CHAPTER 5 Computer Fraud  Three conditions are necessary for

fraud to occur:
 Most frauds involve three steps.
o A pressure or motive
o The Theft of Something
o An opportunity
o Conversion to Cash
o A rationalization
o The Concealment
 What is a common way to hide a Techniques
theft?
 Adware
o to charge the stolen item to
o Software that collects and
an expense account
forwards data to advertising
 What is a payroll example of fraud?
companies or causes banner
o to add a fictitious name to the
ads to pop up as the internet
company’s payroll is surfed.
 Data diddling
 Lapping-the perpetrator steals cash
o Changing data before, during,
received from customer A to pay its
or after it is entered into the
accounts receivable. Funds received
system.
at a later date from customer B are
 Data Leakage
used to pay off customer A’s
o Unauthorized copying of
balance, etc.
company data.
 Kiting-In a kiting scheme, the  Denial Of Service Attack
o An attack designed to make
perpetrator covers up a theft by
creating cash through the transfer of computer resources
money between banks. The unavailable to its users.
perpetrator deposits a check from  Dictionary Attack
o Using software to guess
bank A to bank B and then
withdraws the money. company addresses , send
employees blank emails, and
 What are some common add unreturned messages to
characteristics of fraud perpetrators? spammer email lists.
o Most spend their illegal  Eavesdropping
o Listening to private voice or
income rather than invest or
data transmissions.
save it.
 Electronic Espionage
o Once they begin the fraud, it
o The theft of information,
is very hard for them to stop.
trade secrets, and intellectual
o They usually begin to rely on
property
the extra income.
 Email Spoofing
o Making a sender address and
other parts of an email header
appear as though the email
 originated from a different confidential information by
source. responding to an email or
visiting a web site
 Hacking  Phreaking
o Unauthorized access, o attacking phone systems to
modification, or use of get free phone access; using
computer systems, usually by phone lines to transmit
means of a PC and a viruses and to access, steal,
communications network. and destroy data
 Hijacking  Piggybacking
o Gaining control of someone o 1. Clandestine use of
else's computer for illicit someone's wifi network.
activities 2. Tapping into a
 Identity Theft communications line and
o Assuming someone's identity entering a system by latching
by illegally obtaining onto a legitimate user.
confidential information such 3. Bypassing physical
as a social security number. security controls by entering
 Key Logger a secure door when
o using spyware to record a authorized person opens it.
user's keystrokes  Round-Down Fraud
 Logic Bombs And Time Bombs o truncating interest
o software that sits idle until a calculations at two decimal
specified circumstance or places and placing truncated
time triggers it, destroying amounts in the perpetrator's
programs, data, or both account
 Malware  Salami Technique
o software that can be used to o stealing tiny slices of money
do harm over time
 Masquerading/Impersonation  Scavenging/ Dumpster Diving
o Accessing a system by o searching for confidential
pretending to be an information by searching for
authorized user. the documents and records in
impersonator enjoys the same garbage cans, communal
privileges as the legitimate trash bins, and city dumps
user  Shoulder Surfing
 Packet Sniffing o watching or listening to
o inspecting information people enter or disclose
packets as they travel the confidential data
internet and other networks  Social Engineering
 Phishing o techniques that trick a person
o communications that request into disclosing confidential
recipients to disclose information
 Spamming
o emailing an unsolicited
message to many people at
the same time
 Spyware
o software that monitors
computing habits and sends
that data to someone else,
often without the user's
permission
 Spoofing
o Making electronic
communications look like
someone else sent it.
 Superzapping
o Using special software to
bypass system controls and
perform illegal acts
 Trap Door
o A back door into a system
that bypasses normal system
controls
 Trojan Horse
o Unauthorized code in an
authorized and properly
functioning system
 Virus
o Executable code that attaches
itself to software, replicates
itself, and spreads to other
systems or files. Triggered by
a predefined event , it
damages system resources or
displays messages
 Worm
o Similar to a virus; a program
rather than a code segment
hidden in a host program.
Actively transmits itself to
other systems. it usually does
not live long but is quite
destructive while alive