Here is a fairly bizarre story about someone who increased the hours of his fellow employees in a company’s time clock application, waited for them to get paid, then switched the numbers back before their managers got their individual reports. It gets a little "better" – when an HR representative starts to figure it out, he resorts to what the article calls "blackmail" but it sounds more like a straigthforward threat of physical harm to me. 

A basic segregation of duties issue – when one person controls both the request for payment and fulfillment, you are at risk. The goal is to force collusion among two or more parties in order to compromise any transaction. Reconciliations generally should catch this.

The person got seven years in prison for the crime. No mention of what happened to the employees who accepted the overpayments…

I wonder how many people said "I never would have guessed he would do that" ? That’s my favorite response with "Insider" threats (which I fuzzily define as attacks and compromises perpetrated by "trusted" people with significant information about the systems of an organization rather than an attack that originates within the perimeter of the network. Nowadays, it is just as likely that an "insider" attack will come from an external location due to telecommuting, business partner relationships, etc.).

Total damage: 21,000 hours worth of wages. No mention on whether the overpayments were (or will be) recovered.