Mobile Phone Thefts

Ever since mobile phones became an essential tool for businesspeople, their theft and resale has posed a security problem for companies. The latest smart phones are not only costly, they can also contain crucial data relating to the company and the personnel working there.

Other than taking the obvious security steps such as not leaving a phone on the table or checking pockets for the mobile phone on exiting taxi [a common way to lose a phone], there a number of technical actions that can be taken:

1.    Ensure that the phone has a security PIN plus a locked SIM
2.    Install tracking software that can be activated remotely should the phone go missing
3.    Have all data backed up to the cloud
4.    Where possible, have critical data encrypted

Once one of your personnel discovers that a mobile phone has been stolen or gone missing, have your IT people start to track the phone using the installed software. Alert the telecom provider so that the phone can be deactivated and prevented from making costly calls or downloads – often the telecom provider can locate the phone quicker. If you suspect that the phone has been stolen, make a Police report so that they can identify the thief with the help of the tracking process.

It should be noted that to counter thefts of mobile phones and their reuse / sale, some telecom providers have now created a registry of reported missing or stolen phones via the serial number or IMEI embedded in the phone. Therefore, should a missing or stolen mobile phone be placed on such a register, a telecom provider checking this phone before signing up a new client would flag this problem.

This cooperation between telecom providers in the USA has made it much harder, if not impossible, to reactivate a flagged phone. That’s the good news. Here’s the bad: the database only applies to the USA and other countries are slow on implementing a similar program.

This means that for those phone owners living outside the USA, there is little protection with recovering or cancelling their missing phones. And savvy iPhone thieves have realized that the way to get around these restrictions is by selling phones overseas.

There is already a steady trade of second hand mobile phones being traded in when users want a new phone. These old phones may then be reconditioned and shipped overseas where customers will buy them at a discounted price. Some dishonest players use these channels to sell found or stolen phones for instant cash.

Whether the phone was lost by accident or stolen by a thief, the process of re-sale and use by a third party exposes the data on your missing or stolen mobile phone to being downloaded and used as part of an identity theft attack. A locked and secure mobile phone is essential – make sure you have a six figure PIN installed.

This is a threat that will only increase as we store more and more data on our mobile phones. To give some idea on the scale of the problem today; take note that in the USA it is estimated that the loss and theft of mobile phones cost consumers over $30 billion in 2012, while around 110 smartphones are said to be lost or stolen each minute in the USA.

Now, where did I put my phone……..

Do you need to know more about our services and how Regents can assist you with theft or IT security issues? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once. Visit our Fraud Investigations webpage for more information.

Fraud audits for companies and organisations

Fraud is an ever increasing problem for companies and organisations of all sizes. According to the Certified Fraud Examiners recent survey in 2008 in the USA alone, around US$994 Billion was lost to fraudulent activity. Fraud is a different form of commercial crime, the very nature of how it is carried out means that the victims are unaware of the fraud unless it is uncovered during an audit, an investigation, a whistleblower or else it becomes so substantial that it begins to serious damage the very wellbeing of the business. As business continues to move faster and payments and transactions move ever more onto computers and the internet, the scope for fraud grows ever larger.

Based upon this, how can you be sure that you and your company are not unwitting victims of fraud right now?  One method to answer these questions and take steps to prevent fraud is to have an external expert conduct a forensic anti-fraud audit on your business or organisation.

Broadly speaking a forensic anti-fraud audit seeks to:

1.    Identify the opportunities for fraud within your business;
2.    Identify the controls and procedures which protect your business from fraud [and those that don’t];
3.    Verify financial transactions that are not adequately protected from fraud as being valid or suspect; and
4.    Fix, introduce and monitor controls to protect your business from ongoing

Transactional fraud

  • Transactional fraud occurs whereby employees or managers responsible for making payments to employees [pay roll], suppliers, creditors or financial organisations make false or erroneous payments to themselves or entities they control. Transactional fraud provides the widest scope for dishonest employees to defraud the company or organisation.

A simple example is the use of double payments. The employee pays a legitimate supplier normally via EFT then makes another payment via cheque for the same amount to themselves or as `cash’. The employee then enters this additional transaction as a further payment to the supplier and keeps the money for themselves. This results in the business appearing to be less profitable unless the fraud can be identified and halted.

Other dishonest employees create false or `ghost’ suppliers while they create false invoices for goods never supplied or services never provided. The dishonest employee then creates and approves illicit transactions to supposedly pay for these fictitious goods or services.

Areas which a fraud audit can take action include:

  • Confirm whether a supplier is genuine, verify address and business records [are the contact details the same as an employee?]
  • Via data mining with company and bank data, match transaction to invoices to identify over payments or unjustified payments;
  • Look for double payments within a short time period;
  • Examine pay roll lists and verify against data mined transaction data to determine ghost employees or over time claimed but not worked

Fuel charge fraud
Employees are commonly given an expense account for fuel purchased in relation to travel to / from work plus travel on the behalf of the company meeting clients, attending meetings etc. Often such expenses are not closely monitored and unjustified or dishonest claims can quickly surface.

