Professional Documents
Culture Documents
Computer Fraud
Session 5
Acknowledgement
Learning Objectives
Explain the threats faced by modern information
systems.
Define fraud and describe the process one follows to
perpetuate a fraud.
Discuss who perpetrates fraud and why it occurs,
including:
the pressures, opportunities, and rationalizations that
are present in most frauds.
Define computer fraud and discuss the different
computer fraud classifications.
Explain how to prevent and detect computer fraud and
abuse.
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall
5-3
Learning Objectives
Compare and contrast computer attack
and abuse tactics.
Explain how social engineering
techniques are used to gain physical or
logical access to computer resources.
Describe the different types of malware
used to harm computers.
6-4
5-5
What Is Fraud?
Gaining an unfair advantage over another person
An intent to deceive
5-6
Forms of Fraud
Misappropriation of assets
5-7
2.
3.
4.
5-8
2.
3.
4.
5-9
SAS #99
Auditors responsibility to detect fraud
Understand fraud
Obtain information
Look for fraud risk factors
5-10
5-11
Pressure
Motivation or incentive to
commit fraud
Types:
1.Employee
Financial
Emotional
Lifestyle
2.Financial
Industry conditions
Management
characteristics
5-12
Opportunity
1.Commit the
fraud
2.Conceal the
fraud
Lapping
Kiting
3.Convert the
theft or
misrepresentatio
n to personal
gain
Copyright 2012 Pearson Education, Inc. publishing as Prentice Hall
5-13
Rationalizations
1.Justification
I am not being
dishonest.
2.Attitude
I dont need to
be honest.
3.Lack of personal
integrity
Theft is valued
higher than
honesty or
integrity.
5-14
Computer Fraud
Any illegal act in which knowledge of computer
technology is necessary for:
Perpetration
Investigation
Prosecution
5-15
2.
Many go undetected
3.
4.
5.
6.
7.
5-16
Input Fraud
Processor Fraud
Data Fraud
Output Fraud
5-17
Social Engineering
Malware
6-18
Spoofing
6-19
Types of Spoofing
E-mail
E-mail sender appears as if
it comes from a different
source
Caller-ID
Incorrect number is
displayed
IP address
Forged IP address to conceal
identity of sender of data
over the Internet or to
impersonate another
computer system
SMS
Incorrect number or name
appears, similar to caller-ID
but for text messaging
Web page
Phishing (see below)
DNS
Intercepting a request for a
Web service and sending
the request to a false
service
6-20
Hacking Attacks
Cross-Site Scripting (XSS)
Buffer Overflow
Man-in-the-Middle
6-21
Password Cracking
War Dialing
Data Diddling
Phreaking
Data Leakage
6-22
Hacking Embezzlement
Schemes
Salami Technique
Economic Espionage
Internet Terrorism
Cyber-Bullying
Internet Misinformation
6-23
Internet Auction
Internet Pump-and-Dump
6-24
Identity Theft
Assuming someone elses identity
Pretexting
Inventing a scenario that will lull
someone into divulging sensitive
information
Typesquatting
Typographical errors when
entering a Web site name cause
an invalid site to be accessed
Tabnapping
Changing an already open
browser tab
Posing
Using a fake business to acquire
sensitive information
Scavenging
Looking for sensitive information
in items thrown away
Phishing
Posing as a legitimate company
asking for verification type
information: passwords, accounts,
usernames
Shoulder Surfing
Snooping over someones
shoulder for sensitive
information
Pharming
Redirecting Web site traffic to a
spoofed Web site.
6-25
Skimming
Chipping
Eavesdropping
6-26
Type of Malware
Spyware
Key logging
Trojan Horse
6-27
More Malware
Packet Sniffers
Superzapping
6-28
Thank You
5-29