Open letter to would-be fraudster

Source: famliymwr

Dear Mr/Mrs Would-Be Fraudster:

I know you read this blog… I can see the search engine terms that you used to find “Fraud Happens”.

So, you want to commit fraud and don’t want your employer to catch you? I am glad that I can help! What have you learned from reading this blog?

Well, you’ve probably learned that committing fraud really isn’t that hard to do, and you may end up with millions of dollars. You may have also learned that working with a co-conspirator has its downside. If you work at a large company, you probably know that they respond to fraud losses differently than small companies. If you’re a government employee, you found out that fraud in the public sector can be just as damaging as fraud in the private sector. Finally, you may now know what could happen if you are caught. I guess that you are trying to determine if you would serve time, or merely receive a “slap on the wrist”. I hope you also learned that fraud destroys lives.

So what have you decided to do? Is the probability of getting caught so low that are willing to take the risk? Have you thought about how you’ll spend the money? Maybe you want to punish your employer? After all, you really don’t get paid enough…

Before you make the leap and begin stealing, do this for me… Close your eyes and begin to envision what your world would look like if you ended up getting caught. Will your significant other stay with you? How about the kids, will they understand why the new toys you just bought have to go back to the store? Will they want to visit your new “home” – the one with all the other “bad people” wearing the same clothes? What about your parents? How do explain your decision to embezzle money from your employer? After all they have tried to teach you, if only you had listened…

I understand why you are tempted to commit fraud. You and I both know that there is a chance that you’ll steal just enough to pay off overdue bills or buy that fancy car you’ve always wanted and not get caught.

Just remember this… there are people just like me all over the world that have dedicated their careers to fighting fraud. We’re not always perfect and we do make mistakes. However, for the most part, we’re really good at what we do. I hope you learned a great deal from reading my blog. If you’ve learned anything, I hope you’ve decided not to commit fraud. Contrary to what many would like to believe, fraud doesn’t have to happen. Ball’s in your court…

Paul McCormack

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

October is National Cyber Security Awareness Month, but you knew that already…

Source: Kurhan

Did you know that October is National Cyber Security Awareness Month (NCSAM)? Ok, you probably did not. It isn’t exactly the type of event that hits the front page of most newspapers and websites, but it should.

The FBI’s Robert Mueller recently stated that “cyber security may well become our highest priority in the years to come.” In my opinion, that time is fast approaching. If you follow the news regarding Cyber Security as I do, you may agree that we are already under a sustained attack that has the potential to cut the country’s economy off at the “knees”.

As we all know, it is not just corporations that are the victims. US consumers are targeted by organized crime groups from around the globe. In fact, this is not just a US problem, it is a global epidemic.

It is easy to dismiss NCSAM as a silly event that means nothing. And that is EXACTLY why you should pay attention. As long as consumers are victimized, there will be an incentive for fraudsters to invest the time and money to launch their attacks. So, with that in mind, please take the time to review the FBI’s recommendations below:

  • Set strong passwords, and don’t share them with anyone.
  • Keep a clean machine—your operating system, browser, and other critical software are optimized by installing regular updates.
  • Maintain an open dialogue with your family, friends, and community about Internet safety.
  • Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
  • Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.

If you want more information on NCSAM, the FBI’s press release contains links to a number of helpful resources. I hate to state the obvious, but if you don’t take the time to improve your awareness of the cyber security threat facing the nation, no one will do it for you.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

 

Impersonation Schemes: A Big Headache for Companies

This is “Fraud Happens” first guest post. ildar khakimov is a Montreal based internet enthusiast who co-founded several projects including callcenter.com

Companies suffer staggering losses when it comes to impersonation scams.

A good example can be seen in a documentary called “Yes, men fix the world”, in which two men setup fake press conferences on behalf of companies to spread false news.

It’s believed that Dow Chemicals suffered a 2 billion dollar loss as a result of the duo’s fake news announcement which alleged the company’s planned to pay out compensation for the Bhopal Disaster.

So what about the more common forms of impersonation, such as the use of fake caller IDs?

Caller ID spoofing can be even more dangerous because it’s not a single person hitting a single target, but rather a large telecom fraud machine that’s able to place thousands of calls or send millions of SMS messages pretending to be someone they’re not.

Most recent example is fake SMS giftcard scam. In 2012, many individuals started receiving messages that claim they won a free giftcard from Best Buy. The SMS was asking people to visit a specific web-site to claim a prize that didn’t exist.

People that got duped went straight to Best Buy and demanded their “winnings”. This forced Best Buy to spend company resources in order to explain consumers that they got scammed.

In addition, it’s hard to put a monetary value on Best Buy’s tarnished reputation. For example many consumers, who leave complaints on sites like callercenter.com, believe that Best Buy gave out their personal information to telemarketers and that perhaps their personal information was compromised due to company’s inefficient security measures. Even if such allegations are later proven false, the damage to the company’s image has already been done.

