View
222
Download
0
Category
Preview:
Citation preview
8/6/2019 11e Chp5-IM Stud (1)
1/23
CHAPTER 5
COMPUTER FRAUD AND ABUSE
INTRODUCTION TO FRAUD
Fraudis any and all means a person uses to gain an unfair advantage over anotherperson. Legally, for an act to be considered fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on the misrepresentation
to take an action
5. An injury or loss suffered by the victim
Fraud Perpetrators are also referred to asWhite-Collar Criminals
Fraudtakes two forms
Misappropriation of Assets and
Fraudulent Financial Reporting
Misappropriation of Assets
Misappropriation of Assets often referred to as Employee Fraud
Some examples include:
Albert Miano, amanager at Readers Digest responsible forprocessing bills from painters and carpenters, embezzled $1
million over a 5-year period.
Forged signature on checks and deposited the monies in his
account
Bought an expensive home, five cars and a boat.
A Bank vice president approved $1 billion inbad loans inexchange for $585,000 in kickbacks.
The bank had to shut down
Page 1 of 23
Learning Objective One
Define fraud and describe the process one followsto perpetuate a fraud.
8/6/2019 11e Chp5-IM Stud (1)
2/23
AnAccounting Information Systems manager at a Florida newspaperwent to work for a competitor after he was fired.
It was discovered that themanager still had an activeaccount andpasswordas the firm where he was fired
So, the manager was able to regularly browse the old
newspaper companys computer files for information on
exclusive stories
A Typical Employee Fraud has a Number of Important Elements or
Characteristics:
The fraud perpetrator must gain the trust or confidence of the
person or company being defrauded
Instead of a weapon or physical force to commit a crime, fraudperpetrators use trickery, cunning, or false or misleading
information to obtain money or assets.
They hide their tracks by falsifying records or other information
Few frauds are terminated voluntarily. Instead, the fraudperpetrator continues due to need or greed.
Often, perpetrators begin to depend on the extra income
and get to a point where they cannot afford to stop.
Other times they move to a higher lifestyle that
even requires a greater amount of money
Its at this point where they get braver, or should we see more
relaxed, where the perpetrator gets greedy and starts stealing
larger amounts of money; this is where they normally get caught.
Fraud perpetrators spend their ill-gotten gains, usually on anextravagant lifestyle. Rarely do they save or invest the moneythey take. Some of these high cost luxurious items include, big
homes, fancy cars, gambling or just a big spender type person
Many perpetrators that become greedy, not only start taking
greater amounts of monies, but also take the monies more often.
As previously mentioned, perpetrators at some point start getting
braver and grow careless or overconfident. This is the point
where they can also make a mistake and get caught.
The fraud perpetrator cannot get away with stealing cash or
property forever. At some point, although it may take some time,they are going to get caught.
The most significant contributing factors in most employee fraudsis the absence of internal controls or failure to enforce
existing internal controls.
After all, if a person that is already dishonest in
his/her nature; if they find out the management is not
concerned about internal controls
Page 2 of 23
8/6/2019 11e Chp5-IM Stud (1)
3/23
this makes it very easy for them to become a fraud
perpetrator and start stealing cash or property
Fraudulent Financial Reporting
The Treadway Commission defined fraudulent financial reporting as intentionalor reckless conduct, whether by act or omission, that results in materially
misleading financial statements
Executives cook the books, as they say, by fictitiously inflating revenues,
recognizing revenues before they are earned, closing the books early
(delaying current period expenses to a later period), overstating inventories
or fixed assets, and concealing losses and liabilities.
The Treadway Commission recommended four actions to reduce the possibility offraudulent financial reporting:
1. Establish an organizational environment that contributes to the
integrity of the financial reporting process.
2. Identify and understand the factors that lead to fraudulent financial
reporting
3. Assess the risk of fraudulent financial reporting within the company
4. Design and implement internal controls to provide reasonable assurance
that fraudulent financial reporting is prevented.
A study by the Association of Certified Fraud Examiners found that misappropriation
of assets by employees is more than 17 times more likely than fraudulent financial
reporting.
Who Perpetrates Fraud and Why It Occurs
Perpetrators of computer fraud tend to be younger and possess more computer
knowledge, experience, and skills
Some hackers and computer fraud perpetrators are more motivated by curiosity, a
quest for knowledge, the desire to learn how things work, and the challenge of
beating the system.
Most have no previous criminal record
Research shows that three conditions are necessary for fraud to occur: apressure,an opportunity, and a rationalization. This is referred to as the fraud triangleand is shown as the middle triangle in Figure 5-1 on Page 148.
Pressures
A pressure is a persons incentive or motivation for committing the fraud. The
three common types of pressures are 1) Financial, Emotional and Lifestyle which is
Page 3 of 23
Learning Objective Two
Discuss who perpetrates fraud and why it occurs,including the pressures, opportunities and
rationalizations that are present in most frauds
8/6/2019 11e Chp5-IM Stud (1)
4/23
summarized in Table 5-2 on Page 149. Table 5-3 on Page 150 provides the pressuresthat can lead to financial statement fraud.
