Review: Spam Nation Provides Detailed, Practical Workings of Cyberfrauds

/

BOOKSTORE STAFF PICK

Spam Nation: The Inside Story of Organized Cyber Crime

The ACFE Bookstore offers hundreds of resources including books and manuals, self-study CPE courses, the CFE Exam Prep Course, merchandise and more. In this interview, Dick Carozza, CFE, editor-in-chief of Fraud Magazine, offers his suggestion on one must-have resource to help you in your fight against fraud.

What is your professional background and current role at the ACFE?
My background is in journalism. I’ve worked as an editor and writer for several newspapers and magazines. I’ve been editor-in-chief of the ACFE publication, Fraud Magazine, since we developed it into a four-color magazine in 1995.

Why would CFEs be interested in the new book, Spam Nation?
Brian Krebs, the author of KrebsOnSecurity.com, is a noted cybersecurity expert and a former Washington Post reporter. (He’ll be a keynoter at the upcoming 26th Annual ACFE Global Fraud Conference and will receive the ACFE’s Guardian Award.) He broke the story that credit and debit card accounts stolen in a massive data breach at Target had been flooding underground black markets. Krebs also discovered breaches at Home Depot, Neiman Marcus and others. Because of his deep contacts in the financial sector and the shadowy cybercrime world, he’s able to provide detailed, practical workings of some of the largest global cyberfrauds. Early detection equals prevention. (Read the cover article for the March/April 2015 issue of Fraud Magazine.)

How is the information in this product useful for CFEs in their professional roles?
CFE’s clients, employers, family members and friends look to them to help deter fraud in their lives and organizations. The detailed information Krebs provides — including the prevention tips — will help us keep our personally identifiable information intact and prevent organizational data breaches. And the book is a great read. Krebs writes about the machinations of cybercrime rings and his travels to Russia to interview some of the colorful, complex fraudsters who spew spam around the world that enables identity theft. Edge-of-your seat copy!

Order your copy of Spam Nation today on ACFE.com.

Interview with a CFE: 'Find the Lie and Find Who Benefited From It'

/

MEMBER PROFILE

Peter Donnelly, CFE
Deputy Constable, Tarrant County, Texas

An assistant U.S. attorney once told Peter Donnelly, CFE: “All fraud starts with a lie; somebody told a lie to get what they wanted illegally. Find the lie and who benefited from it.” He has followed this advice throughout his career as a deputy constable in Tarrant County, Texas. Donnelly has worked more than 1,000 non-real estate judgment writs and has collected more than $800,000 for plaintiffs in two and a half years.

How did you become passionate about fighting fraud?
I became passionate about fighting fraud when I transferred to Texas as a postal inspector; I had worked mainly street and internal crimes prior to that. In Fort Worth, Texas, I was initially assigned to a credit card fraud team and later served on the Southwest Financial Crimes Task Force. I went back to external street crimes, but I found that mail thieves had gotten more sophisticated in what they stole and how they used the information. This meant that there were more crimes involving banks, credit unions and other financial institutions. A simple check forgery, for example, represents identity theft, because of the forgery and ID used: bank fraud, wire fraud and bank larceny. Around that time a fellow postal inspector and former ACFE Regent, Marty Biegelman, CFE, suggested I become a Certified Fraud Examiner (CFE). 

What is one of the biggest lessons you have learned since becoming a CFE?
This is something the same assistant U.S. attorney mentioned earlier told me: “When you are looking for a particular tree, be sure to look at the whole forest,” i.e., the big picture.

What is your current role and what does it entail?
I’m a deputy constable assigned to execute non-real estate judgment writs. I’ve had nine defendants attempt to hide assets, mainly through transfers to family members, or by creating new shell companies and then “selling” the property to them. These instances are where my CFE training has really helped. I’ve found that once you discover the scheme, having followed the money or property, and confronted the defendant, the defendant can’t open his wallet or checkbook fast enough.

Did you always plan to pursue the role you are currently in?
I always wanted to be a small town police chief but after what I’ve learned and experienced, I think I’ll stay where I am. I’ve simply allowed my talents and aptitudes to guide me.

What do you wish someone would have told you about your career when you were just starting out?
How to write a decent report!

What advice do you have for those looking to become a CFE?
Explore all opportunities, like government inspector general agencies, and commercial and industrial special investigation units, and learn as much as you can about the areas you’d like to investigate. Above all, be ethical.