One such complaint goes: “[…]Walmart employees are in on it, or  Walmart’s IT security is **** and they were hacked? I paid for my purchase with a credit card, so I certainly hope that wasn’t leaked along with my phone #. One thing’s for sure: I will never step foot in a Walmart again!

Another popular fraud conducted via SMS while showing a fake caller ID is known as Smishing. It consists of a banking notification from crooks who pretend to be the victim’s bank. The SMS threatens the victim to shut down their account unless they login to a specific web-site.

Login information entered is stolen and then used by fraudsters to siphon funds to off shore accounts.

Banks often reimburse stolen funds and thus suffer financial losses from caller ID spoofing. These types of scams are on the rise. A survey of 95 financial institution by ABA show a 260% increase of such scams in 2011 compared to 2009.

In addition to that, banks have to spend millions on security to help fight smishing fraud, in an interview with USA Today, Carol Kaplan of American Bankers Association admitted: “[…]there continues to be huge gobs of investment into shoring up security.”

It’s hard to estimate how much money companies lose because of Caller ID spoofing, but it’s a very significant amount and the situation won’t change until this practice is more strongly regulated by the government.

Now the fraudsters have started spoofing caller IDs making it look like they’re calling from the U.S government to offer a free grant. Who knows, maybe now the government will take notice?

If you are interested in writing a guest post, please email me – pmccormack@connectics.biz. I look forward to hearing from you.

Have trade secrets, will travel…

We regularly hear from the U.S. government about the theft of intellectual property by Chinese companies and their government. This is just one of several examples that I have reviewed and analyzed in the past week. I am sure that there are many more attempts that go unreported.

In February 2012, Hanjuan Jin, a former software engineer for Motorola, Inc., was found guilty of stealing more than 1,000 electronic and paper documents from Motorola. Jin was caught by U.S. Customs while attempting to catch a one way flight to China. She had worked for Motorola since 1998. Why did she decide to steal Motorola’s trade secrets? Had she stolen intellectual property prior to 2007? We’ll probably never know…

The 2007 theft was not a “spur of the moment” decision. It had been in the planning phases for approximately a year.

In February 2006, Jin took a medical leave of absence. Between November 2006 and January 2007, Jin flew to China and worked for Sun Kaisens, a Chinese telecommunications company that developed products for the Chinese military. Jin had already spent June through November 2006, in China negotiating with Sun Kaisens. While working for Sun Kaisens, Jin was provided access to classified Chinese military documents.

In February 2007, the plan to steal trade secrets from Motorola kicked in to high gear:

  • February 15, Jin returned to the US from China.
  • February 22, she bought a one way ticket back to China.
  • February 23, she notified Motorola she wished to return to work.
  • She went back to work on February 26. Once back on the company’s premise, she accessed large volumes of proprietary documents during normal work hours as well as after hours. She was also observed leaving the building with various documents and possibly a laptop.
  • February 27, she volunteered for a layoff from Motorola.
  • February 28, Jin was caught trying to leave the country with over 1,000 electronic and paper documents belonging to Motorola. She also had a number of documents marked “secret” belonging to the Chinese military.

Interestingly, Jin was found her not guilty of three counts of economic espionage for the benefit of the People’s Republic of China and its military. She faces a maximum penalty of 10 years in prison on each count of stealing trade secrets.

Given Jin’s frequent trips to China, and the fact that the theft had been in the planning phases for 12 months, it is anyone’s guess regarding how much of Motorola’s intellectual property Sun Kaisens or the Chinese government were able to gain direct access to. Since Jin spent time in China prior to the theft attempting to convince Sun Kaisens to employ her, she likely shared information from memory. Also, since Jin had been employed with Motorola since 1998, it is possible that she had taken information over time in the event that a move to China was in her future.

This case underscores why it is important to protect your company’s trade secrets. Ask yourself the following questions:

  • Does your company have trade secrets? Can you list them?
  • How are they used within the business?
  • Where are they stored?
  • What has the company put in place to control and monitor access?
  • How would the company know that an employee is about to steal trade secrets?

There are a number of additional questions involving the alignment of people, processes and technology and the protection of trade secrets, but the questions above should generate sufficient food for thought.

Protecting trade secrets requires a multipronged approach. If there are any gaps in the approach, employees or third parties intent on stealing intellectual property will find them. Don’t believe me? Sanofi-Aventis also has experience dealing with Chinese foreign nationals and the theft of trade secrets. For more on that case, click here.

Arguably, the theft of intellectual property can do more damage to a company than the theft of cash. A company can earn more money to replace the money that was stolen, but once a trade secret is no longer “secret”, the damage is done. Many companies look to the legal system to punish the entity or individual that stole their trade secrets. Certainly, the courts can help. But if your organization cannot demonstrate that it took steps to appropriately protect its trade secrets, the courts may not look too kindly on your claim.