Opportunities
As shown in the opportunity triangle in Figure 5-1 on Page 148, opportunity is thecondition or situation that allows a person or organization to do three things:
1. Commit the fraud
Most fraudulent financial reporting consists of the overstatement of assets
or revenues or the understatement of liabilities, or the failure to disclose
information.
2. Conceal the fraud
A common and effective way to hide a theft is to charge the stolen item to an
expense account. For example, charge supplies to an expense account when they
are initially purchased; before they are used. This allows the perpetrator
the opportunity to use some of the supplies for personal benefit at the
expense of the company. These unused supplies should have been recorded as an
asset called Supplies until they are used.
Another way to hide a decrease in assets is by lapping. In a lapping scheme,the perpetrator steals the cash or check that customer A mails in to pay its
accounts receivable. Funds received at a later date from customer B are used
to pay off customer As balance. And so forth, funds from customer C are used
to pay off customer B.
In a kiting scheme, the perpetrator covers up a theft by creating cashthrough the transfer of money between banks. For example, suppose a fraud
perpetrator opens checking accounts in three banks, called bank A, B and C,
and deposits $100 in each account. Then the perpetrator creates cash by
depositing a $1,000 check from bank A into bank B and then withdraws the
$1,000 from bank B. It takes two days for his check to clear bank A. Since
there are insufficient funds in bank A to cover the $1,000 check, the
perpetrator deposits a $1,000, check from bank C to bank A before his check
to bank B clears the bank A. Since bank C also has insufficient funds, $1,000
must be deposited to bank C before the check to bank A clears. The check to
bank C is written from bank B, which also has insufficient funds. And the
scheme continues. I have also seen situations where kiting also includes
credit cards in with the use of checking accounts.
Since most banks would require you to deposit so money to start a checking account,an initial deposit of $100 in each bank was included above. In addition, the belowcharts provide a somewhat picture explanation of the above kiting scheme. The chart
below uses dates, balances and NSF due dates.
Page 4 of 23
8/6/2019 11e Chp5-IM Stud (1)
5/23
BANK A BANK BPERPETRATOR BANK C
#1 1/1 1,000 check 1,000Bal. -1,000 1/1 Bal. +1,000NSF due on 1/3 #2 1/2 W/D -1,000 1/2
+1,000Bal. -0-No NSF Due
1/3 +1,000#3 1/3 1,000 checkBal. -0-
Bal.-1,000No NSF Due
NSF Due 1/5#4 1/5 1,000 check
+1,000Bal. -1,000
Bal. -0-NSF Due 1/7
No NSF DueDeposit +1,0001
Note #1: At this point the perpetrator may want to deposit the$1,000 he has had for 5 days (1/2 through 1/6), on the morning of1/7 and start over again with Bank A.
Legend: W/D = withdraws cash NSF = nonsufficient funds Bal. =balance
3. Convert the Theft or Misrepresentation to Personal Gain
In employee fraud, all fraud perpetrators go through the
conversion phase unless they steal actual cash that can be spent
or use the asset personally.
Table 5-4 on Page 152 list some of the more frequently mentionedopportunities that permit employee and financial statement fraud.
Opportunities for fraud often stem from internal control factors.
A control feature many companies lack is a background check on
all potential employees.
Rationalizations
Rationalization allows perpetrators to justify their illegal
behavior.
A list of some of the rationalizations people use:
Page 5 of 23
8/6/2019 11e Chp5-IM Stud (1)
6/23
I am only borrowing the money (or asset) and will
repay my loan.
You would understand if you know how badly I needed it
What I did was not that serious
It was for a good cause (the Robin Hood syndrome,
robbing from the rich to give to the poor).
I occupy a very important position of trust. I am
above the rules.
Everyone else is doing it, so it is not that wrong.
No one will ever know
The company owes it to me, and I am taking no more
than is rightfully mine
Computer Fraud
The U.S. Department of Justice defines computer fraudas anyillegal act for which knowledge of computer technology is
essential for its perpetration, investigation or prosecution.
More specifically, computer fraud includes the following:
Unauthorized theft, use, access, modification, copying and
destruction of software or data
Theft of money by altering computer records
Theft of computer time
Theft or destruction of computer hardware
Use or the conspiracy to use computer resources to commit a
felony
Intent to illegally obtain information or tangible property
through the use of computers
Page 6 of 23
Learning Objective Three
Define computer fraud and discuss the differentcomputer fraud classifications.
8/6/2019 11e Chp5-IM Stud (1)
7/23
The Association of the Certified Fraud Examiners provides thegeneral definition of computer fraud:
Any defalcation or embezzlement accomplished by tampering
with computer programs, data files, operations, equipment,
or media and resulting in losses sustained by the
organization whose computer system was manipulated.
Another definition of Computer:
In a computer crime, the computer is involved directly or
indirectly in committing the criminal act. Sabotage of
computer facilities is classified as a direct computer
crime and unauthorized access of stored data is an indirect
computer crime because the presence of the computer created
the environment for committing the crime.
The Rise in Computer Fraud
Computer systems are particularly vulnerable to computer crimes
for the following reasons:
Billions of characters of data are stored in company
databases. People who manage to break into these
databases can steal, destroy or alter massive amounts of
data in very little time.
