AIS Exam 3

Ch 8 - 13

fraud

any and all means a person uses to gain an unfair advantage over another person

corruption

dishonest conduct by those in power which often involves actions that are illegitimate, immoral, or incompatible with ethical standards

misappropriation of assets

theft of company assets by employees

this could be physical assets (ex: cash, inventory) and digital assets (intellectual property)

fraudulent financial reporting

intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statement (ex: booking fictitous revenue)

pressure

a person’s incentive or motivation for committing fraud

(could be employee or financial statement specific)

opportunity

condition or situation that allows a person or organization to commit and conceal a dishonest act and convert it to personal gain

rationalization

excuse that fraud perpetrators use to justify their illegal behavior

computer fraud / cybercrime

any fraud that requires technology to penetrate it

Cybersecurity

policies, technologies, and practices designed to protect computer systems, networks, and data from unauthorized access, disruption, or damage

CIA triad

confidentiality - keeping data privacy

integrity - ensuring data is accurate and unaltered

availability - ensuring systems remain operational

defensive - cybersecurity

access controls, firewalls, monitoring, encryption, training

offensive - cybersecurity

social engineering, system attacks, malware, fraud schemes

social engineering

techniques or psychological tricks used to get people to comply with the hacker’s wishes to gain physical or logical access to a building, computer, server, or network

Compassion

desire to help others

Identity theft

Assuming someone else’s identity for economic gain

Pretexting

Using a scenario to trick victims to divulge information or to gain access

Phishing

Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data

Pharming

Redirects website to a spoofed website (usually to steal information)

Evil twin

Spoofed wireless network to steal internet traffic

A duplicate wireless network with an identical name to a legitimate access point.

Scavenging

Searching trash for confidential information

Eavesdropping

Listening to private communications (e.g., wiretap)

Skimming

Using electronic equipment to steal credit card data

Double swiping credit card

Hijacking

Gaining control of a computer to carry out illicit activities

Cross-site scripting (XSS)

Uses vulnerability of web application that allows the Web site to get injected with malicious code. When a user visits the Website, that malicious code is able to collect data from the user.

Buffer overflow attack

Large amount of data sent to overflow the input memory (buffer) of a program, causing it to crash and replacing it with attacker’s program instructions.

SQL injection (insertion) attack

Malicious code inserted in place of a query to get to the database information

Malware

involves any software used to do harm.

Spyware

Secretly monitors and collects information

Can hijack browser, search requests

Ransomware

Software that encrypts programs and data until a ransom is paid

Keylogger

Software that records user keystrokes

Trojan Horse

Malicious computer instructions in an authorized and properly functioning program

Trap door/back door

Set of instructions that allow the user to bypass normal system controls

Packet sniffer

Captures data as it travels over the Internet

Rootkit

Software used to conceal system components and malware from the system owner

A means of concealing system components and malware from the operating system and other programs; can also modify the operating system.

Virus

A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself

Worm

Stand-alone self-replicating program

Salami technique

A thin slice at a time

Economic espionage

A theft of information, trade secrets, and intellectual property

Internet pump and dump

Pump up price then sale.

Identity Theft

Assuming someone’s identity

Click Fraud

Manipulating click numbers

What would improve the ability to detect​ fraud?

Implement whistleblower rewards

A woman sent her company fictitious medical bills from doctors who did not exist. The bills were processed in the normal way by her​ employer, and payments went to her​ husband's office address. She bilked her company out of millions of dollars. This is an example of what type of​ fraud?

Input fraud

Fact about fraud​ perpetrators

Researchers found few psychological and demographic differences between​ white-collar criminals and the public.

Legally, for an act to be fraudulent there must​ be:

material fact that induces a person to act.

justifiable​ reliance, where a person relies on a misrepresentation to take an action.

false​ statement, representation, or disclosure.

Power outages and fluctuations can result in which type of​ threat?

Software errors and equipment failures

Organizations can make fraud less likely to occur by requiring an annual employee

a vacation

Unauthorized​ theft, use,​ access, modification,​ copying, or destruction of​ software, hardware, or data is called

computer fraud.

Which of the following is an example of how a fraud perpetrator would rationalize his​ actions?

belief that no one is going to be harmed.

Fraud is gaining an unfair advantage over another person.​ Legally, for an act to be fraudulent there must​ be:

An intent to deceive

Misappropriation of assets is an example of what type of accounting information​ threat?

Intentional acts

What is the primary purpose of a cookie in the context of websites?

To store information about the user and their activities on the site.

What is lapping?

Concealing the theft of cash by delaying the posting of collections to accounts receivable.

What are the three types of pressure that lead to misappropriations?

Financial, Emotional, and Lifestyle.

Under what circumstances does fraud detection become significantly more effective?

Data analytics software tools are used to examine an entire data population.

