Fraud Examination Review

Theft Investigation Methods

• Surveillance and covert operations
• Invigilation
• Seizing and searching computers
• Physical evidence

Concealment Investigative Methods

• Documentation examination
• Audits
• Electronic searches
• Physical asset counts

Conversion Investigative Methods

• Searching public records
• Online resources
• The net worth method

Inquiry Investigative Methods

• Interviews and interrogation
• Honesty testing

Deciding When to Investigate

• Fraud investigation only proceeds when predication is present
• Once there is a predication of fraud, management must decide whether or not to investigate

Considerations in Proceeding with a Fraud Investigation

• Perceived strength of the predication – does it seem real?
• Perceived cost of the investigation
• Exposure or amount that could have been taken
• The signal that investigation (or lack thereof) sends to others inside and outside the organization
• Risk of investigating and not investigating
• Public exposure or loss of reputation from investigating or not investigating
• Nature of the possible fraud
• Impact on the organization’s culture

Steps in Conducting an Investigation

• Deciding optimal investigation methods
  • Focus on the strongest type of evidence for the specific fraud
    • Physical evidence gathering is best for inventory fraud
    • Uncovering concealment efforts works best for payroll fraud
    • Indirect evidence is most effective for collusive and kickback fraud
  • Inquiry methods are most useful after identifying who to interview and what questions to ask
  • Public records can confirm lifestyle symptoms of suspect fraud perpetrators
• Investigation professionalism
  • Remain objective as you investigate
  • Use professional skepticism and do not take finding at face value
  • Never make assumptions regarding guilt
    • Do not permit your suspicions or prior investigative experience affect your treatment of people and evidence
  • Keep all investigation finding confidential
    • Disseminate information only to those who have a need to know

Vulnerability Chart

• A vulnerability chart coordinates elements of the possible fraud:
  • Assets that were taken or are missing
  • Individuals who had theft opportunities
  • Theft investigative methods
  • Concealment possibilities
  • Conversion possibilities
  • Symptoms observed
  • Pressures of possible perpetrators
  • Rationalization of perpetrators
  • Key internal controls

Electronic Evidence Gathering (Computer Forensics)

• The gathering of electronic evidence is termed computer forensics
• Frequently used in modern fraud investigation
• Gathering of electronic evidence is a highly technical task and must be performed correctly
• Incorrectly gathered data may be inadmissible in court
• Evidence gathering processes vary from device to device
• Cloud storage access frequently requires a subpoena or written permission from the perpetrator

Concealment Investigative Methods

• Documentation examination
• Audits
• Electronic searches
• Physical asset counts

Aspects of Documentary Evidence and Evidence Handling

• Investigative techniques involve ways to discover physical or electronic records that have been manipulated or altered
• Documentary evidence is preferable to eyewitnesses
  • Documents cannot forget or tell inconsistent stories
  • Documents are always available to fraud investigators who know where to find them
• Example: printed information on a canceled check
  • Shows the teller who processed the transaction
• Chain of custody
• Marking of evidence
• Organization of documentary evidence
• Coordination of evidence
• Rules concerning original versus copies of documents

Document Database Essentials

• Creation dates of documents
• Sources of documents
• Dates when the documents were obtained
• Brief description of documents contents
• Subjects of documents
• Identifying or Bates number

Bates Numbers

• Used by litigation attorneys to track all documents, both physical and electronic.
• Bates number include the following
  • Defendant or plaintiff identifier
  • Defendant or plaintiff location identifier
  • Unique document number

Rules Regarding Using Original Documents versus Photocopies

• Photocopies are used during the investigation
  • Original documents are reserved for use in the actual trial
• Original documents are always preferable to photocopies
• Photocopies are considered secondary evidence in a court of law
• Courts only permit use of photocopies if there is proof that the original exists
  • Tampering is possible during photocopying

Seven Tests of an Audit

• Tests of mechanical accuracy (recalculations)
• Analytical tests (tests of reasonableness)
• Documentation
• Confirmations
• Observations
• Physical examinations
• Inquiries