Organizations want employees, customers and suppliers to
have access to their system. The number and variety of
these access points significantly increase the risks.
Computer programs only need to be changed or modifiedonce without permission for the system to operate
improperly for as long as the system is in use.
Modern systems utilize personal computers (PCs), whichare inherently more vulnerable to security risks. It is
difficult to control physical access to each networked
PC. In addition, PCs and their data can be lost, stolen
or misplaced.
Computer systems face a number of unique challenges:
reliability (i.e. accuracy, completeness), equipment
failure, environmental dependency (i.e. power, damage
from water or fire), vulnerability to electromagnetic
interference and interruption, eavesdropping and
misrouting
The increase in computer fraud schemes is due to some of the
following reasons:
1. Not everyone agrees on what constitutes computer fraud
2. Many computer frauds go undetected
Page 7 of 23
8/6/2019 11e Chp5-IM Stud (1)
8/23
The FBI estimated that only one percent of all computercrime was detected; while others estimated it to be between
5 and 20%.
3. A high percentage of uncovered frauds are not reported
4. Many networks have a low level of security
5. Many Internet pages give step-by-step instructions on how
to perpetrate computer crimes and abuses
6. Law enforcement is unable to keep up with the growing
number of computer frauds
7. The total dollar value of losses is difficult to calculate
Computer Fraud Classifications
As shown in Figure 5-2 on Page 156, one way to categorizecomputer fraud is to use the data processing model: input,
processor, computer instructions, stored data and output.
Input
The simplest and most common way to commit fraud is to alter
computer input. It requires little, if any computer skills.
Instead, perpetrators need only understand how the system
operates so they can cover their tracks.
To commit payroll fraud, perpetrators can enter data to increase
their salary, create a fictitious employee, or retain a
terminated employee on the records.
Example of input fraud, a New York bank employee changes the
company deposit slips to forged deposit slips. For three days he
deposited bank deposits in his personal account for three days.
Then he disappeared and was not caught as he used an alias name.
There are more examples on pages 155 and 156.
Processor
Computer fraud can be committed through unauthorized system use,
including the theft of computer time and services.
Example of processor fraud, employees of an insurance company
were running an illegal gambling web site. These employees hid
the computers under the floor.
There are more examples on page 156.
Computer Instructions
Computer fraud can be accomplished by tampering with the software
that processes company data.
Page 8 of 23
8/6/2019 11e Chp5-IM Stud (1)
9/23
Data
The greatest exposure in data fraud comes from employees with
access to the data.
The most frequent type of data fraud is the illegal use of
company data, typically by copying it, using it, or searching it
without permission.
For example, an employee using a small flash drive or an iPod can
steal large amounts of data and remove it without being detected.
The following are some recent examples of stolen data:
The office manager of a Wall Street law firm foundinformation about prospective mergers and acquisition in
the firms Word files. He sold the information to friends
and relatives, who made several million dollars trading the
securities illegally.
A 22-year old Kazakhstan mane broke into Bloombergs
network and stole account information, including that of
Michael Bloomberg, the mayor of New York and the founder of
the financial news company. He demanded $200,000 in
exchange for not using or selling the information. He was
arrested in London when accepting the ransom.
A software engineer tried to steal Intels plans for a new
microprocessor. Because he could view but not copy or print
the manufacturing plans, he photographed them screen by
screen late at night in his office. One of Intels controls
was to notify security when the plans were viewed after
hours. He was caught photographing the plans.
Cbyer-criminals used sophisticated hacking and identitytheft techniques to hack into seven major online brokerage
firm accounts. They sold the securities in those accounts
and used the cash to pump up the price of 15 low-priced,
thinly traded public companies they already owned. They
then dumped the 15 stocks in their personal accounts for
huge gains. E-trade lost $18 million and Ameritrade $4
million in similar pump-and-dump schemes.
The U.S. Department of Veterans Affairs was sued because an
employee laptop that contained the records of 26.5 million
veterans was stolen, exposing them all to identity theft.Later, another laptop with the records of 38,000 people
disappeared from a subcontractors office.
Data can also be changed, damaged, destroyed or defaced.
Data also can be lost due to negligence or carelessness.
Page 9 of 23
8/6/2019 11e Chp5-IM Stud (1)
10/23
Deleting files does not erase them. Even reformatting a hard
drive often does not erase files or wipe the drive clean.
Output
Computer output, displayed on monitors or printed on paper, can
be stolen or misused.
Fraud perpetrators can use computers and output devices to forge
authentic-looking outputs. For example, a company laser-printer
could be sued to prepare paychecks.
Computer Fraud and Abuse Techniques
These techniques are summarized in Table 5-5 on Page 158
Computer Attacks
Hacking is the unauthorized access to and use of computersystems, usually by means of a personal computer and a
telecommunications network. Most hackers are able to break into
systems using known flaws in operating systems or application
programs, or as a result of poor access controls. Some hackers
are motivated by the challenge of breaking into computer systems
and just browse or look for things to copy and keep. Other
hackers have malicious intentions.
