COMPUTER FRAUDS

1.

Data Diddling

Data diddling is the changing of data before or during entry into the computer system. Examples include forging
or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified
replacements.
2.

Data leakage

The unauthorized transfer of classified information from a computer or data center to the outside world. Data
leakage can be accomplished by simply mentally remembering what was seen, by physical removal of tapes,
disks and reports or by subtle means such as data hiding.
3.

Denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack)

Is an attempt to make a machine or network resource unavailable to its intended users. Although the means to
carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more
people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
4.

Eavesdropping

Is the unauthorized real-time interception of a private communication, such as a phone call, instant message,
videoconference or fax transmission. The term eavesdrop derives from the practice of actually standing under
the eaves of a house, listening to conversations inside.
5.

Spoofing

Is a situation in which one person or program successfully masquerades as another by falsifying data and
thereby gaining an illegitimate advantage.
6.

Hacking

Is when someone modifies computer hardware or software in a way that alters the creator's original intent.
7.

Phreaking

is using a computer or other specific device for tricking telephone system. Using phreaking user makes call
somewhere and it is paid from another users account. Its kind of phone network cracking.
8.

Identity theft

A crime in which an imposter obtains key pieces of personal information, such as Social Security or driver's
license numbers, in order to impersonate someone else. The information can be used to obtain credit,
merchandise, and services in the name of the victim, or to provide the thief with false credentials. In addition to
running up debt, an imposter might provide false identification to police, creating a criminal record or leaving
outstanding arrest warrants for the person whose identity has been stolen.
9.

Internet misinformation

10. Internet terrorism

is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers attached to the Internet, by the means of tools such
as computer viruses.
11. Logic time bomb
Programming code added to the software of an application or operating system that lies dormant until a
predetermined period of time (i.e., a period of latency) or event occurs, triggering the code into action. Logic
bombs typically are malicious in intent, acting in the same ways as a virus or Trojan horse once activated. In fact,
viruses that are set to be released at a certain time are considered logic bombs. They can perform such actions
as reformatting a hard drive and/or deleting, altering or corrupting data.
12. Masquerading

Is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it
or to gain greater privileges than they are authorized for. A masquerade may be attempted through the use of
stolen logon IDs and passwords, through finding security gaps in programs, or through bypassing the
authentication mechanism.
13. Packet sniffers
Is the act of capturing packets of data flowing across a computer network. The software or device used to do this
is called a packet sniffer. Packet sniffing is to computer networks what wiretapping is to a telephone network.
14. Password cracking
Refers to various measures used to discover computer passwords. This is usually accomplished by recovering
passwords from data stored in, or transported from, a computer system. Password cracking is done by either
repeatedly guessing the password, usually through a computer algorithm in which the computer tries numerous
combinations until the password is successfully discovered.
15. Phishing
Is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather
personal and financial information from recipients. Typically, the messages appear to come from wellknown and
trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo,
BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative
venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
16. Cracking
Breaking into someone else's computer system, often on a network; bypasses passwords or licenses in
computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for
profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-andentering has been done ostensibly to point out weaknesses in a site's security system.
17. Piggybacking
Gaining access to a restricted communications channel by using the session another user already established.
Piggybacking can be defeated by logging out before walking away from a workstation or terminal or by initiating a
screensaver that requires re-authentication when resuming.
18. Round down technique
19. Salami technique
Involve the theft of small amounts of assets from a large number of sources without noticeably reducing the
whole.
20. Software piracy
The illegal copying of software for distribution within the organization, or to friends, clubs and other groups, or for
duplication and resale. The software industry loses billions of dollars each year to piracy, and although it may
seem innocent enough to install an application on a couple of additional machines (called "softloading" and
"softlifting"), it may ultimately shatter the profitability of a small software company.
21. Scavenging
Used by crackers who dial up to the Internet hoping to find connections left dangling when somebody else
abruptly hung up. They can then exploit the connections. The term is also used to describe the activity of hunting
for Residual Data on erased devices.
22. Social engineering
Breaking into a computer network might try to gain the confidence of an authorized user and get them to reveal
information that compromises the network's security. Social engineers often rely on the natural helpfulness of
people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of

urgent problem that requires immediate network access. Appeal to vanity, appeal to authority, appeal to greed,
and old-fashioned eavesdropping are other typical social engineering techniques.
23. Superzapping
Using software that bypasses normal security constraints to allow unauthorized access to data. For example,
such a program may issue commands directly to the disk drivers without going through normal file I/O routines,
bypassing not only security restrictions but also leaving no audit trail.
24. Trap door
A software bug or some undocumented software feature that a cracker leaves behind, after exploiting a system,
to be able to reenter at a later point in time. Note, however, that back or trap doors can be a function of poor
software design; that is, during its development, a programmer may have built in a software bug that was not
removed when the software was put in production. The unwitting consumer who purchases the software
becomes, in a sense, a target-in-waiting for a crack attack.
25. Trojan horse
Is a non-self-replicating type of malware which appears to perform a desirable function but instead facilitates
unauthorized access to the users computer system. Trojans do not attempt to inject themselves into other files
like a computer virus. Trojan horses may steal information, or harm their host computer systems. Trojans may
use drive-by downloads or install via online games or internet-driven applications in order to reach target
computers. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a
form of social engineering, presenting themselves as harmless, useful gifts, in order to persuade victims to
install them on their computers.
26. Virus
Is a program or piece of code that is loaded onto your computer without your knowledge and runs against your
wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can
make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous
because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of
virus is one capable of transmitting itself across networks and bypassing security systems.
27. Worm
A destructive program that replicates itself throughout a single computer or across a network, both wired and
wireless. It can do damage by sheer reproduction, consuming internal disk and memory resources within a single
computer or by exhausting network bandwidth. It can also deposit a Trojan that turns a computer into a zombie
for spam and other malicious purposes. Very often, the terms "worm" and "virus" are used synonymously;
however, worm implies an automatic method for reproducing itself in other computers.
28. Spyware
Is any technology that aids in gathering information about a person or organization without their knowledge. On
the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in
someone's computer to secretly gather information about the user and relay it to advertisers or other interested
parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
29. Keystroke loggers
A program or hardware device that captures every key depression on the computer. Also known as "Keystroke
Cops," they are used to monitor an employee's activities by recording every keystroke the user makes, including
typos, backspacing and retyping.