PENTECOST UNIVERSITY

NAME: EMMANUEL NII ABLORH

COURSE: ACCOUNTING INFORMATION SYSTEM
(AIS)
PROGRAMME: BACHELOR OF COMMERCE
ID: PUC/200197

Required (30 marks)

Explain any five methods of computer fraud and abuse that perpetrators can
commit against a company. How can these methods compromise a company’s
information system?

Explain any two examples of financial statement fraudulent practices.

Methods of computer fraud and abuse and how they comprise the information system.

1. Phishing: it is a type of computer crime that occurs when someone tries to obtain

personal, often financial information from an individual without their knowledge. It

occurs in conjunction with spoofing where someone sends an email or text message

claiming to be a trusted company that needs information. It is common in internet ads,

which ask someone to click a link that leads them to a fake website or exposes their

personal information. The suspecting target when they open a message or link thinks

they are communicating with a legitimate company and as such provide login

information, card details, or other information that allows the phisher to access their

account.

They comprise the information system when an individual falls victim to a phishing

attack, they advertently provide the attacker with credentials that can be used to

access a company’s information system. It leads to unauthorised access and data

breaches.

2. Malicious software: computer hackers identify weaknesses in computer security

systems. They create and send viruses and malware that exploits security gaps and

disrupt normal computer and system functioning. Some programs known as ransom

ware may hijack and disable the network, blocking users’ access or threatening

complete data corruption. The hacker then demands payment from the person and

company to release the system, or threatens that they will breach the network and

access the sensitive data. It can infect a network and disrupt computer functioning.

It can also destroy a device or allow someone access to the data on the device without

the owners’ knowledge. Worms replicate themselves to spread across network. This

malware comprise the information system by corrupting or steal, disrupt operations,

 and provide attackers with unauthorised access to systems resulting in downtime, data

loss, etc.

3. Social engineering: this is where individuals are manipulated into divulging

confidential information or performing actions that compromise security. Techniques

include phishing, pretending, baiting. Cybercriminals make direct contact with the

victims through phone, emails or even in person. Techniques like pretending can trick

employees into revealing sensitive data or granting access to secured system can

comprise the information system. This leads to data breaches and unauthorised access

to critical systems.

4. Denial of service: it is a blatant attempt by cybercriminal to take down a system or

network temporarily or completely. This overwhelms a system with multiple

connection requests that it cannot handle. A DoS attack makes a website or other

internet-based service unavailable. The attacker sends huge number of requests to site

at once, causing it to crash.

It compromises the information system where the attacks can severely disrupt

business operations leading to downtime and loss of productivity. They can also

distract IT staff and create vulnerability that attackers can exploit to gain access to

systems.

5. Botnets: are networks from comprised computers that are controlled externally by

remote attackers, known as ‘bot herders.’ The attackers target other computers and

send spams or malware by using these botnets. This type of cybercrime is usually

performed against businesses and government as they targeted entire IT infrastructure.

 It is a network of computers that have been infected with malicious software and

controlled remotely by an attacker.

It comprises the information system where the malicious activities of botnet can

consume significant system resources. The presence of botnet malware indicates a

security breach that expose the company to further attack. They can cause direct

financial loss through fraudulent activities.

Examples of financial statement fraudulent practices

1. Improper disclosure: it is the misrepresentation or manipulation of financial

information in the financial statement. It presents a false picture of a company’s financial

health and performance, gaining undue advantage. It involves the improper disclosure of

material information such as contingent liabilities, significant events, management fraud,

related party transaction and accounting changes. Shareholders are not fully provided

with significant information. Example; the Eron Scandal where there was the use of off-

balance sheet entities to hide and inflate profits. This led to Erons bankruptcy, significant

investor losses, etc.

2. Overstating revenue: it involves recording revenue before it is actually earned or

inflating sales figures to make a company’s financial health appear better. It also involves

recording more revenue than the company has actually earned within a reporting period.

This deliberate misrepresentation of financial performance is done to deceive

stakeholders about the company’s financial health and performance. Example;

WorldCom, a telecommunication company, was involved in one of the largest accounting

scandal in history. They used several fraudulent accounting practices to overstate the

revenue and inflate its financial performance.