The following examples illustrate hacking attacks and the damage
they cause:
Several years ago, Russian hackers broke into Citibanks
system and stole $10 million from customer accounts
During Operation Desert Storm, Dutch hackers broke into
computers at 34 different military sites and extracted
confidential information. Among the information stolen
were the troop movements and weapons used in the Iraq
war. The group offered to sell the information it Iraq,
but the government declines, probably because it feared
it was a setup.
A 17-hear-old hacker, nicknamed Shadow Hawk, was
convicted of electronically penetrating the Bell
Laboratories national network, destroying files valued
at $174,000, and copying 52 proprietary softwareprograms worth $1.2 million. He published confidential
information such as telephone numbers, passwords and
instructions on how to breach AT&Ts computer security
system on underground bulletin boards. He was
sentenced to nine months in prison and given a $10,000
fine. Like Shadow Hawk, many hackers are fairly young,
some as young as 12 and 13.
Page 10 of 23
8/6/2019 11e Chp5-IM Stud (1)
11/23
Hackers who search for dial-up modem lines by programming
computers to dial thousands of phone lines is referred to
as war dialing.
War driving is driving around looking for unprotectedwireless networks.
Some war drivers draw chalk symbols on sidewalks to mark
unprotected wireless networks, referred to as war chalking.
One enterprising group of researches went war rocketing.They sent rockets into the air that let loose wireless
access points, each attached to a parachute.
Abotnet, short for robot network, is a network of hijackedcomputers. Hijacking is gaining control of someone elsescomputer to carry out illicit activities without the users
knowledge.
Hackers who control the hijacked computers, calledbotherders, use the combined power of the infected machines,called zombies.
A denial-of-service attackoccurs when an attacker sends so manye-mail bombs (thousands per second), often from randomly
generated false addresses, that the Internet service providers
e-mail server is overloaded and shuts down. Another denial-of-
service attack is sending so many requests for Web pages that the
Web server crashes.
A good example was when a lot of people were receiving so
many emails so fast that they could not even delete them
all; it was just a constant flow of emails in which these
people could not do anything else. As a result, some people
now have more than one email provider, one which they only
use to catch the junk emails.
Most denial-of-service attacks are quite easy to accomplish andinvolve the following:
The attacker infects abotnet with a denial-of-serviceprogram.
The attacker activates the program and the zombiecomputers begin sendingpings (e-mails or requests for
data) to the computer being attacked. The victimcomputer responds to each ping, not realizing the zombie
computer sent it a fictitious return address, and waits
for a response that never comes.
Because the victim computer is waiting for so many
responses that never come, system performance begins to
degrade until the computer finally freezes (it does
nothing but respond to the pings) or it crashes.
Page 11 of 23
8/6/2019 11e Chp5-IM Stud (1)
12/23
The attacker terminates the attack after an hour or two
to limit the victims ability to trace the source of the
attacks.
Spamming is the emailing the same unsolicited message tomany people at the same time, often in an attempt to sell
them something.
Spammers use very creative means to find valid email
addresses. They scan the Internet for addresses
posted online and also hack into company databases
and steal mailing lists. In addition, spammers stage
dictionary attacks (also called direct harvestingattacks) designed to uncover valid email addresses.
Hackers also spamblogs, which are Web sitescontaining online journals, by placing random or
nonsensical comments to blogs that allow visitor
comments.
Splogs, or spam blogs, promote affiliated Web sitesin increase their Google Page Rank, a measure of how
often a Web page is referenced by other Web pages.
Spoofing is making an e-mail message look as ifsomeone else sent it.
A former Oracle employee was charged with breaking
into the companys computer network, falsifying
evidence, and committing perjury for forging an e-
mail message to support her charge that she was fired
for ending a relationship with the companys chief
executive. The employee was found guilty of forging
the e-mail messaged and faced up to six years in jail.
A zero-day attack (or zero-hour attack) is an attackbetween the time a new software vulnerability is
discovered and the software developers and the
security vendors releases software, called apatch,that fixes the problem.
Password cracking is penetrating a systems defenses,stealing the file containing valid passwords,
decrypting them and using them to gain access to
programs, files and data.
Inmasquerading,or impersonation, the perpetrator gains
access to the system by pretending to be an authorizeduser. This approach requires a perpetrator to know the
legitimate users ID number and password.
Piggybackingis tapping into a telecommunications line andlatching on to a legitimate user before the user logs into
a system. The legitimate user unknowingly carries the
perpetrator into the system.
Page 12 of 23
8/6/2019 11e Chp5-IM Stud (1)
13/23
Piggybacking has several meanings:
1. The clandestine use of a neighbors Wi-Fi network;
this can be prevented by enabling the security
feature in the wireless network.
2. Tapping into a telecommunications line and
electronically latching on to a legitimate user
before the user enters a secure system; the
legitimate user unknowingly carries the perpetrator
into the system.
3. An unauthorized person passing through a secure
door when an authorized person opens it, thereby
bypassing physical security controls such as
keypads, ID cards, or biometric identification
scanners.
Data diddling is changing data before, during, or after it is
entered into the system. The change can be made to delete, alter,or add key system data.
Data leakagerefers to the unauthorized copying of company data.
