38 Questions
What is piggybacking in the context of physical security?
An unauthorized person following an authorized person through a secure door
What is the primary goal of password cracking?
To steal the file containing valid passwords and decrypt them
What is war dialing?
Programming a computer to dial thousands of phone lines searching for dial-up modem lines
What is data diddling?
Changing data before or during entry into a computer system
What is cyber-bullying?
Using the Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior
What is podslurping?
Using a small device with storage capacity to download unauthorized data
What is internet terrorism?
Using the Internet to disrupt electronic commerce and communications and to harm computers
What is sexting?
Exchanging sexually explicit text messages and revealing pictures
What does a rootkit conceal from the operating system?
Processes, files, network connections, and memory addresses
What is superzapping?
The unauthorized use of special system programs to bypass regular system controls
What is a characteristic that distinguishes a worm from a virus?
A worm is a standalone program that replicates itself
What is the main difference between a worm and a virus in terms of replication?
A virus requires human interaction to replicate, while a worm does not
What is bluesnarfing?
Stealing contact lists, images, and other data using flaws in Bluetooth applications
What is bluebugging?
Taking control of someone else’s phone to make or listen to calls, send or read text messages, connect to the Internet, forward the victim’s calls, and call numbers that charge fees
Which of the following best defines hacking?
Unauthorized access, modification, or use of an electronic device or some element of a computer system
What is the main goal of a ransomware attack?
To hold data hostage until the victim pays a ransom
What does the term 'botnet' refer to?
A network of hijacked computers used to attack systems or spread malware
What is hijacking in the context of computer systems?
Gaining control of a computer to carry out illicit activities without the user’s knowledge
What is a bot herder?
An individual who installs software that responds to a hacker’s instructions on unwitting PCs
What does spamming involve?
Simultaneously sending the same unsolicited message to many people, often to sell something
What is email spoofing?
Making an email appear as though it originated from a different source
What is a Denial-of-Service (DoS) attack designed to do?
Make a resource unavailable to its users
What is Internet Auction Fraud?
Using an Internet auction site to defraud another person.
What does web cramming involve?
Offering a free website for a month and then charging the phone bill without consent.
Which of the following best describes software piracy?
Unauthorized copying or distribution of copyrighted software.
What does social engineering typically aim to achieve?
Gaining physical or logical access to confidential data.
What is pretexting in social engineering?
Using an invented scenario to obtain information.
Which technique involves assuming someone's identity for economic gain?
Identity theft
What is posing in the context of social engineering techniques?
Creating a seemingly legitimate business to collect personal information.
Which of the following is NOT a method of social engineering mentioned?
Software piracy
What is the primary goal of phishing?
To send a fake electronic message claiming to be from a legitimate company
How does vishing differ from phishing?
It involves entering confidential data by phone
What does carding involve?
Testing stolen credit cards with small purchases
What is pharming?
Redirecting website traffic to a spoofed website
What does typosquatting aim to achieve?
Redirecting traffic to an invalid site due to typographical errors
What technique involves looking over someone's shoulder in a public place to obtain information?
Shoulder Surfing
How does Lebanese Looping trick ATM users?
Preventing the ATM from ejecting the card
What is the goal of skimming?
Secretly recording credit card data using a card reader
Study Notes
Computer Fraud and Abuse
- Cyberattack: A shutdown of a top US pipeline, Colonial Pipeline, was forced after a ransomware attack, where criminal groups hold data hostage until the victim pays a ransom.
Hacking
- Hacking: Unauthorized access, modification, or use of an electronic device or computer system.
- Common passwords: Weak passwords, such as "senha" (a Portuguese word meaning "password"), can be easily exploited.
Malware
- Types of malware:
- Ransomware: Holds data hostage until the victim pays a ransom.
- Virus: A self-replicating, executable code that attaches itself to a file or program.
- Worm: A self-replicating computer program similar to a virus, but with some exceptions (e.g., a virus requires human interaction, whereas a worm does not).
- Rootkit: Conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system and other programs.
Social Engineering
- Techniques: Used to gain physical or logical access to a building, computer, server, or network.
- Identity theft: Assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information.
- Pretexting: Using an invented scenario to increase the likelihood that a victim will divulge information or do something.
- Posing: Creating a seemingly legitimate business to collect personal information while making a sale.
- Phishing: Sending an electronic message pretending to be a legitimate company, requesting information or verification of information.
Cybercrime
- Types of cybercrime:
- Hijacking: Gaining control of a computer to carry out illicit activities without the user's knowledge.
- Botnet: A powerful network of hijacked computers, used to attack systems or spread malware.
- Spamming: Simultaneously sending unsolicited messages to many people at the same time.
- Spoofing: Making an electronic communication look as if someone else sent it to gain the trust of the recipient.
- Piggybacking: Unauthorized person following an authorized person through a secure door, bypassing physical security controls.
- Password cracking: Penetrating a system's defenses, stealing the file containing valid passwords, decrypting them, and using them to gain access to programs, files, and data.
- War dialing: Programming a computer to dial thousands of phone lines searching for dial-up modem lines.
- Phreaking: Attacking phone systems.
- Data diddling: Changing data before or during entry into a computer system.
- Data leakage: Unauthorized copying of company data.
- Podslurping: Using a small device with storage capacity to download unauthorized data.
- Cyber-extortion: Threatening to harm a company or person if a specified amount of money is not paid.
- Cyber-bullying: Using the Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.
- Sexting: Exchanging sexually explicit text messages and revealing pictures.
- Internet terrorism: Using the Internet to disrupt electronic commerce and communications and to harm computers.
Other Cyber Threats
- Internet misinformation (fake news): Using the Internet to spread false or misleading information.
- Internet auction fraud: Using an Internet auction site to defraud another person.
- Web cramming: Offering a free website for a month, developing a worthless website, and charging the phone bill of the people who accept the offer for months.
- Software piracy: Unauthorized copying or distribution of copyrighted software.
- Bluesnarfing: Stealing contact lists, images, and other data using flaws in Bluetooth applications.
- Bluebugging: Taking control of someone else's phone to make or listen to calls, send or read text messages, connect to the Internet, forward the victim's calls, and call numbers that charge fees.
- Carding: Activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers.
- Pharming: Redirecting website traffic to a spoofed website.
- Typosquatting or URL hijacking: Setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site.
- Tabnapping: Secretly changing an already open browser tab.
- Scavenging/Dumpster diving: Searching documents and records to gain access to confidential information.
- Shoulder surfing: Looking over a person's shoulder in a public place to get information such as ATM PIN numbers or user IDs and passwords.
- Lebanese Looping: Inserting a sleeve into an ATM that prevents the ATM from ejecting the card, and then tricking the victim into entering their PIN again.
- Skimming: Double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use.
This quiz covers the basics of computer fraud and abuse techniques, including social engineering tactics and cyber crime investigation. Learn how to identify and defend against cyber attacks and bring perpetrators to justice.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free