Chapter 11: Computer Crime, Fraud, Ethics, and Privacy Introduction Computer Crime, Abuse, and Fraud Three Examples of Computer Crimes Preventing Computer Crime and Fraud Ethical Issues, Privacy, and Identity Theft Chapter 11-1 Computer Crime, Abuse, and Fraud High level of public interest Data on incidents is limited Sources of information  Computer Security Institute (CSI) annual survey  KPMG surveys  Association of Certified Fraud Examiners (ACFE) survey Chapter 11-2 Computer Crime, Abuse, and Fraud Computer Crime  Manipulation of a computer or computer data  Dishonestly obtain money, acquire property, or something of value, or cause a loss Computer Abuse Unauthorized use of, or access to, a computer  Against the wishes of the owner  Chapter 11-3 Computer Crime Examples Chapter 11-4 Computer Crime, Abuse, and Fraud Fraudulent Financial Reporting  Intentional falsification of accounting records  Intend to mislead analysts, creditors, investors Misappropriation of Assets Misuse of company assets  Committed by employees within an organization  Chapter 11-5 Asset Misappropriation Examples Chapter 11-6 Federal Legislation of Computer Crimes Computer Fraud and Abuse Act of 1986 (CFAA)  Amended in 1994 and 1996 Computer Fraud Definition  An illegal act  Computer technology essential for perpetration, investigation, or prosecution Chapter 11-7 CFAA Fraudulent Acts Unauthorized theft, use, access, modification, copying, or destruction of software or data Theft of money by altering computer records or the theft of computer time Intent to illegally obtain information or tangible property through the use of computers Chapter 11-8 CFAA Fraudulent Acts Use, or the conspiracy to use, computer resources to commit a felony Theft, vandalism, destruction of computer hardware Trafficking in passwords or other login information for accessing a computer Extortion that uses a computer system as a target Chapter 11-9 Federal Legislation Affecting the Use of Computers Chapter 11-10 Fraud Losses and Education Level of Perpetrator Chapter 11-29 Recognizing Symptoms of Employee Fraud Accounting Irregularities Internal Control Weaknesses Unreasonable Anomalies Lifestyle Changes Behavioral Changes Chapter 11-30 Study Break #3 Which of these is not helpful in attempting to thwart computer crime and abuse? A Enlist the support of top management B Keep employees in the dark so that they cannot perpetrate them C Use strong passwords D Design and test disaster recovery programs Chapter 11-31 Study Break #3 - Answer Which of these is not helpful in attempting to thwart computer crime and abuse? A Enlist the support of top management B Keep employees in the dark so that they cannot perpetrate them C Use strong passwords D Design and test disaster recovery programs Chapter 11-32 Study Break #4 Most computer criminals: A B C D E Have nontechnical backgrounds Have noncriminal backgrounds Have little college education Are young and bright Have probably not been caught, so we don’t know much about them Chapter 11-33 Study Break #4 - Answer Most computer criminals: A B C D E Have nontechnical backgrounds Have noncriminal backgrounds Have little college education Are young and bright Have probably not been caught, so we don’t know much about them Chapter 11-34 Ethical Issues, Privacy, and Identity Theft Ethics A set of moral principles or values  Governs organizations and individuals  Ethical behavior Making choices and judgments that are morally proper  Acting accordingly  Chapter 11-35 Ethical Issues, Privacy, and Identity Theft Ethical Issues and Professional Associations Codes of Ethics/Professional Conduct  Certification programs and Ethics committees  Meeting the Ethical Challenges Inform employees of importance of ethics  Ethics training  Lead by example  Utilize reward system  Chapter 11-36 Ethical Issues in Computer Usage Chapter 11-37 Ethical Issues, Privacy, and Identity Theft Company Policies with Respect to Privacy Who owns the computer and data stored on it?  What purposes the computer may be used?  What uses are authorized or prohibited?  Identity Theft Dumpster diving  Phishing  Smishing  Chapter 11-38 Identity Theft Methods Chapter 11-39 Study Break #5 Smishing is a form of: A B C D Dial-back system Local area network Computer worm Identity theft Chapter 11-40 Study Break #5 - Answer Smishing is a form of: A B C D Dial-back system Local area network Computer worm Identity theft Chapter 11-41 Copyright Copyright 2012 John Wiley & Sons, Inc All rights reserved Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc The purchaser may make backup copies for his/her own use only and not for distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein Chapter 11-42 Chapter 11 Chapter 11-43 ... Policies and Protect Passwords     Strong passwords Social engineering Lock-out systems Dialback systems Chapter 11- 24 10 Simple Steps to Safer PCs Chapter 11- 25 10 Simple Steps to Safer PCs Chapter. .. Accountants Chapter 11- 27 Occupations of Computer Abuse Offenders Chapter 11- 28 Fraud Losses and Education Level of Perpetrator Chapter 11- 29 Recognizing Symptoms of Employee Fraud Accounting. .. antivirus filters  Chapter 11- 22 Common Types of Computer Crime and Abuse Chapter 11- 23 Preventing Computer Crime and Fraud Enlist Top-Management Support Increase Employee Awareness and Education