CHAPTER 5

COMPUTER FRAUD AND ABUSE

Instructors Manual
Learning Objectives:
1. Define fraud and describe the process one follows to perpetuate a
fraud.
2. Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities and rationalizations that are present in
most frauds.
3. Define computer fraud and discuss the different computer fraud
classifications.
4. Compare and contrast the approaches and techniques that are used
to commit computer fraud.
Questions to be addressed in this chapter:

Who perpetrates fraud and why?

What is computer fraud, and what forms does it take?

What approaches and techniques are used to commit computer fraud?

What is fraud, and how are frauds perpetrated?

Jason anticipated the following questions that management was going to

ask:
1. What constitutes a fraud, and is the withholding problem a fraud?
2. If this is indeed a fraud, how was it perpetrated? What motivated
Don to commit it?
3. Why did the company not catch these mistakes earlier?
4. Was there a breakdown in controls?
5. What can the company do to detect and prevent fraud?
6. Just how vulnerable are computer systems to fraud?

Introduction
Our society has become increasingly dependent on accounting information
systems.
As system complexity and our dependence on systems increase, companies
face the growing risk of their systems being compromised.

Page 1 of 34

A recent survey disclosed that

67% of companies had a security breach

Over 45% were targeted by organized crime

60% reported financial losses.

The four types of threats a company faces are explained in Table 5-1 on
Page 143

AIS Threats
Four Types Of Systems Threats:
1. Natural and political disasters
2. Software errors and equipment malfunctions
3. Unintentional acts
4. Intentional acts (computer crimes)
1. Natural and political disasters
Fires, excessive heat, floods, earthquakes, high winds, war
and attacks by terrorists

World Trade Center in New York City

Flood in Chicago

Heavy Rains Mississippi and Missouri Rivers

Earthquakes in Los Angeles and San Francisco

Attacks on Government Information Systems by Foreign

Countries, Espionage Agents and Terrorists

2. Software Errors And Equipment Malfunctions

Losses due to software bugs at almost $60 billion a year.
More than 60% of the companies studied had significant
software errors in the previous year. For example,

Bugs in new tax accounting system were to blame for

Californias failure to collect $635 million in
business taxes

There have been a number of massive power failures

that have left hundreds of thousands of people and
many businesses without power

Page 2 of 34

A software bug in Burger Kings software resulted in a

$4,334.33 debit card charge for four hamburgers. The
cashier accidentally keyed in the $4.33 charge twice.

3. Unintentional Acts
The Computing Technology Industry Association estimates that
human errors cause 80% of security problems.
Forrester Research estimates that employees unintentionally
create legal, regulatory or financial risks in 25% of their
outbound e-mails.
Programmers make logic errors. Examples include the
following::

In Japan, a data entry clerk at Mizuho Securities

mistakenly keyed in a sale for 610,000 shares of J-Com
for 1 yen instead of the sale of 1 share for 610,000
yen. The error cost the company $250 million.

A bank programmer mistakenly calculated interest for

each month using 31 days. Resulted in over $100,000 in
excess interest paid.

An error in a Fannie Mae spreadsheet resulted in a

$1.2 billion misstatement of its earnings.

UPS lost a cardboard box with computer tapes

containing information, such as names, Social Security
numbers, account numbers and payment histories on 3.9
million Citigroup customers.

Treasury Department mistake in interest rate 8.67%

that should have been 6.87%. This was caught before
the checks were sent out; could have resulted in
overpayments of over $14 million.

Note to Instructor: The following example is not in the 11th

edition of this book. However, it was in the 10th edition of
the book.

A data entry clerk at Giant Food mistake in quarterly

dividend $2.50 should be $0.25. Resulted in $10
million in excess dividends

4. Intentional Acts (Computer Crimes)

The most frequent type of computer crime is fraud. This is
where the intent is to steal something of value.
The threat can also be in the form of sabotage, in which the
intent is to destroy or harm a system or some of its
components.

Page 3 of 34

Information systems are increasingly vulnerable to attack.

In a recent three-year period, the number of networks that
were compromised rose 700%
Example of Security Breaches, consider the case of
OpenTable, a restaurant reservation service that did not
design its cookie properly.
A Cookie is data that Web sites store on your
computer. The cookie identifies the Web sites to your
computer and identifies you to the Web site so you do
not have to log on each time you visit the site.
At OpenTable, the customer number stored in the
cookie was very easy to change.
An experienced programmer opened an account at
OpenTable and, in less than an hour, wrote a
program that cycled through all the customer
numbers and downloaded most of the companys
database.
Multiple Choice #1
Operating system crashes is an example of:
a.
b.
c.
d.

Natural and political disasters

Intentional acts
Unintentional acts
Software errors and equipment malfunctions

Learning Objective One

Define fraud and describe the process one follows
to perpetuate a fraud.

INTRODUCTION TO FRAUD
Fraud is any and all means a person uses to gain an unfair
advantage over another person. Legally, for an act to be
considered fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to
act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on the
misrepresentation to take an action

Page 4 of 34

5. An injury or loss suffered by the victim

Attempts To Estimate The Staggering Losses From Fraud:

The Association of Certified Fraud Examiners estimates total

fraud losses in the United States to be about $660 billion a
year.

Income-tax fraud (the difference between what taxpayers owe

and what they pay to the government) is estimated at well
over $350 billion dollars a year.

Fraud in the health-care industry is estimated to exceed

$100 billion a year.

75 to 90% of All Computer Crimes are Perpetrated by Insiders

Fraud Perpetrators are also referred to as White-Collar Criminals
Statement on Auditing Standards (SAS) No. 99:
Fraud takes two forms

Misappropriation of Assets and

Fraudulent Financial Reporting

Misappropriation of Assets
Misappropriation of Assets often referred to as Employee
Fraud
Some examples include:

Albert Miano, a manager at Readers Digest

responsible for processing bills from painters
and carpenters, embezzled $1 million over a 5year period.
Forged signature on checks and deposited
the monies in his account
Bought an expensive home, five cars
and a boat.

A Bank vice president approved $1 billion in bad

loans in exchange for $585,000 in kickbacks.
The bank had to shut down

An Accounting Information Systems manager at a

Florida newspaper went to work for a competitor
after he was fired.

Page 5 of 34

It was discovered that the manager still

had an active account and password as the
firm where he was fired
So, the manager was able
regularly browse the old
companys computer files
information on exclusive

to
newspaper
for
stories

Note to Instructor: The following example is

not in the 11th edition of this book. However,
it was in the 10th edition of the book.

