AIS Chapter 9 Final Exam Review - Fraud Terms

Botnet

a powerful network of hijacked computers (zombies) that are used to attack systems or spread malware

Denial-of-service attack

An attack designed to make computer resources unavailable to its users. For example, sending so many e-mail messages that the Internet service provider's e-mail server is overloaded and shuts down.

Spoofing

Altering some part of an electronic communication to make it look as if someone else sent the communication to gain the trust of the recipient. EX: such as email addresses, caller IDs, IP addresses, address resolution protocols, SMS messages, web pages, and domain name systems.

XSS Attack

(Cross - site scripting) A vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanisms and instruct the victim's browser to execute code, thinking it came from the desired website. (Malicious code embedded in a Web link.)

Buffer Overflow Attack

Inputting so much data that the input buffer overflows, the overflow contains code that takes control of the computer

Man-in-the-Middle Attack

A hacker placing himself between a client and a host to intercept network traffic

SQL Insertion (injection)

Inserting a malicious SQL query such that it is passed to and executed by an application program

Piggybacking

1. Secret use of someone's Wi-Fi network.

2. Tapping into a communications line and entering a system by latching onto a legitimate user.

3. Bypassing physical security controls by entering a secure door when an authorized person opens it.

Round-Down-Fraud

Truncating interest calculations at two decimal places and placing truncated amounts in the perpetrator's accounts

Pod Slurping

Using a small device with storage capacity to download unauthorized data from a computer

Salami Technique

Stealing tiny slices of money over time.

Social Engineering

Techniques that trick a person into disclosing confidential information.

Pretexting (emotion)

Acting under false pretenses to gain confidential information.

Phishing (ONLY EMAIL)

Communications that request recipients to disclose confidential information by responding to an e-mail or visiting a website.

Posing

Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering the items sold.

Evil Twin

A wireless network with the same name as another wireless access point. Users unknowingly connect to the evil twin; hackers monitor the traffic looking for useful information.

Typo squatting

Websites with names similar to real websites; users making typographical errors are sent to a site filled with malware.

Shoulder surfing

When perpetrators look over a person's shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords.

Chipping

Planting a chip that records transaction data in a legitimate credit card reader.

Lebanese looping

Inserting a sleeve into an ATM that prevents it from ejecting the card. The perpetrator pretends to help the victim, tricking the person into entering the PIN again. Once the victim gives up and leaves, the thief removes the card and uses it and the PIN to withdraw money.

Skimming

Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use.

Adware

Spyware that collects and forwards data to advertising companies or causes banner ads to pop up as the Internet is surfed.

Keylogger

Using spyware to record a user's keystrokes.

Ransomeware

Software that encrypts programs and data until a ransom is paid to remove it.

Trojan Horse

Unauthorized code in an authorized and properly functioning program.

Packet Sniffers

Inspecting information packets as they travel across computer networks.

rootkit

A means of concealing system components and malware from the operating system and other programs; can also modify the operating system.

Steganography

Concealing data within a large MP3 or other file (often image files).

Virus

Executable code that attaches itself to software, replicates itself, and spreads to other systems or files. When triggered, it makes unauthorized alterations to the way a system operates.

Worm

Similar to a virus; a program rather than a code segment hidden in a host program. Actively transmits itself to other systems. It usually does not live long but is quite destructive while alive.

Bluesnarfing

Stealing (snarfing) contact lists, images, and other data using flaws in Bluetooth applications.