Avoiding Technology-Aided Crime
Criminal attacks using technology are a growing concern for law enforcement agencies and businesses alike. In 2011, the Internet Crime Complaint Center – an arm of the Federal Bureau of Investigations, Bureau of Justice Assistance and the National White Collar Crime Center – received more than 300,000 complaints, for an adjusted dollar loss of more than $485 million.
The scenarios recounted below are actual cases:
Case Study One
A highly-compensated executive was targeted by a cybercriminal. The criminal conducted careful research, searching company filings and compiling personal details through corporate and social networking sites. He then constructed a cyber-identity, appearing to be a direct report to the executive – someone he would trust implicitly. When the executive reviewed a message from the cybercriminal, malware was downloaded onto his computer that mined the executive's hard drive for credit card numbers, passwords to corporate databases and other proprietary information. Within minutes, $750,000 was moved out of the executive's accounts.
Case Study Two
A senior executive at an international automotive supply company used his position and international connections to defraud his employer. He created false invoices similar to those of a former vendor and began funneling hundreds of thousands of dollars in payments to personal accounts. A senior manager noticed a suspicious pattern of invoices (the same service at a specific price) and discovered that they were from a vendor who was no longer approved. The manager reported the suspected fraud through the company's whistleblower hotline.
While technology has proven to be an asset to legitimate business worldwide, it's also provided criminals with new weapons they can use to attack the vulnerable. Awareness of such threats – leading to sound proactive measures – can serve as strong protection against cybercrime.
The team of digital forensic experts that responded to the first case study ran an external vulnerability scan to identify weaknesses in the company's computer and Internet security. Numerous hardware and software upgrades were installed to protect the company in the future. The company's employee policies and procedures for accessing email and the Internet were also redesigned to help head off future problems.
In the second case study, a hotline service was the perfect venue for a tipster to alert the proper officials about the senior executive's crime. The company had proactively contracted with the service and raised awareness of it – steps that helped nab the suspect before he had the opportunity to flee the country.
Be aware, be proactive, and you and your company will have a better chance at being safe in today's world of technology-aided criminal activity.
Steve Peacock is a principal in Rehmann's audit and assurance group in its Traverse City office. He has 25 years of experience servicing clients in the financial institutions, construction, oil and gas, utilities, hospitality and higher education industries.
Joe Rautio is a Senior Investigator with Rehmann Corporate Investigative Services and is located in the Traverse City office. He specializes in general investigations, surveillance and origin and cause investigations.
Any advice in this communication is not intended or written by Rehmann to be used, and cannot be used by a client or any other person or entity for the purpose of: (I) avoiding penalties that may be imposed on any taxpayer or; (II) promoting, marketing or recommending to another party any matters addressed herein. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.