Fraud ( Topic 3) Flashcards
Common Threats to AIS
Natural disasters (e.g. tsunami(s)) and terrorist threats (e.g., Sept 11)
Software errors and/or equipment malfunction (Queensland Health payroll debacle; Burger King Example, paying $4334.33 for a $4.33 burger!)
Unintentional acts (human error due to carelessness) Intentional acts (e.g., computer crimes) - cause of 80% of security issues
Intentional action -> computer crimes, fraud or sabotage
Sabotage
An intentional act where the intent is to de- stroy a system or some of its components.
Cookie
A text file created by a website and stored on a visi- tor’s hard drive. Cookies store information about who the user is and what the user has done on the site.
What is fraud
-What is the given criteria
Gaining an unfair advantage over another person: -conditions, if there are factors missing this may be an indicator of fraud or a internal control weakness
- A false statement, representation, or disclosure.
- A material fact that induces a person to act.
• An intent to deceive
• A justifiable reliance on the fraudulent fact in which a person takes action.
• An injury or loss suffered by the victim.
Who is likely to commit fraud
Individuals who commit fraud are referred to as white-collar criminals
Most fraud perpetrators are knowledgeable insiders with the requisite access, skills, and resources. Because employees understand a company’s system and its weaknesses, they are better able to commit and conceal a fraud.
white-collar criminals
Typically, businesspeople who commit fraud. White-collar criminals usually resort to trickery or cun- ning, and their crimes usually involve a violation of trust or confidence.
corruption
Dishonest con- duct by those in power which often involves actions that are illegitimate, immoral, or incom- patible with ethical standards. Examples include bribery and bid rigging.
Forms of Fraud
Misappropriation of assets
Fraudulent financial reporting
Misappropriation of assets
Misappropriation of assets:
• Theft of a company’s assets (e.g. payroll manager used internet banking to illegally transfer to personal A/C $20M in 18 months)
• Key factors for theft of assets
- Absence of internal control system
that safeguard against threats
- Failure to enforce internal control system that mitigates these treats
Fraudulent financial reporting
‘…intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements’ (The Treadway Commission).
Financial reports are falsified to deceive investors/creditors and to increase a company’s share price.
Fraudulent Financial Statements
The National Commission on Fraudulent Financial Reporting (the Treadway Commission) defined fraudulent financial reporting as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
Reasons for Fraudulent Financial Statements
- Deceive investors or creditors.
- Increase a company’s stock price.
- Meet cash flow needs.
- Intense pressure to meet earning expectations
- Heavy competition
- Hide company losses or other problems.
What is the Treadway Commission Actions to Reduce Fraud ?
- Establish environment which supports the integrity of the financial reporting process.
- Identification of factors that lead to fraud.
- Assess the risk of fraud within the company.
- Design and implement internal controls to provide assurance that fraud is being prevented.
SOX Section 404 mandates financial reporting internal controls
Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial State- ment Audit, became effective in December 2002. SAS No. 99 requires auditors to:
Maintain skepticism (material misstatements always possible)
Understand fraud and how it evolves to mitigate it
Discuss the risks of material fraudulent misstatements
Understand governance (e.g. structures mitigating fraud risk)
Obtain information
Identify, assess and respond to risks
Evaluate results of their audit tests
Document and communicate findings (to both management and regulators)
Incorporate a technology focus
The fraud triangle
Framework to identify where fraud may occur
- Opportunity
-Rationalization
-Preasure
( diagram on image document)
Fraud perpetrators (white collar criminals) can be: dedicated; hardworking; trusted; ‘honest’; without criminal record; young; talented; not necessarily computing graduates)
Fraud triangle - pressure
Motivation or incentive to commit fraud Types 1. Employee • Financial • Emotional • Lifestyle
2. Financial reporting • Industry conditions • Management characteristics • Financial pressure ( diagram on image document)
Fraud triangle - opportunity
Condition or situation that allows a person or organisation to:
- Commit the fraud (e.g. asset theft)
The theft of assets is the most common type of misappropriation. Most instances of fraudulent financial reporting involve overstatements of assets or rev- enues, understatements of liabilities, or failures to disclose information.