Discovery Sampling

• A form of statistical sampling which permits auditors to make inferences to the population
  • Performable with most audit software
• Addresses profitability of discovering at least one error in a given sample size if the population error rate is a certain percentage
  • Step #1: test a random sample
  • Step #2: use probability theory to draw inferences about population from the sample
• If one of the sampled documents is fraudulent, the auditor can be 100% sure that fraud exists
• If none of the sampled documents is fraudulent, then fraud may exist
• The more confident the auditor wants to be and the less risk of missing fraudulent documents, the larger the sample size needed
  • Population size makes little difference in sample size
  • Sample size should be less than 10% of population size
• Types of risks for discovery sampling:
  • Sampling risk: possibility that the sample will not be representative of the population
  • Nonsampling risk: risk that a finding will be misinterpreted
• Sampling risk example: sampled documents show no fraud, but fraud is actually being perpetrated
• Nonsampling risk example: an auditor examines a fraudulent check and does not recognize it as being fraudulent

General Probabilities of Discovering at Least One Error in a Given Sample

• If the investigator finds errors using discovery sampling, they must determine:
  • Are the errors unintentional?
  • Are the errors indicative of fraud?
• Sampling risk consideration: can be significant in fraud investigation because fraud is frequently conducted in just a few transactions
• Nonsampling risk consideration: cannot be quantified, but can be reduced by careful planning

Rules Regarding Hard-to-Get Documentary Evidence

• Valuable evidence which is difficult to obtain:
  • Web-based emails
  • Private bank and brokerage records
  • Tax records
• Ways to access:
  • By subpoena: issued by a court or grand jury
  • By search warrant: issued by a judge
  • By voluntary consent

Perpetrator Spending Trends Recap

• Fraud perpetrators may initially commit fraud to meet an immediate financial need but continue to engage in fraud after that need has been met.
• Perpetrators spend stolen money to improve their lifestyles rather than save or invest it.
• Lifestyle changes are easier to detect than theft acts or concealment records for some types of fraud.
  • Conversion investigation can be used to strengthen cases when concealment or theft act evidence is present

Why Perform Conversion Searches?

• To determine the extent of embezzlement
• To gather evidence that can be used in interrogations to obtain a confession

Most Common Technique to Investigate and Resolve Fraud

• Interviewing
  • Question and answer session designed to elect information
  • Interview questions regarding unearned income can verify that a suspect’s lifestyle cannot be supported by their earned income

Government Sources of Information

• Federal, state, and local government agencies maintain public records
  • Laws dictate types of records maintained
• Most public records can be accessed by anyone requesting them
  • Particular records are exempt from public access due to privacy laws
• State and local records are typically more useful than federal records for fraud investigations
  • Accessing federal records can be time consuming and costly

Federal Sources

• Department of Defense:
  • Maintains records on all military personnel, both active and inactive
  • Regularly shares information with the Federal Bureau of Investigation (FBI) and Central Intelligence Agency (CIA)
  • Military records are not confidential
• Department of Justice:
  • Maintains records related to detection, prosecution, and rehabilitation of offenders
  • FBI is the principle investigative agency of the Department of Justice.
    • National crime information center
      • Information on stolen vehicles, license plates, securities, missing firearms, and missing persons
      • Individuals who are wanted on outstanding warrants
    • Interstate Identification Index (III)
      • Retains arrest and criminal records on a nationwide basis
• Federal Bureau of Prisons:
  • Retains records on those who have been detained in various facilities
    • Particularly useful because fraud perpetrators are often repeat offenders
• Internal Revenue Service:
  • Enforces all internal revenue laws excepting those for alcohol, firearms, tobacco, and explosives
  • IRS records only available to law enforcement, not the public
• Secret Service:
  • Safeguards payment and financial systems in the united states by investigating:
    • Counterfeiting
    • Theft of government checks
    • Interstate credit card violations
    • Some computer crimes
• U.S. Postal Service:
  • Responsible for the U.S. mail and protecting citizens from loss through mail
  • Local postal inspectors are excellent sources of help in a wide variety of fraud investigators Postal inspectors handle major fraud cases involving use of mail.
    • Identify bribes, kickbacks, and false advertisements made through mail
    • Detect interception of mailed checks and funds
• Central Intelligence Agency:
  • CIA investigates security matters outside the United States
  • Provides useful information when cases involve international issues
    • Money laundering in secret jurisdictions
• Social Security Administration:
  • Social security numbers (SSNs) allow access to numerous federal, state, local, and private records
  • Published lists of “dead” SSNs, which can be used in identity theft fraud