A fraud perpetrator can use the salami technique, to embezzlelarge sums of money a salami slice at a time from many
different accounts (tiny slices of money are stolen over a period
of time).
The round-down fraud techniques is used most frequently infinancial institutions that pay interest. In the typical
scenario, the programmer instructs the computer to round down all
interest calculation to two decimal places. The fraction of a
cent that is rounded down on each calculation is put into the
programmers account or one that he or she controls.
Phreaking is attacking phone systems to obtain free phone lineaccess. Phreakers also use the telephone lines to transmitviruses and to access, steal and destroy data.
Economic espionage is the theft of information, trade secrets andintellectual property. This has increased by 323% during one
five-year period. The U.S. Department of Justice estimates that
intellectual property theft losses total $250 billion a year.
Almost 75% of these losses are to an employer, former employer,
contractor, or supplier.
A growing problem is cyber-extortion, in which fraud perpetratorsthreaten to harm a company if it does not pay a specified amount
of money.
Internet terrorismoccurs when hackers use the Internet todisrupt electronic commerce and to destroy company and individual
communications.
Page 13 of 23
8/6/2019 11e Chp5-IM Stud (1)
14/23
Internet misinformation is using the Internet to spread false ormisleading information about people or companies. This can be
done in a number of ways, including inflammatory messages in
online chats, setting up Web sites and spreading urban legends.
Fraud perpetrators are beginning to use unsolicited email threatsto defraud people. For example, Global Communications sent a
message to many people threatening legal action if an unspecified
overdue amount was not paid within 24 hours.
Many companies advertise online and pay based on how many users
click on ads that take them to the companys Web site.
Advertisers pay from a few cents to over $10 for each click.
Click fraudis intentionally clicking on these ads numerous timesto inflate advertising bills.
Software piracy is copying software without the publisherspermission. It is estimated that for every legal copy of software
there are seven to eight illegal ones. I have seen some places
where this is almost like an acceptable practice.
Social Engineering
In social engineering, perpetrators trick employees into givingthem the information they need to get into the system.
Identity theftis assuming someones identity, usually foreconomic gain, by illegally obtaining and using confidential
information such as the persons Social Security number or their
bank account or credit card number. Identity thieves benefit
financially by taking funds out of the victims bank accounts,
taking out mortgages or other loan obligations, and taking out
credit cards and running up large debts.
In one case, a convicted felon incurred $100,000 of credit card
debt, took out a home loan, purchased homes and consumer goods,
and then filed for bankruptcy in the victims name.
Inpretexting, people act under false pretenses to gainconfidential information. For example, they might conduct a
security and lull the person into disclosing confidential
information by asking 10 innocent questions before asking the
confidential ones.
Posing is creating a seemingly legitimate business, collectingpersonal information while making a sale, and never delivering a
product.
Phishing sending out an email, instant message, or text messagepretending to be a legitimate company, usually a financial
institution, and requesting information. The recipient is asked
to either respond to the email request or visit a Web page and
submit the data or responding to a text message.
Page 14 of 23
8/6/2019 11e Chp5-IM Stud (1)
15/23
In voice phishing, orvishing e-mail recipients are asked to calla specified phone number, where a recording tells them to enter
confidential data.
Phished (and otherwise stolen) credit card numbers can be bought
and sold, which is called carding.
Pharming is redirecting a Web sites traffic to a bogus (spoofed)Web site, usually to gain access to personal and confidential
information. So how does pharming work? If you dont know
someones phone number, you look it up in a phone book. If you
could change XYZ Companys number in the phone book to your phone
number, people calling XYZ Company would reach you instead. You
could then ask them to divulge information only they would know
to verify their identity.
An evil twin is when a hacker sets up a wireless network with thesame name (called Service Set Identifier, or SSID) as the
wireless access point at a local hot sport or a corporations
wireless network.
Typosquatting, also called URL hijacking, is setting up Web siteswith names very similar to real Web sites so when user make
mistakes, such as typographical errors, in entering a Web site
name the user is sent to an invalid site.
The typosquatters site may do the following:
Trick the user into thinking she is at the real site by
using a copied or a similar logo, Web site layout, or
content. These sites often contain advertising that
would appeal to the person looking for the real domain
name. The typosquater might also be a competitor.
Send the user to a site very different from what was
wanted. In one famous case, a typosquater sent people
looking for sites that appealed to children to a
pornographic Web site.
Use the false address to distribute viruses, adware,
spyware, or other malware.
Scavenging,or dumpster diving gaining access to confidentialinformation by searching corporate or personal records. Some
identity thieves search garbage cans, communal trash bins, and
city dumps to find documents or printouts with confidential
company information. They also look for personal information such
as checks, credit card statements, bank statements, tax returns,
discarded applications for reapproved credit cards or other
records that contains Social Security numbers, names, addresses,
telephone numbers, and other data that allow them to assume an
identity. Be sure to tear up (or preferably shred) your personal
correspondence from banks and credit card companies to the point
that the number cannot be read, before you throw it in to the
trash; especially in a public trash container.
