Presentation is loading. Please wait.

Presentation is loading. Please wait.

EECS4482 2015 David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit.

Published byReynard Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "EECS4482 2015 David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit."— Presentation transcript:

1 EECS4482 2015 David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit a crime. Computer fraud means using computer resources to defraud.

2 EECS4482 2015 David Chan Audit Concerns? Auditors are concerned about computer crimes and frauds because they indicate a breakdown in internal controls Computer crimes and frauds may cause significant losses or hidden losses which can impair the reliability of financial statements and increase the audit risk; this is of more concern to shareholders’ auditors

3 EECS4482 2015 David Chan Examples of Crime Targeted at Computer Resources Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of malicious software or messages. Message interception.

4 EECS4482 2015 David Chan Examples of Crime Committed with Computers Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child pornography.

5 EECS4482 2015 David Chan Phishing Using email to entice recipients to give out banking information. It is going around in the world. It is a form of identity theft, the sender purports to be from a bank, with intent to defraud.

6 Spear Phishing Spear phishing is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. EECS4482 2015 David Chan

7 Computer Fraud Using a computer to defraud. Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion.

8 EECS4482 2015 David Chan Elements of Fraud A perpetrator lacking integrity or ethics Motivation to commit fraud Opportunity to commit and conceal fraud False representation to a substantial degree

9 EECS4482 2015 David Chan Elements of Fraud Factor to induce a victim or accomplice to act Intent to defraud Injury or loss sustained

10 EECS4482 2015 David Chan Computer Fraud The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers.

11 EECS4482 2015 David Chan Computer Fraud A complex accounting system raises the potential for “creative accounting” and consequently fraud The general perception that computerized information is reliable makes computer fraud less susceptible to challenge than fraud committed on paper

12 EECS4482 2015 David Chan Examples of Computer Fraud Manipulating systems or causing glitches to “smooth” quarterly earnings Employee selling of customer lists to competitors Fictitious insurance policies to defraud insurers and reinsurers

13 EECS4482 2015 David Chan Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme.

14 EECS4482 2015 David Chan Major types of Internet Fraud Auction or sales inducing the victim to send money or give out credit card numbers for promised goods Business opportunity Work-at-home program

15 EECS4482 2015 David Chan Major Types of Internet Fraud Investment scheme Stock market manipulation by spreading fictitious news about public companies Identity theft

16 EECS4482 2015 David Chan Equity Funding A classic case of computer fraud and crime - a billion dollar bubble Officers and employees of the company set up 64,000 fake insurance policies and sold them to reinsurers.

17 EECS4482 2015 David Chan Equity Funding To come up with the premium payments which the reinsurers expected to receive, the perpetrators generated more fake policies and sold them to the same and other reinsurers. The fraud snowballed for 12 years.

18 EECS4482 2015 David Chan Equity Funding The fraud was revealed by a disgruntled employee who had been fired. The case involved massive collusion. The computer made it easy to generate the fake policies, which accounted for 70% of the issued policies over a 10-year period.

19 EECS4482 2015 David Chan Barings Bank Nick Leeson, a rogue trader, concealed trading losses that led to the Bank’s demise. He used the account code “8888” to set up accounts containing secret transactions. Computers and management trust based on chemistry and seniority helped him hide these transactions.

20 EECS4482 2015 David Chan Societe Generale Fraud Societe Generale said that a trader who evaded all its controls to bet $73.5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks. Kerviel, 31, and a former programmer, carried out unauthorized trades that resulted in 4.9 billion euros ($7.1 billion) in losses.

21 EECS4482 2015 David Chan Societe Generale Fraud Even before his massive alleged fraud came to light, Kerviel had apparently triggered 75 alarms at Societe Generale -- France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further. But Kerviel explained away the red flags as trading mistakes.