What activities or hobbies do you like to do outside of work?
I teach child protection courses for my church, sing in the choir and I am a member of the Knights of Columbus. I enjoy quality time with my two dogs, a shot of good bourbon with a good cigar. I also play the piano (badly, I might add) and enjoy shooting sports.

Read more profiles like Peter's in the Career Center on ACFE.com.

Data Breach: Two Words You Don't Want to Hear

/

LETTER FROM THE PRESIDENT

Data breach! Stomachs churn, blood pressures rise and knees quiver when organizations hear those two words.

On Dec. 18, 2014, Brian Krebs was the bearer of bad news when he broke the story that credit and debit card accounts stolen in a massive data breach at Target had been flooding underground black markets. The next day, Target confirmed to Krebs, the author of KrebsOnSecurity.com, that cybercriminals had stolen more than 40 million debit and credit cards from the retailer's stores throughout the U.S.

Management at Home Depot, Kmart, P.F. Chang's and many others also reached for the Pepto-Bismol when Krebs revealed that they were data breach victims, too.

Why do these huge breaches keep happening? Well, first of all, the largest ones make the splashiest news, no doubt. But any organization that's connected to the Internet is at risk. Cybercriminals can creep into companies via outside vendors (like the Target breach), email attachments, bogus websites or some adept social engineering.

"Stolen credentials and passwords, in particular, are some of the most intractable problems in cybersecurity today," Krebs, an award-winning investigative journalist, says in the cover article of the March/April issue of Fraud Magazine. "It's bad enough that many banks do not even offer their customers the ability to authenticate themselves with anything more than a user name and password which, when phished, lost or stolen, can be used to impersonate that person. However, the lack of two-factor authentication within organizations for employees with access to sensitive customer and employer data is a recipe for disaster."

Krebs says that most companies spend "ridiculous percentages" of their security budgets on hardware, software and services that alert them when suspicious activity occurs on their networks that might indicate breaches. "Unfortunately, these systems generate so much noise and false alarms that it becomes a challenge whittling down the alerts to a few that you really need to read and act on," Krebs says. "This is a constant struggle because organizations are producing lots more data each day, and more devices are being added that generate alerts."

Read Krebs' interview so you can help your organizations (plus family and friends) protect themselves against breaches and data theft. Better yet, come to the 26th Annual ACFE Global Fraud ConferenceJune 14-19 in Baltimore, Maryland, to hear Krebs, a keynoter speaker, in person.

I'm looking forward to seeing all of you as we compare notes on the latest fraud-fighting techniques. See you in Baltimore!

Target Uses Corporate Alliance Program to Connect Faster and More Genuinely

/

PARTNER PROFILE

Today the ability to connect with people at any time and from any place seems easier than ever. A tap of a finger makes the time it takes to reach someone almost instantaneous. However, reaching someone is only half the battle. The dreaded blocked-out day on an Outlook calendar, family obligations and the ding of a new email can sometimes get in the way of many attempted connections. But, the investigative team at Target is using partnerships like the ACFE’s Corporate Alliance programs to become connected to others in their industry and get the insight they need to stay ahead of the curve.

“To be successful in fighting fraud, you need to have broad knowledge and have a diverse network both inside and outside of your organization,” said Gregg Patyk, CFE, Senior Manager of Target’s Global & Information Security Investigations. “The Corporate Alliance helps us attain those goals. It enables us to connect faster and more genuinely with other companies that have similar goals and mindsets.”

Since joining the Corporate Alliance program in 2011, Patyk and his team have been able to build relationships with other member companies, especially during face-to-face seminars. At the ACFE Global Fraud Conference in San Antonio, Texas, last June, Target representatives sat down with other members and discussed specific initiatives regarding whistleblowing reporting within large companies.

“Since the conference, we’ve received assistance that we could not have received anywhere else,” Patyk said. “Likewise, we reciprocated and helped another member company resolve some of their issues. In both examples, both of our companies were able to expedite the resolutions of each matter because of partnerships and information sharing. Building partnerships with other companies enables Target to learn what other companies are doing and how they are successful with their anti-fraud programs.”

However, Patyk said that as in any relationship, it isn’t just about sharing the successes and passing along what has worked. There is also value in sharing challenges and having those tough discussions about things that didn’t work. “Being part of a group that shares information freely is conducive to learning. For example, not every program and method we have tried in the past has worked. I think it is equally important to share failures along with the success stories, so we can learn together.”

