View
228
Download
3
Category
Tags:
Preview:
Citation preview
1
Computer Fraud ChallengeDeveloped by Susan M. Moncada, Ph.D., CPA
Indiana State UniversityAccounting Systems
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University -
2012
2
Learning Objectives In addition to having raised awareness,
students should be able to: 1. Compare and contrast a variety of
computer attack and abuse tactics.2. Explain how some social
engineering techniques are used to gain physical or logical access to computer resources.
3. Describe different types of malware used to harm computers.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
3
Computer Fraud ChallengeThis game is based on the television game show Hollywood Squares.
Required: Two contestants, identified as “X” or “O”.
Player or Team #1 selects a celebrity and question.
The celebrity identifies the computer fraud described.
The contestant either agrees or disagrees with the celebrity’s answer.
A correct response earns the square. The first player to achieve three X’s or O’s in a row wins the game.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2011
4
Playing Instructions:1. Once the game board is displayed, only
click on the following shapes:
Display a game question
or with character’s response
Display the X marker
Display the O marker
Return to the game board
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
Clicking on other areas will cause the game to malfunction.
Agree
Disagree
5
Playing Instructions:1. Click on a question
2. Click either agree or disagree with the celebrity’s response. A correct response earns the square.
3. Click on the to display the “X” marker.
4. Click on the to display the “O” marker.
5. First team to earn 3 markers in a row wins.
Note: Once the “O” is displayed the “X” cannot be displayed.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
Agree
Disagree
Let’s Meet Our Celebrities...Samuel Sharkie
Sneaks Ratter
Identity Theftly
Debit Deville
Phonie Business
The Masked HackerW. C. Crimes
Cookie Booker
Bootleg Buccaneer
Meet our Celebrities…
Game Slide
X X X
X X X
X X X
O O
O O O
O O O
O
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
9
Feedback Response All Agrees
Congratulations, you’ve won the
square!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
10
W.C. Crimes Agree is Incorrect
Feedback
W.C. Crimes’s answer is incorrect, the Correct Answer is:
Internet Misinformation
Congratulations, you’ve won the square!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
11
W.C. Crimes Agree is Incorrect
Feedback2
W.C. Crimes’s answer is incorrect, the Correct Answer is:
Podslurping
Congratulations, you’ve won the square!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
12
W.C. Crimes Agree is correct.
Sorry, W.C. Crimes’s answer is
Correct !
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
13
W.C. Crimes Agree is Incorrect Feedback
Sorry, W.C. Crimes’s answer is incorrect,
the Correct Answer is:
Internet Misinformation
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
14
W.C. Crimes Agree is Incorrect Feedback #2
Sorry, W.C. Crimes’s answer is incorrect,
the Correct Answer is:
Podslurping
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
15
W.C. Crimes Question 1
Intentionally posting false information on a Web site about a political candidate, would be an example of this type of abuse?
Agree Disagree
Slandering
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
16
W.C. Crimes Question 2
DisagreeAgree
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
Wearing a digital audio player, this employee appeared to be listening to music, while actually using the device was being used to download unauthorized company data. Which cyber crime was this employing perpetrating?
This scheme began with the invention of the
walkman, so I believe its called walking.
17
W.C. Crimes Question 3
Disagree Agree
This crime is called Click fraud.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
Inflating advertising revenues by hiring individuals to repeatedly open the advertisements of the Web site’s online advertisers.
18
Cookie Booker Agree is correct.
Sorry, Cookie Booker’s answer is
Correct
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
19
Feedback Response – Cookie Booker Disagree
Cookie Booker’s answer is incorrect, the correct answer is….
Packet Sniffers
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
20
Cookie Booker Question 3 Incorrect
Feedback
Cookie Booker’s answer is incorrect, the Correct Answer
is:
Packet Sniffers
Congratulations, you’ve won the square!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
21
Cookie Booker Question 1
Napster, a peer-to-peer file sharing service was found guilty of this cyber fraud.
Disagree Agree
The unauthorized sharing of copyrighted music is a form of software piracy.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
22
Cookie Booker Question 2
In 2010, U.S. citizens received fraudulent electronic messages from an organization that purported to be the IRS. The message indicated the recipients’ EFT tax payment was not received and asked them to send confidential information.
