Some Large Scale Frauds

advertisement
ATG 383 - Chapter 10 - Fraud
Spring 2002
Many Views of Fraud
•
•
•
•
Fraud Process
Kiting and lapping
Various computer frauds
Matching controls to frauds
Fraud Process
Pressure
• Table 10.1
 Opportunity
• Table 10.2
 Ability to rationalize
 Fraud
Kiting
Bank A
Bank B
Bank C
Lapping
Mon C.R.
300
250
500
700
100
400
2,250
Tu C.R.
200
150
500
300
300
900
2,350
Wed C.R.
500
350
500
600
200
250
2,400
Th C.R.
200
400
100
700
100
400
1,900
Fri C.R.
200
250
500
600
100
150
1,800
Computer Fraud
Summary of Computer Frauds
Alter Input
False Input
Unauthorized Modify
Processing
Computer
Instructions
Alter,
Damage, or
Copy Files
Steal
Output
Trojan Horse
A destructive program
that masquerades as a
benign application.
Does not duplicate itself.
Example: Antigen.exe
• Fake virus scanner
• Scans data files
• Sends private info out as e-mail
Round-down Technique
Truncate interest
calculations & divert
to programmer’s account
Salami Technique
Tiny slices of money stolen
over long period of time.
Example: Hopkins Park, IL
• Personal charges to village-issued credit cards
Trap Door
Create a way to enter
a system without
normal controls.
http://www.bradley.edu/academics/ehs/dean/dean_index.html
http://www.bradley.edu/academics/ehs/dean/
Data Diddling & Leakage
Change data before,
during, or after it has
entered the system.
Unauthorized
copying of data.
Software Piracy
Copy software without
publisher’s permission.
http://www.siia.net/piracy/default.htm
http://www.bsa.org/usa/antipiracy/
Logic Time Bomb
Program or instructions
that lies idle until a
specified time.
Scavenging
Searching corporate
records for confidential
information.
Example: John Freeman
• Temporary typist working for brokerage firms
• Used inside information for profit.
• Full story:
www.sec.gov/divisions/enforce/extra/freecomp.htm
Eaves Dropping
Listening to private
conservation through
wiretapping or other means
Examples
• Intercept e-mail
• Plant a listening device
http://www.greatsouthernsecurity.com/instruc.htm
E-mail Bombs
Overload an ISP’s e-mail server.
Also, send numerous requests to web site.
Examples
• Yahoo
• E-bay
• Amazon.com
Computer Virus
Computer program
that replicates itself
and carries out some
predetermined mission.
http://www.DataFellows.com/virus-info/v-pics/
Matching Controls to Frauds
Controls related to multiple frauds
• Proper hiring and firing practices.
• Managing disgruntled employees.
• Train employees in security and fraud
prevention.
• Develop strong internal controls.
• Segregation of duties.
• Required vacations and rotate jobs.
Controls related to multiple frauds
•
•
•
•
•
•
•
Monitor hacker information
Conduct frequent audits.
Use a computer security officer.
Use computer consultants.
Use forensic accountants.
Maintain adequate insurance.
Develop a contingency plan for fraud
occurrences.
Alter Input & False Input
• Use fraud detection software
• Various input controls discussed in
Chapter 9.
Unauthorized Processing
• Restrict access to computers equipment and
data files.
• Protect the system from viruses.
• Monitor system activities.
• Use software to monitor system activity and
recover from fraud.
Modify Computer Instructions
• Restrict access to computers equipment and
data files.
• Monitor system activities.
• Store backup copies of program and data
files in a secure off-site location.
• Use software to monitor system activity and
recover from fraud.
• Protect the system from viruses.
Alter, Damage, or Copy Files
• Manage and track software licenses.
• Require signed confidentiality agreements.
• Restrict access to computers equipment and
data files.
• Encrypt data and programs.
• Control sensitive data.
• Control laptop computers.
Alter, Damage, or Copy Files
• Monitor system activities.
• Store backup copies of program and data
files in a secure off-site location.
• Use software to monitor system activity and
recover from fraud.
Steal Output
•
•
•
•
Require signed confidentiality agreements.
Encrypt data and programs.
Protect phone lines.
Control sensitive data.
Download