Cyberattacks and Cryptocurrency Predicted to be Among Largest Fraud Issues in 2018

/
Cyberattacks and Cryptocurrency Predicted to be Among Largest Fraud Issues in 2018

In today’s world, it’s not uncommon to see headlines about a new instance of fraud many times a week. Whether it’s a new phishing scam targeting seniors or the arrest of a low-level employee embezzling small amounts from a local government office, most fraud-related issues are interesting to the public regardless of their profession. Since anti-fraud professionals are on the front line of fraud prevention and investigation, it’s also predictable that family and friends may turn to you for clarification of these fraud-related stories.  

Read More

The Fraud Examiner's Latest Threats, Tools and Opportunities

/
Tabletandcloud.jpg

GUEST BLOGGER

Kelly Todd, CFE
Managing member and member in charge of forensic investigations at Forensic Strategic Solutions

A quick glance at the barrage of headline news related to cyberattacks, the perpetual explosion of electronically stored information and the ease with which data can be moved and shared makes one thing obvious: a new frontier has emerged for businesses. In this dynamic electronic age, the scope of risk for businesses is growing — in size and complexity — at such a rate that traditional risk management measures are simply not enough. While the “new frontier” has the potential to leave unsuspecting businesses exposed to a host of new risks, it is also creating a host of opportunities for those of us fighting fraud.  

Threat: The Trusted Employee
Frauds committed through the use of a computer and its network is one of the fastest growing threats for businesses. According to Ernst & Young’s 2016 Global Forensic Data Analytics Survey, nine out of nine industries rate the threat of a cyberbreach as a their top risk. While the latest news focuses on hackers and cybercriminals, there is an equally dangerous, but perhaps less obvious, threat to corporate assets. While trusted employees are moving, sharing and exposing corporate data just to do their jobs, the malicious employee or contractor with authorized access may be deliberately taking confidential information for personal gain or other nefarious reasons. Whether internal or external, the threat posed by these cybercriminals is real. Threats include the disruption of operations, the wrongful transfer of funds and the theft of intellectual property, confidential information or other critical assets.

Tools to Respond: Data Analytics
The dynamic nature of technology threats requires a proactive response. While external auditors and C-suite executives have long been reluctant to embrace advanced data analytics as a proactive tool — or even as a reactive tool — to ferret out fraud, the tide seems to be turning with the increased threat that cybercrime poses.

Advanced data analytics provide the ability to collect and analyze data, both structured (think transactional data) and unstructured (email, voicemail, internet logs, text messages, social media, blogs or free text fields in a database), to prevent, detect, monitor and investigate potentially improper transactions, events or patterns of behavior related to misconduct, fraud or noncompliance issues. 

As fraud examiners, we know a picture says a thousand words — and nothing tells a story better than data. The use of data visualization tools is on the rise for business intelligence, as well as detecting patterns and relationships indicative of fraud. With the explosion of electronic data, data visualization allows for communicating key aspects of complex and voluminous data in a more intuitive way. Effective visualization — which is both an art and a science — combined with advanced data analytics helps users identify patterns and relationships. 

Opportunities
With the increased acceptance of advanced data analytics — not to mention emerging technologies, such as blockchain (a topic that goes well beyond the scope of this blog) — dramatic opportunities abound for fraud examiners.

Valuable skills for the new frontier include:

  • The technical skills to understand the information systems and how to collect relevant and reliable data.
  • An expertise in data analytics to relate data from disparate systems, design queries, recognize patterns, interpret and report on results.
  • Institutional knowledge or investigative skills to understand the relevant risks and controls, and to collaborate in the interpretation of results in the context of the associated risks.

As risks continue to grow in the industry, staying up-to-date with the latest tools and resources will be critical. As we look to spread knowledge during International Fraud Awareness Week, it’s also crucial that as fraud professionals we commit ourselves to continuing our education. The biggest fraud risks are the ones we are not yet aware of, but with the right tools and expertise we can be better prepared to respond.

