COMPUTER FRAUD

Lecture 7

Learning Objectives
Describe fraud and describe the process one
follows to perpetuate a fraud.
Discuss why fraud occurs, including the
pressures, opportunities, and rationalizations that
are present in most frauds.
Compare and contrast the approaches and
techniques that are used to commit computer
fraud.
Describe how to deter and detect computer fraud.

The Fraud Process

Fraud is any and all means a person uses to gain

unfair advantage over another person.

Fraud perpetrators are often referred to as white

collar criminals.

The Fraud Process

Three types of occupational fraud:

Misappropriation of assets
Corruption
Fraudulent statements
intentional or reckless conduct, whether by act or
omission, that results in materially misleading
financial statements (The Treadway Commission).

The Fraud Process

Reasons for Fraudulent Financial Statements

Deceive investors or creditors

Increase a companys stock price
Meet cash flow needs
Hide company losses or other problems

The Fraud Process

Fraudulent financial reporting is of great concern

to independent auditors, because undetected

frauds lead to half of the lawsuits against
auditors.
In the case of Enron, a financial statement fraud
led to the total elimination of Arthur Andersen, a
premiere international public accounting firm.

The Fraud Process

A typical employee fraud has a number of important

elements or characteristics:
The fraud perpetrator must gain the trust or
confidence of the person or company being
defrauded in order to commit and conceal the fraud.
Instead of using a gun, knife, or physical force,
fraudsters use weapons of deceit and
misinformation.
In time, the sheer magnitude of the frauds may lead
to detection.
The most significant contributing factor in most
employee frauds is the absence of internal controls
and/or the failure to enforce existing controls.

Treadway Commission Actions to Reduce

Fraud
1. Establish environment which supports the

integrity of the financial reporting process.

2. Identification of factors that lead to fraud.
3. Assess the risk of fraud within the company.
4. Design and implement internal controls to
provide assurance that fraud is being
prevented.

SAS #99
Auditors responsibility to detect fraud

Understand fraud
Discuss risks of material fraudulent statements

Among members of audit team

Obtain information

Look for fraud risk factors

Identify, assess, and respond to risk
Evaluate the results of audit tests

Determine impact of fraud on financial statements

Document and communicate findings
Incorporate a technological focus

Why Fraud Occurs

Researchers have compared the psychological and

demographic characteristics of three groups of people:

White-collar criminals
The general public
Violent criminals
They found:
Significant differences between violent and white-collar

criminals.
Few differences between white-collar criminals and the
general public.

Why Fraud Occurs

What are some common characteristics of fraud
perpetrators?
Most spend their illegal income rather than invest

or save it.
Once they begin the fraud, it is very hard for them
to stop.
They usually begin to rely on the extra income.

Why Fraud Occurs

Perpetrators of computer fraud tend to be

younger and possess more computer knowledge,

experience, and skills.
Some computer fraud perpetrators are more
motivated by curiosity and the challenge of
beating the system.
They may view their actions as a game rather
than dishonest behavior.
Others commit fraud to gain stature among others
in the computer community.

Why Fraud Occurs

But a growing number want to profit financially. To

do so, they may sell data to:

Spammers
Organized crime
Other hackers
The intelligence community

Why Fraud Occurs

Criminologist Donald Cressey, interviewed 200+

convicted white-collar criminals in an attempt to

determine the common threads in their crimes.
As a result of his research, he determined that
three factors were present in the commission of
each crime. These three factors have come to be
known as the fraud triangle.
Pressure
Opportunity
Rationalization

Pressure
FINANCIAL
Living beyond
means
High personal
debt/expenses
Inadequate
salary/income
Poor credit ratings
Heavy financial
losses
Bad investments
Tax avoidance
Meet unreasonable
quotas/goals

EMOTIONAL
Greed
Unrecognized
performance
Job dissatisfaction
Fear of losing job
Power or control
Pride or ambition
Beating the system
Frustration
Non-conformity
Envy, resentment
Arrogance,
dominance
Non-rules oriented

LIFESTYLE
Support gambling
habit
Drug or alcohol
addiction
Support sexual
relationships
Family/peer
pressure

Opportunities
An opportunity is the gateway or situation that

allows a person to commit and conceal a

dishonest act.
Opportunities often stem from a lack of internal
controls.
However, the most prevalent opportunity for fraud
results from a companys failure to enforce its
system of internal controls.