A fraud audit focusing on possible fuel charge would seek to review the available records and data in relation to fuel claims and:

  • Review details as to size of petrol tank for claimed car and mileage completed
  • Match quantities [in litres] of fuel purchased to size of fuel tank – does the receipt indicate that more fuel was purchased than could be fitted in the tank? Are they filling up their spouses’ vehicle at the same time?
  • Review the frequency of fuel purchases to claimed mileage – do the purchases fit the mileage and seem reasonable
  • Compare the address of the fuel station against the claimed travel route – if a trip was from KL to Melaka, why does the receipt show an address in Ipoh? Do the dates match for the claimed travel

Fraud audit purposes
A fraud audit review seeks to provide the comfort that fraudulent activity had not occurred whilst identifying improvements and efficiencies for internal controls with an implementation plan and ongoing monitoring.

A fraud audit seeks to supply enable a company with a better understanding within the business of the need for improved fraud risk management processes and effective management of a
potentially damaging incident in terms of reputation.

However fast your business is growing or how large the company has become, remember that “Fraud can happen to anyone, including well run and respected businesses” and may be happening right now eating away at your profits and will only get worse until it is addressed.

Do you need to know more about our services and how Regents can assist you with preventing fraud and money laundering? Simply go to our Fraud Investigation page for further details and us send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Money cards and Anti Money Laundering

Gift card vouchers can be the perfect solution for a birthday when you’re not sure what present to buy. Simply pay cash at the store or shopping mall and transfer the same value onto the voucher to be used at the designated outlets or mall. Travellers Cheques have been replaced by `Travel Money Cards’ following the same principle – customers deposit funds onto a separate ATM card which are available in various currencies. Incorporating a PIN, the customer can then withdraw the funds from ATM machines in the foreign country until the card is spent. If the card is stolen along with the PIN, then the most that can be lost is the value still stored on the card.

But such convenience has also attracted fraudsters, organised crime gangs and terrorist groups to solve a problem they all face; how to move funds between individuals around the country and overseas without the threat of being apprehended at Customs for cash smuggling or have the Electronic Funds Transfers traced by the authorities.

Recent arrests in the US have documented that some crime groups are increasingly using the money cards, many of which are bought with “digital currency” via the Internet using fake credit cards or compromised bank accounts. With casinos and banks the most established means for money laundering, and thus coming under heavier scrutiny for Anti Money laundering [AML], medium scale money launderers are increasingly turning to `Travel Money Cards’ to distribute their illicit funds because they provide ease and anonymity.

Gift voucher cards are normally designated as closed-system or closed-loop cards because they can only be used at the retailers or shopping mall that issued them. Open-system money cards (such as those linked with card companies VISA and MasterCard) can be used at most retail stores and many of them are useable as ATM cards where the card holder can withdraw the value on the card in cash from most ATM machines in the world.
Because these cards can also be reloaded with funds via online transactions or else at banks or via a cash-tills transaction, they’re an effective method for fraudsters, criminals and money launderers for distributing funds quickly and covertly.

Criminals can thus load cash onto multiple pre-paid open-system cards and courier the cards to their counterparts outside the country. The counterparts can then withdraw the funds in cash in their own currency with ease from local ATM machines. When the card is spent it can be discarded and the cash is untraceable.

There are many businesses and organisations that legitimately purchase gift card vouchers as rewards for their staff for meeting productivity targets or else as gifts for their customers around the holiday periods. Such large volume purchases help to muddy the water for transactions by fraudsters so they don’t stand out. Thus a fraudster can make a series of transactions for a few thousand dollars each time and is unlikely to raise any red flags.

The added bonus for a fraudster is that he can place several thousand dollars on a retail gift card and not have to deal with a currency transaction report – such as he would at a bank – and it wouldn’t be recorded on a suspicious activity report. In fact, experienced fraudsters will avert attention by breaking a large-dollar amount transaction into a number of smaller amounts over a period of a few weeks (a method of laundering sometimes referred to as `Smurfing’). The expiry date on the cards is usually 12 months, giving them sufficient time to transfer the card value back into cash [if they don’t spend it at the store first].

Fraudsters may sell or auction the gift cards online via websites such as  SwapaGift.com, CardAvenue.com, and even eBay. They sell the cards at a slight discount but it isn’t much different than bringing amounts of cash into a casino, buying chips, gambling for a short while, and then cashing out with one or more cashier’s cheques to hide the scheme.

Businesses have to be cautious that their own legitimate buying of money cards has not been infiltrated by a fraudster who person helping them to launder money. We have investigated a number of frauds for businesses where poor procedures and oversight allowed fraudsters to abuse their gift card buying system and defraud thousands of dollars meant for their customers.

As this method of fraud and money laundering is relatively new, businesses need to be aware of this fraud risk and implement monitoring and detection methods to combat any fraud and money laundering.

Do you need to know more about our services and how Regents can assist you with fraud or Anti Money Laundering issues? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once. Visit our Fraud Investigations webpage for more information.