- Conceal the fraud
- Lapping - Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable.
- Check kiting - Creating cash us- ing the lag between the time a check is deposited and the time it clears the bank.
To prevent detection when assets are stolen or financial statements are overstated, perpetrators must keep the accounting equation in balance by inflating other assets or decreasing liabilities or equity. Concealment often takes more effort and time and leaves behind more evidence than the theft or misrepresentation. Taking cash requires only a few seconds; altering records to hide the theft is more challenging and time-consuming. - Convert the theft or misrepresentation to personal gain (e.g. stolen goods sold for cash (e.g. on ebay)).
For example, employees who steal inventory or equipment sell the items or otherwise convert them to cash. In cases of falsified financial statements, perpe- trators convert their actions to personal gain through indirect benefits; that is, they keep their jobs, their stock rises, they receive pay raises and promotions, or they gain more power and influence.
Lapping
Concealing the theft of cash by means of a series of delays in posting collections to accounts receivable
Check kitting
Creating cash us- ing the lag between the time a check is deposited and the time it clears the bank
Fraud triangle - Rationalisations
Justification of illegal behaviour:
1. Justification
• I am not being dishonest as I took what they owed me.
- Attitude
• I don’t need to be honest as these rules don’t apply to me. - Lack of personal integrity
• Theft is valued higher than honesty or integrity as getting what I want is more important than being honest.
Computer Fraud
Any illegal act in which knowledge of computer technology is necessary for:
• Perpetration
• Investigation
• Prosecution.
Examples include:
• Unauthorised theft, use, access, modification, copying or destruction of software or data
• Theft of assets by altering computer records
• Theft of computer time
• Theft or destruction of hardware, software, computer resources
• Intent to obtain tangible property illegally by using computers
Why is there a Rise of Computer Fraud
- Definition is not agreed on (software copying/piracy; browsing someone else’s files)
- Many go undetected (e.g. FBI estimates only 1% of computer crime is detected)
- High percentage is not reported
- Lack of network security
- Difficulty calculating/quantifying loss (e.g. data stolen; websites defaced; virus attack)
- Step-by-step guides are easily available
- Law enforcement is overburdened; hard to keep up with white collar crime
Cyber sleuths
The forensic experts breaking into the company and copying the data worked for a Big Four accounting firm. The accountants, turned cyber sleuths, specialize in catching fraud perpetrators. Cyber sleuths come from a variety of backgrounds, including accounting, information systems, government, law enforcement, military, and banking.
Skills cyber sleuths must maintain
• Ability to follow a trail, think analytically, and be thorough
• Good understanding of information technology (IT).
Cyber sleuths need to understand data storage, data communications, and how to retrieve hidden or deleted files and e-mails.
• Ability to think like a fraud perpetrator – what motivates them
• Ability to use hacking tools and techniques.
Cyber sleuths need to understand the tools computer crimi- nals use to perpetrate fraud and abuse.
Computer Fraud Classifications
Input fraud
• Alteration or falsifying input (e.g. issue invoices from fictitious vendors).
Processor fraud
• Unauthorised system use (e.g. use company servers for illicit purposes).
Computer instructions fraud
• Modifying software, illegal copying of software, using software in an unauthorised manner, creating software to undergo unauthorised activities.
Data fraud
• Illegally using, copying, browsing, searching, or harming company data. (e.g. Wikileaks) - The biggest cause of data breaches is employee negligence.
Output fraud
• Stealing, copying, or misusing computer printouts or displayed information.
Prevent and Detect Fraud
- Make fraud less likely to occur.
- Increase the difficulty of committing fraud.
- Improve detection methods.
- Reduce fraud losses.
Prevent and Detect Fraud
Make fraud less likely to occur
( read on document )
Prevent and Detect Fraud
Increase the difficulty of committing fraud.
( read on document )
Prevent and Detect Fraud
Improve detection methods.
( read on document )
Prevent and Detect Fraud
Reduce fraud losses.