A technology enthusiast, John Draper, discovered

that the whistle offered as a prize in Capn
Crunch cereal exactly duplicated the frequency
of a WATS telephone line.
He made several free long distance
telephone calls

A Typical Employee Fraud has a Number of Important Elements

or Characteristics:

The fraud perpetrator must gain the trust or

confidence of the person or company being
defrauded

Instead of a weapon or physical force to commit

a crime, fraud perpetrators use trickery,
cunning, or false or misleading information to
obtain money or assets.

They hide their tracks by falsifying records or

other information

Few frauds are terminated voluntarily. Instead,

the fraud perpetrator continues due to need or
greed.
Often, perpetrators begin to depend on the
extra income and get to a point where
they cannot afford to stop.
Other times they move to a higher
lifestyle that even requires a
greater amount of money
Its at this point where they get braver, or
should we see more relaxed, where the
perpetrator gets greedy and starts stealing
larger amounts of money; this is where they
normally get caught.

Fraud perpetrators spend their ill-gotten gains,

Page 6 of 34

usually on an extravagant lifestyle. Rarely do

they save or invest the money they take. Some of
these high cost luxurious items include, big
homes, fancy cars, gambling or just a big
spender type person

Many perpetrators that become greedy, not only

start taking greater amounts of monies, but also
take the monies more often.

As previously mentioned, perpetrators at some

point start getting braver and grow careless or
overconfident. This is the point where they can
also make a mistake and get caught.

The fraud perpetrator cannot get away with

stealing cash or property forever. At some
point, although it may take some time, they are
going to get caught.

The most significant contributing factors in

most employee frauds is the absence of internal
controls or failure to enforce existing internal
controls.
After all, if a person that is already
dishonest in his/her nature; if they find
out the management is not concerned about
internal controls
this makes it very easy for them to
become a fraud perpetrator and start
stealing cash or property

Fraudulent Financial Reporting

The Treadway Commission defined fraudulent financial
reporting as intentional or reckless conduct, whether by act
or omission, that results in materially misleading financial
statements
The Treadway Commission studied 450 lawsuits against
auditors and found undetected fraud to be a factor in
half of them.
Some prime examples are Enron, WorldCom, Tyco,
Adelphia, HealthSouth, Global Crossing and Xerox.
Executives cook the books, as they say, by fictitiously
inflating revenues, recognizing revenues before they are
earned, closing the books early (delaying current period
expenses to a later period), overstating inventories or
fixed assets, and concealing losses and liabilities.
The Treadway Commission recommended four actions to reduce
the possibility of fraudulent financial reporting:

Page 7 of 34

1. Establish an organizational environment that

contributes to the integrity of the financial
reporting process.
2. Identify and understand the factors that lead to
fraudulent financial reporting
3. Assess the risk of fraudulent financial reporting
within the company
4. Design and implement internal controls to provide
reasonable assurance that fraudulent financial
reporting is prevented.
A study by the Association of Certified Fraud Examiners found that
misappropriation of assets by employees is more than 17 times more
likely than fraudulent financial reporting.
SAS No. 99: The Auditors Responsibility to Detect Fraud
SAS No. 99 requires auditors to:

Understand fraud

Discuss the risks of material fraudulent misstatements

Obtain information

Identify, assess and respond to risks

Evaluate the results of their audit tests

Document and communicate findings

Incorporate a technology focus

Multiple Choice 2
The Association of Certified Fraud Examiners estimates total fraud
losses in the United States to be over
a.
b.
c.
d.

$350
$660
$100
$800

billion
billion
billion
billion

a
a
a
a

year
year
year
year

Multiple Choice 3
Which of the following statements is false?
a. For an act to be fraudulent there must be a false
statement, representation, or disclosure.
b. Fraud perpetrators are often referred to as management
fraud.
c. Misappropriation of assets is often referred to as
employee fraud.
d. SAS No. 82 was adopted in 1997.

Page 8 of 34

Learning Objective Two

Discuss who perpetrates fraud and why it occurs,
including the pressures, opportunities and
rationalizations that are present in most frauds

Who Perpetrates Fraud and Why It Occurs

Perpetrators of computer fraud tend to be younger and possess more
computer knowledge, experience, and skills
Some hackers and computer fraud perpetrators are more motivated by
curiosity, a quest for knowledge, the desire to learn how things
work, and the challenge of beating the system.
Most have no previous criminal record
Research
occur: a
referred
triangle

shows that three conditions are necessary for fraud to

pressure, an opportunity, and a rationalization. This is
to as the fraud triangle and is shown as the middle
in Figure 5-1 on Page 148.

Pressures
A pressure is a persons incentive or motivation for committing
the fraud. The three common types of pressures are 1) Financial,
Emotional and Lifestyle which is summarized in Table 5-2 on Page
149. Table 5-3 on Page 150 provides the pressures that can lead to
financial statement fraud.

Opportunities
As shown in the opportunity triangle in Figure 5-1 on Page 148,
opportunity is the condition or situation that allows a person or
organization to do three things:
1. Commit the fraud
Most fraudulent financial reporting consists of the
overstatement of assets or revenues or the understatement of
liabilities, or the failure to disclose information.
2. Conceal the fraud
A common and effective way to hide a theft is to charge the
stolen item to an expense account. For example, charge
supplies to an expense account when they are initially
purchased; before they are used. This allows the perpetrator
the opportunity to use some of the supplies for personal
benefit at the expense of the company. These unused supplies

Page 9 of 34

should have been recorded as an asset called Supplies until

they are used.
Another way to hide a decrease in assets is by lapping. In a
lapping scheme, the perpetrator steals the cash or check
that customer A mails in to pay its accounts receivable.
Funds received at a later date from customer B are used to
pay off customer As balance. And so forth, funds from
customer C are used to pay off customer B.
In a kiting scheme, the perpetrator covers up a theft by
creating cash through the transfer of money between banks.
For example, suppose a fraud perpetrator opens checking
accounts in three banks, called bank A, B and C, and
deposits $100 in each account. Then the perpetrator
creates cash by depositing a $1,000 check from bank A into
bank B and then withdraws the $1,000 from bank B. It takes
two days for his check to clear bank A. Since there are
insufficient funds in bank A to cover the $1,000 check, the
perpetrator deposits a $1,000, check from bank C to bank A
before his check to bank B clears the bank A. Since bank C
also has insufficient funds, $1,000 must be deposited to
bank C before the check to bank A clears. The check to bank
C is written from bank B, which also has insufficient funds.
And the scheme continues. I have also seen situations where
kiting also includes credit cards in with the use of
checking accounts.
Note to Instructor: Since most banks would require you to deposit
so money to start a checking account, an initial deposit of $100
in each bank was included above. In addition, the below charts
provide a somewhat picture explanation of the above kiting scheme.
The chart below uses dates, balances and NSF due dates.