Be proactive! Invest the time and effort to protect your company’s intellectual property. Once your intellectual property is in stolen, you may be a company in name, but in reality, you are a shadow of your former self.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

No more free coffee

Never underestimate the power (and stupidity) of people in large groups. It will take months, possibly years to figure out all the reasons behind the riots in England, but themes are emerging. Community leaders as well as many of the rioters themselves appear frustrated with cuts in social services and the widening of the gap between the haves and the have nots. English society has always functioned on a class system; it’s not as pronounced as it was even 100 years ago, but it is still very much apparent in certain professions and areas of the country. The cuts in services as well as the overall collapse of the economy have helped ensure that those in the “lower” classes feel even more disenfranchised.

When you take what people believe to be theirs and further reaffirm what they perceive to be their lower class status, they can react in a number of ways. When “wronged,” they often band together in a shared sense of anger and frustration at what transpired. A few will act out and take steps to let the group know how angry they are. Others will react purely for the attention and thrill of “doing something.” Some will sit in the corner and internalize what has happened and figure out how to react.The English riots are obviously at the far extreme of those reactions. That said, companies can learn from what happened.

Since the recession began, companies have cut back expenses, using a broad range of tactics. From reducing headcount to cutting benefits, executives have gone back time and time again to capture savings. In most companies, free coffee in break rooms was a casualty long ago. It was either removed entirely or replaced by a cheaper brand that is supposedly coffee yet looks and tastes like dishwater. It’s a seemingly inconsequential action, but the strangest triggers can push people over the edge. At the same time, the pay gap between a company’s CEO and its employees continues to grow.

The more companies “take” from their employees, be it through revoking coffee and benefits or giving pay cuts, the more likely the employees are to rebel in some shape or form. In very isolated incidents, they will react with physical violence, but most will soldier on until they can’t take it anymore. With over 76% of former employees declaring that they are disgruntled, clearly companies are not winning many fans.

Let me be very clear: most of the steps that companies are taking to reduce costs are largely unavoidable. Without cuts in benefits, reductions in headcount, changes in 401K plans, etc., many companies would have closed their doors long ago. However, companies should acknowledge that cuts come with risks.

Each time a company “takes,” the risk that employees will react badly to the decision increases. Production can go down, employee departures can increase, and customer service can plummet. Not surprisingly, employee fraud can also skyrocket. My earlier post shows that employees need some form of rationalization to commit fraud. By continuing to make cuts, your company is providing the perfect excuse for an employee to “get even.”

Sooner or later, cuts will go to the bone and trigger a reaction. Please bear that in mind as you decide whether to remove coffee from the break room entirely.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Don’t let the door hit you on the…

Source: Dmscs

An article in the Wall Street Journal today referenced exit interview statistics collated by the Corporate Executive Board (CEB). In 2008, the CEB reported that 42% of employees would not recommend their employer to others. In 2011, that number jumped to 76%.

“Big deal,” you say. Employees are being asked to work harder, and some of them are leaving. Disgruntled employees that are voting with their feet can’t harm your company, right? On the contrary! Let me share some thoughts.

  • The employees that are sharing this information during their exit interviews are being honest and forthright. How many employees choose not to answer questions truthfully as they exit a company? I would hazard a guess that a sizable percentage chooses not to bad-mouth their employer, no matter how disgruntled they may be.
  • If over 75% of employees that are leaving are disgruntled, what about the employees that remain? Surely some of the remaining employees are just as disgruntled as the ones that are leaving? The only difference is that they have chosen to stay—or they have no options outside of the company.
  • As soon as an employee becomes disgruntled, does he or she leave a company? Rarely. The anger and frustration normally fester and grow until the employee can no longer stomach working for a company that he or she hates. While the pressure builds and the resentment grows, it is realistic to assume that the employee’s performance will suffer.

All very interesting, but why include this in a blog about fraud?

Readers of this blog may recall my previous post where I discussed the “fraud triangle.” The triangle contains three elements: pressure, rationalization, and opportunity. Disgruntled employees don’t like working for their company. In fact, some may hate the company with a passion that’s normally reserved for mortal enemies. How hard do you think it is for them to rationalize that committing fraud is justified? Would committing fraud help them “get even” with their employer?

So, disgruntled employees have at least one component of the fraud triangle covered: rationalization. They also likely have the opportunity to commit fraud, as oversight and compliance efforts have been cut back in companies of all sizes. All that remains is a form of pressure to complete the triangle. That shouldn’t be too hard to find. Not many employees can claim to be better off today than they were five years ago.

Given my expertise, it is not surprising that I read the WSJ article and thought of the points raised above. What I hope you learn is that disgruntled employees leaving your company is not cause for celebration. It may be a symptom of a much bigger problem that might end up costing your company money. Lots of it. I hope that I am wrong, but history has a habit of repeating itself.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com