( read on document )
Computer Attacks and Abuse
Hacking
Social Engineering
Malware
Hacking
• Unauthorised access, modification, or use of a computer system or other electronic device.
Examples -> Russian hackers broke into Citibank’s system and stole $10 million from customer accounts.
Social Engineering
- Techniques, usually psychological tricks, to gain access to sensitive data or information.
- Used to gain access to secure systems or locations.
Malware
• Any software which can be used to do harm.
Hacking
-Hijacking
Hijacking is gaining control of a computer to carry out illicit activities without the user’s knowledge
Botnet—Robot Network
- Network of hijacked computers.
- Hijacked computers carry out processes without users knowledge.
- Zombie—hijacked computer., typically part of a botnet, that is used to launch a variety of Internet attacks.
Bot herders install software that responds to the hacker’s electronic instructions on unwitting PCs. Bot software is deliv- ered in a variety of ways, including Trojans, e-mails, instant messages, Tweets, or an infected website
Hacking
-Denial of service attack
Denial-of-Service (DoS) Attack - Botnets are used to perform a denial-of-service (DoS) attack
• Constant stream of requests made to a web-server (usually via a Botnet) that overwhelms and shuts down service.
Example - A DoS attack shut down 3,000 websites for 40 hours on one of the busiest shopping weekends of the year.
CloudNine, an Internet service provider, went out of business after DoS attacks pre- vented its subscribers and their customers from communicating.
Hacking
- Spamming
Simultaneously sending the same unsolicited message to many people, of- ten in an attempt to sell them something.
- Emailing or texting unsolicited message to many people at the same time, often in an attempt to sell something.
- Dictionary attacks (direct harvesting attacks) - spammers use special software to guess addresses at a company and send blank email messages.
Hackers create splogs (combination of spam and blog) with links to websites they own to in- crease their Google PageRank, which is how often a web page is referenced by other web pages
Spoofing
Making an electronic communication look as if it comes from a trusted official source to lure the recipient into providing information.
Types of Spoofing
Email
• Email sender appears as if it comes from a different source.
Caller-ID
• Incorrect number is displayed.
IP address
• Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system.
DNS sniffing
Intercepting a request for a web service and sending the request to a false service.
Adelaide Uni IP address is: 129.127.149.1
Address Resolution Protocol(ARP)
• Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN.
SMS SPOOFING
• Incorrect number or name appears, similar to caller-ID but for text messaging.
Web page
• Phishing
Hacking
A zero-day attack (or zero-hour attack)
Is an attack between the time a new software vulnerability is discovered and the time a software developer releases a patch that fixes the problem. When hackers detect a new vulnerability, they “release it into the wild” by posting it on underground hacker sites. Word spreads quickly, and the attacks begin.
Hacking
Cross-site scripting (XSS)
Cross-site scripting (XSS) is a vulnerability in dynamic web pages that allows an at- tacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking it came from the desired website
Hacking
A buffer overflow attack
A buffer overflow attack - happens when the amount of data entered into a program is greater than the amount of the memory (the input buffer) set aside to receive it. The input over- flow usually overwrites the next computer instruction, causing the system to crash.
Hacking
SQL injection (insertion) attack
Malicious code in the form of an SQL query is inserted into input so it can be passed to and executed by an application program.
The idea is to convince the application to run SQL code that it was not intended to execute by exploiting a database vulnerability. It is one of several vulnerabilities that can occur when one programming language is embedded inside another
Hacking
-Man in the middle
Hacker places themselves between client and host. Masquerading or impersonation
Pretending to be an authorised user to access a system.
- Use of a neighbour’s Wi-Fi network.
- Tapping into a telecommunications line and electronically latching onto a legitimate user before a user enters a secure system.
Hacking
Password Cracking
Penetrating system security to steal passwords.
Example - Using brute-force attack software that checks all potential passwords, two Ukrainian hackers cracked the passwords of news wire companies.
Hacking
War Dialing
Computer automatically dials phone numbers looking for modems.
-2011 Google Street View/Australian Privacy Commissioner: Google st view had unlawfully captured data sent over unprotected wireless networks. In Australia it is illegal to intercept communications, but law on accessing wireless communications is unclear.