In addition to building connections with other corporations, Target uses data analytics to remain proactive and forecast potential threats. But Patyk said that there is another crucial step that goes along with that analysis. “I believe using analytics is a secondary step in being proactive. To truly be proactive, you need to be well-informed and have the right skills, knowledge and information. We connect with our internal business partners on a routine basis to have a better understanding of their businesses. By building these connections ahead of time, it really helps when there is an issue because we’ll have at least a cursory, if not better, understanding of that part of the business and be viewed as problem solvers versus adversaries. Building partnerships, staying informed and being well-trained are the first steps in being proactive.”

Read more about how Target is staying one step ahead of fraudsters in the full article on ACFE.com.

Kicking the Cane: Intra-familial financial exploitation of the vulnerable elderly

/

SPECIAL TO THE WEB

Annette Simmons-Brown, CFE

On Jan. 16, Martin Thibodeaux of Arnaudville, Louisiana, was arrested and booked on the charge of "financial exploitation of the elderly." Thibodeaux, according to a Jan. 20 KLFY article by Brittany Altom, had been listed as an authorized user of his 86-year-old grandmother's bank account for the purpose of caring for her. However, within six months, he made ATM withdrawals 12 times, cashed checks and made in-person direct cash withdrawals, and visited her bank 22 times to open her safety deposit box. According to the article, Thibodeaux accessed his grandmother's account 34 times and stole more than $36,000.

Financial crimes that target the elderly are increasing. According to The Wall Street Journal, "People 60 years and older made up 26% of all fraud complaints tracked by the Federal Trade Commission in 2012, the highest of any age group. In 2008, the level was just 10%, the lowest of any adult age group." (See, Financial Scammers Increasingly Target Elderly Americans, by E.S. Browning, Dec. 23, 2013.) Investigators estimate that only 10 percent of such frauds are reported, according to the article.

This underreporting of financial crimes against the elderly makes it difficult to get reliable statistics. It's possible that the aggregated financial impact on elderly victims — and society in general — will get much worse before a comprehensive national research and intervention response is entrenched.

Much of current popular and professional discussion on financial fraud that targets the elderly focuses on perpetrators outside victims' social nexus — shady investment promoters, faux home-improvement crooks, telemarketing scammers, identity thieves — who have built actual businesses and use the elderly as a conveniently vulnerable victim pool.

However, within this matrix there's another growing class of criminals: relatives of the elderly who steal from their own vulnerable family members under the guise of assisting them in their midnight years. And it's highly prevalent. According to a Consumer Report PDF, "Steven Peck, an elder-law attorney in Van Nuys, Calif., estimates that 75 percent of elder abuse is done by someone in the immediate family. …"

This two-part article will look at intra-familial elderly financial fraud, which is highly challenging to combat. In part one, we'll look at the growing incidences of this type of fraud. We'll use The Fraud Triangle to look at the similarities of these fraudsters to traditional occupational fraudsters. In part two, we'll look at actual criminal case summaries that demonstrate this category of fraud.

The two parts will outline these fraudsters' patterns of behavior and the difficulties of identifying, investigating and prosecuting crimes within families.

ELDERLY FINANCIAL FRAUD AND THE FRAUD TRIANGLE

Family members often have to assist their aging grandparents, parents, aunts and uncles as they become less able to take care of themselves. Frequently, these helpmates need access to their assets to assist effectively. They need to pay the elderly's bills, execute decisions on the disposition of real and personal property, manage their assets, and help make or implement medical decisions.

Frequently, helpmates are placed onto the elderly's financial accounts — and real property titles — as joint owners specifically so they can manage the elderly's financial matters both small and large. And very often, a helpmate is appointed as an attorney-in-fact through a power-of-attorney instrument that gives him or her specific responsibilities and capacities regarding the elderly's assets. At this point, a helpmate often is given direct and legal access to an elderly person's property and credit, and the ability to steal is remarkably amplified. The Fraud Triangle now comes into play.

Donald Cressey's Fraud Triangle teaches us that there are three interrelated elements that enable someone to commit fraud:

  • Perceived pressure to commit and conceal the dishonest act.
  • Perceived opportunity to commit the crime without being caught.
  • Some way to rationalize the fraud as not being consistent with one's values

(Excerpted and adapted from the 2014 ACFE Fraud Examiners Manual, 4.240, 4.247, copyright 2014.)

Though Cressey developed The Fraud Triangle within the context of occupational fraud — to represent the embezzler, the cash-register skimmer, the insurance scammer, the bid rigger — it also perfectly captures the framework of the crooked family member who now has access to the cookie jar containing the elderly's assets.

Want more? Read Annette's full article about elder fraud on Fraud-Magazine.com.