October 27, 2016

Fraud Prevention: Don't be Spooked by Scary Faces of Fraud

In a phishing attack on a U.S. company earlier this year, a hacker masqueraded as the company’s CEO and convinced an employee to send the firm’s payroll information. Neither the company’s security system nor the employee caught the scam – and the data was “disclosed externally”.

Fraudsters are always evolving, and businesses need to know the different faces of fraud in order to implement effective fraud prevention strategies.

Following the breach, the company beefed up its security training for employees, and it offered free identity-theft insurance to employees.

Here’s a look at some of the different faces of fraud:

Three Pronged Attackers: The three-pronged attack is repeated over and over by cybercriminals until there’s a win. First, the attacker sends a phishing email with a link to a malicious website or attachment; if the employee clicks on the link, malware is downloaded and looks for secrets and information; next, the attacker uses stolen credentials to launch further attacks.  

Password Thieves: If a hacker can easily guess a password, confidential information is at risk. 63% of confirmed data breaches involve the use of weak, default or stolen passwords.  

Concealers: In 94.5% of cases in the 2016 Report to the Nations by ACFE (Association of Certified Fraud Examiners), the perpetrator took some efforts to conceal the fraud. The most common concealment methods were creating and altering physical documents.

Top Dogs: Sometimes fraudsters are an owner or top executive of a company. A perpetrator’s level of authority is strongly correlated with the size of the fraud. When owners or executives committed fraud in the Report to the Nations, the median damage was $703,000, which was more than 10 times worse than when employees were the perpetrators.   

A Small Army: The more people who are in on an occupational fraud, the higher the losses tend to be. In the ACFE report, the median loss caused by a single perpetrator was $85,000. When two people were involved, the median loss was $150,000; three conspirators caused $220,000 in losses, four conspirators caused $294,000, and when five or more fraudsters were involved, the median loss was $633,000.

Insider Accountant Types: More occupational frauds originated in the accounting department (16.6%) than in any other business unit. In fact, 75% of all frauds were committed by individuals working in accounting, then sales, executive/upper management, customer service, purchasing and finance. Financial statement fraud caused the greatest median loss.

Red Flag Bearers: One ‘red flag’ is usually exhibited by an insider fraud perpetrator. The most common red flags are: living beyond your means, financial difficulties, being closely associated with a vendor or customer, excessive control issues, having a wheeler-dealer attitude, and having family problems.

Basic anti-fraud controls are recommended to disarm fraudsters, and protect confidential information in the workplace. Here’s a quick checklist:

  • Fraud risk assessment;
  • Data monitoring;
  • Management review;
  • Confidential hotline;
  • Surprise audits;
  • Document management policy;
  • Fraud and ethics training for employees;
  • Secure destruction of confidential information including a Shred-it all Policy so that all paper and digital documents are destroyed when no longer needed.

Every organization must commit to information security best practices.