Hacking
war driving
Driving around looking for unprotected home or corporate wireless networks.
Hacking
War rocketing
Using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless network
Hacking
Data Diddling
Making changes to data before, during, or after it is entered into a system.
Hacking
Phreaking
Attacking phone systems.
- The most common reason for the attack is to obtain free phone line access, to transmit malware, and to steal and destroy data.
Hacking
Data leakage
Unauthorised copying of company data
Hacking
Podslurping
Is using a small device with storage capacity, such as an iPod or Flash drive, to download unauthorized data.
Hacking Embezzlement Schemes
Salami Technique
• Taking small amounts from many different accounts.
Economic Espionage
• Theft of information, trade secrets, and intellectual property.
Cyber-extortion
is threatening to harm a company or a person if a specified amount of money is not paid.
Cyber-Bullying
• Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behaviour that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person.
• Prevalent amongst young people->depression->suicide
Internet Terrorism
• Act of disrupting electronic commerce and harming computers and communications.
Hacking for Fraud
- Internet Misinformation
Using the Internet to spread false or misleading information.
Hacking for Fraud
-Internet Auction
Using an Internet auction site to defraud another person.
Unfairly drive up bidding.
Seller delivers inferior merchandise or fails to deliver at all.
Buyer fails to make payment.
Hacking for Fraud
-Internet Pump-and-Dump
Using the Internet to pump up the price of a stock and then selling
buy low-priced thinly traded shares;
use spam/tweet/etc to send out optimistic information;
sell high to unsuspecting victims
Hacking for Fraud
-Click fraud
is manipulating click numbers to inflate advertising bills. As many as 30% of all clicks are not legitimate. That is no small sum, given that total revenues from online advertis- ing exceed $15 billion a year.
Hacking for Fraud
- Web cramming
Is offering a free website for a month, developing a worthless website, and charging the phone bill of the people who accept the offer for months, whether they want to continue using the website or not
Hacking for Fraud
-Software piracy
-Unauthorised copying or distribution of copyrighted software.
is the unauthorized copying or distribution of copyrighted software.
Three frequent forms of software piracy include:
- Selling a computer with pre-loaded illegal software.
- Installing a single-licence copy on multiple machines.
- Loading software on a network server and allowing unrestricted access to it in violation of software licence agreement.
social engineering
- The tech- niques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data.
Social Engineering Techniques ( types )
Identity theft
Pretexting
Posing
Phishing
Voice phishing
Carding
Pharming
URL hijacking
Scavenging
Shoulder surfing
Typosquating
QR barcode replacements
tabnapping
Lebanese Loping
Chipping
Ways to minimize social engineering
- Never let people follow you into a restricted building.
- Never log in for someone else on a computer, especially if you have administrative access.
- Never give sensitive information over the phone or through e-mail.
- Never share passwords or user IDs.
- Be cautious of anyone you do not know who is trying to gain access through you.
Social engineering
Identity theft
– Assuming someone else’s identity
Social engineering
Pretexting
– Using a scenario to trick victims to divulge information or to gain access
One approach pretexters use is to pretend to conduct a security survey and lull the victim into disclosing confidential information by asking 10 innocent questions before asking the confidential ones. They also call help desks and claim to be an employee who has forgotten a password.
Social engineering
-Posing
– Creating a fake business to get sensitive information and not delivering the product
Social engineering
Phishing
– Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data
Phishers are also using additional tactics, such as advertisements that link to a malicious site, an e-mail that pretends to be an important work file, a job posting on a legitimate job board, a fake LinkedIn request, a fake auction, and a fake IRS request for information
Social engineering
-Voice phishing
or vishing, is like phishing except that the victim enters confidential data by phone. Among other things, perpetrators use caller ID spoofing to fool the victim into thinking they are talking to their financial institution.
Social engineering
- Carding
refers to activities performed on stolen credit cards
including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers.
