FUndaMENTALS OF COMPUTER AND INTERNET FRAUD GLOBAL HeAdquArters • tHe GreGOr BuiLdinG 716 West Ave • Austin, tX 78701-2727 • usA FUNDAMENTALS OF COMPUTER AND INTERNET FRAUD TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime? ................................................................................................................................ 2 Computer Fraud Versus Computer Crime .................................................................................................... 3 Computer Fraud .......................................................................................................................................... 3 Computer Crime ......................................................................................................................................... 4 The Extent Question: How Much Computer Fraud Is There? .................................................................. 5 A Few Statistics ........................................................................................................................................... 6 How Vulnerable Are We? .......................................................................................................................... 6 The Internet ................................................................................................................................................. 7 The Perpetrators of Computer Fraud ............................................................................................................. 8 The Necessary Skills ................................................................................................................................... 8 Inside or Outside ......................................................................................................................................... 8 Securing Information Resources ................................................................................................................... 10 Categories of Computer Fraud ...................................................................................................................... 11 Content .............................................................................................................................................................. 11 II. THE USE OF COMPUTERS IN OCCUPATIONAL FRAUD Asset Misappropriation ................................................................................................................................... 13 Cash Schemes ............................................................................................................................................ 13 Non-Cash Schemes ................................................................................................................................... 19 Control Weaknesses ........................................................................................................................................ 20 Internal Control Weaknesses ................................................................................................................... 21 Control Activities ...................................................................................................................................... 24 Review Questions ............................................................................................................................................ 25 III. DATA MANIPULATION AND DESTRUCTION Data Manipulation ........................................................................................................................................... 27 Fraud by Input Manipulation .................................................................................................................. 27 Fraud by Program Manipulation ............................................................................................................. 27 Fraud by Output Manipulation ............................................................................................................... 27 Computer Forgery ..................................................................................................................................... 27 Data Destruction .............................................................................................................................................. 28 Malware ...................................................................................................................................................... 29 Drive-by Downloads ................................................................................................................................ 29 Types of Malware ...................................................................................................................................... 30 Malware Carriers ....................................................................................................................................... 41 Malware Symptoms ................................................................................................................................... 41 Preventing Infection ................................................................................................................................. 42 What to Do If Infected ............................................................................................................................ 43 Antivirus and Other Security Software .................................................................................................. 44 Investigating Malware Infections ............................................................................................................ 44 Malware Information Resources ............................................................................................................. 45 Laws Used to Combat the Manipulation and Destruction of Data ......................................................... 45 The Computer Fraud and Abuse Act .................................................................................................... 45 Fundamentals of Computer and Internet Fraud i FUNDAMENTALS OF COMPUTER AND INTERNET FRAUD III. DATA MANIPULATION AND DESTRUCTION (CONT.) The Electronic Communications Privacy Act ...................................................................................... 49 Wire Fraud ................................................................................................................................................. 50 Review Questions ............................................................................................................................................ 52 IV. UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS AND SERVICES Categories of Security Attacks ....................................................................................................................... 56 Interception ................................................................................................................................................ 57 Interruption ................................................................................................................................................ 57 Modification ............................................................................................................................................... 57 Fabrication ................................................................................................................................................. 57 Passive and Active Attacks ............................................................................................................................. 57 Passive Attacks .......................................................................................................................................... 57 Active Attacks ............................................................................................................................................ 58 Common Methods of Attack ......................................................................................................................... 61 Social Engineering ..................................................................................................................................... 62 Reverse Social Engineering ...................................................................................................................... 63 Hacking ....................................................................................................................................................... 63 Anti-Intrusion Legislation .............................................................................................................................. 68 Preventing Unauthorized Access ................................................................................................................... 68 Basic Prevention Measures ...................................................................................................................... 68 Warning Screens ........................................................................................................................................ 69 Security Policies ......................................................................................................................................... 69 Firewalls .....................................................................................................................................................