CHAPTER THIRTY-SIX

Preventing and Investigating Information Technology Fraud

IN RECENT YEARS, an enormous amount of publicity has been given to the threat of computer crime, which has led to a greater awareness at the executive level of the vulnerability faced within information technology (IT) functions. The growth of organized fraud in the computer world in conjunction with the comparatively new threat of organized terrorism or politically motivated penetration of computer systems makes this awareness essential.

Advances in computer science have come at a staggering pace and computer crime has remained in step with them. Unfortunately, computer crimes happen in real time and the crime is completed in microseconds. Only a tiny percentage of such crimes were found in time to perform any form of meaningful investigation unless care had been taken beforehand to create an appropriate detective environment.

PREVENTING FRAUD

In order to prevent IT fraud, it is necessary to understand how such fraud can be carried out. Generally speaking, the online criminal requires access to your personal information before he can do anything. Many fraud schemes make use of a type of program called spyware. Spyware is software that, once installed, will collect information about you and return to its source. In many cases spyware manipulates technology such as ActiveX to remotely install malicious software on the computer. This can happen simply by visiting a nonsecure web site.

Once stolen, this ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.