What is identified as the primary contributing factor in most misappropriations?

Absence of internal controls and/or failure to enforce them

Which law is known for detecting fraud by analyzing the distribution for the likelihood of a digit in a large set of naturally occurring numbers?

Benford’s law

Illegally using, copying, browsing, searching, or damaging company data constitutes what type of computer fraud?

data fraud

What is identified as the primary cause of security problems and the greatest risk to information systems, resulting in the highest financial losses?

Unintentional acts like accidents or innocent errors.

In the context of cyber threats exploiting natural and political disasters, what specific critical infrastructure is targeted by clever cybercriminals?

Emergency response, utilities, transportation, and hospitals.

Which of the following captures the essence of fraudulent behavior?

Engaging in deceptive actions to secure an unjust edge.

Which of the following activities is considered as computer instructions fraud?

Copying software without permission.

What is sabotage?

An intentional act where the primary goal is to destroy a system or some of its components.

According to the National Commission on Fraudulent Financial Reporting (the Treadway Commission), how is fraudulent financial reporting defined?

Intentional or reckless conduct resulting in materially misleading financial statements.

What term is commonly used to describe individuals who commit fraud as knowledgeable insiders with access, skills, and resources?

White-collar criminals.

In the context of the fraud triangle, what does rationalization refer to?

The excuse used by fraud perpetrators to justify their illegal behavior.

Which of the following statements is true regarding global computer fraud costs?

The current annual global computer fraud costs are estimated to be over $10 trillion.

What is investment fraud?

Misrepresenting or omitting facts to promote an investment with fantastic profits and little risk.

What is check kiting?

Creating cash by depositing a check and withdrawing the funds before it clears.

An insurance company installed software to detect abnormal system activity and found that employees were using company computers to run an illegal gambling website is an example of what type of computer fraud?

Processor fraud.

Why is detecting and preventing fraud challenging?

Technology advancements provide new opportunities for committing fraud.

In what areas can data analytics be applied for testing purposes?

all kinds of data

(Structured data (like financial records); Unstructured data (like emails or text); Semi-structured data

How does data analytics contribute to fraud detection?

Data analytics software tags items for human examination based on selected criteria.

Power outages and fluctuations.

Software errors and equipment malfunctions.

Logic errors.

Unintentional acts.

War and attacks by terrorists.

Natural and political disasters.

What concept is represented by the three conditions - pressure, opportunity, and rationalization - when discussing fraud among first-time perpetrators?

fraud triangle

According to recent studies on poor quality software, what approximate percentage of U.S. companies incurs significant software errors annually, leading to substantial costs?

More than 60% of companies grappling with significant software errors.

What does opportunity represent in the fraud triangle?

The condition or situation enabling the commission and concealment of a dishonest act for personal gain.

What is the simplest and most common method of committing computer fraud?

Input fraud

Anomaly detection using trends and patterns

Anything unexpected, out of the ordinary, or not in line with expected trends or patterns can indicate fraud.

Semantic modeling

Investigators can analyze both structured and unstructured text for hidden clues to fraudulent activity.

Regression analysis

Statistical method helps evaluate how strong the connection is between two or more data items.

Outlier detection

Items outside the range of similar data can indicate fraud.

Using computers to forge a company paycheck is an example of which type of computer fraud?

output fraud

What is corruption?

Corruption is dishonest conduct by those in power and involves actions that are illegitimate, immoral, or incompatible with ethical standards.

Unauthorized​ access, modification, or use of an electronic device or some element of a computer system is called

hacking

A hijacker placing himself between a client and a host to intercept network traffic is called​ _______.

man-in-the-middle

Jake Malone is running an online business that specialized in buying and reselling stolen credit card information. Jake is engaging in​ _______.

carding

Communications that request recipients to disclose confidential information by responding to an​ e-mail or visiting a website is​ called:

phishing

The word zombie is related to which type of computer​ attack?

botnet

Which of the following activities characterizes spyware?

Secretly monitoring computer usage and collecting personal information.

Phreaking

Attacking phone systems to obtain free phone line access; use of phone lines to transmit malware and to access, steal, and destroy data.

Zombies

Hijacked computers, typically part of a botnet, that are used to launch a variety of Internet attacks.

Botnet

A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware.

Hijacking

Gaining control of someone else’s computer to carry out illicit activities, such as sending spam without the computer user’s knowledge.

What best describes a brute force attack?

A systematic approach to trial-and-error for gaining unauthorized access.

What is skimming?

Illegally and covertly swiping credit cards to record data for fraudulent purposes.

Which of the following best describes a trap door?

A set of computer instructions that allows a user to bypass the system’s normal controls.

What is e-skimming?

Using malware to infect online checkout pages and steal customer data.

E-skimming involves stealing personal and payment information through hacking into online checkout pages using malware.