Page 15 of 23
8/6/2019 11e Chp5-IM Stud (1)
16/23
Shoulder surfing watching people as they enter telephonecalling card or credit card numbers or listening to conversations
as people give their credit card number over the telephone or to
sales clerks.
Skimming is double-swiping a credit card in a legitimate terminalor covertly swiping a credit card in a small, hidden, handheld
card reader that records credit card data for later use.
Chipping is posing as a service engineer and planting a smallchip in a legitimate credit card reader.
Eavesdropping enables perpetrators to observe privatecommunications or transmissions of data. One way to intercept
signals is by setting up a wiretap.
Malware
This section describesmalware, which is any software that can beused to do harm.
Spywaresoftware secretly collects personal information aboutusers and sends it to someone else without the users permission.
The information is gathered by logging keystrokes, monitoring
computing habits such as Web sites visited, and scanning
documents on the computers hard disk.
Spyware infections, of which users are usually unaware, come from
the following:
Downloads such as file sharing programs, system
utilities, games, wallpaper, screensavers, music and
videos.
Web sites that secretly download spyware when they arevisited. This is call drive-by downloading.
A hacker using security holes in Web browsers and other
software.
Programs masquerading as anti-spyware security software.
A worm or virus
Public wireless network. For example, users receive a
message they believe is from the coffee shop or hotel
where they are using wireless technology. Clicking on
the message inadvertently downloads a Trojan horse or
spyware application.
One type of spyware, called adware (short for advertisingsupported software), does two things: First, it causes banner ads
to pop up on your monitor as you surf the Net. Second, it
collects information about the users Web-surfing and spending
Page 16 of 23
8/6/2019 11e Chp5-IM Stud (1)
17/23
habits and forwards it to the company gathering the data, often
an advertising or large media organization.
In a recent survey, 55% of companies had experienced a spyware,
adware, or some other malware infection. In larger organizations,
the average cost of getting rid of spyware is over $1.5 million a
year.
Another form of spyware, called a key logger, records computeractivity, such as a users keystrokes, emails sent and received,
Web sites visited, and chat session participation.
A Trojan horse is a set of malicious, unauthorized computerinstructions in an authorized and otherwise properly functioning
program. Some Trojan horses give the creator the power to
remotely control the victims computer. Unlike viruses and worms,
the code does not try to replicate itself.
Time bombs and logic bombs are Trojan horses that lie idle untiltriggered by a specified time or circumstance. Once triggered,
the bomb goes off, destroying programs, data or both.
Company insiders, typically disgruntled programmers or other
systems personnel who want to get even with their company, write
many bombs.
A trap door, or back door, is a way into a system that bypassesnormal system controls. Programmers use trap doors to modify
programs during systems development and normally remove them
before the system is put into operation.
Packet sniffers are programs that capture data from informationpackets as they travel over the Internet or company networks.
Captured data is sifted to find confidential information such as
user IDs and passwords, and confidential or proprietary
information that can be sold or otherwise used.
Stenography programs hide data from one file inside a host file,such as a large image or sound file. There are more than 200
different stenographic software programs available on the
Internet.
A rootkit is software that conceals processes, files, networkconnections, memory addresses, systems utility programs, and
system data from the operating system and other programs.
Rootkits often modify parts of the operating system or install
themselves as drivers.
Superzapping is the unauthorized use of special system programsto bypass regular system controls and perform illegal acts.
A computervirusis a segment of self-replicating, executablecode that attaches itself to software. Many viruses have two
phases. In the first phase, the virus replicates itself and
spreads to other systems or files when some predefined event
Page 17 of 23
8/6/2019 11e Chp5-IM Stud (1)
18/23
occurs. In the attack phase, also triggered by some predefined
event, the virus carries out its mission.
In one survey, almost 90% of the respondents said their company
was infected with a virus within the prior 12 months.
During the attack phase, triggered by some predefined event,
viruses destroy or alter data or programs, take control of the
computer, destroy the hard disks file allocation table, delete
or rename files or directories, reformat the hard disk, change
the content of files.
Symptoms of a computer virus include computers that will not
start or execute; unexpected read or write operations; an
inability to save files; long program load times; abnormally
large file sizes; slow systems operation; and unusual screen
activity, error messages, or file names.
The Sobig virus, written by Russian hackers, infected anestimated 1 of every 17 e-mails several years ago.
TheMyDoomvirus infected 1 in 12 e-mails and did $4.75 billionin damages.
It is estimated that viruses and worms cost businesses over $20
billion a year.
Most viruses attack computers, but all devices connected to the
Internet or that are part of a communications network run the
risk of being infected. Recent viruses have attacked cell phones
and personal digital assistants. These devices are infected
through text messages, Internet page downloads and Bluetooth
wireless technology.
Flows in Bluetooth applications have opened up the system to
attack. Bluesnarfing is stealing (snarfing) contact lists, imagesand other data from other devises using Bluetooth. Bluebugging istaking control of someone elses phone to make calls or send text
messages, or to listen to phone calls and monitor text messages
received.
A wormis similar to a virus except for the following twodifferences. First, a virus is a segment of code hidden in a host
program or executable file, a worm is a stand-alone program.