Page 10 of 34

BANK A

BANK B

#1 1/1 1,000 check

Bal. -1,000
NSF due on 1/3

PERPETRATOR

1,000
1/1 Bal. +1,000
#2 1/2 W/D -1,000
Bal.
-0No NSF Due

1/3 +1,000
Bal.
-0No NSF Due

#4

1/2

BANK C

+1,000
#3 1/3 1,000 check
Bal.-1,000
NSF Due 1/5
+1,000
Bal.
-0No NSF Due

1/5

1,000 check
Bal. -1,000
NSF Due 1/7
Deposit +1,0001

Note #1: At this point the perpetrator may want to deposit the $1,000 he has had for 5 days (1/2
through 1/6), on the morning of 1/7 and start over again with Bank A.
Legend: W/D = withdraws cash

NSF = nonsufficient funds

Bal. = balance

3. Convert the Theft or Misrepresentation to Personal Gain

In employee fraud, all fraud perpetrators go through the conversion phase unless they steal actual
cash that can be spent or use the asset personally.
Table 5-4 on Page 152 list some of the more frequently mentioned opportunities that permit employee
and financial statement fraud.
Opportunities for fraud often stem from internal control factors.
A control feature many companies lack is a background check on all potential employees.

Page 11 of 34

[This page is left blank intentionally]

Page 12 of 34

Rationalizations
Rationalization allows perpetrators to justify their illegal
behavior.
A list of some of the rationalizations people use:

I am only borrowing the money (or asset) and will

repay my loan.

You would understand if you know how badly I needed it

What I did was not that serious

It was for a good cause (the Robin Hood syndrome,

robbing from the rich to give to the poor).

I occupy a very important position of trust. I am

above the rules.

Everyone else is doing it, so it is not that wrong.

No one will ever know

The company owes it to me, and I am taking no more

than is rightfully mine

Multiple Choice 4
The three conditions that are present when fraud occurs includes:
a.
b.
c.
d.

Attitude
Opportunity
Lack of control
Financial

Multiple Choice 5
The pressures that can lead to employee fraud include
a.
b.
c.
d.
e.

Fear of losing job

Lack of control
Poor performance ratings
Family/peer pressure
A and D

Multiple Choice 6
Internal control factors that provide an opportunity for employee
and financial statement fraud includes
a.
b.
c.
d.

Incompetent personnel
Operating on a crisis basis
Inadequate supervision
Low employee morale and loyalty

Page 13 of 34

Learning Objective Three

Define computer fraud and discuss the different
computer fraud classifications.

Computer Fraud
The U.S. Department of Justice defines computer fraud as any
illegal act for which knowledge of computer technology is
essential for its perpetration, investigation or prosecution. More
specifically, computer fraud includes the following:

Unauthorized theft, use, access, modification, copying and

destruction of software or data

Theft of money by altering computer records

Theft of computer time

Theft or destruction of computer hardware

Use or the conspiracy to use computer resources to commit a

felony

Intent to illegally obtain information or tangible property

through the use of computers

The Association of the Certified Fraud Examiners provides the

general definition of computer fraud:
Any defalcation or embezzlement accomplished by tampering
with computer programs, data files, operations, equipment,
or media and resulting in losses sustained by the
organization whose computer system was manipulated.
Another definition of Computer:
In a computer crime, the computer is involved directly or
indirectly in committing the criminal act. Sabotage of
computer facilities is classified as a direct computer crime
and unauthorized access of stored data is an indirect
computer crime because the presence of the computer created
the environment for committing the crime.
The Rise in Computer Fraud
Computer systems are particularly vulnerable to computer crimes
for the following reasons:

Billions of characters of data are stored in company

databases. People who manage to break into these
databases can steal, destroy or alter massive amounts of

Page 14 of 34

data in very little time.

Organizations want employees, customers and suppliers to

have access to their system. The number and variety of
these access points significantly increase the risks.

Computer programs only need to be changed or modified

once without permission for the system to operate
improperly for as long as the system is in use.

Modern systems utilize personal computers (PCs), which

are inherently more vulnerable to security risks. It is
difficult to control physical access to each networked
PC. In addition, PCs and their data can be lost, stolen
or misplaced.

Computer systems face a number of unique challenges:

reliability (i.e. accuracy, completeness), equipment
failure, environmental dependency (i.e. power, damage
from water or fire), vulnerability to electromagnetic
interference and interruption, eavesdropping and
misrouting

The increase in computer fraud schemes is due to some of the

following reasons:
1. Not everyone agrees on what constitutes computer fraud
2. Many computer frauds go undetected
The FBI estimated that only one percent of all computer
crime was detected; while others estimated it to be between
5 and 20%.
3. A high percentage of uncovered frauds are not reported
4. Many networks have a low level of security
5. Many Internet pages give step-by-step instructions on how to
perpetrate computer crimes and abuses
6. Law enforcement is unable to keep up with the growing number
of computer frauds
7. The total dollar value of losses is difficult to calculate

Computer Fraud Classifications

As shown in Figure 5-2 on Page 156, one way to categorize computer
fraud is to use the data processing model: input, processor,
computer instructions, stored data and output.

Input

Page 15 of 34

The simplest and most common way to commit fraud is to alter

computer input. It requires little, if any computer skills.
Instead, perpetrators need only understand how the system operates
so they can cover their tracks.
To commit payroll fraud, perpetrators can enter data to increase
their salary, create a fictitious employee, or retain a terminated
employee on the records.
Example of input fraud, a New York bank employee changes the
company deposit slips to forged deposit slips. For three days he
deposited bank deposits in his personal account for three days.
Then he disappeared and was not caught as he used an alias name.
There are more examples on pages 155 and 156.
Processor
Computer fraud can be committed through unauthorized system use,
including the theft of computer time and services.
Example of processor fraud, employees of an insurance company were
running an illegal gambling web site. These employees hid the
computers under the floor.
There are more examples on page 156.
Computer Instructions
Computer fraud can be accomplished by tampering with the software
that processes company data.
Data
The greatest exposure in data fraud comes from employees with
access to the data.
The most frequent type of data fraud is the illegal use of company
data, typically by copying it, using it, or searching it without
permission.
For example, an employee using a small flash drive or an iPod can
steal large amounts of data and remove it without being detected.
The following are some recent examples of stolen data:

The office manager of a Wall Street law firm found

information about prospective mergers and acquisition in the
firms Word files. He sold the information to friends and
relatives, who made several million dollars trading the
securities illegally.

