Computer Fraud Challenge
Developed by Susan M. Moncada, Ph.D., CPA
Indiana State University
Accounting Systems
© Dr. Susan M. Moncada, Ph.D., CPA -
Indiana State University - 2012
1
Learning Objectives
In addition to having raised awareness, students should be able to:
1. Compare and contrast a variety of computer attack and abuse tactics.
2. Explain how some social engineering techniques are used to gain physical or logical access to computer resources.
3. Describe different types of malware used to harm computers.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
2
Computer Fraud Challenge
This game is based on the television game show
Hollywood Squares.
Required: Two contestants, identified as “X” or “O”.
Player or Team #1 selects a celebrity and question.
The celebrity identifies the computer fraud described.
The contestant either agrees or disagrees with the celebrity’s answer.
A correct response earns the square. The first player to achieve three X’s or O’s in a row wins the game.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2011
3
1.
Playing Instructions:
Once the game board is displayed, only click on the following shapes:
Display a game question
Agree
Display the X marker
Display the O marker
Return to the game board
Clicking on other areas will cause the game to malfunction.
©Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
4
Playing Instructions:
1.
Click on a question
2.
3.
4.
celebrity’s response. A correct response earns the square.
Click on the to display the “X” marker.
Click on the to display the “O” marker.
5.
First team to earn 3 markers in a row wins.
Note: Once the “O” is displayed the “X” cannot be displayed.
©Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
5
Let’s Meet Our Celebrities...
Samuel Sharkie
Sneaks Ratter
Identity Theftly
Debit Deville
Meet our
Celebrities…
Cookie Booker
Phonie Business
W. C. Crimes
Bootleg Buccaneer
The Masked Hacker
O O O
O O O
O O O
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
8
Congratulations, you’ve won the
Feedback Response All Agrees
square!
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
9
Congratulations, you’ve won the square!
W.C. Crimes’s answer is incorrect, the Correct Answer is:
W.C. Crimes
Agree is Incorrect
Feedback
Internet Misinformation
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
10
Congratulations, you’ve won the square!
W.C. Crimes’s answer is incorrect, the Correct Answer is:
Podslurping
W.C. Crimes
Agree is Incorrect
Feedback2
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
11
Sorry, W.C. Crimes’s answer is Correct !
W.C. Crimes
Agree is correct.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
12
Sorry, W.C. Crimes’s answer is incorrect, the Correct Answer is:
Internet
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
13
Sorry, W.C. Crimes’s answer is incorrect, the Correct Answer is:
W.C. Crimes Agree is Incorrect
Podslurping
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
14
Intentionally posting false information on a
Web site about a political candidate, would be an example of this type of abuse?
W.C. Crimes
Question 1
Slandering
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
15
Wearing a digital audio player, this employee appeared to be listening to music, while actually using the device was being used to download unauthorized company data. Which cyber crime was this employing perpetrating?
W.C. Crimes
Question 2
This scheme began with the invention of the walkman, so I believe its called walking.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
16
Inflating advertising revenues by hiring individuals to repeatedly open the advertisements of the Web site’s online advertisers.
This crime is called Click fraud.
W.C. Crimes
Question 3
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
17
Sorry, Cookie Booker’s answer is Correct
Cookie Booker
Agree is correct.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
18
Cookie Booker’s answer is incorrect, the correct answer is….
Feedback Response –
Cookie Booker
Disagree
Packet Sniffers
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
19
Congratulations, you’ve won the square!
Cookie Booker’s answer is incorrect, the Correct Answer is:
Cookie Booker
Question 3 Incorrect
Feedback
Packet Sniffers
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
20
Napster, a peer-to-peer file sharing service was found guilty of this cyber fraud.
Cookie Booker
Question 1
The unauthorized sharing of copyrighted music is a form of software piracy.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
21
In 2010, U.S. citizens received fraudulent electronic messages from an organization that purported to be the IRS. The message indicated the recipients’
EFT tax payment was not received and asked them to send confidential information.
