Part 2

1. Why do computer frauds occur?

Perpetrators of computer fraud tend to possess more computer knowledge, experience, and skills. Some computer
fraud perpetrators are more motivated by curiosity and the challenge of beating the system; others commit fraud to
gain stature among others in the computer community.
Why Fraud Occurs
There are three conditions necessary for fraud to occur:
(1) A pressure or motive (e.g., financial pressures-living beyond means, high personal debt, inadequate
income, poor credit ratings, heavy financial losses, or large gambling debts; work-related pressures-low
salary, non-recognition of performance, job dissatisfaction, fear of losing job, overaggressive bonus plans;
other pressures-challenge, family/peer pressure, emotional instability, need for power or control, excessive
pride or ambition.)
(2) An opportunity- An opportunity is the condition or situation that allows a person to commit and conceal a
dishonest act. Opportunities often stem from a lack of internal controls. However, the most prevalent
opportunity for fraud results from a companys failure to enforce its system of internal controls.
(3) A rationalization- Most perpetrators have an excuse or a rationalization that allows them to justify their
illegal behavior.
Some of these rationalizations include:
The perpetrator is just borrowing the stolen assets.
The perpetrator is not hurting a real person, just a computer system.
No one will ever know.

2. Who are the most likely perpetrators of computer fraud?
Fraud perpetrators vary as much as the victims they target. Like their victims, fraud perpetrators come from every educational,
geographical, racial, religious, gender, and socioeconomic background.
Contrary to popular belief, most fraud perpetrators are not slinky, shady characters who perpetrate their crimes under the cover
of night. Today's fraud perpetrators are often trained professionals who are good at what they do--stealing money and assets
from people. Fraud criminals often do their homework by
Joining professional organizations,
Participating in community events (to legitimize their schemes and develop trust with potential victims),
Keeping abreast of current events (to appear knowledgeable about cutting-edge technologies, legitimate financial
investments, and business practices), and
Assuming an "affinity" with their victims (emphasizing their common age, culture, education, race, or financial or social
status).
Their weapon of choice is not a gun or a knife, but slick publications, marketing materials, prospectuses, computer and
communications technology, and well-rehearsed sales pitches. Many fraud perpetrators use their community and professional
credibility and respectability to con, swindle, and deceive family members, friends, business colleagues, and other members of
the community with whom they have formed a relationship.
3. Who are the most likely victims of computer frauds?
Not all fraud victims are greedy, risk-taking, self-deceptive individuals looking to make a quick dollar. Nor are all fraud victims
naive, uneducated, or elderly. Victims of fraud come from a variety of racial, age, gender, religious, socioeconomic, and
educational backgrounds. And smart perpetrators prey on those differences. For example fraudulent telemarketers often target
the elderly as potential victims, not because they are greedy, but because they are more likely to
Have money, property, savings, and investments;
Be home to receive phone solicitations; and
Remain on the phone longer to hear fraudulent sales pitches (due to loneliness).
Younger, educated adults may be targeted because of a
Lack of maturity and experience that would help them recognize fraudulent pitches,
Desire to increase their standard of living quickly, and
Lack of information about financial investments or purchases.
Other victims are targeted because of certain personality or character traits that may increase their risk for fraud victimization.
These include
Compassion,
Respect for authority figures, and
Unsuspicious natures.
4. What specific techniques are used to commit computer fraud?
Cracking
Data diddling
Data leakage
Denial of service attack
Eavesdropping
E-mail forgery and threats
Hacking
Internet misinformation and terrorism
Logic time bomb
Masquerading or impersonation
Password cracking
Piggybacking
Round-down
Salami technique
Software piracy
Scavenging
Social engineering
Super zapping
Trap door
Trojan horse
Virus
Worm
5. What do you think are the ways companies/individuals must apply to deter & detest computer fraud?
PREVENTING AND DETECTING COMPUTER FRAUD

Organizations must take every precaution to protect their information systems. Certain measures can significantly
decrease the potential for fraud and any resulting losses. These measures include:
Make fraud less likely to occur
Increase the difficulty of committing fraud
Improve detection methods
Reduce fraud losses
Make fraud less likely to occur - By creating an ethical cultural, adopting an appropriate organizational structure,
requiring active oversight, assigning authority and responsibility, assessing risk, developing security policies, implementing
human resource policies, supervising employees effectively, training employees, requiring vacations, implementing development
and acquisition controls, and prosecuting fraud perpetrators vigorously.
Increase the difficulty of committing fraud - By designing strong internal controls, segregating duties, restricting
access, requiring appropriate authorizations, utilizing documentation, safeguarding assets, requiring independent checks on
performance, implementing computer-based controls, encrypting data, and fixing software vulnerabilities.
Improve detection methods - By creating an audit trail, conducting periodic audits, installing fraud detection software,
implementing a fraud hotline, employing a computer security officer, monitoring system activities, and using intrusion detection
systems.
Reduce Fraud Losses - By maintaining adequate insurance, developing disaster recovery plans, backing up data and
programs, and using software to monitor system activity and recover from fraud.

Citations:
http://www4.semo.edu/gjohnson/AC330/ac330ch5notesedition11.htm
http://www.cob.sjsu.edu/ingrah_l/bus120a/ppt/ch5s.ppt
http://wps.prenhall.com/wps/media/objects/152/155841/AIS09.PPT