A 22-year old Kazakhstan mane broke into Bloombergs network

and stole account information, including that of Michael
Bloomberg, the mayor of New York and the founder of the

Page 16 of 34

financial news company. He demanded $200,000 in exchange for

not using or selling the information. He was arrested in
London when accepting the ransom.

A software engineer tried to steal Intels plans for a new

microprocessor. Because he could view but not copy or print
the manufacturing plans, he photographed them screen by
screen late at night in his office. One of Intels controls
was to notify security when the plans were viewed after
hours. He was caught photographing the plans.

Cbyer-criminals used sophisticated hacking and identity

theft techniques to hack into seven major online brokerage
firm accounts. They sold the securities in those accounts
and used the cash to pump up the price of 15 low-priced,
thinly traded public companies they already owned. They then
dumped the 15 stocks in their personal accounts for huge
gains. E-trade lost $18 million and Ameritrade $4 million in
similar pump-and-dump schemes.

The U.S. Department of Veterans Affairs was sued because an

employee laptop that contained the records of 26.5 million
veterans was stolen, exposing them all to identity theft.
Later, another laptop with the records of 38,000 people
disappeared from a subcontractors office.

Data can also be changed, damaged, destroyed or defaced.

Data also can be lost due to negligence or carelessness.
Deleting files does not erase them. Even reformatting a hard drive
often does not erase files or wipe the drive clean.
Output
Computer output, displayed on monitors or printed on paper, can be
stolen or misused.
Fraud perpetrators can use computers and output devices to forge
authentic-looking outputs. For example, a company laser-printer
could be sued to prepare paychecks.
Multiple Choice 7
Computer fraud is increasing rapidly due to
a. Not everyone agrees on what constitutes computer fraud
b. Many computer frauds go undetected
c. The total dollar value of losses is difficult to
calculate
d. All of the above
e. A and B

Computer Fraud and Abuse Techniques

Page 17 of 34

These techniques are summarized in Table 5-5 on Page 158

Computer Attacks
Hacking is the unauthorized access to and use of computer systems,
usually by means of a personal computer and a telecommunications
network. Most hackers are able to break into systems using known
flaws in operating systems or application programs, or as a result
of poor access controls. Some hackers are motivated by the
challenge of breaking into computer systems and just browse or
look for things to copy and keep. Other hackers have malicious
intentions.
The following examples illustrate hacking attacks and the damage
they cause:
Several years ago, Russian hackers broke into Citibanks
system and stole $10 million from customer accounts
During Operation Desert Storm, Dutch hackers broke into
computers at 34 different military sites and extracted
confidential information. Among the information stolen
were the troop movements and weapons used in the Iraq
war. The group offered to sell the information it Iraq,
but the government declines, probably because it feared
it was a setup.
A 17-hear-old hacker, nicknamed Shadow Hawk, was
convicted of electronically penetrating the Bell
Laboratories national network, destroying files valued at
$174,000, and copying 52 proprietary software programs
worth $1.2 million. He published confidential information
such as telephone numbers, passwords and instructions
on how to breach AT&Ts computer security system on
underground bulletin boards. He was sentenced to nine
months in prison and given a $10,000 fine. Like Shadow
Hawk, many hackers are fairly young, some as young as 12
and 13.
Hackers who search for dial-up modem lines by programming
computers to dial thousands of phone lines is referred to as
war dialing.
War driving is driving around looking for unprotected
wireless networks.
Some war drivers draw chalk symbols on sidewalks to mark
unprotected wireless networks, referred to as war chalking.
One enterprising group of researches went war rocketing.
They sent rockets into the air that let loose wireless
access points, each attached to a parachute.

Page 18 of 34

A botnet, short for robot network, is a network of hijacked

computers. Hijacking is gaining control of someone elses
computer to carry out illicit activities without the users
knowledge.
Hackers who control the hijacked computers, called bot
herders, use the combined power of the infected machines,
called zombies.
A denial-of-service attack occurs when an attacker sends so many
e-mail bombs (thousands per second), often from randomly generated
false addresses, that the Internet service providers e-mail
server is overloaded and shuts down. Another denial-of-service
attack is sending so many requests for Web pages that the Web
server crashes.
A good example was when a lot of people were receiving so
many emails so fast that they could not even delete them
all; it was just a constant flow of emails in which these
people could not do anything else. As a result, some people
now have more than one email provider, one which they only
use to catch the junk emails.
Most denial-of-service attacks are quite easy to accomplish and
involve the following:

The attacker infects a botnet with a denial-of-service

program.

The attacker activates the program and the zombie

computers begin sending pings (e-mails or requests for
data) to the computer being attacked. The victim computer
responds to each ping, not realizing the zombie computer
sent it a fictitious return address, and waits for a
response that never comes.

Because the victim computer is waiting for so many

responses that never come, system performance begins to
degrade until the computer finally freezes (it does
nothing but respond to the pings) or it crashes.

The attacker terminates the attack after an hour or two

to limit the victims ability to trace the source of the
attacks.

Spamming is the emailing the same unsolicited message to

many people at the same time, often in an attempt to sell
them something.
Spammers use very creative means to find valid email
addresses. They scan the Internet for addresses posted
online and also hack into company databases and steal
mailing lists. In addition, spammers stage dictionary
attacks (also called direct harvesting attacks)
designed to uncover valid email addresses.

Page 19 of 34

Hackers also spam blogs, which are Web sites

containing online journals, by placing random or
nonsensical comments to blogs that allow visitor
comments.
Splogs, or spam blogs, promote affiliated Web sites in
increase their Google Page Rank, a measure of how
often a Web page is referenced by other Web pages.
Spoofing is making an e-mail message look as if
someone else sent it.
A former Oracle employee was charged with breaking
into the companys computer network, falsifying
evidence, and committing perjury for forging an e-mail
message to support her charge that she was fired for
ending a relationship with the companys chief
executive. The employee was found guilty of forging
the e-mail messaged and faced up to six years in jail.
A zero-day attack (or zero-hour attack) is an attack
between the time a new software vulnerability is
discovered and the software developers and the
security vendors releases software, called a patch,
that fixes the problem.
Password cracking is penetrating a systems defenses,
stealing the file containing valid passwords,
decrypting them and using them to gain access to
programs, files and data.
In masquerading, or impersonation, the perpetrator gains
access to the system by pretending to be an authorized user.
This approach requires a perpetrator to know the legitimate
users ID number and password.
Piggybacking is tapping into a telecommunications line and
latching on to a legitimate user before the user logs into a
system. The legitimate user unknowingly carries the
perpetrator into the system.
Piggybacking has several meanings:
1.