Disagree Agree
Email Spoofing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
23
Cookie Booker Question 3
In 2007, three individuals hacked into the cash registers of a New York restaurant chain. They installed this type of software that located readible “Track 2” data from credit and debit cards as it was sent over the company’s network to headquarters for processing.
Agree Disagree
Rootkit
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
24
Feedback Response – Phonie Business 1
Phonie Business’s answer is incorrect,the correct answer is….
Viruses
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
25
Phonie Incorrect Feedback Q1Viruses
Congratulations, you’ve won the square!
Phonie Business’s answer is incorrect, the correct answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
26
Phonie Agree is correct.
Sorry, Phonie
Business’s answer
is Correct!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
27
Phonie Business Question 1
Phonie,Oprah Winfrey and George Bush are
two of these?
Agree Disagree
Enigmas
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
28
Phonie Business Question 2
On March 29, 2010, ABC News reported that several Massachusetts teenagers were criminally charged for sending text messages and using Facebook to persistently taunt a 15 year old classmate who committed suicide. What is this activity called?
Disagree Agree
Cyber-bullying
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
29
Phonie Business Question 3
What are techniques used to trick people into disclosing confidential information called?
Disagree Agree
Social Engineering
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
30
Sharkies Agree is correct.
Sorry, Sharkie’s answer
is Correct
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
31
Feedback Response – Sharkies 3
Sharkie’s answer is incorrect, the correct
answer is….
Dictionary Attack
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
32
Sharkies Incorrect Feedback Q3
Dictionary Attack
Congratulations, you’ve won the square!
Sharkie’s answer is Incorrect, the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
33
Sharkies Question 1
Fraudsters bought a significant number of shares of penny stock and used the Internet to spread overly optimistic, false information about the company to create a buying frenzy to drive up the stock price. The fraudsters then sold their stock at a profit.
Disagree Agree
Internet Pump and Dump
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
34
Sharkies Question 2
Sam, what is the name given to a computer fraud where products are offered for sale by someone pretending to run a legitimate E-business, and customer information is collected with no intent to deliver the product?
Disagree Agree
Posing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
35
Sharkies Question 3
A spammer doing this sends out millions of e-mails to randomly generated addresses using combinations of letters added to known domain names in the hopes of reaching a percentage of actual email accounts.
Agree Disagree
War dialing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
36
Debit Deville’s Disagree 2
Sorry, Debit Deville’s answer is incorrect, the correct answer is….
Tabnapping
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
37
Debit Deville’s Disagree 3
Sorry, Debit Deville’s answer is incorrect, the correct answer is….
Steganography
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
38
Deville’s Incorrect Feedback
Tabnapping
Congratulations, you’ve won the square!
Debit Deville’s answer is incorrect, the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
39
Deville’s Incorrect Feedback 2 Steganography
Congratulations, you’ve won the square!
Debit Deville’s answer is incorrect, the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
40
Debit Deville Agree is correct.
Sorry,Debit Deville’s answer
is Correct!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
41
Debit Deville Question 1
A nonprofit executive changed the salary figures listed on the entity’s Form 990 just prior to transmitting it electronically to the IRS. The executive wanted to avoid incurring excessive compensation penalties.
Disagree Agree
Data Diddling
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
42
Debit Deville Question 2
Citi Bank was a victim of this computer fraud. Using Javascript, customers’ Citi Bank browser tabs were changed. When the customers clicked on the tab to log back into their Citi Bank account, they were actually providing confidential information to the perpetrators.
Agree Disagree
Superzapping
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
43
Debit Deville Question 3
In order to secretly communicate with each other, terrorists hid secret code in seemingly legitimate online job advertisements.
Disagree Agree
Crypto-Ads
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
44
Sneaks Ratter Agree is correct.
Sorry,Sneaks Ratter’s
answer is Correct!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
45
Sneaks Ratter Incorrect Feedback Q2
Dumpster Diving (also called Scavenging)
Congratulations, you’ve won the square!
Sneaks Ratter’s answer is Incorrect, the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
46
Sneaks Ratter’s Disagree 2
Sorry, Sneaks Ratter’s answer is incorrect, the correct answer is….
