EECS4482 2015 David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit.

Slides:



Advertisements
Similar presentations
Computer Fraud Chapter 5.
Advertisements

Computer Fraud Chapter 5.
1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 9 Information Systems Ethics, Computer Crime, and Security
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Cyber Crimes.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Fraud and Forensic Auditing Chapter Ten. Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
C8- Securing Information Systems
FRAUD Prevention & Detection. Group Members Raven Smith Tommy Harville Kedron Hilario.
Computer Security Management: Assessment and Forensics Session 8.
Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.
00 CHAPTER 1 Governance, Ethics, and Managerial Decision Making © 2009 Cengage Learning.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
1 Payroll Schemes Chapter 6. 2 List and understand the three main categories of payroll fraud. Understand the relative cost and frequency of payroll frauds.
Unit 9: Electronic Fraud Professor Thomas Genovese.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Cybercrime What is it, what does it cost, & how is it regulated?
CONTROLLING INFORMATION SYSTEMS
Comprehensive Volume, 18 th Edition Chapter 11: Cyberlaw.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Chapter 14 Internal Control, Corporate Governance, and Ethics.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
May 2016U.S. Securities and Exchange Commission1 INSIDER TRADING Matthew B. Greiner Branch Chief Office of International Affairs U.S. Securities and Exchange.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Protecting Your Assets By Preventing Identity Theft
Securing Information Systems
Information Systems Security
Add video notes to lecture
Computer Crime and Computer Fraud
Chapter 9 Non-Cash Assets.
The Demand for Audit and Other Assurance Services
GCSE ICT SECURITY THREATS.
IT Security  .
A Project on CYBER SECURITY
Controlling Computer-Based Information Systems, Part II
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Session 11 Other Assurance Services
Security in the Workplace: Information Assurance
Lecture 14: Business Information Systems - ICT Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Chapter 11 crime and security in the networked economy
Chapter 9 Non-Cash Assets.
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Cybersecurity Awareness
Cyber Issues Facing Medical Practice Managers
Week 7 Securing Information Systems
Planning and Security Policies
INFORMATION SYSTEMS SECURITY and CONTROL
HOW DO I KEEP MY COMPUTER SAFE?
Faculty of Science IT Department By Raz Dara MA.
Clemson University Red Flags Rule Training
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
Business Compromise and Cyber Threat
CCP 420: FRAUD DETECTION AND MANAGEMENT
Presentation transcript:

EECS David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit a crime. Computer fraud means using computer resources to defraud.

EECS David Chan Audit Concerns? Auditors are concerned about computer crimes and frauds because they indicate a breakdown in internal controls Computer crimes and frauds may cause significant losses or hidden losses which can impair the reliability of financial statements and increase the audit risk; this is of more concern to shareholders’ auditors

EECS David Chan Examples of Crime Targeted at Computer Resources Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of malicious software or messages. Message interception.

EECS David Chan Examples of Crime Committed with Computers Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child pornography.

EECS David Chan Phishing Using to entice recipients to give out banking information. It is going around in the world. It is a form of identity theft, the sender purports to be from a bank, with intent to defraud.

Spear Phishing Spear phishing is an spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. EECS David Chan

Computer Fraud Using a computer to defraud. Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion.

EECS David Chan Elements of Fraud A perpetrator lacking integrity or ethics Motivation to commit fraud Opportunity to commit and conceal fraud False representation to a substantial degree

EECS David Chan Elements of Fraud Factor to induce a victim or accomplice to act Intent to defraud Injury or loss sustained

EECS David Chan Computer Fraud The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers.

EECS David Chan Computer Fraud A complex accounting system raises the potential for “creative accounting” and consequently fraud The general perception that computerized information is reliable makes computer fraud less susceptible to challenge than fraud committed on paper

EECS David Chan Examples of Computer Fraud Manipulating systems or causing glitches to “smooth” quarterly earnings Employee selling of customer lists to competitors Fictitious insurance policies to defraud insurers and reinsurers

EECS David Chan Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, , message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme.

EECS David Chan Major types of Internet Fraud Auction or sales inducing the victim to send money or give out credit card numbers for promised goods Business opportunity Work-at-home program

EECS David Chan Major Types of Internet Fraud Investment scheme Stock market manipulation by spreading fictitious news about public companies Identity theft

EECS David Chan Equity Funding A classic case of computer fraud and crime - a billion dollar bubble Officers and employees of the company set up 64,000 fake insurance policies and sold them to reinsurers.

