Computer and Internet Frauds

Computer and Internet Frauds – in times of Pandemic – Lessons from Working from Home and Fraud Examiners Manual!

Nakul Saluja, CA, CFE

Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources.

Common technical and administrative controls used to secure computer systems and communication networks include:

  • Logical access controls
  • Network security
  • Operating system security
  • Encryption
  • Application security
  • Separation of duties

The following measures can help avoid infection from a malicious program:

    • Use anti-malware software to scan all incoming email messages and files.
    • Regularly update virus definitions in anti-malware programs.
    • Use precaution when opening emails from acquaintances.
    • Do not open email attachments unless they are from trusted sources.
    • Only download files from reputable sources.
    • Regularly update the operating system.
    • Regularly update with the latest security patches available for the operating system, software, browser, and email programs.
    • Ensure that there is a clean boot disk to facilitate testing with antivirus software.
    • Use a firewall and keep it turned on.
    • Consider testing all computer software on an isolated system before loading it.
    • In a network environment, do not place untested programs on the server.
    • Secure the computer against unauthorized access from external threats such as hackers.
    • Keep backup copies of production data files and computer software in a secure location.
    • Scan pre-formatted storage devices before using them.
    • Consider preventing the system from booting with a removable storage device; this might prevent accidental infection.
    • Establish corporate policies and an employee education program to inform employees of how malware is introduced and what to do if malware is suspected.
    • Encourage employees to protect their home systems as well. Many malware infections result from employees bringing infected storage devices or files from home.

Can you suggest other measures, internal controls or mitigation strategies? Comment below and let us know!

References : Fraud Examiners Manual (ACFE)

Read more

Bribery and Corruption

Bribery and Corruption – Lessons from Investigations and the Fraud Examiners Manual!

Nakul Saluja, CA, CFE

Bribery schemes are less common as compared to other forms of occupational frauds, such as asset misappropriations, but they tend to be much more costly and damaging.

Bribes seldom involve direct payments of cash or goods. Bribery may be defined as the offering, giving, receiving, or soliciting of corrupt payments—items of value paid to procure a benefit contrary to the rights of others—to influence an official act or business decision. Therefore, promises of favorable treatment can also constitute corrupt payments and such promises commonly take the following forms:

  • A promise of a lucrative employment in exchange of favors.
  • An executive leaving a private company for a related government position might be given favorable or inflated retirement and separation benefits.
  • Spouse or other relative of the intended recipient might also be employed by the payer company at an inflated salary or with little actual responsibility.

Corrupt payments can also form of loans. Some interesting illustrations would be:

  • An outright payment that is falsely described as an innocent loan
  • A legitimate loan in which a third party—the corrupt payer—makes or guarantees the loan’s payments
  • A legitimate loan made on favorable terms (e.g., an interest-free loan)

A corrupt payment can also be in the form of credit card use or payments toward a party’s credit card debt. The payer might use a credit card to pay a recipient’s transportation, vacation, or entertainment expenses, or the payer might pay off a recipient’s credit card debt. In some instances, the recipient might carry and use the corrupt payer’s credit card.

Corrupt payments also might come in the form of promises of favorable treatment. In addition, corrupt payments might occur in the form of transfers for a value other than fair market. In such transfers, the corrupt payer might sell or lease property to the recipient at a price that is less than its market value, or the payer might agree to buy or rent property from the recipient at inflated prices. The recipient might also “sell” an asset to the payer but retain the title or use of the property.

In summary, corruption schemes may involve various corrupt payments – items of value paid to procure a benefit contrary to the rights of others, and ways that do not involve money. Any tangible benefit given or received with the intent to corruptly influence the recipient can be an illegal payment, and traditional methods of making corrupt payments include:

  • Gifts, travel, and entertainment
  • Cash payments
  • Checks and other financial instruments
  • Hidden interests
  • Loans
  • Credit cards
  • Transfers not at fair market value
  • Promises of favorable treatment

Any other interesting methods you’ve come across? Comment and let us know!

References : Fraud Examiners Manual (ACFE)

Read more