You are on page 1of 19

COMPUTER CRIMES

PROPAGANDA
Propaganda is a form of communication that is aimed

at influencing the attitude of a community toward some cause or position by presenting only one side of an argument. Propaganda is usually repeated and dispersed over a wide variety of media in order to create the chosen result in audience attitudes.

COMPUTER FRAUD
Types of computer fraud vary and can be complex or simple. Simple types of fraud might include:
Sending hoax emails intended to scare people.

Illegally using someone elses computer or posing as someone else

on the Internet.

Using spyware to gather information about people.

These actions are computer fraud because they are deliberate misrepresentations of the truth. They progress into more harmful actions as they grow more complex.

COMPUTER VIRUS

MALWARE
Malware, short for malicious (or malevolent) software, is

software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile software.[2]

ELECTRONIC EAVESDROPPING
Eavesdropping is the act of secretly listening to the private

conversation of others without their consent

SPOOFING
Caller ID spoofing is the practice of causing the telephone

network to display a number on the recipient's Caller ID display that is not that of the actual originating station.

The term is commonly used to describe situations in which the

motivation is considered malicious by the speaker or writer.

Just as e-mail spoofing can make it appear that a message came

from any e-mail address the sender chooses, Caller ID spoofing can make a call appear to have come from any phone number the caller wishes

PHISHING

DEFINITION
It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to come from a legitimate company (like their bank).
For example: Sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

TYPES OF PHISHING

Deceptive - Sending a deceptive email, in bulk, with a call to action


that demands the recipient click on a link.

10

TYPES OF PHISHING

Malware-Based - Running malicious software on the users machine.


Various forms of malware-based phishing are:

Key Loggers & Screen Loggers Session Hijackers Web Trojans Data Theft

11

TYPES OF PHISHING

Content-Injection Inserting malicious content into legitimate site.


Three primary types of content-injection phishing:

Hackers can compromise a server through a security vulnerability and replace or augment the legitimate content with malicious content.

Malicious content can be inserted into a site through a cross-site

scripting vulnerability.
Malicious actions can be performed on a site through a SQL injection

vulnerability.

12

TYPES OF PHISHING

Man-in-the-Middle Phishing - Phisher positions himself between the


user and the legitimate site.

13

CAUSES OF PHISHING

Misleading e-mails No check of source address Vulnerability in browsers No strong authentication at websites of banks and financial institutions Limited use of digital signatures Non-availability of secure desktop tools Lack of user awareness Vulnerability in applications and more

14

EFFECTS OF PHISHING

Internet fraud

Identity theft
Financial loss to the original institutions Difficulties in Law Enforcement Investigations Erosion of Public Trust in the Internet.

15

HOW TO COMBAT PHISHING?


Educate application users
Think before you open
Never click on the links in an email , message boards or mailing lists Never submit credentials on forms embedded in emails Inspect the address bar and SSL certificate Never open suspicious emails Ensure that the web browser has the latest security patch applied Install latest anti-virus packages Destroy any hard copy of sensitive information Verify the accounts and transactions regularly Report the scam via phone or email.

16

HOW TO COMBAT PHISHING?

Formulate and enforce Best practices


Authorization controls and access privileges for systems, databases and applications. Access to any information should be based on need-to-know principle

Segregation of duties.
Media should be disposed only after erasing sensitive information.

17

HOW TO COMBAT PHISHING?

Reinforce application development / maintenance processes: 1. Web page personalization


Using two pages to authenticate the users. Using Client-side persistent cookies.

18

SPAM