Thu, Aug 7, 2014
Five Critical Steps to Strengthen Internal Cash Controls to Combat Evolving Fraud
Our investigative teams have seen a recent uptick in fraud attempts and successes based on social engineering. Wire fraud has been on the rise for years and criminals are well aware that targeting affluent individuals and closely held businesses can pay off extremely well and quickly. Although few would admit to being vulnerable to scams, today there are an alarming number of socially engineered schemes being perpetrated successfully. Thieves, schemers and hackers try to obtain information about internal cash controls like wire transfer protocols, travel itineraries, and who’s who within an organization by assuming “legitimate” identities. These are not new cons; however, the tools used to carry out these schemes have changed with technology and the times. Cyber thieves use the most convincing, available and efficient tactics to steal the most money quickly, and with little suspicion.
Fraud on a company, closely held business or even a family office is usually an inside job. However, an inside job doesn’t have to be initiated by an employee often key employees are unwitting participants. Sometimes, the mechanism is as simple as a phone call. An unsuspecting employee may provide names, titles, contact information and internal reporting structure to a legitimate-sounding caller. In other instances, the fraudster may hack into an internal email account and lurk within the company’s network, learning about the organization as well as the roles and protocols for cash movement before craftily assuming an internal identity and initiating a scheme. In many such instances, the employee targeted for information within the organization is not a senior manager and may execute the fraud without further inquiry, believing the directive comes from the C-suite.
In one example, the accounting manager of a closely held business was duped into wiring more than $5 million for what appeared to be a familiar and authorized transaction requested by a superior. In another case, a family office senior executive nearly authorized a transfer of close to $500,000 on behalf of a client as payment for an apparently legitimate and approved purchase. In both cases, wire transfer protocols were known to the perpetrators, and the criminals even knew key travel itineraries of the respective principals. A convincing tactic that a fraudster used in one case was replicating the principal’s actual signature.
In these schemes, the funds are usually transferred to a destination country bank where cooperation from the banks and authorities is limited or nonexistent. This can mean that none of the funds will be recoverable or traceable to the ultimate criminal recipient. Clearly, the best solution is to avoid becoming a victim in the first place. Now is a good time to review your company’s internal controls over monetary assets. Ensure that controls over electronic transfers and other disbursements methods are more than adequate to consider and prevent fraudulent payments. The five key steps below can help prevent unauthorized disbursements:
By Gary Arrick , a former Managing Director at Kroll.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
The Kroll Investigations, Diligence and Compliance team are experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.
The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.