Email Spoofing
Cookie Booker
Question 2
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
22
In 2007, three individuals hacked into the cash registers of a New York restaurant chain. They installed this type of software that located readible
“Track 2” data from credit and debit cards as it was sent over the company’s network to headquarters for processing.
Rootkit
Cookie Booker
Question 3
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
23
Phonie Business’s answer is incorrect, the correct answer is….
Phonie Business 1
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
24
Congratulations, you’ve won the square!
Phonie Business’s answer is incorrect, the correct answer is:
Feedback Q1
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
25
Sorry,
Phonie Business’s answer is Correct!
Phonie Agree is correct.
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
26
Phonie,
Oprah Winfrey and George Bush are two of these?
Enigmas
Phonie Business
Question 1
© Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
27
On March 29, 2010, ABC News reported that several
Massachusetts teenagers were criminally charged for sending text messages and using Facebook to persistently taunt a 15 year old classmate who committed suicide. What is this activity called?
Cyber-bullying
Phonie Business
Question 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012
28
What are techniques used to trick people into disclosing confidential information called?
Social Engineering
Phonie Business
Question 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 29
Sharkies Agree is correct.
Sorry, Sharkie’s answer is Correct
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 30
Sharkie’s answer is incorrect, the correct answer is….
3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 31
Congratulations, you’ve won the square!
Sharkie’s answer is Incorrect, the
Correct Answer is:
Feedback Q3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 32
Fraudsters bought a significant number of shares of penny stock and used the Internet to spread overly optimistic, false information about the company to create a buying frenzy to drive up the stock price.
The fraudsters then sold their stock at a profit.
Sharkies
Question 1
Internet Pump and Dump
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 33
Sam, what is the name given to a computer fraud where products are offered for sale by someone pretending to run a legitimate E-business, and customer information is collected with no intent to deliver the product?
Posing
Sharkies Question
2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 34
A spammer doing this sends out millions of e-mails to randomly generated addresses using combinations of letters added to known domain names in the hopes of reaching a percentage of actual email accounts.
Sharkies Question
3 War dialing
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 35
Sorry, Debit Deville’s answer is incorrect, the correct answer is….
Tabnapping
Debit Deville’s
Disagree 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 36
Sorry, Debit Deville’s answer is incorrect, the correct answer is….
Debit Deville’s
Disagree 3
Steganography
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 37
Congratulations, you’ve won the square!
Debit Deville’s answer is incorrect, the Correct Answer is:
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 38
Congratulations, you’ve won the square!
Debit Deville’s answer is incorrect, the Correct Answer is:
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 39
Sorry,Debit Deville’s answer is Correct!
Debit Deville Agree is correct.
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 40
A nonprofit executive changed the salary figures listed on the entity’s Form 990 just prior to transmitting it electronically to the IRS. The executive wanted to avoid incurring excessive compensation penalties.
Data Diddling
Debit Deville
Question 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 41
Citi Bank was a victim of this computer fraud. Using
Javascript, customers’ Citi Bank browser tabs were changed. When the customers clicked on the tab to log back into their Citi Bank account, they were actually providing confidential information to the perpetrators.
Superzapping
Debit Deville
Question 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 42
In order to secretly communicate with each other, terrorists hid secret code in seemingly legitimate online job advertisements.
Crypto-Ads
Debit Deville
Question 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 43
Sorry,
Sneaks Ratter’s answer is Correct!
Sneaks Ratter
Agree is correct.
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 44
Congratulations, you’ve won the square!
Sneaks Ratter’s answer is Incorrect, the Correct Answer is:
Dumpster Diving
Sneaks Ratter Incorrect Feedback Q2
(also called Scavenging)
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 45
Sorry, Sneaks Ratter’s answer is incorrect, the correct answer is….