The clandestine use of a neighbors Wi-Fi network;

this can be prevented by enabling the security
feature in the wireless network.

2.

Tapping into a telecommunications line and

electronically latching on to a legitimate user
before the user enters a secure system; the
legitimate user unknowingly carries the perpetrator
into the system.

Page 20 of 34

3.

An unauthorized person passing through a secure

door when an authorized person opens it, thereby
bypassing physical security controls such as
keypads, ID cards, or biometric identification
scanners.

Data diddling is changing data before, during, or after it is

entered into the system. The change can be made to delete, alter,
or add key system data.
Data leakage refers to the unauthorized copying of company data.
A fraud perpetrator can use the salami technique, to embezzle
large sums of money a salami slice at a time from many different
accounts (tiny slices of money are stolen over a period of time).
The round-down fraud techniques is used most frequently in
financial institutions that pay interest. In the typical scenario,
the programmer instructs the computer to round down all interest
calculation to two decimal places. The fraction of a cent that is
rounded down on each calculation is put into the programmers
account or one that he or she controls.
Phreaking is attacking phone systems to obtain free phone line
access. Phreakers also use the telephone lines to transmit viruses
and to access, steal and destroy data.
Economic espionage is the theft of information, trade secrets and
intellectual property. This has increased by 323% during one fiveyear period. The U.S. Department of Justice estimates that
intellectual property theft losses total $250 billion a year.
Almost 75% of these losses are to an employer, former employer,
contractor, or supplier.
A growing problem is cyber-extortion, in which fraud perpetrators
threaten to harm a company if it does not pay a specified amount
of money.
Internet terrorism occurs when hackers use the Internet to disrupt
electronic commerce and to destroy company and individual
communications.
Internet misinformation is using the Internet to spread false or
misleading information about people or companies. This can be done
in a number of ways, including inflammatory messages in online
chats, setting up Web sites and spreading urban legends.
Fraud perpetrators are
to defraud people. For
message to many people
overdue amount was not

beginning to use unsolicited email threats

example, Global Communications sent a
threatening legal action if an unspecified
paid within 24 hours.

Page 21 of 34

Note to Instructor: You may want to include somehow a personal

experience that the writer of this chapters instructors manual
encountered.
I also experienced this problem in which I was receiving an
email that looked like it was coming from my bank requesting
my password and other personal information. Since, I was
suspicious of this email; So I contacted my bank, in which I
learned that this was a fraud scam.
Many companies advertise online and pay based on how many users
click on ads that take them to the companys Web site. Advertisers
pay from a few cents to over $10 for each click. Click fraud is
intentionally clicking on these ads numerous times to inflate
advertising bills.
Software piracy is copying software without the publishers
permission. It is estimated that for every legal copy of software
there are seven to eight illegal ones. I have seen some places
where this is almost like an acceptable practice.

Social Engineering
In social engineering, perpetrators trick employees into giving
them the information they need to get into the system.
Identity theft is assuming someones identity, usually for
economic gain, by illegally obtaining and using confidential
information such as the persons Social Security number or their
bank account or credit card number. Identity thieves benefit
financially by taking funds out of the victims bank accounts,
taking out mortgages or other loan obligations, and taking out
credit cards and running up large debts.
In one case, a convicted felon incurred $100,000 of credit card
debt, took out a home loan, purchased homes and consumer goods,
and then filed for bankruptcy in the victims name.
In pretexting, people act under false pretenses to gain
confidential information. For example, they might conduct a
security and lull the person into disclosing confidential
information by asking 10 innocent questions before asking the
confidential ones.
Posing is creating a seemingly legitimate business, collecting
personal information while making a sale, and never delivering a
product.
Phishing sending out an email, instant message, or text message
pretending to be a legitimate company, usually a financial
institution, and requesting information. The recipient is asked to
either respond to the email request or visit a Web page and submit
the data or responding to a text message.

Page 22 of 34

The IRS has set up a Web site and an e-mail address

(phishing@irs.gov) where people can forward for investigation
suspicious e-mails that purport to be from the IRS.
In voice phishing, or vishing e-mail recipients are asked to call
a specified phone number, where a recording tells them to enter
confidential data.
Phished (and otherwise stolen) credit card numbers can be bought
and sold, which is called carding.
Pharming is redirecting a Web sites traffic to a bogus (spoofed)
Web site, usually to gain access to personal and confidential
information. So how does pharming work? If you dont know
someones phone number, you look it up in a phone book. If you
could change XYZ Companys number in the phone book to your phone
number, people calling XYZ Company would reach you instead. You
could then ask them to divulge information only they would know to
verify their identity.
An evil twin is when a hacker sets up a wireless network with the
same name (called Service Set Identifier, or SSID) as the wireless
access point at a local hot sport or a corporations wireless
network.
Typosquatting, also called URL hijacking, is setting up Web sites
with names very similar to real Web sites so when user make
mistakes, such as typographical errors, in entering a Web site
name the user is sent to an invalid site.
The typosquatters site may do the following:

Trick the user into thinking she is at the real site by

using a copied or a similar logo, Web site layout, or
content. These sites often contain advertising that would
appeal to the person looking for the real domain name.
The typosquater might also be a competitor.

Send the user to a site very different from what was

wanted. In one famous case, a typosquater sent people
looking for sites that appealed to children to a
pornographic Web site.

Use the false address to distribute viruses, adware,

spyware, or other malware.

Scavenging, or dumpster diving gaining access to confidential

information by searching corporate or personal records. Some
identity thieves search garbage cans, communal trash bins, and
city dumps to find documents or printouts with confidential
company information. They also look for personal information such
as checks, credit card statements, bank statements, tax returns,
discarded applications for reapproved credit cards or other
records that contains Social Security numbers, names, addresses,
telephone numbers, and other data that allow them to assume an

Page 23 of 34

identity. Be sure to tear up (or preferably shred) your personal

correspondence from banks and credit card companies to the point
that the number cannot be read, before you throw it in to the
trash; especially in a public trash container.
Shoulder surfing watching people as they enter telephone calling
card or credit card numbers or listening to conversations as
people give their credit card number over the telephone or to
sales clerks.
Skimming is double-swiping a credit card in a legitimate terminal
or covertly swiping a credit card in a small, hidden, handheld
card reader that records credit card data for later use.
Chipping is posing as a service engineer and planting a small chip
in a legitimate credit card reader.
Eavesdropping enables perpetrators to observe private
communications or transmissions of data. One way to intercept
signals is by setting up a wiretap.

