Cybercrime and Security in Computer Science

Cybercrime

Criminal activity on the Internet

Harassment

Cyberbullying - computer harassment between minors

Cyber-harassment

Computer harassment between adults

Cyber-stalking

More serious form of computer harassment that includes a credible threat of harm

Spam

Unsolicited email

First spam

Sent in the 1980's by an immigration lawyer

Spam estimates

At least half (50%) of all emails sent are spam

Spam filters

By default, sends suspected spam messages to a 'junk' folder

Finding spammers

Extremely difficult (normally use botnets to send)

ISPs and spam

Have to keep backups of ALL emails (including spam)

Phishing

Emails (and IMs) that appear to be from those you do business with, designed to trick you into revealing information

Spear Phishing

A phishing email (or IM) targeted to a specific individual

Smishing

Using fraudulent text messages to get you to take an action that is not in your best interest

Quishing

Legitimate QR codes are replaced by fraudulent QR codes, often in public places

Vishing

Voice Phishing

Pharming

Redirects you to a phony website even if you type in the correct address into your browser

DNS poisoning

Also known as DNS poisoning or DNS spoofing

Kidnapping / Grandparents Scams

A family member has been kidnapped and will be killed unless you pay a ransom

Message

May include personal information about you or the family member found by looking at social media channels.

Ransom Demand

Usually demands ransom be paid very quickly.

Grandparent Scam

A scam where an imposter poses as a grandchild claiming to be in an accident and needing money.

AI Voice Mimicking

AI being used to mimic voices so they seem very authentic.

Target Audience

Older people targeted as they are more susceptible.

Family Code Word

Suggestion to have a family code word or phrase to verify a family member's identity.

Clickjacking

Where clicking on a link allows malware to post unwanted links on your page.

Clickbait

A link that teases you with just enough information to get you to click, driving traffic to a web page.

Clickbait Examples

Examples such as 'You Won't Believe What This Celebrity Did!' or 'The Shocking Truth Behind a Popular Wellness Trend.'

Sharebait

Website content that exists only to be shared, aimed at generating advertising revenue, often relying on sensationalist headlines.

Computer Fraud

A scheme perpetrated over the Internet or email that tricks a victim into voluntarily giving money or property.

Advance-Fee Scam

Involves promising a large sum of money in return for a small up-front payment.

419 Scam

An email scam where the victim is told they need to create an account and deposit money before a large sum can be transferred.

Online Dating Scams

Scammers create fake profiles to get victims to fall in love and then ask for money.

Charity Fraud

Poses as a charitable organization soliciting donations for victims of natural disasters.

Shill Bidding

Fake bidding to drive up the price of an auction item.

Fake Charities

Organizations that falsely claim to be charitable to solicit donations.

Craigslist Scam

A scam where a buyer requests shipment before paying.

Medical Emergency Scam

A scam where the scammer asks for money to travel or for a medical emergency.

Fake Dating Sites

Some dating sites may be fake, asking users to create profiles to gather personal information.

Charity Impersonation

May impersonate actual charity like Red Cross.

Fake Website

May have a fake website.

Extortion

A person is subjected to repeated threats / attacks which will stop with paying of ransom.

Embarrassing Photos or Info

Embarrassing photos or info obtained and will be shared unless ransom paid (Jeff Bezos).

Ransomware

Data on system encrypted and will only be unlocked with paying of ransom.

Pump-and-Dump

Stock market manipulation scheme.

Stock Price Manipulation

Buy stock in a company, put false information out about the company to boost (pump) stock price, sell shares (dump) while price is high.

Salami Slicing

Stealing money repeatedly in extremely small quantities.

Penny Shaving

Amounts are small in hope that the thefts will go unnoticed.

Example of Salami Slicing

An employee transferring a single penny from every transaction handled by a bank.

Record Manipulation

Used to cover up evidence of theft.

Database Alteration

Database or other records altered so it appears nothing is missing.

Identity Theft

The deliberate use of someone else's identity.

Financial Identity Theft

Where someone fraudulently uses your name, Social Security number, or bank or credit card number.

Hacking

The act of gaining unauthorized access to a computer system or network.

Types of Hackers

Different types of hackers include Sneakers, Crackers, and Grey hat.

Hacktivism

Hacking to make a political statement.

Data Breach

A situation in which sensitive data is stolen or viewed by someone who is not authorized to do so.

2017 Equifax Data Breach

Resulted in over private records of over 140 million Americans being compromised.

Deep Web

The portion of the web that is not indexable by search engines.

Surface Web

Estimated that only about 5% of web can be found using a search engine.

Dark Web

A subset of the deep web that is encrypted and hidden and only accessible using the Tor browser.

Darknet Markets

Can be accessed anonymously to purchase illegal items such as guns, drugs, stolen data, etc.

Bitcoins

A type of cryptocurrency used for transactions.

Computer Criminals

Individuals who engage in illegal activities using computers, including employees, grey hat hackers, organized crime, and terrorist groups.

Malware

Malicious software designed to harm, exploit, or otherwise compromise a computer system.

Adware

Software that displays advertisements in the form of pop-ups and banners.

Spyware

Software installed without knowledge or consent that secretly gathers personal information.

Computer Virus

Self-replicating malware code that uses a host file to infect computers.

Computer Worm

Self-replicating malware program that does not need a host file and spreads through networks.

Trojan Horse

A program that appears legitimate but is actually malicious.

Logic Bomb

Malware that attacks when certain conditions are met.

Time Bomb

Malware that attacks on a certain day and time.

Rootkit

A set of programs that allows someone to gain control over a computer system while hiding the compromise.

Denial-of-Service (DOS) Attack

An attack that sends so much traffic that it can cripple a server or network.

Botnet

A network of computers controlled by a master, often used for launching DOS attacks or sending spam.

Antivirus Software

Security software that protects computers against viruses and other malicious software.

Antispyware Software

Security software used to prevent and remove adware and spyware.

Security Suite

A package of security software that includes a combination of firewall, antivirus, and antispyware programs.

Firewalls

A device or software that blocks unauthorized access to a network or individual computer.

Router

A device that connects two or more networks together.

IP Address

Information used to route data packets to the correct devices.

Firewall Software

Software that needs to be configured to protect home routers.

Public IP Address

The address of your router on the outside Internet.

Private IP Address

The address assigned to each computer/device within your local area network.

SSID

The name of a wireless network.

Wireless Encryption

Encrypts transmitted data, recommended to use WPA2-PSK.

Strong Passwords

Passwords that cannot be guessed or easily cracked, using a mixture of characters.

Password Length

Should use at least 8 characters; the longer the better.

Password Managers

Tools used to generate and store passwords securely.

Two-Factor Authentication

An account security measure requiring both a password and a verification code.

Encryption Software

Software used to encrypt files and messages to ensure they can only be accessed with a password.

HTTPS Protocol

Indicates that a web page is secure for entering personal or credit card info.

TLS

Transport Level Security, a protocol for securing communications over a computer network.

Software Updates

Releases by software publishers to address security holes in programs.

Auto Update

A recommended feature to automatically check for software updates.

WannaCry Ransomware Attack

An attack that exploited security holes in old versions of MS-Windows.

Zero-Day Exploit

An attack that occurs on or before the day an exploit is discovered.

Computer Fraud and Abuse Act (1986)

Makes it a crime to access classified information without authorization.

USA Patriot Act (2002)

Contains provisions for fighting cybercrime and allows government to scan emails.