State Sources of Information

• State Attorney General
  • Enforces all state, civil, and criminal laws in cooperation with local law enforcement
  • Maintain records for individuals who have been convicted of breaches of state civil and criminal law
• State Prisons
  • Maintains records on all individuals who have been incarcerated in state prisons, are on probation, or parole
• Secretary of State
  • Maintains records relating to business and Uniform Commercial Code filings
• Department of Motor Vehicles
  • Maintains driver’s license records, which are publicly available in most states
• Department of Vital Statistics
  • Maintains birth records available on a fee basis
• Department of Business Regulation:
  • Maintains professional licensing information
  • Includes nearly all professionals and skilled labor job roles

Gramm-Leach Bliley Act 1999

• Investigations prohibited from obtaining information from a financial institution using false pretenses
• Financial institutions permitted to share customer information if they disclose to customer that they are doing so
• Customers must be provided the opportunity to “opt out” of information sharing
  • Few customers “opt out” of information sharing because doing so usually requires providing written notice to the bank

The Net Worth Method

• Used to determine the extent of stolen funds

Characteristics of an Interview and a Good Interviewer

• The most common technique used to investigate and resolve fraud
• Systematic questioning of individuals who have knowledge of a case under investigation
• Three types of interviews
  • Friendly interview: go above and beyond what is expected to be helpful
  • Neutral: have nothing to gain or lose from the interview
  • Hostile: often associated with the suspect or the crime
• Interviews with friendly or neutral interviewees can be scheduled in advance
• Interviews with hostile interviewees should occur without prior notice
  • More likely to reveal key information
• Good interviews share common characteristics
  • Sufficient length and depth to uncover relevant facts
  • Focus on pertinent information
  • End on a positive note
  • Conducted as closely as possible to the time of the even in question
  • Objective
  • Fair
  • Impartial
• Good interviewers share certain characteristics:
  • Outgoing and interact well with others
  • Help others feel at ease
  • Display interest in those they are interviewing as well as in what is being said

Reaction to Crisis – Stages

• Denial
• Anger
• Rationalization
• Depression
• Acceptance

Question Topology – 5 Types of Interview Questions

• Introductory
• Informational
• Assessment
• Closing
• Admission-seeking

Elements of Conversation

• Expression: interviews can encourage self-expression to meet information-gathering objectives
• Persuasion: interviews can use persuasion to convince respondents of the interview’s legitimacy
• Therapy: encourage respondents to release feelings by disclosing information relevant to the case
• Ritual: expressions, such as salutations at the start of the interview, that provide security. In interpersonal exchanges
• Information exchange: interviewers should provide as well as solicit information from the interviewee

Inhibitors of Communication

• Competing demands for time: respondents are hesitant to participate in an interview because they don’t believe it is the best use of their time
• Threatened egos: respondents feel perceived threat to self-esteem due to repression, disapproval, or loss of status
• Etiquette: respondents are hesitant to answer questions they feel are inappropriate or in poor taste
• Trauma: interviewers must demonstrate sensitivity when discussing traumatic or potentially traumatic issues or events
• Forgetting: vividness of recall depends on the degree to which the interviewee’s ego is involved and fades with time elapsed because the event
• Chronological confusion: respondents tendency to confuse the order of events
• Inductive inferential confusion: the respondent is asked to convert a concrete experience to a higher level of generalization
• Deductive inferential confusion: the respondent is asked to give concrete examples of certain categories of experience

