Chapter 14: Ethics and cybercrime Flashcards
What are the seven stages to go through when making an ethical decision?
(1) Identify the facts.
(2) Define the issue(s).
(3) Identify the principles that can be applied.
(4) Identify possible actions and the stakeholders affected by these actions.
(5) Compare steps 3 and 4.
(6) Select a course of action.
(7) Implement the selected course of action.
Compare and contrast data mining and customer profiling.
What are the ethical issues associated with these two techniques?
Data mining is a data analysis technique where large amounts of data are taken and analysed for potential patterns and relationships that may exist.
Customer profiling is a process where we use data on a customer’s website viewing habits to build a profile of their interests, needs and preferences, which we can then use for targeted advertising.
Organisations can undertake data mining and customer profiling, often without the user being aware of it:
there is often no explicit seeking of consent to the gathering and use of the data collected.
Consumer advocates see this as an invasion of privacy that can reduce consumer trust.
This lack of confidence has significant implications for the future development of e-commerce.
Additionally, customer profiling may not necessarily generate an accurate picture of the customer.
Describe what a cookie (in terms of IT) is and what it can do.
Cookies are small files stored on a computer’s hard drive that keep a record of websites viewed, viewing preferences and user profiles.
Developers create cookies to allow websites to display in the most user-friendly website format based on the operating system used and browser type.
Cookies can also help organisations to gather data about the people that access their websites.
For example, a cookie can:
(1) Ensure the browser does not display ads the user has already seen.
(2) Show ads in a particular sequence.
(3) Track whether a user has visited the site before.
(4) Track the previous and next sites the user visits.
What are the three ways of gathering information of users of an accounting information system?
What are the associated ethical concerns?
We can gather information about users of an AIS:
(1) without the consent of the individual (though this may be illegal and unethical)
(2) with the informed consent of the individual
(3) with the implied consent of the individual.
Gathering information without the person’s consent appears to be prohibited under the Australian Privacy Act 1988.
Moreover, there is a large difference between express and implied consent.
Some argue that by agreeing to use a website and entering information, a user is permitting the gathering of that information.
Others argue that only expressly obtained information from the subject is valid.
As a result, ethical positions differ between people and subscribe to different views.
Name and briefly compare and contrast at least three types of malware.
Malware is malicious code designed to damage, disrupt or steal data or disrupt computer systems and networks.
The most common types of malware are viruses, worms, trojans, and bots.
While viruses are attached to an executable file (a file that the computer can run), worms are standalone software that do not need another program or human to replicate.
Trojans are particularly dangerous because the software looks genuine.
Once the trojan is activated, it can cause a great deal of damage.
Unlike viruses and worms, trojans can only spread through human interaction such as downloading files or opening email attachments.
In contrast, bots automate tasks usually undertaken by people.
A malicious bot infects the host and connects back to a server where someone can launch remote control attacks on their target.
Bots can also self-propagate like a virus or a worm.
Compare and contrast the following terms related to identity crime:
phishing, pharming, hacking, and social engineering.
Phishing:
the word ‘phishing’ comes from the analogy that internet scammers are using email lures to ‘fish’ for passwords and financial data from the sea of internet users.
Pharming:
a pharming attack redirects users to a fake (phishing) web page even though the user entered the correct address.
Hacking:
gaining unauthorised access to a system.
Social engineering:
manipulating an individual, either online or in person, into providing personal information that can be used to break into a computer network or assume someone’s identity.
Give at least three examples of organisational fraud related to accounting information systems.
(1) A payroll manager who places a non-existent staff member on the AIS payroll to collect an additional salary.
(2) A programmer who adjusts a payroll program to transfer one cent from each weekly pay to a custom-created account.
(3) A person who creates a website purporting to be from a large organisation to gain private customer details, including bank account details.
How do professional bodies and codes of ethics help in deterring fraud?
Professional memberships carry benefits.
For example, professions typically possess valued societal knowledge.
The wider community recognises not only professional authority but also the professional culture and the ethical codes that govern their actions.
Codes of ethics can be both formal and informal and enforced by the self and by the professional body.
For professionals who consider themselves a part of the professional group, such as a CA or CPA, the threat of disciplinary action, group exclusion and the potential loss of income, is generally a strong enough incentive to ensure professional and ethical behaviour.
Organisations can encourage ethical behaviour by having employees become members of professional bodies and to implement organisational codes of conduct.
Explain the meaning of ‘fraud triangle’.
There are three risk factors known as the ‘fraud triangle’ that are generally present when a fraud is committed. These are:
1. An incentive or pressure to commit fraud:
The pressure for fraud can come from various sources, including the individual’s personal life and work environment.
2. A perceived opportunity to commit fraud:
The opportunity refers to the individual’s perceived ability to carry out the fraud and conceal the fraudulent activity.