Malware
This section describes malware, which is any software that can be
used to do harm.
Spyware software secretly collects personal information about
users and sends it to someone else without the users permission.
The information is gathered by logging keystrokes, monitoring
computing habits such as Web sites visited, and scanning documents
on the computers hard disk.
Spyware infections, of which users are usually unaware, come from
the following:

Downloads such as file sharing programs, system

utilities, games, wallpaper, screensavers, music and
videos.

Web sites that secretly download spyware when they are

visited. This is call drive-by downloading.

A hacker using security holes in Web browsers and other

software.

Programs masquerading as anti-spyware security software.

A worm or virus

Public wireless network. For example, users receive a

message they believe is from the coffee shop or hotel
where they are using wireless technology. Clicking on the
message inadvertently downloads a Trojan horse or spyware
application.

Page 24 of 34

One type of spyware, called adware (short for advertising

supported software), does two things: First, it causes banner ads
to pop up on your monitor as you surf the Net. Second, it collects
information about the users Web-surfing and spending habits and
forwards it to the company gathering the data, often an
advertising or large media organization.
In a recent survey, 55% of companies had experienced a spyware,
adware, or some other malware infection. In larger organizations,
the average cost of getting rid of spyware is over $1.5 million a
year.
Another form of spyware, called a key logger, records computer
activity, such as a users keystrokes, emails sent and received,
Web sites visited, and chat session participation.
A Trojan horse is a set of malicious, unauthorized computer
instructions in an authorized and otherwise properly functioning
program. Some Trojan horses give the creator the power to remotely
control the victims computer. Unlike viruses and worms, the code
does not try to replicate itself.
Time bombs and logic bombs are Trojan horses that lie idle until
triggered by a specified time or circumstance. Once triggered, the
bomb goes off, destroying programs, data or both.
Company insiders, typically disgruntled programmers or other
systems personnel who want to get even with their company, write
many bombs.
A trap door, or back door, is a way into a system that bypasses
normal system controls. Programmers use trap doors to modify
programs during systems development and normally remove them
before the system is put into operation.
Packet sniffers are programs that capture data from information
packets as they travel over the Internet or company networks.
Captured data is sifted to find confidential information such as
user IDs and passwords, and confidential or proprietary
information that can be sold or otherwise used.
Stenography programs hide data from one file inside a host file,
such as a large image or sound file. There are more than 200
different stenographic software programs available on the
Internet.
A rootkit is software that conceals processes, files, network
connections, memory addresses, systems utility programs, and
system data from the operating system and other programs. Rootkits
often modify parts of the operating system or install themselves
as drivers.
Superzapping is the unauthorized use of special system programs to
bypass regular system controls and perform illegal acts.

Page 25 of 34

A computer virus is a segment of self-replicating, executable code

that attaches itself to software. Many viruses have two phases. In
the first phase, the virus replicates itself and spreads to other
systems or files when some predefined event occurs. In the attack
phase, also triggered by some predefined event, the virus carries
out its mission.
In one survey, almost 90% of the respondents said their company
was infected with a virus within the prior 12 months.
During the attack phase, triggered by some predefined event,
viruses destroy or alter data or programs, take control of the
computer, destroy the hard disks file allocation table, delete or
rename files or directories, reformat the hard disk, change the
content of files.
Symptoms of a computer virus include computers that will not start
or execute; unexpected read or write operations; an inability to
save files; long program load times; abnormally large file sizes;
slow systems operation; and unusual screen activity, error
messages, or file names.
The Sobig virus, written by Russian hackers, infected an estimated
1 of every 17 e-mails several years ago.
The MyDoom virus infected 1 in 12 e-mails and did $4.75 billion in
damages.
It is estimated that viruses and worms cost businesses over $20
billion a year.
Most viruses attack computers, but all devices connected to the
Internet or that are part of a communications network run the risk
of being infected. Recent viruses have attacked cell phones and
personal digital assistants. These devices are infected through
text messages, Internet page downloads and Bluetooth wireless
technology.
Flows in Bluetooth applications have opened up the system to
attack. Bluesnarfing is stealing (snarfing) contact lists, images
and other data from other devises using Bluetooth. Bluebugging is
taking control of someone elses phone to make calls or send text
messages, or to listen to phone calls and monitor text messages
received.
A worm is similar to a virus except for the following two
differences. First, a virus is a segment of code hidden in a host
program or executable file, a worm is a stand-alone program.
Second, a virus requires a human to do something (run a program,
open a file, etc.) to replicate itself; whereas a worm replicates
itself automatically. Worms often reside in email attachments,
which, when opened or activated, can damage the users system.

Page 26 of 34

A computer worm is a self-replicating computer program similar to

a virus except for the following three differences:
1.

A virus is a segment of code hidden in or attached to a host

program or executable file, while a worm is a stand-alone
program.

2.

A virus requires a human to do something (run a program,

open a file, etc.) to replicate itself, whereas a worm does
not and actively seeks to send copies of itself to other
devices on a network.

3.

Worms harm networks (If only by consuming bandwidth),

whereas viruses infect or corrupt files or data on a
targeted computer.

Worms often reside in e-mail attachments, which, when opened or

activated, can damage the users system.
A worm usually does not live very long, but it is quite
destructive while alive.
More recently, MySpace had to go offline to disable a worm that
added over 1 million friends to the hackers site in less than a
day.
Multiple Choice 8
Stealing tiny slices of money over time is which technique:
a.
b.
c.
d.

Posing
Salami technique
Vishing
Data diddling

Multiple Choice 9
Software that can be used to do harm is
a.
b.
c.
d.

Adware
Evil twin
Malware
None of the above

Learning Objective Four

Compare and contrast the approaches and techniques
that are used to commit computer fraud.

Preventing and Detecting Computer Fraud and Abuse

Page 27 of 34

Table 5-6 on Page 174 provides a Summary of ways to Prevent and Detect
Computer Fraud.
- Make Fraud Less Likely To Occur
- Increase The Difficulty Of Committing Fraud
- Improve Detection Methods
- Reduce Fraud Losses
Multiple Choice 10
Ways to prevent and detect computer fraud include
a. Develop a strong system of internal controls
b. Install fraud detection software
c. Integrate the accounting functions of authorization,
recording and custody.
d. All of the above
e. A and B

Answer to Multiple Choice Questions:

Multiple Choice Question Answers
Number Answer Number
Answer
1
D
6
C
2
B
7
C
3
B
8
B
4
A
9
C
5
E
10
E
The following is a couple of interest articles involving fraud.