Facilitators of Communication

• Fulfilling expectations: interviewers should strive to transmit general expectations of cooperations and specific expectations of truthfulness
• Recognition: interviewers should give respondents sincere recognition
• Altruistic appeals: interviewers who understand their respondent’s value system can appeal to their sense of altruism
• Sympathetic understanding: interviewers are more successful when they exhibit a sympathetic attitude toward the respondent
• New experience: interviewers must dispel any fears the respondent has about the interview allowing respondents to view it as a new and interesting experience
• Catharsis: after respondents confess, they may feel better about themselves. Interviewers who carefully listen to respondents expressions of feelings encourage information sharing
• Need for meaning: interviewers can motivate respondents to talk through interview topics that disturb the respondents sense of meaning
• Extrinsic rewards: extrinsic rewards are helpful for respondents who see interview participation as a means to an end

Typical Deception Response Patterns

• Lying produces stress, which the body attempts to relieve through verbal and nonverbal reactions
• Calibration responses provide a baseline for comparing reactions to determine which are indications of deception
• Typical deception response patterns are unreliable for the following:
  • Mentally unstable persons
  • Persons under the influence of drugs
  • Pathological liars
  • Juveniles

Typical Indications of Deception

• Increased tensions: dilated pupils, more frequent blinking, longer pauses to think prior to responding
• Less positive and pleasant: individuals who are lying are less cooperative, make more negative statements, and complain more
• Less forthcoming responses: when individuals are lying, they provide less detailed responses and provide more qualifiers to their denials
• Less compelling tales: individuals who are lying have more flaws in their logic and less engaging in verbal and vocal emphasis
• Fewer ordinary imperfections: people concerned about being caught lying show few ordinary imperfections in tales and responses

Honesty Testing

• There are three alternatives to interviewing to obtain information about a persons honesty:
  • Pencil and paper tests: objective tests that elicit information about a person’s honesty and personal code of ethics
    • 50%-90% accurate
    • Ideal for applicant screening and initial suspect identification
    • Common types: Reid report, Stanton survey, personnel selection inventory
  • Graphology: the study of handwriting for the purpose of character analysis
    • Used in fields where employee integrity is important
  • Voice stress analysis and polygraphs: both rely on physical responses to determine if a person is lying
    • Polygraphs are more complicated than voice stress analyzers
    • Both methods can lead to incorrect decisions due to test-induced stress of innocent people
    • Employee polygraph protection act limits polygraph use

The Fraud Report

• The final stage of an investigation and includes:
  • All findings
  • Conclusions
  • Recommendations
  • Corrective actions taken
• Ensure that the general tone is neither accusatory nor conclusive as to guilt
  • Investigated activities should be described as “purported” or “alleged”

Types of Fraud Against Organizations

• Asset misappropriation
  • Theft or misuse of an organization’s assets
    • Steal receipts of cash and other assets entering an organization
    • Steal cash, inventory, or other assets that are on hand
    • Commit disbursement fraud by having the organization pay for something it should not pay for or pay too much for a purchase
  • Can also be categorized by asset type:
    • Cash: larceny, skimming, fraudulent disbursements
    • Inventory: misuse, larceny
• Corruption
  • Use of personal influence to obtain an unauthorized benefit contrary to a person’s duty to their employer
  • Four main types of corruption schemes:
    • Bribery schemes
      • Any scheme in which a person offers, gives, receives, or solicits something of value for the purpose of influencing an official act or a business decision without the knowledge or consent of the principal
        • Vendor provides a manager with a bribe to secure a sales contract
        • Employee receives payment for securing a contract
    • Conflict of interest schemes
      • Any scheme in which an employee, a manager, or an executive has an undisclosed economic or personal interest in a transaction that adversely affects the company as a result
        • Manager establishes a beneficial relationship with an organization in which they have a personal financial interest
    • Economic extortion schemes
      • The coercion of another to enter into a transaction of deliver property based on wrongful use of actual or threatened force, fear, or economic duress
        • Vendor threatens an executive into a specific course of action
    • Illegal gratuity schemes
      • Any scheme in which a person offers, gives, receives, or solicits something of value for, or because of, an official act or business decision without the knowledge or consent of the principal
        • Manager is influenced to make a financial decision based on undisclosed gifts or awards

