Leading prevention methods and red flags disclosed.
Global connectivity has led to an upward trend in financial fraud. And while the Internet has brought the world closer, it has also added to the fraud woes, chief of which have been social engineering and up-front payment scams. This was the topic at a recent Webcast by Treasury and Risk magazine. "Organized criminal elements are familiar with banking systems and corporations and target the weaknesses, looking for opportunities to commit fraud," revealed George Dwyer, director and regional head of Fraud Prevention and Investigations, Corporate Security and Business Continuity at Deutsche Bank.
The Big Four in Fraud
Dwyer went on to break down the four main types of fraud in the financial industry:
- Social Engineering. This is used to manipulate individuals into divulging confidential information. As Dwyer noted, "The goal is to obtain confidential information that can be used to gain a competitive advantage or to assist in the commission of a fraud." Social engineering can be further broken down into three parts:
- Pretexting - This is when a person uses another individual's identity to establish trust and extract private information from an unsuspecting target. This is generally conducted over the phone or through an online interaction.
- Phishing - When someone tries to steal personal information through e-mail. A good example of this is when you receive an e-mail from a bank to update your personal information using your PIN (personal identification number). When you click on the provided URL (uniform resource locator), it takes you to a mirror image of your own bank's Web site, but in reality it is a fraudster's site, created to gather information from you.
- Malware - This includes any software program that is harmful to your computer. A good example of this is Trojan horse, which corrupts your files and damages your computer.
To prevent social engineering at your firm, your modus operandi should be:
- Suspicious of all unsolicited phone calls or e-mails requesting internal information;
- Always verify a caller's identity and on which company's behalf he or she is calling;
- Request a call back number and compare that number with the caller ID number;
- Never send sensitive information over the Internet without first validating the recipient; and
- Understand the true value of the information.
- Fraudulent Faxed Instructions. According to Dwyer, there has been a sudden surge in this type of fraud especially among small and mid-sized companies. Typically this type of fraud includes forged wire instructions that are faxed to a company's financial institution as well as information requests from "official" government agencies for financial information and authorized signers.
- Business or Job Opportunities. Craigslist.org was recently victim to this type of fraud. In such cases, persons or businesses are expected to be the transferring agent for global firms. Victims are asked to send an international money order to the firm for a set amount for which they are sent a check that covers the same amount. While the actual funds from the victim's account is transferred out, the check that is made in the victim's name is usually bogus and bounces. What firms need to know about this type of fraud is how hackers:
- Compromise computers through a "key logger" (a surveillance software that is installed remotely on a user's computer to record every keystroke and thus steal passwords);
- Recruit unsuspecting third-parties through bogus job posting on well-known job search sites and giving said applicants instructions to open an account or use personal account; and
- Prepare fraudulent documents including power of attorney in job applicant's name (or business rep's). Documents are notarized and mailed to both applicant and financial institutions.
- Advance Fee Scams. This is usually prevalent with elderly people and consists of inheritance and foreign lotteries. Many of today's inboxes are filled with such claims. In such cases, victims are often instructed to deposit a check and to forward via Western Union a portion of the check to an address in Canada, Nigeria or Luxembourg. Such e-mails, should, in all instances, be deleted immediately.
Fraud Prevention: Back to Basics
So how do you prevent such fraud from happening at your firm? As Dwyer urges, "Have good internal control practices in place!" He also asks firms to take the following critical steps in curbing fraud:
- Know your customer;
- Maintain new account opening procedures making sure there is a supervisor and a manager who knows the procedures and oversees that employees are following processes correctly;
- Contact financial institutions directly whenever you're in doubt that a representative may be illegitimate;
- Do not provide your password over the phone or in response to unsolicited Internet requests;
- Review account statements regularly to ensure all charges are correct;
- Know your employees;
- Make employees aware of and ask that they report any suspicious transactions or activities;
- Review hiring and mailroom procedures;
- Secure all check stock;
- Replace paper documents with electronic payments;
- Move check disbursement activity to electronic payment;
- Conduct surprise audits within the company;
- Understand the liability for fraud;
- Move reconciliation to positive pay; and
- Educate and train employees on a regular basis
While this is not an exhaustive list, it is one that will keep both top management and rank-and-file employees abreast of how to prevent fraud. It is absolutely necessary for firms to train all employees on the newest ways hacksters are attempting to get to private information and make sure they know how to stop fraudsters in their tracks. Good internal control practices along with constant monitoring will help curb future attempts.
"We're pretty good at preventing fraud at the gateway, but the most common method of entry is through the home computer," quipped Dwyer. And with the growing number of telecommuters along with business travelers using WiFi, now more than ever, it is crucial for companies to use the above best-practice tips to prevent fraudsters from hacking away at the sensitive information that is stored at your firm.
|Rate this article 5 (excellent) to 1 (poor).
Send your responses here.
Sukanya Mitra is Managing Editor of the Insider™ e-newsletter group. Read more about how to prevent fraud from Corporate Finance Insider's own Mary Schaeffer in her latest book Fraud in Accounts Payable
[Disclosure: Neither AICPA nor any of its entities gain anything from the purchase of this book.]