A Report to the Nation*

According to Gil Geis, president of the Association of Certified Fraud
Examiners, the Report to the Nation on Occupational Fraud and Abuse
represents the largest known privately funded study on this subject. A
total of 2,608 Certified Fraud Examiners (CFEs) contributed details of
actual fraud and abuse cases totaling $15 billion. The largest fraud
case in the study involves $2.5 billion; the smallest, $22. The 2 year
study concluded that the average firm loses more than $9 a day per
employee to fraud and abuse, that fraud and abuse costs U.S.
organizations more than $400 billion annually, and that the median loss
per case caused by males is about $185,000, by females, about $48,000.
Three-fourths of the fraud offenses are committed by college-educated
white males. The data indicate that about 58 percent of the reported
fraud and abuse cases were committed by nonmanagerial employees, 30
percent by managers, and 12 percent by owner/executives. Median losses
caused by executives were 16 times those of their employees. The victims
in this report are organizations. The most costly abuses occurred in
firms with less than 100 employees. Common violations include asset

Page 28 of 34

misappropriation, corruption, false financial statements, false

overtime, petty theft and pilferage, use of company property for
personal benefit, and payroll and sick time abuses.
The Association of CFEs, the body conducting the study, concluded that
most occupational fraud and abuse can be prevented and detected with
common sense and inexpensive solutions, mainly through use of so-called
soft controls. First, since regular audits are not designed specifically
for fraud and abuse, a CFE should be consulted to assess a firms unique
fraud risks and to design programs that cost-effectively reduce
exposures. Second, employees who view their managers as ethical and
honest are more inclined to emulate their behavior. Third, a written
code of conduct sets forth what the organization expects from its
employees. Fourth, sound human resource policies and practices should be
followed, such as checking employee references and conducting other prescreening procedures. Fifth, a hot line is highly desirable.
In this study, the majority of fraud and cases were discovered through
tips and complaints by fellow employees. Sixth, the firms unopened bank
statement should be reviewed at the highest possible level by a
responsible person uninvolved with the bank reconciliation. Finally, a
positive and open work environment should be created to reduce the
motivation of employees to commit fraud and abuse.
*Report to the Nation on Occupational Fraud and Abuse (Austin, Tex:
Association of Certified Fraud Examiners, 1996). 43 pp

COMPUTER CRIME
At Omega Engineering*
A fired employee intentionally launched a logic bomb that permanently
caused irreparable damage to Omegas computer system by deleting all of
the firms software, inflicting $10 million in damages. Could it have
been prevented? Maybe! Could the damages and computer downtime have been
minimized through effective internal controls? Definitely. Thats the
assessment of control experts after the recent indictment of Timothy
Lloyd, the former chief computer network program designer and network
administrator at Omega Engineering in Bridgeport, N.J.
Omega is the classic situation of an inside hack attack, in this case a
logic bomb that detonates at a specified time. They are the most
difficult to defend against, said William Cook, a partner at Brinks
Hofer Gilson & Lione, a Chicago-based law firm. That is exactly what
happened, said Al DiFrancesco, Omegas director of human resources.
Three weeks after Lloyd was fired, our employees came to work and could
not boot their computers, he said.
Like many victimized businesses, Omega had thought it had implemented
reliable control mechanisms into its information systems. These control
mechanisms did lead back to Lloyd and resulted in his indictment,
Difrancesco said. Moreover, Omega canceled all of Lloyds access rights
and privileges on the date of his termination.
So what went wrong? For starters, besides being Omegas chief computer
network program designer, Lloyd was also the companys network
administrator. Thus he knew the ins and outs of the system and had all

Page 29 of 34

the supervisory privileges to make network additions, changes, and

deletions. In the wake of the damage caused by the logic bomb, Omega has
installed state-of-the-art internal controls, and the firm will no
longer put all it eggs in one basket. It is making sure that duplicates
of all data-base information, software code, and files are stored offsite.
*Adapted from Kim Girard, Ex-Employee Nabbed in $10M Hack Attack,
Computerworld, February 28, 1998 p. 6.
Note to the Instructor: The following is taken from the Certified Fraud
Examiners Manual that includes additional information regarding fraud
schemes that may be included for the students.
EMPLOYEE FRAUD SCHEMES
Cash
Cash is the focal point of most accounting entries. Cash, both on
deposit in banks and petty cash, can be misappropriated through many
different schemes. These schemes can be either on-book or off-book,
depending on where they occur. Generally, cash schemes are smaller than
other internal fraud schemes because companies have a tendency to have
comprehensive internal controls over cash and those internal controls
are adhered to. Cash fraud schemes follow general basic patters,
including skimming, voids/underrings, swapping checks for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
journal entries and kiting.
Skimming
Skimming involves removing cash from the entity before the cash is
recorded in the accounting system. This is an off-book scheme; receipt
of the cash is never reported to the entity. A related type of scheme is
to ring up a sale for less than the actual sale amount. (The difference
between the actual sale and the amount on the cash register tape can
then be diverted.) This is of particular concern in retail operations
(for example, fast food restaurants) where much of the daily sales are
in cash, and not by check or credit card.
EXAMPLE
According to an investigation, fare revenues on the Chicago
Transit Authoritys (CTA) rail system allegedly were
misappropriated by agency employees. The statistics indicate that
the thefts are not confined to the one station that originally was
suspected and that the fare-skimming by transit workers might have
been reduced by news of the investigation. IN the four days after
reports of skimming surfaced, about $792,000 was turned in by
station agents system wide. In a similar Monday through Friday
period only $723,000 was turned in by station agents.
CTA officials estimated that a planned installation of a $38
million automated fare-collection system would eliminate $6.5
million annually in revenue shrinkage, mostly from employee