Consumer Fraud and Its Seriousness

• With advances in technology, consumer fraud is on the rise
  • $8.l8$ billion of consumer fraud loss was reported in 2022
• Targets individuals as victims
• Occurs in a wide range of forms
• The Federal Trace Commission (FTC is responsible for addressing consumer fraud in the United States
  • Maintains the Consumer Sentinel Network database to track consumer fraud and identity theft

Identity Theft

• Stage 1: discovery
  • Perpetrators gain information
  • Perpetrators verify information
• Stage 2: action
  • Perpetrators accumulate documentation
  • Perpetrators conceive or cover-up or concealment actions
• Stage 3: trials
  • First actions – small thefts to test the stolen information
  • Second actions – large thefts, with low likelihood of getting caught
  • Third actions – largest thefts committed once perpetrators are confident that their schemes are working

Ways to Steal a Victims Identity

• Gather information from entries with whom the victim does business
• Steals wallets or purses
• Break into victims homes and stealing information
• Steal mail, including bank, tax, or credit card information
• Complete a “change of address form” at a local post office
• Watch customers and steal credit card information (shoulder surfing)
• Pose as a legitimate employee, government official, or representative of an organization with which the victim conducts business
• Rummage through a consumers trash (dumpster diving)
• Skim victims credit card for information when they pay their bills
• Use the internet to steal important information
  • Phishers send emails and pop-up messages claiming to be from legitimate organizations
  • Messages ask victims to “update” or “validate” their accounts to encourage them to divulge personal information

Minimizing the Risk of Identity Theft

• Guard your mail from theft
• Opt out of preapproved credit cards
• Check personal credit information at least annually
• Protects Social Security Numbers (SSNs)
• Safeguard personal information from housemates or domestic service providers
• Guard trash from theft
• Protect wallets and other valuables
• Use strong passwords
  • Avoid consecutive numbers, telephone numbers, birthdates, or names
  • Use different passwords for different accounts
  • Use long passwords because they are more difficult to hack
  • Consider using software programs to generate strong passwords and encrypt and store them
• Protect your computer
  • Do not respond to requests for personal information
  • Do not open unknown attachments
  • Send information using secure websites
    • Websites should begin with “https:” where the “s” indicates a secure site
  • Frequently review bank and credit card information
  • Use antivirus software
• Protect your home from fraudsters
  • Use effective door and window locks to prevent break in
  • Change the code on automatic garage openers frequently
• Opt out of information sharing.
  • Financial institutions have the right to share personal information for a profit
  • Individuals have the right to opt out of having their information sold

Actions Once Theft Has Occurred

• Act quickly to minimize the damages
  • Immediately contact the FTC: www.ftc.gov or 1-877-ID-THEFT
  • Mail redirection: contact the local postal inspection service
  • Tax violations: contact the internal revenue service
  • Credit score impact: contact principal credit reporting agencies
    • Transunion, Equifax, and Experian
  • Stolen checks of fraudulent bank accounts: contact creditors and financial institutions as well as a check verification company

Work-at-Home Schemes

• Many work-at-home schemes are fraudulent versions of network marketing that function as pyramid or Ponzi schemes
  • Products are illusory and the focus is on recruitment
  • Founders and those at the top make large amounts of money
  • Those at the bottom always lose their investment

Telemarketing Fraud

• Fraudsters assemble large telemarketing centers where specially trained salespeople find and defraud victims
  • Fraudster move locations frequently in order to hinder local law enforcement
  • Victims are typically offered fraudulent investment opportunities
  • More effective than similar mail or internet-based schemes because the fraudsters can speak to victims directly
• The north American securities administrators association estimates that $1$ million per hour is lost to telemarketing scams
• Older adults are more susceptible to telemarketing fraud than any other type of fraud
  • Many older adults are lonely and willing to speak with fraudulent telemarketers
• Older adults are afraid to admit when they were conned out of money
  • Concerned with being considered unfit to care for themselves
• Many older adults are very trusting and unlikely to believe that someone is deliberately trying to take advantage of them