EECS David Chan Equity Funding To come up with the premium payments which the reinsurers expected to receive, the perpetrators generated more fake policies and sold them to the same and other reinsurers. The fraud snowballed for 12 years.

EECS David Chan Equity Funding The fraud was revealed by a disgruntled employee who had been fired. The case involved massive collusion. The computer made it easy to generate the fake policies, which accounted for 70% of the issued policies over a 10-year period.

EECS David Chan Barings Bank Nick Leeson, a rogue trader, concealed trading losses that led to the Bank’s demise. He used the account code “8888” to set up accounts containing secret transactions. Computers and management trust based on chemistry and seniority helped him hide these transactions.

EECS David Chan Societe Generale Fraud Societe Generale said that a trader who evaded all its controls to bet $73.5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks. Kerviel, 31, and a former programmer, carried out unauthorized trades that resulted in 4.9 billion euros ($7.1 billion) in losses.

EECS David Chan Societe Generale Fraud Even before his massive alleged fraud came to light, Kerviel had apparently triggered 75 alarms at Societe Generale -- France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further. But Kerviel explained away the red flags as trading mistakes.

EECS David Chan Societe Generale Fraud Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured.

EECS David Chan Societe Generale Fraud Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders.

EECS David Chan Societe Generale Fraud Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades.

EECS David Chan Controls Against Computer Crime and Fraud Segregation of duties Management and independent review Restricted access Code of business conduct

EECS David Chan Controls Against Computer Crime and Fraud Intrusion detection and prevention systems Encryption Security education Analytical review

EECS David Chan Controls Against Computer Crime and Fraud System monitoring Security check on new hires and contractors An established process for whistle blowing and investigation Exemplifying management culture

EECS David Chan Controls Against Computer Crime and Fraud Lock laptops when not attended to Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate

EECS David Chan External Audit Responsibility Brainstorming risk of fraud during audit planning Assess materiality of suspected fraud Inform management of suspected fraud Suggest client seek legal opinion

EECS David Chan During a Fraud Audit Touch base with management immediately when suspecting a fraud has occurred (consider management independence) Use encrypted or out-of-band communication

EECS David Chan During a Fraud Audit Document everything including time spent Take screen shots where possible Preserve the chain of evidence Store records securely

EECS David Chan During a Fraud Audit Involve a minimum number of people Proceed only with senior management request. Ask concise and open questions Be a patient listener Involve law department

EECS David Chan During a Fraud Audit Use forensic tools like Encase to image hard disk remotely or onsite while preserving integrity. Avoiding shutting down suspect computers using the OS as doing so may compromise audit/crime trail. Use forensic data analysis software. Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus.

During a Fraud Audit Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. Use Discovery Accelerator to analyze deleted and archived . EECS David Chan

During a Fraud Audit Keep management informed Maintain arms-length relationships with management and people being investigated or interviewed. Continuously assess the need to involve the police EECS David Chan

Conclusion Computer crime and computer fraud on the rise Sarbanes-Oxley effect still to be seen Organizations should have chief ethic officers

Review Questions What is the shareholders’ auditors’ responsibility for computer fraud detection? What is the internal auditors’ responsibility for computer fraud detection? What are common computer crimes committed against financial institutions and retailers? EECS David Chan

Review Questions What computer crimes can result from identity theft? What internal controls can organizations implement to prevent system alteration? What are some system controls that can prevent or detect disbursement fraud?. EECS David Chan

MC Question Which address is most useful in a forensic investigation? A. IP B. MAC C. URL D. EECS David Chan

MC Question If a forensic auditor inspects a computer containing a critical file that is known to be highly encrypted but currently opened, what should the auditor do? a.Pull the plug on the computer. b.Perform an orderly shutdown on the computer. c.Make an immediate shadow volume copy of the entire hard drive. d.Browse the open file. EECS David Chan

MC Question Which software tool can undo the effect of applying disk wiping? A. Encase B. Password cracker C. Firewall D. Discovery Accelerator EECS David Chan

MC Question What computer crime does a firewall mitigate against? A. Hacking B. Identity theft C. Virus spreading D. ATM skimming EECS David Chan

MC Question Which of the following techniques or tools is most useful to detect a bank load fraud committed by a branch manager? A. Benford analysis B. Firewall C. Segregation of duties D. Discovery Accelerator EECS David Chan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.