Professional Documents
Culture Documents
Op
re
su
po
es
rtu
Pr
ni
ty
Rationalization
WHO COMMITS FRAUD AND WHY
Data
Fraud
Computer
Instructions
Fraud
APPROACHES TO COMPUTER FRAUD
• Input Fraud
– The simplest and most common way to commit a fraud is to alter
computer input.
• Requires little computer skills.
• Perpetrator only needs to understand how the system
operates
– Can take a number of forms, including:
• Disbursement frauds
• Inventory frauds
• Payroll frauds
• Cash receipt frauds
• Fictitious refund fraud
APPROACHES TO COMPUTER FRAUD
• Processor fraud
– Involves computer fraud committed through
unauthorized system use.
– Includes theft of computer time and services.
– Incidents could involve employees:
• Surfing the Internet;
• Using the company computer to conduct personal business;
or
• Using the company computer to conduct a competing
business.
APPROACHES TO COMPUTER FRAUD
• Data fraud
– Involves:
• Altering or damaging a company’s data files; or
• Copying, using, or searching the data files without
authorization.
– In many cases, disgruntled employees have
scrambled, altered, or destroyed data files.
– Theft of data often occurs so that perpetrators can
sell the data.
• Most identity thefts occur when insiders in financial
institutions, credit agencies, etc., steal and sell financial
information about individuals from their employer’s database.
APPROACHES TO COMPUTER FRAUD
• Output fraud
– Involves stealing or misusing system output.
– Output is usually displayed on a screen or printed on
paper.
– Unless properly safeguarded, screen output can
easily be read from a remote location using
inexpensive electronic gear.
– This output is also subject to prying eyes and
unauthorized copying.
– Fraud perpetrators can use computers and peripheral
devices to create counterfeit outputs, such as checks.
COMPUTER FRAUD AND ABUSE
TECHNIQUES
Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
Data diddling
Data leakage
Denial of service attacks
Eavesdropping
Email threats
Email forgery (aka, spoofing)
Hacking
Phreaking
Hijacking
Identity theft
COMPUTER FRAUD AND ABUSE
TECHNIQUES
Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
Internet misinformation
Internet terrorism
Logic time bombs
Masquerading or impersonation
Packet sniffers
Password cracking • Involves the theft of tiny
Phishing slices of money over a
Piggybacking period of time.
Round-down technique• The round-down is just a
special form of a salami
Salami technique
technique.
COMPUTER FRAUD AND ABUSE
TECHNIQUES
Perpetrators have devised many methods to commit
computer fraud and abuse. These include:
Social engineering
Software piracy
Spamming
Spyware
Keystroke loggers
Superzapping
Trap doors
Trojan horse
War dialing
War driving
IMPACT OF COMPUTER FRAUD
• Auditors are concerned about computer crimes and frauds because
they indicate a breakdown in internal controls
• Financial loss
• Cyber attacks often result in substantial financial loss arising from:
-theft of corporate information
-theft of financial information (eg bank details or payment card details)
-theft of money
-disruption to trading (eg inability to carry out transactions online)
-loss of business or contract
-Businesses that suffered a cyber breach will also generally incur costs associated with repairing
affected systems, networks and devices.
• Reputational damage
• Legal consequences of cyber breach
• Damage to intellectual property resulting in the loss of a competitive edge.