Asset Transfer in Bankruptcy, Divorce, and Tax Fraud

• Bankruptcy, divorce, and tax fraud all involve asset transfer from one entity to another
  • Bankruptcy: assets given to creditors
  • Divorce: assets given to former spouse
  • Tax fraud: assets claimed by the government
• Individuals fraudulently hide assets to keep them from being taken
• Bankruptcy and divorce fraud can be criminal or civil matters
• Tax fraud cases are usually criminal matters

Fraud Examiners’ Roles in Bankruptcy and Divorce Cases

• CPAs and other fraud examiners investigate and testify in bankruptcy and divorce cases
• The IRS arm that investigates tax fraud is Criminal Investigation (CI)
  • Bankruptcy examiner or trustee
  • Debtor investigation for creditors
  • Assist the U.S. Department of Justice
  • Asset recovery for creditors
  • Hidden asset recovery and lifestyle examination
• Bankruptcy or divorce resulting from fraud
  • Fraudulent activity result in too few funds to pay creditors
    • In divorce cases, fraud was perpetrated by one martial partner
• Bankruptcy and divorce used to perpetrate fraud
  • Automatic stays in creditor or marital partner action are used to commit fraud
• Bankruptcy and divorce used to conceal fraud
  • Destruction of books and records of debtor and martial partner

Tax Fraud

• The U.S. tax system depends on voluntary compliance
  • Each citizen is responsible for filing a tax return when required and for determining and paying the correct amount of tax
• Intentionally underpaying of taxes is tax fraud
• The IRS will audit those suspected of underpaying their taxes
  • If an audit reveals underpayment, the auditor may assess civil fines and penalties
  • If fraud is suspected, the auditor may refer the case to the IRS’s Criminal Investigation division.
• The IRS’s CI division is directed at taxpayers who willfully and intentionally violate their known legal duty of voluntarily:
  • Filing income tax returns
  • Paying the correct amount of income, employment, or excise tax

Divorce Fraud

• More than one million divorces are filed in the United States each year
  • Amicable divorces are somewhat rare
• The U.S. legal system is adversarial, making divorce a zero-sum game
  • Divorce attorneys’ obligation to their clients decreases amicability during the divorce process
• During or after a divorce, many individuals feel cheated by the divorce proceedings
  • Economically dependent spouses frequently question whether the other spouse is withholding information regarding assets
• The party attempting to prove divorce fraud must prove that:
  • A false representation was made by the other party
  • The defendant had knowledge or belief that the representation was false and made it with reckless indifference to the truth
  • The defendant had intent to induce the plaintiff to act or refrain from acting in a certain way
• Two most common divorce fraud allegations:
  • Defendant hid assets to avoid sharing
  • Assets’ valuation was unrealistically low

Bankruptcy Fraud

• The bankruptcy system is an arm of the U.S. District Court
• Bankruptcy has a significant impact on national and local economies
  • Abuse by an individual or professional undermines the integrity of the system as a whole
• Monies defrauded from a bankruptcy never reach the pockets of deserving creditors and investors
  • Frequent bankruptcy fraud degrades investor confidence
  • Creates a ripple effect through the economy
• The number of bankruptcies and bankruptcy frauds has been increasing for many years
  • Reduced stigma attached to bankruptcy filing
  • Less time to enforce policy and procedures
• Most bankruptcies files in the United States involve complete liquidations
  • Bankruptcy fraud typically seeks to hide assets to prevent them from being liquidated and transferred to creditors

Bankruptcy Codes

• Federal statute governing the bankruptcy process: U.S. Code Title 11
  • Chapters 1,3, and 5: general provisions applicable to all bankruptcy
  • Chapter 7 involves a complete liquidation of all assets with proceeds used to pay creditors
  • Chapter 11 provides entities time to reorganize operations and finances to settle debts and continue to operate
  • Chapter 13 are organization for individuals with regular income and debts less than $1$ million
• If chapter 11 or 13 is unsuccessful, a judge often orders a chapter 7