Social engineering
-Pharming
– Redirects Web site to a spoofed Web site
If you could change XYZ Company’s number in the phone book to your phone number, people using the phone book to call XYZ
Company would reach you instead. Similarly, each website has a unique IP (Internet) address (four groupings of numbers separated by three periods)
Pharming is a very popular social engineering tool for two reasons.
1. it is difficult to detect because the user’s browser shows the correct website. Antivirus and spyware re- moval software are currently ineffective protections against pharming. Instead, complicated antipharming techniques are required
- is the ability to target many people at a time through domain spoofing rather than one at a time with phishing e-mails.
Social engineering
-URL hijacking
Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site
Social engineering
-Scavenging
– Searching trash for confidential information
Scaveng- ing methods include searching garbage cans, communal trash bins, and city dumps.
Social engineering
-Shoulder surfing
Snooping (either close behind the person) or using technology to snoop and get confidential information
Social engineering
-Typosquating
Typographical errors when entering a web site name cause an invalid site to be accessed
Social engineering
- QR barcode replacements
Fraudsters cover valid quick response codes with stick- ers containing a replacement qr code to fool people into going to an unintended site that infects their phones with malware.
Social engineering
-tabnapping
Secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back into the site.
Social engineering
-Lebanese Loping
• Capturing ATM pin and card numbers.
• insert sleeve into ATM that prevent ATM from ejecting card
• perpetrator approaches victim pretending to help/captures PIN; iii) card + PIN stole when victim gives up
Skimming
• Double-swiping a credit card or using paywave
Social engineering
-Chipping
• Planting a device to read credit card information in a credit card reader.
Social engineering
-Eavesdropping
• Listening to private communications.
Malware
- Spyware
- Secrety monitors and collects information
- Can hijack browser, search requests
- Adware,scareware
Malware
- Randsomware
Locks you out all your programs and data using encryption
Malware
-Key logger
Software that records user keystrokes
Malware
- Trojan
Malicious computer instructions in an authorised and properly functioning program
Unlike viruses and worms, the code does not try to replicate itself. Some Trojans give the creator the power to control the victim’s computer remotely. Most Trojan infections occur when a user runs an infected program received in an e-mail, visits a ma- licious website, or downloads software billed as helpful add-ons to popular software programs.
Malware
- Trap door
Set of instrictions that allow the user to bypass normal system controls
Malware
-Packet sniffer
Captures data as it travels over the internet
Malware - Computer Virus
A segment of self-replicating, executable code that attaches itself to a file or program with the intention of causing damage.
During replication phase, the virus spreads to other systems when an infected file or program is downloaded or opened by a recipient.
Newer
viruses can mutate each time they infect a computer. - Making them more difficult to detect and destroy.
Many viruses lie dormant for extended periods without causing damage, requiring a trigger to activate.
- Makes unauthorized modification , time consuming and costly to fix
- Delete data, modify it, slows system, freeze screen
Malware
-rootkit
A means of concealing system components and mal- ware from the operating system and other programs; can also modify the operating system.
Malware
-steganography program
A program that can merge con- fidential information with a seemingly harmless file, pass- word protect the file, and send it anywhere in the world, where the file is unlocked and the confidential information is reassembled. The host file can still be heard or viewed because hu- mans are not sensitive enough to pick up the slight decrease in image or sound quality
Malware
-time bomb/logic bomb
A program that lies idle until some specified circumstance or a particular time triggers it. once triggered, the program sabotages the system by de- stroying programs or data.
Malware
-computer worm
A self-replicating computer program similar to a virus, with some exceptions:
- A virus is a segment of code hidden in or attached to a host program or executable file, whereas a worm is a stand-alone program.
- A virus requires a human to do something (run a program, open a file etc.) to replicate itself, whereas a worm does not and actively seeks to send copies of itself to other network devices.
•Worms harm networks (if only by consuming bandwidth), whereas viruses infect or corrupt files or data on a targeted computer.
•Reside in email attachments and reproduce by mailing themselves to a recipient’s mailing list, resulting in an electronic chain letter.
•Usually does not live very long.
Malware
-Bluesnarfing
Stealing (snarfing) contact lists, images, and other data using flaws in bluetooth applications.
