Cyber Fraud

Information Security Is Everyone’s Responsibility.


​What is considered as Computer Fraud?

Computer fraud is defined as any act using computers, the Internet, Internet devices, and Internet services to defraud people, companies, or government agencies of money, revenue, or Internet access. Illegal computer activities include phishing, social engineering, viruses, and DDoS attacks are some examples used to disrupt service or gain access to another's funds.

The Computer Fraud and Abuse Act, also known as the CFAA, is the federal anti-hacking statute that prohibits unauthorized access to computers and networks.

The Fraud Process

Fraud is any and all means a person uses to gain an unfair advantage over another person. In most cases, to be considered fraudulent, an act must involve: (1) a false statement (oral or in writing); (2) about a material fact; (3) knowledge that the statement was false when it was uttered (which implies an intent to deceive); (4) a victim who relies on the statement; and (5) and injury suffered by the victim.        

  • The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004.
  • Fraud against companies may be committed by an employee or an external party. Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies. These acts are largely owing to their understanding of the company’s systems and its weaknesses, which enables them to commit the fraud and cover their tracks.
  • Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company.
  • Fraud perpetrators are often referred to as white-collar criminals, which distinguishes them from violent criminals.
  • Three types of occupational fraud: (1) misappropriation of assets; (2) corruption; and (3) fraudulent statements.
  • A typical employee fraud has a number of important elements or characteristics:
    • The fraud perpetrator must gain the trust or confidence of the victim to commit and conceal the fraud.
    • Fraudsters use weapons of deceit and misinformation.
    • Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed. Most fraudsters can’t stop once they get started.
    • Fraudsters often grow careless or overconfident over time.
    • Fraudsters tend to spend what they steal. Very few save it.
    • In time, the sheer magnitude of the frauds may lead to detection.
    • The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure to enforce existing controls.
  • The National Commission on Fraudulent Financial Reporting (the Treadway Commission) defined fraudulent financial reporting as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
  • Financial statements can be falsified to: deceive investors and creditors; cause a company’s stock price to rise; meet cash flow needs; and/or hide company losses and problems. Fraudulent financial reporting is of great concern to independent auditors, because undetected frauds lead to half of the lawsuits against auditors.
  • Common approaches to “cooking the books” include: recording fictitious revenues; recording revenues prematurely; recording expenses in later periods; overstating inventories or fixed assets; and concealing losses and liabilities.
  • The Treadway Commission recommended four actions to reduce the possibility of fraudulent financial reporting:
    • Establish an organizational environment that contributes to the integrity of the financial reporting process.
    • Identify and understand the factors that lead to fraudulent financial reporting.
    • Assess the risk of fraudulent financial reporting within the company.
    • – Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented.
  • In 1997, SAS-82, Consideration of Fraud in a Financial Statement Audit, was issued to clarify the auditor’s responsibility to detect fraud. A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to understand fraud; discuss the risks of material fraudulent misstatements; obtain information; identify, assess, and respond to risks; evaluate the results of their audit tests; communicate findings; document their audit work; and incorporate a technology focus.
Who Commits Fraud and Why
  • Researchers have found significant differences between violent and white-collar criminals but few differences between white-collar criminals and the general public. White-collar criminals tend to mirror the general public in education, age, religion, marriage, length of employment, and psychological makeup.
  • Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills. Hackers and computer fraud perpetrators tend to be more motivated by curiosity, a quest for knowledge, the desire to learn how things work, and the challenge of beating the system. They may view their actions as a game rather than dishonest behaviour.
  • Another motivation may be to gain stature in the hacking community. Some see themselves as revolutionaries spreading a message of anarchy and freedom. But a growing number want to profit financially. To do so, they may sell data to spammers, organized crime, other hackers, and the intelligence community.
  • Some fraud perpetrators are disgruntled and unhappy with their jobs and are seeking revenge against their employers. Others are regarded as ideal, hard-working employees in positions of trust. Most have no prior criminal record.
  • Criminologist Donald Cressey, interviewed 200+ convicted white-collar criminals in an attempt to determine the common threads in their crimes. As a result of his research, he determined that three factors were present in the commission of each crime. These three factors have come to be known as the fraud triangle.
    • Pressure: The most common pressures were: not being able to pay one’s debts, nor admit it to one’s employer, family, or friends; fear of loss of status because of a personal failure; business reversals, physical isolation, status gaining, and difficulties in employer-employee relations.
    • Opportunity: Opportunity is the opening or gateway that allows an individual to commit the fraud, conceal the fraud, and convert the proceeds. There are many opportunities that enable fraud. Some of the most common are: Lack of internal controls, Failure to enforce controls (the most prevalent reason), Excessive trust in key employees, Incompetent supervisory personnel, Inattention to details, Inadequate staffing
    • Rationalization: Rationalizations take many forms, including: I was just borrowing the money, It wasn’t really hurting anyone, Everybody does it, I was only taking what was owed to me, I didn’t take it for myself. I needed it to pay my child’s medical bills.

Unfortunately, there is usually a mixture of pressure, opportunity, and rationalization in play, and there is no reliable method to predict when an individual may commit fraud.