Page 30 of 34

theft. At least 10 workers have been investigated, including nine

ticket agents and one supervisor or clerk. Early reports indicated
that agents pocketed money after recording transfer or monthly
passes as cash-paying customers passed through turnstiles.
Voids/Under-Rings
There are three basic voids/under-ring schemes. The first is to record a
sale/cash receipt and then void the same sale, thereby removing the cash
from the register. The second, and more common variation, is to purchase
merchandise at unauthorized discounts. The third scheme, which is a
variation of the unauthorized discount, is to sell merchandise to a
friend or co-conspirator using the employees discount. The conconspirator then returns the merchandise for a full refund, disregarding
the original discount.
EXAMPLE
Roberta Fellerman, a former Ball State University employee, was
indicted on federal charges of stealing about $105,000 from the
schools bookstore operations. Fellerman was charged with stealing
the money over a thirty-three month period.
The thefts allegedly were from proceeds of the sales of books to
students who took Ball State courses through an off-campus
program at many cities around Indiana. Fellerman was in charge of
the sale of the books from the book store.
Fellerman was accused of altering records and taking currency from
a cash drawer. She was also charged with income tax violations for
failing to report the stolen money on her federal tax returns.
Swapping Checks for Cash
One common method where an employee can misappropriate cash is to
exchange his own check for cash in the cash register or cash drawer.
Periodically, a new check is written to replace the old check. This
process can be continued so that on any given day, there is a current
check for the cash removed. This is a form of unauthorized borrowing
from the company. Obviously, if it is the company policy that cash
drawers or registers are reconciled at the conclusion of each day and
turned over to a custodian, then this fraud scheme is less likely to be
committed. However, if personnel are allowed to keep their own cash
drawers and only remit the days receipts, then this method of
unauthorized borrowing will be more common.
EXAMPLE
Lisa Smith, a Garfield High School fiscal clerk at a central
treasurer function allegedly borrowed $2,400 by placing 23
personal checks in deposits which were made from various student
activities at decentralized locations. Ms. Smith placed a personal
check in each deposit as a method of keeping track of the amount
of money which had been borrowed. The transactions were
inappropriately delayed for up to 5 months.

Page 31 of 34

Auditors detected the delayed transactions during an unannounced

cash count. On the day of the count, the fund custodian had only a
few hundred dollars in his bank account (confirmed by telephone
upon receipts of custodians authorization). When all 23 personal
checks were deposited in the districts account, several were
returned as NSF. After payday, all NSF checks subsequently cleared
the bank. The custodians employment with the district was
terminated.
Alteration of cash Receipts documentation
A lack of segregation of duties can create an opportunity for an
employee to misappropriate company funds. For example, if the same
person is responsible for both collecting and depositing the cash
receipts, then this person has the opportunity to remove funds from the
business for his own personal use and conceal such theft through the
deposits. This is often the case in smaller organizations where there
are few personnel to divide the daily operations. A variation of this
scheme is to mutilate or destroy the cash receipts documentation so that
any attempt to reconcile the cash deposited with the cash receipts is
thwarted.
EXAMPLE
An elected county treasurer allegedly stole $62,400 over a three
year period from property tax receipts. Every other day, after
cash receipt transactions were batched and posted to the
subsidiary accounting records, the treasurer altered the total
cash receipts and the actual deposit. Therefore, the control
account and the deposit were equal but that total did not match
the total postings to the individual tax payers accounts. In each
of the three years, the difference between the control account
receivable and the summation of the individuals in the subsidiary
accounts was written off. These were unsupported accounting
adjustments.
Evidence was obtained by reconstructing the three years cash
receipts and matching the differences between the total cash
receipts, control account and the individual (subsidiary) accounts
with the unsupported accounting adjustments.
Fictitious Refunds and Discounts
Fictitious refunds occur when an employee enters a transaction as if a
refund were given; however, no merchandise is returned, or no discount
is approved with substantiates the refund or discount. The employee
misappropriates funds equal to the fictitious refund or discount. This
scheme is most prevalent in the retail/merchandise industry; however, it
can occur in any operation in which a refund or discount is given.
EXAMPLE
Dora Malfrici, a former New York University student financial aid
official, was charged along with her husband Salvatore with
stealing $4.1 million. This was allegedly done by falsifying more
than a thousand tuition refund checks. The loss was described as
on of the largest embezzlements ever uncovered at a U.S.

Page 32 of 34

university. The money was allegedly taken from the Tuition

Assistance Program, operated by the New York State Higher
Education Services Corporation to provide expenses money to needy
students. However, NYU officials assert that the funds came from a
University account, not from State money.
Malfricis job was to assure that students entitled to funds from
the Corporation received their checks. According to the U.S.
Attorney, she arranged for checks to be made out to hundreds of
legitimate NYU students who were not entitled to receive any
funds. These students were kept unaware of this because the checks
were deposited into bank accounts in Manhattan and New Jersey that
allegedly were controlled by the Malfricis. These checks were made
over to Elizabeth Pappa before being deposited into accounts in
that name. Some other checks were made payable directly to Pappa.
The FBI was unable to locate Elizabeth Pappa and believes that
such a person never existed. Reportedly the Malfricis spend
$785,000 of the funds in question on expensive jewelry and $85,000
of the money on Florida real estate.
Kiting
Kiting is the process whereby cash is recorded in more than one bank
account, but in reality, the cash is either nonexistent or is in
transit. Kiting schemes can be perpetrated using one bank and more than
one account or between several banks and several different accounts.
Although banks generally have a daily repot that indicates potential
kiting schemes, experience has shown that they are somewhat hesitant to
report the scheme until the balance in their customers accounts is
zero.
There is one important element to check kiting schemes: all kiting
schemes require banks to pay on unfunded deposits. This is not to say
that all payments on unfunded deposits are kiting schemes, but rather,
that all kiting schemes require payments be made on unfunded deposits.
In other words, if a bank allows its customers to withdraw funds on
deposits that the bank has not yet collected the cash, then kiting
schemes are possible. In todays environment where customers use wire
transfers, kiting schemes can be perpetrated very quickly and in very
large numbers.
EXAMPLE
Ronald W.P. Sylvia, 59, and his son-in-law, Philip L. Grandone,
33, both of Dartmouth, admitted to participating in a check-kiting
scheme that bilked the Bank of Boston out of $907,000. Grandone,
owner of two pharmacies in the New Bedford area, had cash-flow
problems when Sylvia, operator of two auto sales and leasing
businesses, offered to write a check to cover some of his son-inlaws operating expenses. Grandone repaid that $50,000 loan within
a few days, but borrowed again and again in every-increasing
amounts to bring fresh infusions of cash into his faltering
pharmacy businesses. An exchange of checks between Grandone and
Sylvia eventually occurred literally daily until Sylvias bank
caught on to the float scheme and froze Sylvias account.

Page 33 of 34

Cut off from Sylvias supply of cash, Grandones account with the
Bank of Boston was left overdrawn by $907,000. Grandone was
ordered to make restitution to the Bank of Boston.

Page 34 of 34