In the summer of 2017, researchers from the University of Washington presented technology they developed that combined realistic lip-synched video of former U.S. President Barack Obama with preexisting video and audio clips. In doing so, they birthed deep fakes, a phenomenon which has gone on to cause consternation among national security figures and, generally, creep a lot of people out.Read More
As the world witnesses a surge in fraud incidents, leveraging artificial intelligence (AI) for fraud detection could be the key to saving millions of dollars in financial fraud losses. Organizations worldwide are increasing their investment in AI-based fraud detection solutions, indicating that the industry is bullish on the capabilities of AI in fraud.Read More
Amber Mac, TV/Radio Host, Internet of Things Expert at AmberMac Media, and keynote speaker at the upcoming 2017 ACFE Fraud Conference Canada in Toronto, October 29-November 1
What do you think is the No. 1 security risk that advancing technology poses?
I think the Internet of Things (IoT) attack surface is the biggest technology threat today. As Gartner points out, there will be 20 billion devices connected to the internet by 2020. However, unlike smartphones and computers, we're seeing thousands of newly released IoT gadgets every day from a myriad of suppliers. This means that security precautions are often bypassed in order to get to market more quickly. (Hear Amber discuss this even more in depth in her podcast interview at ACFE.com/podcast.)
How do you think fraud examiners could potentially use (and conversely fraudsters abuse) AI?
When we talk about artificial intelligence (AI), fraud examiners are more regularly using this technology to detect fraud (without even knowing it). For example, machine learning software (one application of AI) can now quickly and effectively determine accounting abnormalities. However, fraud attackers are also using early stage AI to commit fraud. If fact, most worrisome to me is video fraud. Many research institutions are already experimenting with algorithms that program a video to make a politician or business leader appear to say things that they did not. One can only imagine the issues with this as the technology gets into the wrong hands.
What are you most hoping attendees of the conference will take away from your presentation?
I really want attendees to leave my presentation with a much better understanding of the future of both the Internet of Things and artificial intelligence. It’s critical to recognize what’s happening in the market today and where things are heading in the next five to 10 years, so fraud examiners can properly prepare for the inevitable risks.
You are on the front lines of the latest and greatest technology out there, but what is one thing you still hold on to that is manual or traditional?
Strangely enough, I still write my research notes on a piece of paper or in a notebook. For me, it’s not that I don’t recognize the power of digital tools to simplify this process, but I use this practice as a memory tactic. It’s only upon writing with pen to paper that I can better recall facts and stats.
You can read more about Amber and register for the 2017 ACFE Fraud Conference Canada at FraudConference.com/Canada. Be sure to register by September 29 to save CAD 100!
Jeremy Clopton, CFE, CPA, ACDA
Director, Forensics and Valuation Services
In what seems to be a pattern in investigations, a deceased woman’s FitBit was used to help solve her alleged murder. In this situation, the data from the FitBit, as well as social media activity, was used to disprove an account of events provided by her husband.
This story illustrates how data beyond the obvious can be used in investigations of all types. The same mentality can be beneficial to fraud examiners as well. The key is to consider all the potential data points available to help in an examination.
Let’s consider a financial statement manipulation scheme. While you may know the user ID that posted the entry, it is important you look even further for evidence of who actually posted it. Other relevant data points may include:
- Date/time the entry was posted
- Workstation from which the entry was posted
- User ID typically associated with that workstation, compared to the user ID posting the entry
- Was the user signed in remotely or in the office?
- Who was in the office on the date/time the entry was posted (badge access records)?
- Was there email activity or other digital activity on the workstation?
- Who actually logged in to the workstation from which the entry was posted?
Clearly there is a lot more information than just the date, debit/credit, account number and amount. As you approach your next examination, consider the following:
- What is the alleged scheme?
- What other data can help me determine what happened or who was involved?
- Are there data sources to help corroborate or refute the allegations?
- Do the patterns of activity match our expectations?
I’m not saying a FitBit and social media will help solve your next investigation, though I am confident there is quite a bit more data out there you may find useful to your case.
You can hear Jeremy speak on how to effectively communicate complex data next week at the 28th Annual ACFE Global Fraud Conference, June 18-13 in Nashville.
Associate Director of Forensic Services, SKP Business Consulting
In the current electronic age, e-discovery is considered one of the key approaches for gathering evidence in litigation and investigations into misconduct. With new tools being created to help uncover and understand electronic data, the industry is evolving to new heights. When there is a large amount of data to review, the process requires a purpose-led approach to ensure the evidence is compiled objectively and accurately.
E-discovery reviews are based on keywords, timelines and communication patterns relevant to a purpose or defined objective. Amidst multiple aspects — like the nature of email threading, parent-child linkages, text analytics and communication patterns considered for review — the following eight elements are essential types of email evidence to not overlook in your examinations:
- Calendar: A potential subject may schedule meetings that are contextually important to a case.
Example: In a Foreign Corrupt Practices Act investigation, a calendar appointment with an individual at a posh restaurant a few days prior to the approval for a regulatory license may be relevant if the individual’s name in the appointment and the name of the public official providing the license are the same or similar.
- Automatic email: Dates mentioned in an automated out of office response may be important for connecting a chain of events associated with a concerned individual.
Example: If the dates of out of office responses sent during a vacation conflict with contract negotiation dates with a third party it may be a red flag to look into.
- Travel and hotel information: Travel and hotel booking information can contain vital evidence.
Example: In a kickback investigation, payment details as part of a travel or hotel booking voucher that contain the name of a payee/credit card holder may be relevant to correlate an employee’s relations with a suspected vendor/third party.
- E-commerce purchases/email alerts: Alerts from e-commerce sites or courier agencies can play key roles in examinations.
Example: A dispatch intimation from a shipper from a suspected third party to an employee’s personal address may be relevant for further enquiry in a conflict of interest or kickback investigation. Similarly, banks and financial institutions send alerts (on cash deposits, exceeding limits, swipe of card in unusual locations, etc.) as email alerts. These email alerts may be relevant in a chain of events to correlate and corroborate with the available information in the context of a review.
- Group/other registrations: Email IDs registered with certain sites (gambling, pornographic or dating) and emails received from such sites may be relevant during investigations into misconduct.
- Task classification (flagging): Task classification and completion are used for the convenience of tracking key activities/communications. Such tagging may highlight certain patterns.
Example: A pattern of prioritizing the approval of third party invoices over others along with task classification by a user department representative, who is using the services of the concerned third party, may show possible indications of favoritism by the employee.
- Self-emails, notes/task listing: Many individuals send emails to themselves as a reminder, notification, to-do list, etc.
Example: A self-email by an accountant containing the phrase ”change estimations” may be relevant in a financial statement fraud. It is necessary to understand that some of the content mentioned in self-emails may not necessarily have the keywords identified as relevant for the case. Similarly, subjects may update their tasks/notes as part of their email service, which may contain messages of evidentiary value.
- Folder structures: Every individual has a way of organizing their email communications. This includes the way the individual has classified their folders within their email service or the archival methodology they had adopted. These aspects provide necessary insights in understanding which folders contain relevant information.
Reviewing digital data for evidence requires objective-driven searches in order to understand and interpret a given circumstance. Awareness of possible alternative evidence provides the ability to anticipate and look for some of the above categories of communications in search of evidence. While not all these categories may be relevant in every case, these are vital ways to find the evidence needed to detect fraud.