Fraud

Fraud Investigation Concepts

Project Name: Fraud Investigation Concepts

Author: Rohit D Sadgune

Description: Fraud Investigation is an investigation can and should be undertaken on behalf of or by anyone at legal or financial risk. This entire blog will describes..

Legal System In India Criminal Incidents in India Civil Incidents in India
Internal Threats External Threats Computer Frauds in India
Others Frauds in India Forensics Investigation Challenges Forensics Incidents

 

  • The Legal System : -Legal systems are the systems of common law, civil law and religious law. Each nations often develops variations on each legal system and incorporates many other features into the system.
  • Criminal Incidents:- Criminal Incidents are incidents in which some unusual activity is involved & incident compromises any form of legal systems. There are multiple cyber criminal incidents.
    • Identity Theft: – Identity theft occurs when fraudsters access more than enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. Identity theft can take place whether the fraud victim is alive or dead.
    • Telecommunications fraud: – These fraud involves misuse or tampering actual telecommunication system by damaging billing systems, changes in telecommunication services, tampering with any facility or equipment.
    • Online Auction Fraud: – Auction fraud involves fraud attributable to the wrong representation of a product, articles, goods advertised or published for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.
    • Trafficking in Contraband: – This is the kind of fraud in which goods, articles or any material imported or exported illegally, either in defiance of a total ban or without payment of duty.
    • Network Intrusions: – Network Intrusion is activity in which intentionally or unintentionally malicious activity is perform which result network damage. The impact of Network Intrusion is it hampers the larger scale of businesses.
    • Cyber Threats: – the possibility of a malicious attempt to damage or disrupt a computer network or system.
    • Pirating Intellectual Property: – Intellectual property (IP) rights are legally considered as right assign to exclusive creations of the mind. Under intellectual property laws, owners are given certain exclusive rights to a variety of intangible assets, such as musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs. Common types of intellectual property rights include copyright, trademarks, patents, industrial design rights, trade dress, and in some jurisdictions trade secrets.

Civil Incidents

  • Theft of Proprietary Data :- Data theft is a highly serious problem primarily generated by office employees with access to technology such as desktop computers and hand-held devices capable of storing digital information such as USB flash drives, iPods and even digital cameras. Since company workers often works a very high amount of time developing contacts and confidential and copyrighted information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.

 

  • Misuse of Corporate IT assets: – This is another form of digital crime, although it may be more correctly described as digital information abuse. It involves the Misuse of Corporate IT asset in this case computers, by employees for non-authorised activities. Again, this is very much dependent on the policies and procedures within a company.

 

  • Employee wrongful termination lawsuits: – The term “wrongful termination” means that an employer or worker has fired or laid off an employee for illegal reasons in the eyes of the management people or decision makers.
Fraud Investigation Concepts
Fraud Investigation Concepts

Internal Threat

  • Malicious cyber attacks: -A cyber attack is intentionally exploitation of digital systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter digital media code, logic or data, resulting in devastating consequences that can compromise data and lead to cybercrimes, such as information and identity theft.Cyber attack is also known as a computer network attack (CNA).

Cyberattacks may include the following consequences:

  1. Identity theft, fraud, extortion
  2. Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
  3. Stolen hardware, such as laptops or mobile devices
  4. Denial-of-service and distributed denial-of-service attacks
  5. Breach of access
  6. Password sniffing
  7. System infiltration
  8. Website defacement
  9. Private and public Web browser exploits
  10. Instant messaging abuse
  11. Intellectual property (IP) theft or unauthorized access
  • Social engineering: – Social engineering, in the context of information security, refers to physical manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.
  • Downloading malicious internet content: – Malicious internet content refers to malicious code that is inserted into multiple scripting languages. This program is typically downloaded onto a user agent i.e Web browser and launched without authorization on an unknowing user’s local system. Malicious internet content is used to embed worms and viruses, resulting in the collection of local user information as well as other computer issues
  • Information leakage: – Information leakage happens whenever a system that is designed to be closed to end user some information to unauthorized parties nonetheless.
  • Illegal activities: – An act committed in violation of law where the consequence related to digital information.

Fraud Investigation Concepts

 

  • Fraud: – Fraud is a one kind of criminal activity, defined as: ‘abuse of position, or false representation, or prejudicing someone’s rights for personal gain’.
  • Embezzlement: – is the act of dishonestly withholding assets for the purpose of conversion (theft) of such assets by one or more individuals to whom such assets have been entrusted, to be held and/or used for other purposes.
  • Sabotage :- Sabatoge is action taken deliberately to destroy, damage, or obstruct (something), especially for political or military advantage.
  • External Threat
    • Malware, Botnets and DDoS Attacks
    • Social Engineering (rising threat)
    • Mobile devices (rising threat)
    • Internet attacks (rising threat)
    • Phishing
    • ACH Fraud: Corporate Account Takeover

 

20140307-cybercrime-shutterstock

Computer Fraud

  • Corporate Fraud :- Activities performed by an individual or company that are done in a dishonest or illegal manner and are designed to give an advantage to the individual or company.
  • Asset stripping:-Asset stripping refers to employee selling off parts of a company to raise money.
  • Fraudulent trading: – Fraudulent trading is a business activity that is deliberately designed to defraud creditors.
  • Share ramping :-Share ramping is a one kind of illegal market abuse, involving talking up the price of particular shares in order to mislead the market. It is also known as ‘pump and dump’ and ‘book ramping’.
  • Publishing false information: – This is usually done to mislead investors and creditors and to keep a failing company trading.
  • Public Sector Fraud: – Public sector fraud involves criminals mind to exploit public sector grant and compensation schemes for their personal gain.The criminals produce fake documents and applications to intentionally deceive and exploit certain public sectors schemes which are there to help genuine applicants.
  • Investment fraud: – The fraudernts use convincing arguments to make people part with their company savings. These types of schemens devloped by these people usually force you to invest your money in a company or an opportunity which they have crated seems to be mouthwatering at that moment offering very high rates of return.
  • Other frauds include

tax-fraud1

  • Tax and excise fraud :- Tax fraud is an activity commonly associated with the illegal economy. One measure of the extent of tax fraud is the amount of unreported financial assets & respective income, which is the difference between the amount of income that should be reported to the tax authorities and the actual amount reported.
  • Identity fraud: –   Identity fraud can be defined as the use of that theft identity in criminal mindset to obtain services, goods by deception.
  • Benefit fraud: – Benefit fraud is a form of financial fraud where as found within the government systems which provides benefits paid to individuals by the false positive measures.
  • Civil matters (negligence, for example)
  • Contractual dispute
  • Advance fee frauds
    • Forensics Investigative Challenges
      • Legal Issues
      • Different storage Media
      • Different Files Systems
      • Mobile Forensics
      • AntiForensics Investigation
      • Increase in numbers of digital devices per employee
      • Larger storage devices
      • Pressure to accelerate reporting time
      • New application
      • Cloud forensics

Computer Forensic Incidents

What is computer forensic- Gathering of digital evidence in a manner which should be untainted, authentic and can be admissible in the court of law

  • What is the legal system? Different laws and criminal cases in the digital forensics as case study and different section and act for the same.
    • Criminal incidents like Identity Theft, online auction, Child pornography, Network Intrusions etc.
      • Computer Frauds. Frauds can be internal and external. Internal frauds can be done in a company by the internal users by using company resources .External frauds are done by outsiders mostly by hackers for financial gains.For eg;Denial of service, Intrusions etc.
        • Investigating challenges are like growing hard disk space and more GBs mean for overall acquisition and analysis time