Sorry valued customer, an employee just stole your identity

Customer data theft

Source: Mel B

As a freelance writer, I often write for companies around the globe.Here is an article that I wrote for Memento – a leader in enterprise fraud management.

The post discusses the theft of nearly 3,000 customer identities by a bank manager with a very troubled past.

Click here to read the post.

Please feel free to leave comments here, or on Memento’s blog letting me know what you think.

If you would need an article, newsletter, blog post or whitepaper, please contact me at

P.S. I ghostwrite too!


Impersonation Schemes: A Big Headache for Companies

This is “Fraud Happens” first guest post. ildar khakimov is a Montreal based internet enthusiast who co-founded several projects including

Companies suffer staggering losses when it comes to impersonation scams.

A good example can be seen in a documentary called “Yes, men fix the world”, in which two men setup fake press conferences on behalf of companies to spread false news.

It’s believed that Dow Chemicals suffered a 2 billion dollar loss as a result of the duo’s fake news announcement which alleged the company’s planned to pay out compensation for the Bhopal Disaster.

So what about the more common forms of impersonation, such as the use of fake caller IDs?

Caller ID spoofing can be even more dangerous because it’s not a single person hitting a single target, but rather a large telecom fraud machine that’s able to place thousands of calls or send millions of SMS messages pretending to be someone they’re not.

Most recent example is fake SMS giftcard scam. In 2012, many individuals started receiving messages that claim they won a free giftcard from Best Buy. The SMS was asking people to visit a specific web-site to claim a prize that didn’t exist.

People that got duped went straight to Best Buy and demanded their “winnings”. This forced Best Buy to spend company resources in order to explain consumers that they got scammed.

In addition, it’s hard to put a monetary value on Best Buy’s tarnished reputation. For example many consumers, who leave complaints on sites like, believe that Best Buy gave out their personal information to telemarketers and that perhaps their personal information was compromised due to company’s inefficient security measures. Even if such allegations are later proven false, the damage to the company’s image has already been done.

One such complaint goes: “[…]Walmart employees are in on it, or  Walmart’s IT security is **** and they were hacked? I paid for my purchase with a credit card, so I certainly hope that wasn’t leaked along with my phone #. One thing’s for sure: I will never step foot in a Walmart again!

Another popular fraud conducted via SMS while showing a fake caller ID is known as Smishing. It consists of a banking notification from crooks who pretend to be the victim’s bank. The SMS threatens the victim to shut down their account unless they login to a specific web-site.

Login information entered is stolen and then used by fraudsters to siphon funds to off shore accounts.

Banks often reimburse stolen funds and thus suffer financial losses from caller ID spoofing. These types of scams are on the rise. A survey of 95 financial institution by ABA show a 260% increase of such scams in 2011 compared to 2009.

In addition to that, banks have to spend millions on security to help fight smishing fraud, in an interview with USA Today, Carol Kaplan of American Bankers Association admitted: “[…]there continues to be huge gobs of investment into shoring up security.”

It’s hard to estimate how much money companies lose because of Caller ID spoofing, but it’s a very significant amount and the situation won’t change until this practice is more strongly regulated by the government.

Now the fraudsters have started spoofing caller IDs making it look like they’re calling from the U.S government to offer a free grant. Who knows, maybe now the government will take notice?

If you are interested in writing a guest post, please email me – I look forward to hearing from you.

Interesting article: How CIOs Can Learn to Catch Insider Crime (with help from yours truly…)

I thought my readers might be interested in an article that CIO magazine just published on insider crime. A writer from CIO magazine interviewed me about a month or so ago and I am proud to say that I am quoted extensively throughout the article. Here is just one of my sound bites:

“I’ve yet to meet any C-level person who says, ‘I’m so proud that we have 500 people preventing fraud.’ It’s not what people want to put out there as a badge of honor. It’s a necessary evil.”

Please check out the full article. In my opinion, the writer did an excellent job discussing insider fraud from a number of angles.

I hope you enjoy the article. Please let me know what you think!

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

“We love our customers” – Then why don’t you protect their information?

Source: Surely

Sure you do. We all love our customers, right? They literally pay our bills. Then why is it that so few companies take steps to protect their customers’ information?

As I discussed previously, it is not unusual for employees to take the entire contents of a customer relationship management system on to their next employer.

Here are ten steps that can help protect your customers’ information:

  1. Select a CRM solution that has robust security features built in.
  2. Grant access only to employees that have a business need.
  3. Monitor employee access, usage, and manipulation of CRM data.
  4. Limit users’ ability to download the contents of the database.
  5. Don’t allow users to view accounts that belong to other salespeople.
  6. Ensure that all users have the most up-to-date virus scanners on their computers.
  7. Terminate access as soon as an employee leaves the company.
  8. Encrypt mobile phones and laptops used to access the CRM platform.
  9. Ensure that a log of records printed and emailed is available and frequently monitored.
  10. Subtly let employees know that your company monitors what they do with the data.
There are additional steps that I typically recommend, but that’s more than enough for now. Your customers thank you for reading this list.
Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

Say goodbye to your customers

Source: d70focus

They’re all gone. Every single customer you had has just walked out the door. No one told you. They didn’t ask permission to leave (why would they?), but rest assured they are gone.

Your phone calls to customers are not returned. Emails are ignored. You’re still waiting patiently for that sales order that will make it all worth the effort. It’s not going to happen. Ever. Your business is toast.

Mike in sales left last week. “Not a big loss.” “Where is he going? Never mind…who cares?!?!”

Mike, the salesman no one was sad to see leave, left with the contents of your entire customer relationship management system (CRM). He also took all your company’s sales manuals as well as your company’s pricing process and cost structure. Mike and his new employer now have all they need to “win” business from your company’s customers. Their calls are being returned. In fact, they just won a huge order from your company’s biggest customer.

CRM is a blessing and a curse. Companies can benefit tremendously from having a complete record of their interactions with customers. However, giving your entire sales force access to your company’s CRM solution can result in exactly the scenario I detailed above (by the way, this is a real case that I investigated).

Think of it this way: you’re having a dinner party at your house for 20 of your company’s employees and significant others. When the guests arrive, you tell each of them to take an unaccompanied tour of the house. Make sure that you have all of your valuables on display, your wallet with cash clearly visible, your watch and jewelry sitting unattended for all to see. What are the chances that something will go missing? Do you really want to take the chance? In the event that something goes missing, how will you catch the thief?

Certainly this scenario is an extreme example to illustrate a point. But that’s the idea. It doesn’t make any sense to let 20 employees and their guests wander around your house when all of your valuables are left scattered around! Yet companies routinely grant employees unfettered access to their CRM database.

My next post will discuss best practices for preventing theft of CRM data. In the meantime, take the time to think about your company’s CRM solution. Would you know if “Mike” from sales had downloaded your entire customer database just before he left the company?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.