How Fraud Examiners Can Use and How Fraudsters Can Abuse Artificial Intelligence

/

SPEAKER INTERVIEW

Amber Mac, TV/Radio Host, Internet of Things Expert at AmberMac Media, and keynote speaker at the upcoming 2017 ACFE Fraud Conference Canada in Toronto, October 29-November 1

What do you think is the No. 1 security risk that advancing technology poses?

I think the Internet of Things (IoT) attack surface is the biggest technology threat today. As Gartner points out, there will be 20 billion devices connected to the internet by 2020. However, unlike smartphones and computers, we're seeing thousands of newly released IoT gadgets every day from a myriad of suppliers. This means that security precautions are often bypassed in order to get to market more quickly. (Hear Amber discuss this even more in depth in her podcast interview at ACFE.com/podcast.)

How do you think fraud examiners could potentially use (and conversely fraudsters abuse) AI?

When we talk about artificial intelligence (AI), fraud examiners are more regularly using this technology to detect fraud (without even knowing it). For example, machine learning software (one application of AI) can now quickly and effectively determine accounting abnormalities. However, fraud attackers are also using early stage AI to commit fraud. If fact, most worrisome to me is video fraud. Many research institutions are already experimenting with algorithms that program a video to make a politician or business leader appear to say things that they did not. One can only imagine the issues with this as the technology gets into the wrong hands.

What are you most hoping attendees of the conference will take away from your presentation?

I really want attendees to leave my presentation with a much better understanding of the future of both the Internet of Things and artificial intelligence. It’s critical to recognize what’s happening in the market today and where things are heading in the next five to 10 years, so fraud examiners can properly prepare for the inevitable risks.

You are on the front lines of the latest and greatest technology out there, but what is one thing you still hold on to that is manual or traditional?

Strangely enough, I still write my research notes on a piece of paper or in a notebook. For me, it’s not that I don’t recognize the power of digital tools to simplify this process, but I use this practice as a memory tactic. It’s only upon writing with pen to paper that I can better recall facts and stats.

You can read more about Amber and register for the 2017 ACFE Fraud Conference Canada at FraudConference.com/Canada. Be sure to register by September 29 to save CAD 100!

Why Law Enforcement is Not to Blame for Fraud

/

GUEST BLOGGER

Martin Kenney
Managing Partner of Martin Kenney & Co., Solicitors

“Fraud is alive and well in Canada,” wrote Jessica Lewis of the Canadian law firm Bennett Jones LLP in Financier Worldwide magazine this month. “It is thriving and fraudsters are innovating,” she said. “The ongoing boom in white-collar crime is partly the result of Canada’s lack of a uniform regulatory system and ineffective law enforcement.”

I agree. There are regulatory frailties in Canada, particularly the absence of Ultimate Beneficial Ownership (UBO) identification during corporate registration. These regulatory anomalies and loopholes need to be addressed. But fraud is also on the increase globally.

Whenever austerity measures are put in place, fraudsters come to the fore to prey on the desperate and needy (not to mention the greedy). The U.K., for example, recorded a whopping 25 percent increase in 2016 for reported fraud in general, much of this fueled by banking and online scams.

Policing and austerity
As Lewis alludes, law enforcement in Canada does not come out well in these situations. Similarly in the U.K., The Guardian reported that “….the police have not been interested in investigating such cases even though the losses have been as much as £25,000.”

On the face of it, the police appear to be neglecting their roles as investigators and prosecutors of those committing such crimes. The U.K.’s Prime Minister (and then Home Secretary) Teresa May, said only last year, “Fraud shames our financial system.” But I don’t believe that criticizing the police for their perceived failings really touches on the root of this problem. It’s a much larger issue.

Most police forces across the Western world have borne the brunt of austerity measures imposed by their governments. The problem is that, as a consequence, they have inadequate resources and frontline policing must take priority. The U.K. has seen its fraud squads dismantled and specialist fraud investigators deployed elsewhere.

