Using software to collect web-surfing and spending data and forward it to advertising or media organizations. It also causes banner ads to pop up on computer monitors as the Internet is surfed. Bluebugging
Taking control of someone else’s phone to make calls, send text messages, listen to their phone calls, or read their text messages. Bluesnarfing
Stealing contact lists, images, and other data using Bluetooth. Botnet, bot herders
A network of hijacked computers. Hackers, called bot herders, that control the hijacked computers, called zombies, use them in a variety of Internet attacks Chipping
Planting a chip that records transaction data in a legitimate credit card reader. Click fraud
Clicking on-line ads numerous times to inflate advertising bills. Cyber-extortion
Requiring a company to pay a specified amount of money to keep the extortionist from harming the company electronically. Data diddling
Changing data before, during, or after it is entered into the system. Data leakage
Copying company data, such as computer files, without permission. Denial-of-service attack
Sending e-mail bombs (hundreds of messages per second) from randomly generated false addresses. The recipient’s internet service provider e-mail server is overloaded and shuts down. Dictionary attack
Using software to guess company addresses and send them blank e-mails. Unreturned messages are valid addresses that are added to spammer e-mail lists. Eavesdropping
Listening to private voice or data transmissions, often using a wiretap. Economic espionage
The theft of information, trade secrets, and intellectual property. E-mail threats
Sending a threatening message asking the recipient to do something that makes
it possible to defraud them. Evil twin
A wireless network with the same name as a local wireless access point. The hacker disables the legitimate access point, users unknowingly re-connect to the evil twin, and hackers monitor the traffic looking for useful information Hacking
Accessing and using computer systems without permission, usually by means of a personal computer and a telecommunications network. Hijacking
Gaining control of someone else’s computer to carry out illicit activities without the owner’s knowledge Identity theft
Assuming someone’s identity, usually for economic gain, by illegally obtaining confidential information such as a social security number. Internet misinformation
Using the Internet to spread false or misleading information. Internet terrorism
Using the Internet to disrupt communications and electronic commerce Key logger
Using spyware to record a user’s keystokes.
Logic and time bombs
Software that sits idle until a specified circumstance or time triggers it, destroying programs, data, or both. Malware
Software that can be used to do harm.
Accessing a system by pretending to be an authorized user. The impersonator enjoys the same privileges as the legitimate user. Packet sniffing
Using a computer to find confidential information as it travels the Internet and other networks. Password cracking
Penetrating system defenses, stealing valid passwords, and decrypting them so they can be used to access system programs, files, and data. Pharming
Redirecting a website’s traffic to a spoofed website to gain access to personal and confidential information. Phishing
Sending e-mails requesting recipients to visit a web page and verify data or fill in missing data. The e-mails and web sites look like legitimate companies, primarily financial institutions. Phreaking
Attacking phone systems and using telephone lines to transmit viruses and to access, steal, and destroy data. Piggybacking
1.The clandestine use of someone’s Wi-Fi network.
2.Tapping into a telecommunications line, latching on to a legitimate user, and accompanying the perpetrator into the system. 3.Bypassing physical security controls by entering a secure door when an authorized person opens it. Posing
Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the item sold. Pretexting
Acting under false pretenses to gain confidential information. Rootkit
Software that conceals processes, files, network connections, and system data from the operating system and other programs. Round-down
Truncating interest calculations at two decimal places. The truncated fraction of a cent is placed in an account controlled by the perpetrator. Salami technique
Stealing tiny slices of money over time. An example is increasing expenses by a fraction of a percent and placing in a perpetrator-controlled dummy account. Scavenging/dumpster diving
Searching for confidential corporate or personal information by searching trashcans or scanning the contents of computer memory.
Watching people or listening as they enter or give confidential information. Skimming
Double-swiping a credit card or covertly swiping it in a card reader that records the data for later use. Social engineering
Techniques that trick a person into disclosing confidential information. Software piracy
Illegally copying computer software.
E-mailing an unsolicited message to many people at the same time. Splog
A spam blog that promotes affiliated websites to increase their Google PageRank (how often a web page is referenced by other web pages). Spyware
Using software to monitor computing habits and send that data to someone else, often without the computer user’s permission. Spoofing
Making an e-mail message look as if someone else sent it.
Hiding data from one file inside a host file such as a large image or sound file. Superzapping
Using special software to bypass system controls and perform illegal acts. Trap door
Entering a system using a back door that bypasses normal system controls. Trojan horse
Unauthorized code in an authorized and properly functioning program. Typosquatting / URL hijacking
Setting up websites with names similar to real websites so users making typographical errors entering web site names are sent to a site filled with malware. Virus
A segment of executable code that attaches itself to software, replicates itself, and spreads to other systems or files. Triggered by a predefined event, it damages system resources or displays a message on the monitor. Vishing
Voice phishing, where e-mail recipients are asked to call a phone number where they are asked to divulge confidential data. War dialing
Dialing thousands of phone lines searching for idle modems that can be used to enter the system, capture the attached computer, and gain access to the network(s) to which it is attached. War driving / rocketing
Looking for unprotected wireless networks using a car or a rocket. Worm
Similar to a virus, but a program rather than a code segment hidden in a host program. Copies and actively transmits itself directly to other systems. It usually does not live very long, but is quite destructive while alive. Zero-day attack
An attack between the time a new software vulnerability is discovered and a software patch that fixes the problem is released.