CHAPTER 8

FRAUD AND ERRORS

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

1. An employee at an electrical engineering firm was unhappy about being overlooked

for a promotion opportunity and decided to resign. He started working at a
competing firm in the same city. The former firm soon realized that its innovative
designs in engineering solutions were being made available at the new firm where
the employee was now working. After a thorough investigation, it was found that
the disgruntled employee’s account and password (and therefore his access to
confidential designs) were still active. The investigation indicated that the employee
had regularly accessed his account and reviewed the confidential designs.

a. Identify and explain the type of fraud that has taken place.

b. What must have motivated the employee to commit the fraud? Explain your
answer.

c. List two contributing factors to the type of fraud that has taken place.

2. You were asked to investigate extremely high, unexplained merchandise shortages

at a department store chain. Classify each of the five situations as a fraudulent act,
an indicator of fraud, or an event unrelated to the investigation. Justify your
answers. Adapted from the CIA Examination

a. The receiving department supervisor owns and operates a boutique carrying

many of the same labels as the chain store. The general manager is unaware
of the ownership interest.

b. The receiving supervisor signs receiving reports showing that the total
quantity shipped by a supplier was received and then diverts 5% to 10% of
each shipment to the boutique.

c. The store is unaware of the short shipments because the receiving report
accompanying the merchandise to the sales areas shows that everything was
received.

d. Accounts Payable paid vendors for the total quantity shown on the receiving
report.
 e. Based on the receiving department supervisor’s instructions, quantities on
the receiving reports were not counted by sales personnel.

CHAPTER 9

COMPUTER FRAUD AND ABUSE TECHNIQUES

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

3. What is social engineering? Describe at least four social engineering techniques.

Piggybacking—

Masquerading or Impersonation—

Social engineering—

Identity theft—

Pretexting—

Posing—

Phishing—

Vishing—

Carding—

Pharming—

Typosquatting—

Scavenging—

Shoulder surfing—

Skimming—

Eavesdropping—

E-mail forgery—
4. The controller of a small business received the following e-mail with an authentic-
looking e-mail address and logo:
From: Big Bank [[email protected]]
To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!

Due to the increased incidence of fraud and identity theft, we are asking all bank
customers to verify their account information on the following Web page:
www.antifraudbigbank.com

Please confirm your account information as soon as possible. Failure to confirm

your account information will require us to suspend your account until
confirmation is made.

A week later, the following e-mail was delivered to the controller:

From: Big Bank [[email protected]]

To: Justin Lewis, Controller, Small Business USA
Subject: Official Notice for all users of Big Bank!

Dear Client of Big Bank,

Technical services at Big Bank is currently updating our software. Therefore, we
kindly ask that you access the website shown below to confirm your data.
Otherwise, your access to the system may be blocked.

web.da-us.bigbank.com/signin/scripts/login2/user_setup.jsp

We are grateful for your cooperation.

a. What should Justin do about these e-mails?

b. What should Big Bank do about these e-mails?

c. Identify the computer fraud and abuse technique illustrated.