3. An ability to rationalise the fraudulent action:
The reason is the way that individuals justify their fraudulent activity.
Stajano and Wilson refined seven recurring behavioural patterns and related principles that are useful in the examination of fraud.
Name and briefly describe these principles.
- Distraction principle: a scammer distracts the potential victim away from the scam for something desirable.
- Social compliance principle: people do not generally question authority.
- Herd principle: something looks legitimate because everyone else is doing it.
- Dishonesty principle: once a person realises that they are a scam victim, they may be reluctant to tell the authorities.
- Kindness principle: people are friendly and want to help.
- Need and greed principle: scammers can manipulate people once they understand their needs and wants.
- Time principle: under time pressure, victims make decisions using less reasoning.
Why should we be concerned about ethics?
We use ethical theories to help people decide which course of action is best.
The business world accepts that there should be an absolute moral standard.
However, what is that standard, and how is it determined?
Is it acceptable to pursue financial gain and self-interest at the expense of the environment, the community and with a lack of consideration of others?
Should individuals enter into contracts knowing that they may not be able to meet their commitment?
Should organisations pollute the environment because it is costly to instal anti-pollutant equipment?
Should individuals neglect their responsibilities at the expense of workmates?
Describe the ethical decision-making model.
Why is it useful when faced with an ethical dilemma?
Ethics is very complicated; therefore, we must use a framework (or theories) to make ethical decisions.
Furthermore, decisions based on intuition and personal feelings do not always achieve the best outcome.
With increasing globalisation, regulatory requirements and disruptive technologies, ethical dilemmas involve more considered responses.
The stages to go through when making an ethical decision are:
- Identify the facts.
- Define the issue(s).
- Identify the principles that can be applied.
- Identify possible actions and the stakeholders affected by these actions.
- Compare steps 3 and 4.
- Select a course of action.
- Implement the selected course of action.
Explain the principal types of computer crime.
The term ‘cybercrime’ is often used interchangeably with names such as computer crime, computer-related crime, e-crime, high-tech crime, cyber fraud and internet crime.
The types of cybercrime include hacking, online scams and fraud, identity theft, attacks on computer systems and illegal or prohibited online content.
Spam, phishing, identity crime and hacking are threats in the increasingly popular world of e-commerce.
Spam involves sending unsolicited emails and exposes an organisation to excessive email traffic and potential viruses and computer attacks.
Phishing and identity fraud affect the validity of transactions that individuals and organisations engage in through the fraudulent use of websites (phishing) or the retrieval of personal details such as credit card numbers and other identifying traits (identity theft).
Hacking is unauthorised access to a system.
These computer crimes represent threats to the effective running of an accounting information system within an organisation.
Give examples of the types of fraud that can be perpetrated using technology.
Fraud and scams refer to dishonest schemes that take advantage of unsuspecting people to gain a benefit such as money or access to personal details.
Online fraud includes:
- internet banking fraud
- shopping and auction site fraud
- scams
- spam
- identity theft
What are the seven principles that Stajano and Wilson believe organisations should be aware of when designing security systems?
Stajano and Wilson refined seven recurring behavioural patterns and related principles that provide some insight into human behaviour:
1. Distraction principle: One example is the Nigerian scam where the scammer poses as a Nigerian government official with access to tens of millions of dollars and needs you to move it out of the country. If you accept the deal, the scammer asks you to pay for expenses. Unexpected expenses continue while waiting for the vast sum to arrive in your account.
2. Social compliance principle: People do not generally question authority. Social compliance is the foundation for phishing and social engineering. For example, you are more likely to provide personal information to someone on the phone who purports to be a police officer or other authoritative figure.
3. Herd principle: This scam looks legitimate because everyone else is doing it. In online auctions, for example, frauds are possible if bidders are in partnership with the auctioneer. In social networking, the creation of multiple aliases can give the impression that many people share the same idea or opinion.
4. Dishonesty principle: Once a person realises that they have been involved in a scam — if it relates to something illegal like money laundering (as in the Nigerian example above) or pornography — the victim may be reluctant to tell the authorities.
5. Kindness principle: People are friendly and want to help. Scammers often take advantage of this through social networking sites or email, presenting a sad story or a natural disaster where people are happy to contribute their money. Social engineering also relies on the kindness of people.
6. Need and greed principle: Once people know our needs and desires, they can manipulate us. For example, if someone is about to lose their house because they lost their job, the promise of a lot of money is very tempting.
7. Time principle: When under time pressure, we make decisions using less reasoning. Using this principle, the scammer makes you an offer you cannot refuse or asks you to do something quickly. For example, in a phishing situation, you may receive an email that tells you that if you do not log in with your details, you will lose access to your account.
