Computer Fraud is the act of using a computer to take or alter electronic data, or to gain unlawful use of

a computer or system.

The general model for accounting information systems, conceptually, the key stages of an information
system. Each stage in the model is a potential area of risk for certain types of computer fraud.

Data Collection objective is to ensure that transaction data entering the system are valid, complete, and
free from material errors.

2 rules govern the design of data collection procedures:

Relevance what is relevant depends on what the user needs so only data that ultimately contribute to
information are relevant.
Efficiency we are to collect data only once to avoid redundancy because it overloads facilities and
reduces the overall efficiency of the system since theres a limit in the systems capacity.
(payroll, accounts payable)

Transactions frauds from remote locations:

Masquerading Masquerade attacks can be perpetrated using stolen passwords and logons, by locating
gaps in programs, or by finding a way around the authentication process. Masquerade attacks may
happen in a number of ways. In case of an insider attack, a masquerade attacker gains access to the
account of a legitimate user either by stealing the victim's account ID and password, or by using a
keylogger
Piggybacking where access to computer systems is limited to those individual who have the proper
user ID and password. Once the terminal or workstation has been successfully logged into, it can be
compromised by an attacker on a covert workstation that is connected to the same line. you buzz a friend
at his apartment building. While waiting for him to release the door lock, another occupant opens the door
and goes in. you follow, going in as well. In analyzing you are not a resident of the building and dont have
the means to gain access to the building. However, you exploit the access capabilities of another person
and enter the building anyway.
Hacking gaining of access (wanted or unwanted) to a computer and viewing, copying, or creating data
(leaving a trace) without the intention of destroying data or maliciously harming the computer.

Data Processing
2 classes of frauds:
Program Fraud - it involves stealing small amounts of assets from a large number of sources without
noticeably reducing the whole.
Operations Fraud is the misuse or theft of the firms computer resources. This often involves using the
computer to conduct personal business.

Database Management
- Database is the organizations physical repository for financial and non-financial data.
Database Management Frauds include altering, deleting, corrupting, destroying, or stealing data.
Ex: logic bomb malware that is triggered by a response to an event, such as launching an application or
when a specific date/time is reached.

Information Generation is the process of compiling, arranging, formatting, and presenting information to
users.
Useful information has the following characteristics:
Relevance, Timeliness, Accuracy, Completeness, and Summarization.

Frauds:
Scavenging securing information by searching trash barrels for copies of discarded computer listings or
carbon papers from multiple-part forms used in input.
Eavesdropping - listening to output transmissions over telecommunications lines.