Common Bankruptcy Fraud Schemes

• Planned bankruptcy (bust-out)
• Fraudulent asset concealment during or is contemplation of a bankruptcy

Planned Bankruptcy (Bust-Out) Scheme Indicators

• A company’s only listed address and phone number are a post office box and answering service
• A new company is owned and managed by persons from another state or is vague about its type of business
• A sudden change in company management without public notice
• Unverifiable or overly eager credit references
• Drastic increase in the size of orders placed on credit
• Inventory is suddenly deleted, with explanation
• “Customers” have a history of buying goods at unreasonable discounts

Money Laundering

• Money laundering is engaging in financial transactions in order to conceal the source, identify, or destination of funds
  • Money is generally illegally is “dirty”
    • “dirty” money is “laundered” to appear that funds came from legitimate sources
• Financial institutions report large cash transactions that could be money laundering:
  • Currency transaction reports (CTRs) for amounts above $10,000$
  • Suspicious activity reports (SARs) for amounts under $10,000$
• Money laundering is frequently used to process profile drug and human trafficking, underage labor, and terrorist activities
• Money laundering can also be used to disguise the source of funding, such as contributions to political candidates
  • Corporate donations to political candidates can be made through a political party
• Three steps:
  • Placement: launderer inserts “dirty money” into a legitimate financial institution
  • Layering: conducting various financial transactions with the goal of making the money difficult to trace
  • Integration: the money reenters the economy in a form that appears to come from a legal transaction
• Once the money is reintroduced into the economy as “clean,” the launderer can use the funds for personal consumption

Cyber Fraud Risks Inside Organizations

• When perpetrators gain computer access behind firewalls and security checks, they can easily steal money and information
• Data theft is a common goal of cyber fraud perpetrators
  • Data can be converted to be cash
  • Individuals can be blackmailed
• Information technology (IT) theft leaves few tracks
  • Can go undetected for long periods
  • Managers lack the technical expertise to prevent and detect data theft

Computer System Access Schemes

• Stolen or inadvertently divulged passwords
  • Infrequently changed or weak passwords
  • Same password used for internal systems and internet sites
  • Social engineering techniques designed to access passwords
• Unencrypted communications
  • Checking email using encrypted protocols
  • Opening or sending email text not encrypted using severe/multipurpose internet mail extensions (S/MIME)
• Sniffing: logging, filtering, and viewing information as it passes through a network line
  • Often used by hackers who run frequently available applications similar to those with legitimate uses
• Connection of company laptops and mobile devices to public networks
  • Laptops and mobile devices are infected with viruses and spyware
  • The viruses and spyware infect the corporate network because infected laptops bypass firewalls and controls
• Wartrapping: hackers go to known business traveler locations and set up internet access point through their own laptops
  • Access points look like official Internet wireless networks
  • Network traffic passes through hackers’ computers
  • Hackers sniff the network traffic for password and other important information
• Portable data storage devices: USB flash drives and phone memory
  • Large capacities permit quick download of a significant amount of confidential information

Cyber Fraud Risk Outside Organizations

• Large-scale credit card and other data breaches occur on a daily basis
  • Affects company operation and causes individual financial stress
  • Hackers are difficult to track and prosecute
• Computer viruses are serious threats in todays cyber environment
  • True viruses: attach themselves to existing programs on the computer
  • Internet worms: self-contained programs spread via email or direct transfer
  • Trojan horses: program with hidden actions

Preventing Cyber Fraud

• Cyber fraud can be prevented by reducing opportunities through appropriate internal controls
• In e-business, the most important internal controls elements include:
  • The control environment
  • Risk assessment
  • Control activities and procedures
• Top management must believe that control is important and convey that sentiment to employees

Environment and Risk Assessment

• Identifies the risks of doing business with e-business partners
  • Focuses on the control environment of organizations
  • Identifies risks in electronics exchange of information and money
• Allowed tailored control procedures to counter the risk of:
  • Data theft
  • Sniffing
  • Unauthorized password access
  • Falsified identity
  • Spoofing
  • Customer impersonation
  • False websites
  • Email or website hacking