gain physical or logical access to computer resources.
• Describe the different types of malware used to harm

computers.
Computer Attacks and Abuse
• There are six steps that many criminals use to attack
information systems:
– Conduct reconnaissance
– Attempt social engineering
– Scan and map the target
– Research
– Execute the attack
– Cover tracks
Types of Attacks
• Hacking
– Unauthorized access, modification, or use of an
electronic device or some element of a computer
system
• Social Engineering
– Techniques or tricks on people to gain physical or
logical access to confidential information
• Malware
– Software used to do harm
Hacking
– Hijacking
 Gaining control of a computer to carry out illicit activities
– Botnet (robot network)
 Zombies
 Bot herders
 Denial of Service (DoS) attack
 Brute force attack
 Password cracking
 Dictionary attack
 Spamming
 Spoofing – Makes the communication look as if
someone else sent it so as to gain confidential
information
Forms of Spoofing
• E-mail spoofing
• Caller ID spoofing
• IP address spoofing
• SMS spoofing
• Web-page spoofing (phishing)
Hacking with Computer Code
• Cross-site scripting (XSS)
– Uses vulnerability of Web application that allows the
Web site to get injected with malicious code. When a
user visits the Web site, that malicious code is able to
collect data from the user.
• Buffer overflow attack
– Large amount of data sent to overflow the input
memory (buffer) of a program, causing it to crash and
replacing it with attacker’s program instructions.
• SQL injection (insertion) attack
– Malicious code inserted in place of a query to get to the
database information
Other Types of Hacking
• Man in the middle (MITM)
– Hacker is placed in between a client (user) and a host
(server) to read, modify, or steal data.
• Masquerading/impersonation
• Piggybacking
• War dialing and driving
• Phreaking
• Podslurping
Hacking Used for Embezzlement
• Salami technique:
– Taking small amounts at a time
 Round-down fraud
• Economic espionage
– Theft of information, intellectual property, and trade
secrets
• Cyber-extortion
– Threats to a person or business online through e-mail
or text messages unless money is paid
Hacking Used for Fraud
• Internet misinformation
• E-mail threats
• Internet auction
• Internet pump and dump
• Cryptocurrency fraud
• Click fraud
• Software piracy
Social Engineering Techniques
• Identity theft • URL hijacking
– Assuming someone else’s – Takes advantage of
identity typographical errors entered in
• Pretexting for websites and user gets
– Using a scenario to trick invalid or wrong website
victims to divulge information • Scavenging
or to gain access – Searching trash for confidential
• Posing information
– Creating a fake business to • Shoulder surfing
get sensitive information – Snooping (either close behind
• Phishing the person) or using technology
– Sending an e-mail asking the to snoop and get confidential
victim to respond to a link that information
appears legitimate that • Skimming
requests sensitive data – Double swiping credit card
• Pharming • Eavesdropping
– Redirects website to a
spoofed website
Why People Fall Victim
• Compassion
– Desire to help others
• Greed
– Want a good deal or something for free
• Sex appeal
– More cooperative with those that are flirtatious or good looking
• Sloth
– Lazy habits
• Trust
– Will cooperate if trust is gained
• Urgency
– Cooperation occurs when there is a sense of immediate need
• Vanity
– More cooperation when appeal to vanity
Minimize the Threat of Social
Engineering
• Never let people follow you into restricted areas
• Never log in for someone else on a computer
• Never give sensitive information over the phone or through
e-mail
• Never share passwords or user IDs
• Be cautious of someone you don’t know who is trying to
gain access through you
Types of Malware
• Spyware • Trap door
– Secretly monitors and collects – Set of instructions that allow the
information user to bypass normal system
– Can hijack browser, search controls
requests • Packet sniffer
– Adware, scareware – Captures data as it travels over
• Cyber-extortion the Internet
– Threatening to harm a • Virus
company or a person if a – A section of self-replicating code
specified amount of money is that attaches to a program or file
not paid requiring a human to do
• Keylogger something so it can replicate
– Software that records user itself
keystrokes • Worm
• Trojan Horse – Stand-alone self replicating
– Malicious computer program
instructions in an authorized
and properly functioning
program
Cellphone Bluetooth Vulnerabilities
• Bluesnarfing
– Stealing contact lists, data, pictures on Bluetooth
compatible smartphones
• Bluebugging
– Taking control of a phone to make or listen to calls,
send or read text messages
Key Terms (1 of 3)
• Hacking • Web-page spoofing
• Hijacking • Vulnerabilities
• Botnet • Zero-day attack
• Zombies • Patch
• Bot herder • Cross-site scripting (XSS)
• Denial-of-service (DoS) attack • Buffer overflow attack
• Brute force attack • SQL injection (insertion) attack
• Password cracking • Man-in-the-middle (MITM) attack
• Dictionary attack • Masquerading/impersonation
• Spamming • Piggybacking
• Spoofing • War dialing
• E-mail spoofing • War driving
• Caller ID spoofing • Phreaking
• IP address spoofing • Podslurping
• SMS spoofing
Key Terms (2 of 3)
• Salami technique • Pretexting
• Round-down fraud • Posing
• Economic espionage • Phishing
• Cyber-bullying • Vishing
• Sexting • Carding
• Internet misinformation • Pharming
• E-mail threats • Evil twin
• Internet auction fraud • Typosquatting/URL hijacking
• Internet pump-and-dump fraud • Scavenging/dumpster diving
• Cryptocurrency fraud • Shoulder surfing
• Click fraud • Lebanese looping
• Software piracy • Skimming
• Social engineering • Chipping
• Identity theft • Eavesdropping
Key Terms (3 of 3)
• Spyware • Worm
• Adware • Bluesnarfing
• Torpedo software • Bluebugging
• Scareware
• Cyber-extortion
• Ransomware
• Keylogger
• Trojan horse
• Time bomb/logic bomb
• Trap door/back door
• Packet sniffers
• Steganography program
• Rootkit
• Virus
Copyright
This work is protected by United States copyright laws and

is provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or
sale of any part of this work (including on the World Wide
Web) will destroy the integrity of the work and is not
permitted. The work and materials from it should never be
made available to students except by instructors using the
accompanying text in their classes. All recipients of this
work are expected to abide by these restrictions and to
honor the intended pedagogical purposes and the needs of
other instructors who rely on these materials.

Accounting Information Systems: Fifteenth Edition

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Accounting Information Systems: Fifteenth Edition

Uploaded by

Copyright:

Available Formats

Accounting Information Systems

• Explain how social engineering techniques are used to

• Describe the different types of malware used to harm

This work is protected by United States copyright laws and

You might also like