Second, a virus requires a human to do something (run a program,
open a file, etc.) to replicate itself; whereas a worm replicates
itself automatically. Worms often reside in email attachments,
which, when opened or activated, can damage the users system.
A computer wormis a self-replicating computer program similar toa virus except for the following three differences:
1. A virus is a segment of code hidden in or attached to a
host program or executable file, while a worm is a stand-
alone program.
Page 18 of 23
8/6/2019 11e Chp5-IM Stud (1)
19/23
2. A virus requires a human to do something (run a program,
open a file, etc.) to replicate itself, whereas a worm does
not and actively seeks to send copies of itself to other
devices on a network.
3. Worms harm networks (If only by consuming bandwidth),
whereas viruses infect or corrupt files or data on a
targeted computer.
Worms often reside in e-mail attachments, which, when opened or
activated, can damage the users system.
A worm usually does not live very long, but it is quite
destructive while alive.
More recently, MySpace had to go offline to disable a worm that
added over 1 million friends to the hackers site in less than a
day.
Table 5-6 on Page 174 provides a Summary of ways to Prevent and DetectComputer Fraud.
- Make Fraud Less Likely To Occur
- Increase The Difficulty Of Committing Fraud
- Improve Detection Methods
- Reduce Fraud Losses
EMPLOYEE FRAUD SCHEMES
Cash
Cash is the focal point of most accounting entries. Cash, both on
deposit in banks and petty cash, can be misappropriated through many
different schemes. These schemes can be either on-book or off-book,
depending on where they occur. Generally, cash schemes are smaller than
other internal fraud schemes because companies have a tendency to have
comprehensive internal controls over cash and those internal controls
Page 19 of 23
Preventing and Detecting Computer Fraud and Abuse
Learning Objective Four
Compare and contrast the approaches and techniquesthat are used to commit computer fraud.
8/6/2019 11e Chp5-IM Stud (1)
20/23
are adhered to. Cash fraud schemes follow general basic patters,
including skimming, voids/underrings, swapping checks for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
journal entries and kiting.
Skimming
Skimming involves removing cash from the entity before the cash is
recorded in the accounting system. This is an off-book scheme; receipt
of the cash is never reported to the entity. A related type of scheme
is to ring up a sale for less than the actual sale amount. (The
difference between the actual sale and the amount on the cash register
tape can then be diverted.) This is of particular concern in retail
operations (for example, fast food restaurants) where much of the daily
sales are in cash, and not by check or credit card.
EXAMPLE
According to an investigation, fare revenues on the ChicagoTransit Authoritys (CTA) rail system allegedly were
misappropriated by agency employees. The statistics indicate thatthe thefts are not confined to the one station that originallywas suspected and that the fare-skimming by transit workers mighthave been reduced by news of the investigation. IN the four daysafter reports of skimming surfaced, about $792,000 was turned in
by station agents system wide. In a similar Monday through Fridayperiod only $723,000 was turned in by station agents.
CTA officials estimated that a planned installation of a $38million automated fare-collection system would eliminate $6.5million annually in revenue shrinkage, mostly from employeetheft. At least 10 workers have been investigated, including nineticket agents and one supervisor or clerk. Early reportsindicated that agents pocketed money after recording transferor monthly passes as cash-paying customers passed throughturnstiles.
Voids/Under-Rings
There are three basic voids/under-ring schemes. The first is to record
a sale/cash receipt and then void the same sale, thereby removing the
cash from the register. The second, and more common variation, is to
purchase merchandise at unauthorized discounts. The third scheme, which
is a variation of the unauthorized discount, is to sell merchandise to
a friend or co-conspirator using the employees discount. The con-
conspirator then returns the merchandise for a full refund,
disregarding the original discount.
EXAMPLE
Roberta Fellerman, a former Ball State University employee, wasindicted on federal charges of stealing about $105,000 from theschools bookstore operations. Fellerman was charged withstealing the money over a thirty-three month period.
The thefts allegedly were from proceeds of the sales of books tostudents who took Ball State courses through an off-campus
Page 20 of 23
8/6/2019 11e Chp5-IM Stud (1)
21/23
program at many cities around Indiana. Fellerman was in charge ofthe sale of the books from the book store.
Fellerman was accused of altering records and taking currencyfrom a cash drawer. She was also charged with income tax
violations for failing to report the stolen money on her federaltax returns.
Swapping Checks for Cash
One common method where an employee can misappropriate cash is to
exchange his own check for cash in the cash register or cash drawer.
Periodically, a new check is written to replace the old check. This
process can be continued so that on any given day, there is a current
check for the cash removed. This is a form of unauthorized borrowing
from the company. Obviously, if it is the company policy that cash
drawers or registers are reconciled at the conclusion of each day and
turned over to a custodian, then this fraud scheme is less likely to be
committed. However, if personnel are allowed to keep their own cash
drawers and only remit the days receipts, then this method of
unauthorized borrowing will be more common.
EXAMPLE
Lisa Smith, a Garfield High School fiscal clerk at a centraltreasurer function allegedly borrowed $2,400 by placing 23
personal checks in deposits which were made from various studentactivities at decentralized locations. Ms. Smith placed a
personal check in each deposit as a method of keeping track ofthe amount of money which had been borrowed. The transactionswere inappropriately delayed for up to 5 months.