Dumpster Diving(also called Scavenging)
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
47
Sneaks Ratter Question 1
According to a SEC complaint filed in San Francisco, Igors Nagaicevs broke into online brokerage accounts at large U.S. broker-dealers. He manipulated stock prices by making unauthorized trades in the customers’ accounts. What is gaining control of the customer accounts called?
Disagree Agree
Hijacking
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
48
Sneaks Ratter Question 2
In 2010, William T. Frelix and 11 others were indicted for using hotel customers’ identities and credit cards to purchase $100,000 in goods and services. The confidential information was obtained by fishing through hotel trash bins.
Agree Disagree
Foraging
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
49
Sneaks Ratter Question 3
A modified payroll program increased the federal withholding amounts by a few cents per pay period for hundreds of employees. The excess payments were credited to the perpetrator's withholding account, which, at income-tax time the following year, yielded large refunds from the IRS.
Disagree Agree
Salami Technique
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
50
Bootleg’s Disagree 2
Sorry, Bootleg’s answer is incorrect, the correct answer is….
Phishing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
51
Bootleg Incorrect Feedback Q2
Phishing
Congratulations, you’ve won the square!
Bootleg’s answer is Incorrect, the Correct
Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
52
Bootleg Agree is correct.
Sorry, Bootleg’s answer
is Correct
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
53
Bootleg Question 1
Fraudsters tampered with Aldi’s debit card readers by planting a small device that recorded transaction data in order to steal confidential information. Bootleg, what type of fraud was perpetrated?
Agree Disagree
Chipping
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
54
Bootleg Question 2
Bootleg, what is another term for Web-page spoofing?
Agree Disagree
Trawling
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
55
Bootleg Question 3
A computer engineer watched the keystrokes entered by a system administrator log onto the company ERP. The programmer later logged into the company’s HR system to see the salaries of his colleagues. What is the engineer guilty of doing?
Disagree Agree
Shoulder Surfing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
56
Identity Theftly’s Disagree 3
Sorry, Identity Theftly’s answer is incorrect, the correct answer is….
Carding
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
57
Identity Theftly Agree is correct.
Sorry, Identity Theftly’s answer
is Correct
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
58
Identity Theftly Incorrect Feedback Q3Carding
Congratulations, you’ve won the square!
Identity Theftly’s answer is Incorrect, the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
59
Identity Theftly Question 1
When someone uses a neighbor’s unsecure WiFi network without permission, in order to gain free access to the Internet, what is occurring?
Disagree Agree
Piggybacking
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
60
Identity Theftly Question 2
A waiter double swiped customers’ credit cards using the restaurant’s card reader and another reader personally owned. The victims’ stolen credit cards were used to then purchase merchandise.
Agree Disagree
Skimming
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
61
Identity Theftly Question 3
This computer fraud involves making purchases for immaterial amounts on stolen credit card sin order to determine which stolen card scan still be used to make purchases. Accounts still good are sold to others.
Agree Disagree
Pharming
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
62
The Masked Hacker Question 1
BackOrifice, Netbus, and SubSeven are examples of what type of malware?
Agree Disagree
Worms
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
63
The Masked Hacker Question 2
What are fraud perpetrators doing when, through repeated attempts to logon, they guess the access codes of a legitimate users?
Disagree Agree
Password Cracking
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
64
The Masked Hacker
Question 3
In 2008, the Facebook Jobs web page was subjected to this type of attack when code inserted to the web page created a phony login screen tricking users into handing over their credentials.
Agree Disagree
HTML Spoofing
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
65
The Masked Hacker Agree is correct.Sorry, The
Masked Hacker’s answer
is Correct!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
66
The Masked Hacker’s Disagree 1
Sorry, The Masked Hacker’s answer is incorrect, the correct answer is….
Trap or Back Door
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
67
The Masked Hacker’s Disagree 3
Sorry, The Masked Hacker’s answer is incorrect, the correct answer is….
Cross-Site Scripting
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
68
The Masked Hacker Incorrect Feedback Q1
Trap or Back Door
Congratulations, you’ve won the square!
The Masked Hacker’s answer is Incorrect,
the Correct Answer is:
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
69
The Masked Hacker Incorrect Feedback Q3Cross-Site
Scripting
Congratulations, you’ve won the square!
The Masked Hacker’s answer is Incorrect,
the Correct Answer is:
Recommended