22 EECS4482 2015 David Chan Societe Generale Fraud Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured.

23 EECS4482 2015 David Chan Societe Generale Fraud Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders.

24 EECS4482 2015 David Chan Societe Generale Fraud Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades.

25 EECS4482 2015 David Chan Controls Against Computer Crime and Fraud Segregation of duties Management and independent review Restricted access Code of business conduct

26 EECS4482 2015 David Chan Controls Against Computer Crime and Fraud Intrusion detection and prevention systems Encryption Security education Analytical review

27 EECS4482 2015 David Chan Controls Against Computer Crime and Fraud System monitoring Security check on new hires and contractors An established process for whistle blowing and investigation Exemplifying management culture

28 EECS4482 2015 David Chan Controls Against Computer Crime and Fraud Lock laptops when not attended to Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate

29 EECS4482 2015 David Chan External Audit Responsibility Brainstorming risk of fraud during audit planning Assess materiality of suspected fraud Inform management of suspected fraud Suggest client seek legal opinion

30 EECS4482 2015 David Chan During a Fraud Audit Touch base with management immediately when suspecting a fraud has occurred (consider management independence) Use encrypted or out-of-band communication

31 EECS4482 2015 David Chan During a Fraud Audit Document everything including time spent Take screen shots where possible Preserve the chain of evidence Store records securely

32 EECS4482 2015 David Chan During a Fraud Audit Involve a minimum number of people Proceed only with senior management request. Ask concise and open questions Be a patient listener Involve law department

33 EECS4482 2015 David Chan During a Fraud Audit Use forensic tools like Encase to image hard disk remotely or onsite while preserving integrity. Avoiding shutting down suspect computers using the OS as doing so may compromise audit/crime trail. Use forensic data analysis software. Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus.

34 During a Fraud Audit Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. Use Discovery Accelerator to analyze deleted and archived email. EECS4482 2015 David Chan

35 During a Fraud Audit Keep management informed Maintain arms-length relationships with management and people being investigated or interviewed. Continuously assess the need to involve the police EECS4482 2015 David Chan

36 Conclusion Computer crime and computer fraud on the rise Sarbanes-Oxley effect still to be seen Organizations should have chief ethic officers

37 Review Questions What is the shareholders’ auditors’ responsibility for computer fraud detection? What is the internal auditors’ responsibility for computer fraud detection? What are common computer crimes committed against financial institutions and retailers? EECS4482 2015 David Chan

38 Review Questions What computer crimes can result from identity theft? What internal controls can organizations implement to prevent system alteration? What are some system controls that can prevent or detect disbursement fraud?. EECS4482 2015 David Chan

39 MC Question Which address is most useful in a forensic investigation? A. IP B. MAC C. URL D. Email EECS4482 2015 David Chan

40 MC Question If a forensic auditor inspects a computer containing a critical file that is known to be highly encrypted but currently opened, what should the auditor do? a.Pull the plug on the computer. b.Perform an orderly shutdown on the computer. c.Make an immediate shadow volume copy of the entire hard drive. d.Browse the open file. EECS4482 2015 David Chan

41 MC Question Which software tool can undo the effect of applying disk wiping? A. Encase B. Password cracker C. Firewall D. Discovery Accelerator EECS4482 2015 David Chan

42 MC Question What computer crime does a firewall mitigate against? A. Hacking B. Identity theft C. Virus spreading D. ATM skimming EECS4482 2015 David Chan

43 MC Question Which of the following techniques or tools is most useful to detect a bank load fraud committed by a branch manager? A. Benford analysis B. Firewall C. Segregation of duties D. Discovery Accelerator EECS4482 2015 David Chan

Download ppt "EECS4482 2015 David Chan Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit."

Similar presentations

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.

1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Cyber Crimes.

Cyber Crimes.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Fraud and Forensic Auditing Chapter Ten. Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities.

Fraud and Forensic Auditing Chapter Ten. Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
C8- Securing Information Systems

C8- Securing Information Systems
FRAUD Prevention & Detection. Group Members Raven Smith Tommy Harville Kedron Hilario.

FRAUD Prevention & Detection. Group Members Raven Smith Tommy Harville Kedron Hilario.
Computer Security Management: Assessment and Forensics Session 8.

Computer Security Management: Assessment and Forensics Session 8.
Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.

Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.

Similar presentations

Ads by Google