Sneaks Ratter’s
Disagree 2
Dumpster Diving
(also called Scavenging)
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 46
According to a SEC complaint filed in San Francisco,
Igors Nagaicevs broke into online brokerage accounts at large U.S. broker-dealers. He manipulated stock prices by making unauthorized trades in the customers’ accounts. What is gaining control of the customer accounts called?
Hijacking
Sneaks Ratter
Question 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 47
In 2010, William T. Frelix and 11 others were indicted for using hotel customers’ identities and credit cards to purchase $100,000 in goods and services. The confidential information was obtained by fishing through hotel trash bins.
Foraging
Sneaks Ratter
Question 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 48
A modified payroll program increased the federal withholding amounts by a few cents per pay period for hundreds of employees. The excess payments were credited to the perpetrator's withholding account, which, at income-tax time the following year, yielded large refunds from the IRS.
Salami Technique
Sneaks Ratter
Question 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 49
Sorry, Bootleg’s answer is incorrect, the correct answer is….
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 50
Congratulations, you’ve won the square!
Bootleg’s answer is Incorrect, the
Correct Answer is:
Feedback Q2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 51
Bootleg Agree is correct.
Sorry, Bootleg’s answer is Correct
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 52
Fraudsters tampered with Aldi’s debit card readers by planting a small device that recorded transaction data in order to steal confidential information.
Bootleg, what type of fraud was perpetrated?
Chipping
Bootleg
Question 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 53
Bootleg, what is another term for Web-page spoofing?
Bootleg Question 2
Trawling
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 54
A computer engineer watched the keystrokes entered by a system administrator log onto the company
ERP. The programmer later logged into the company’s HR system to see the salaries of his colleagues. What is the engineer guilty of doing?
Bootleg Question
3
Shoulder Surfing
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 55
Sorry, Identity Theftly’s answer is
incorrect, the correct answer is….
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 56
Identity Theftly
Agree is correct.
Sorry, Identity Theftly’s answer is Correct
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 57
Congratulations, you’ve won the square!
Identity Theftly’s answer is Incorrect, the Correct Answer is:
Identity Theftly Incorrect
Feedback Q3
Carding
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 58
When someone uses a neighbor’s unsecure
WiFi network without permission, in order to gain free access to the Internet, what is occurring?
Piggybacking
Identity Theftly
Question 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 59
A waiter double swiped customers’ credit cards using the restaurant’s card reader and another reader personally owned. The victims’ stolen credit cards were used to then purchase merchandise.
Skimming
Identity Theftly
Question 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 60
This computer fraud involves making purchases for immaterial amounts on stolen credit card sin order to determine which stolen card scan still be used to make purchases. Accounts still good are sold to others.
Pharming
Identity Theftly
Question 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 61
BackOrifice, Netbus, and SubSeven are examples of what type of malware?
Worms
The Masked Hacker
Question 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 62
What are fraud perpetrators doing when, through repeated attempts to logon, they guess the access codes of a legitimate users?
Password Cracking
The Masked Hacker
Question 2
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 63
In 2008, the Facebook Jobs web page was subjected to this type of attack when code inserted to the web page created a phony login screen tricking users into handing over their credentials.
HTML Spoofing
The Masked
Hacker
Question 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 64
Sorry, The Masked
Hacker’s answer is Correct!
The Masked
Hacker Agree is correct.
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 65
Sorry, The Masked Hacker’s answer
is incorrect, the correct answer is….
Trap or Back Door
The Masked Hacker’s Disagree 1
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 66
Sorry, The Masked Hacker’s answer
is incorrect, the correct answer is….
Cross-Site Scripting
The Masked Hacker’s Disagree 3
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 67
Congratulations, you’ve won the square!
The Masked Hacker’s answer is Incorrect, the Correct Answer is:
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 68
Congratulations, you’ve won the square!
The Masked Hacker’s answer is Incorrect, the Correct Answer is:
The Masked Hacker
Incorrect Feedback Q3
Cross-Site Scripting
Dr. Susan M. Moncada, Ph.D., CPA - Indiana State University - 2012 69