Auditors detected the delayed transactions during an unannouncedcash count. On the day of the count, the fund custodian had onlya few hundred dollars in his bank account (confirmed by telephoneupon receipts of custodians authorization). When all 23 personalchecks were deposited in the districts account, several werereturned as NSF. After payday, all NSF checks subsequentlycleared the bank. The custodians employment with the districtwas terminated.
Alteration of cash Receipts documentation
A lack of segregation of duties can create an opportunity for an
employee to misappropriate company funds. For example, if the same
person is responsible for both collecting and depositing the cash
receipts, then this person has the opportunity to remove funds from the
business for his own personal use and conceal such theft through thedeposits. This is often the case in smaller organizations where there
are few personnel to divide the daily operations. A variation of this
scheme is to mutilate or destroy the cash receipts documentation so
that any attempt to reconcile the cash deposited with the cash receipts
is thwarted.
EXAMPLE
Page 21 of 23
8/6/2019 11e Chp5-IM Stud (1)
22/23
An elected county treasurer allegedly stole $62,400 over a threeyear period from property tax receipts. Every other day, aftercash receipt transactions were batched and posted to thesubsidiary accounting records, the treasurer altered the totalcash receipts and the actual deposit. Therefore, the controlaccount and the deposit were equal but that total did not matchthe total postings to the individual tax payers accounts. Ineach of the three years, the difference between the controlaccount receivable and the summation of the individuals in thesubsidiary accounts was written off. These were unsupportedaccounting adjustments.
Evidence was obtained by reconstructing the three years cashreceipts and matching the differences between the total cashreceipts, control account and the individual (subsidiary)accounts with the unsupported accounting adjustments.
Fictitious Refunds and Discounts
Fictitious refunds occur when an employee enters a transaction as if a
refund were given; however, no merchandise is returned, or no discountis approved with substantiates the refund or discount. The employee
misappropriates funds equal to the fictitious refund or discount. This
scheme is most prevalent in the retail/merchandise industry; however,
it can occur in any operation in which a refund or discount is given.
EXAMPLE
Dora Malfrici, a former New York University student financial aidofficial, was charged along with her husband Salvatore withstealing $4.1 million. This was allegedly done by falsifying morethan a thousand tuition refund checks. The loss was described ason of the largest embezzlements ever uncovered at a U.S.university. The money was allegedly taken from the Tuition
Assistance Program, operated by the New York State HigherEducation Services Corporation to provide expenses money to needystudents. However, NYU officials assert that the funds came froma University account, not from State money.
Malfricis job was to assure that students entitled to funds fromthe Corporation received their checks. According to the U.S.
Attorney, she arranged for checks to be made out to hundreds oflegitimate NYU students who were not entitled to receive anyfunds. These students were kept unaware of this because thechecks were deposited into bank accounts in Manhattan and NewJersey that allegedly were controlled by the Malfricis. Thesechecks were made over to Elizabeth Pappa before being deposited
into accounts in that name. Some other checks were made payabledirectly to Pappa. The FBI was unable to locate Elizabeth Pappaand believes that such a person never existed. Reportedly the
Malfricis spend $785,000 of the funds in question on expensivejewelry and $85,000 of the money on Florida real estate.
Kiting
Kiting is the process whereby cash is recorded in more than one bank
account, but in reality, the cash is either nonexistent or is in
Page 22 of 23
8/6/2019 11e Chp5-IM Stud (1)
23/23
transit. Kiting schemes can be perpetrated using one bank and more than
one account or between several banks and several different accounts.
Although banks generally have a daily repot that indicates potential
kiting schemes, experience has shown that they are somewhat hesitant to
report the scheme until the balance in their customers accounts is
zero.
There is one important element to check kiting schemes: all kiting
schemes require banks to pay on unfunded deposits. This is not to say
that all payments on unfunded deposits are kiting schemes, but rather,
that all kiting schemes require payments be made on unfunded deposits.
In other words, if a bank allows its customers to withdraw funds on
deposits that the bank has not yet collected the cash, then kiting
schemes are possible. In todays environment where customers use wire
transfers, kiting schemes can be perpetrated very quickly and in very
large numbers.
EXAMPLE
Ronald W.P. Sylvia, 59, and his son-in-law, Philip L. Grandone,33, both of Dartmouth, admitted to participating in a check-kiting scheme that bilked the Bank of Boston out of $907,000.Grandone, owner of two pharmacies in the New Bedford area, hadcash-flow problems when Sylvia, operator of two auto sales andleasing businesses, offered to write a check to cover some of hisson-in-laws operating expenses. Grandone repaid that $50,000loan within a few days, but borrowed again and again in every-increasing amounts to bring fresh infusions of cash into hisfaltering pharmacy businesses. An exchange of checks betweenGrandone and Sylvia eventually occurred literally daily untilSylvias bank caught on to the float scheme and froze Sylviasaccount.Cut off from Sylvias supply of cash, Grandones account with theBank of Boston was left overdrawn by $907,000. Grandone was
ordered to make restitution to the Bank of Boston.
Recommended