Investigating fraud is a highly specialized discipline, requiring significant training and ongoing courses designed to try to ensure that concerned detectives keep pace with a highly dynamic crime that is constantly evolving. In particular, fraud perpetrated by cyber criminals is extremely difficult to police. Not only does it require an added expertise that only few detectives possess, it also introduces cross-jurisdictional issues typically associated with this form of deception.

Cross-border fraud
Fraudsters are not stupid. They understand that if they are in Russia, the Ukraine or China (for example), then attacking victims in other countries, such as the U.K., Canada or the U.S., makes perfect sense. By inserting the buffer of international borders, there is little likelihood of Western law enforcement agencies receiving sufficient levels of cooperation required to bring the culprits to book (especially given the current political climate).

Sadly, there is little prospect of this status quo changing anytime soon. The political differences make for uneasy relationships between the law enforcement agencies concerned. This means that criminals operating out of the Eastern Hemisphere can effectively attack their Western victims online with impunity. If we add to the mix the realistic prospect of corruption and its impact on the overall scenario, it is obvious why Eastern bloc criminals are confident in their doubtful activities going unhindered. They can simply pay off local law enforcement officers (who should be apprehending them).

Law enforcement agencies (and police in particular) are being blamed for failures to investigate fraud. In an ideal world, police forces would be able to open a “new box of detectives” and deploy them as demand requires. Unfortunately, this is not the case. So until there is a reinvestment in the police, fraud will continue to grow and go unpunished.

Martin Kenney is Managing Partner of Martin Kenney & Co., Solicitors, a specialist investigative and asset recovery practice based in the BVI and focused on multi-jurisdictional fraud and grand corruption cases. Mr. Kenney was recently selected as one of the Top 40 Thought Leaders of the Legal Profession in 2017 by Who's Who Legal International. He is the only fraud and asset recovery lawyer included in this list of thought leaders drawn from 16 different practice areas.

www.martinkenney.com |@MKSolicitors

Fraud Magazine: Special Case Study Issue

/

FROM THE PRESIDENT

James D. Ratley, CFE

The editors of Fraud Magazine know the value of a good story. They like to begin feature articles and many of the columns with case histories because they know you want illustrations of fraud examination principles in action.

We go one step further in our latest issue. Most of the feature articles are detailed analyses of case histories, including the cover article, "To snare a menace: 'Synthetic identity' fraudster stole millions."

The authors — Anthony P. Valenti, CFE, CAMS, and Stephen G. Korinko, CFE, CAMS, CPP — tell of a cyberfraudster who not only ripped off the identity of a client but created new "synthetic" guises to do it.

Fraudsters create synthetic identity persons, according to the authors, by combining real Social Security numbers with different dates of birth plus fictitious names and addresses. The combinations are endless. Law enforcement personnel now are trying to track identities that technically don't exist.

The author's perpetrator went to extreme measures — he bought a credit reporting agency's protection service, changed the date of the birth linked to the victim's account and effectively blocked the victim's access to his credit file. The fraudster changed the victim's telephone number and address so now the agency would call or write the fraudster whenever it detected any "unusual activity." Thus, the fraudster had an open window into the client's financial movements and the fraud examination almost from the start.

Apparently, the fraudster could now unlock the credit history just before filing a fraudulent loan application so merchants could access his credit history, then lock the account and await responses from those merchants and financial institutions.

Ultimately, the authors write that they were able to identify the fraudster's given name (and numerous synthetic persons with multiple addresses, which the fraudster had created) by comparing the victim's actual addresses with those listed in credit reports and with fraudulent information on applications the fraudster submitted to credit card companies, retail merchants and banks.

The authors then were able to link the fraudster to other victims and crimes, which amounted to millions of dollars in losses.

They connected the fraudster to the theft of $2 million from a hedge fund, fraudulent student loan applications and fraudulent receipt of veterans' benefits, among other crimes. They referred all the frauds to the U.S. Postal Inspection Service, which presented the case to the local U.S. attorney's office. (Be sure to read the interview with the inspector in charge of the New York Division of the U.S. Postal Inspection about synthetic identity fraud.)

The cyberfraudster received a multi-count indictment and faces mandatory jail time. Not a bad story.