Computer Fraud
The U.S. Department of Justice defines computer

fraud as any illegal act for which knowledge of

computer technology is essential for its
perpetration, investigation, or prosecution.
What are examples of computer fraud?
unauthorized use, access, modification,
copying, and destruction of software or data

Computer Fraud
theft of money by altering computer records or

the theft of computer time

theft or destruction of computer hardware
use or the conspiracy to use computer
resources to commit a felony
intent to illegally obtain information or tangible
property through the use of computers

Rise in Computer Fraud

No one knows for sure exactly how much companies
lose to computer fraud. Why?
There is disagreement on what computer fraud is.
Many computer frauds go undetected, or unreported.
Most networks have a low level of security.
Many Internet pages give instructions on how to

perpetrate computer crimes.

Law enforcement is unable to keep up with fraud

Computer Fraud Classifications

Data fraud
Input
fraud

Processor fraud

Computer
instruction fraud

Output
fraud

Computer Fraud and Abuse Techniques

What are some of the more common techniques to

commit computer fraud?

Data Diddling
Data Leakage
Denial of Service Attacks
Eavesdropping
Email Forgery or spoofing

Hacking
Phreaking
Identity Theft

Computer Fraud and Abuse Techniques

Internet misinformation

Internet terrorism
Logic time bombs
Masquerading or impersonation
Packet Sniffers
Password Cracking
Phishing
Piggybacking
Round down technique
Salami Technique

Computer Fraud and Abuse Techniques

Software Piracy

Scavenging
Social Engineering
Superzapping
Trap door
Trojan Horse
Virus
Worm
Spyware
Keystroke Loggers

Preventing and Detecting Computer

Fraud
What are some measures that can decrease the
potential of fraud?
1. Make fraud less likely to occur.
2. Increase the difficulty of committing fraud.
3. Improve detection methods.
4. Reduce fraud losses.
5. Prosecute and incarcerate fraud perpetrators.

Preventing and Detecting Computer

Fraud
1 Make fraud less likely to occur.
Use proper hiring and firing practices.
Manage disgruntled employees.
Train employees in security and fraud

prevention.
Manage and track software licenses.
Require signed confidentiality agreements.

Preventing and Detecting Computer

Fraud
2 Increase the difficulty of committing fraud.
Develop a strong system of internal controls.
Segregate duties.
Require vacations and rotate duties.
Restrict access to computer equipment and

data files.
Encrypt data and programs.

Preventing and Detecting Computer

Fraud
3 Improve detection methods.
Protect telephone lines and the system from

viruses.
Control sensitive data.
Control laptop computers.
Monitor hacker information.

Preventing and Detecting Computer

Fraud
4 Reduce fraud losses.
Maintain adequate insurance.
Store backup copies of programs and data files

in a secure, off-site location.

Develop a contingency plan for fraud
occurrences.
Use software to monitor system activity and
recover from fraud.

Preventing and Detecting Computer

Fraud
5 Prosecute and incarcerate fraud perpetrators.
Most fraud cases go unreported and

unprosecuted. Why?
Many cases of computer fraud are as yet
undetected.
Companies are reluctant to report computer
crimes.

Preventing and Detecting Computer

Fraud
Law enforcement officials and the courts are so

busy with violent crimes that they have little time

for fraud cases.
It is difficult, costly, and time consuming to
investigate.
Many law enforcement officials, lawyers, and
judges lack the computer skills needed to
investigate, prosecute, and evaluate computer
crimes.