Air India Found Wanting – Designing a Robust Fraud Prevention Program

Stelios Haji-Ioannou, founder of budget airline EasyJet once uttered the famous phrase “If you think safety is expensive, try an accident”. This was based upon his dire experience in 1991 when a tanker belonging to his father’s shipping company spilled 50,000 tonnes of oil in an environmental catastrophe that claimed five crew members’ lives. As chief executive, Stelios Haji-Ioannou barely escaped incarceration in Italy for manslaughter.

Likewise, any substantial business or organisation is tempting fate by failing to have a Robust Fraud Prevention Program in place. The risks may not be an oil spill but can be equally costly to the bottom line and damaging to the reputation of the business.

As an example for failing to have an adequate Fraud Prevention Program in place, the state owned airline Air India has recently been in the news for all the wrong reasons. Allegations of rampant theft, fraud and maladministration have been widely circulated. These have included tales of repeated thefts of liquor from flights, diversion of spare parts for illicit sales, kick-backs related to the orders of goods plus pilots being paid for duties not performed.

State owned Air India is now facing the reality of job cuts or cease flying certain routes. The failure by executives and management to inculcate an atmosphere of anti-corruption as well as implement an anti-fraud structure has set the scene for wide scale waste and theft.

Any company, institution or organisation –must create and implement a robust fraud prevention programs that is staffed and overseen by capable fraud examiners.

A fraud prevention program will help to protect a company or organisation by:

  1. Instituting a whistle-blower hotline whereby employees and contractors can make confidential tip-offs regarding fraudulent behaviour;
  2. Setting the principled “tone at the top” so that the whole business or organisation embodies the anti-fraud ethos;
  3. Developing a code of conduct and a confirmation process to structure anticipated behaviour for all personnel and contractors
  4. Creating an environment that ensures audit trails for purchase, orders etc. are in place;
  5. Hiring and promoting appropriate employees via a Pre-Employment Screening program;
  6. Instituting suitable anti-fraud and graft training programs;
  7. Identifying and measuring fraud risks;
  8. Implementing and monitoring internal controls;
  9. Having a strong and independent audit committee;
  10. Contracting independent external auditors;

Stopping fraud before it occurs is the ultimate goal of a successful fraud prevention and awareness program.

Hotlines Run Hot
Honest and responsible employees & contractors will utilise hotlines to report irregularities and suspicions anonymously without fear of retaliation. Anti-fraud surveys by the ACFE have reported that hotlines can cut an organization’s fraud losses by approximately up to one half.

An independent third-party vendor can set up whistle-blower hotlines; receive, screen and log confidential calls before passing along relevant information to investigative entities for their action.

Extra effort should be made to communicate the existence, contact channels and benefits of the hotline to all employees and contractors on a regular basis to report any suspect or improper business practices.

Three fraud mitigation actions
Fraud experts have outlined three main actions to mitigate fraud: create a culture of honesty and high ethics, evaluate anti-fraud processes and controls, and develop an appropriate ongoing oversight process.

Setting the Tone at the Top
A company or organisation’s executive and management team sets the moral and ethical direction for all employees and contractors to follow. Employees need to know that the upper echelons believe and submit to a high level of ethical behaviour. Management must clearly communicate a zero tolerance for fraud and the need to follow the pronouncement with education and awareness campaigns to reinforce policies and procedures.

Develop a Code of Conduct
The keystone of an effective fraud prevention program is a culture with a strong value system founded on integrity. This value system can be reflected in a code of conduct. The code of conduct should be created with the involvement and input of employees so that they can be guided whilst making appropriate decisions during their workday.

A code of conduct should include written standards that are designed to deter dishonest or immoral behaviour, promote honest and ethical conduct by all employees plus advise employees what they can and cannot do. The code of conduct should be provided in both a soft and hard copy to all employees, circulated regularly and translated into appropriate languages for overseas locations.

Confirmation Process
People with low integrity or external pressures may be deterred from committing fraud if they know that there is an oversight and confirmation process which increases the likelihood that they will be caught. After issuing the code of conduct to all employees, each should be required to sign a statement indicating that they have read and understood the code’s requirements and will comply with them. This will have the effect on those who have signed the statement can’t later hide behind the claim of ignorance.
Do you need to know more about our services and how Regents can assist you with preventing internal theft and corrupt activities?

Simply go to our Internal Theft or Corruption Investigation pages for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

Yahoo CEO Scott Thompson resigns amid controversy over his resume

The spotlight has been brought to shine on the issue of executives lying in their resumes after allegations were levelled against Yahoo CEO Scott Thompson that he lied about his college degree. Research showed that in a series of published biographical statements going back some year, Scott Thompson claimed that he “holds a Bachelor’s degree in accounting and computer science” from Stonehill College, Boston.

However, it has come to light that Scott Thompson only holds a Degree in accounting. Following the disclosure, Yahoo issued a statement saying references to Thompson earning a computer science Degree were an “inadvertent error.”  If so, it’s an error that Thompson made repeatedly forsome years without being called out on. Yahoo took action to quickly strip all references to Thompson’s degree out of his official bio on Yahoo’s website.

Yahoo’s board responded by forming a special three-person committee to review Thompson’s academic credentials “as well as the facts and circumstances related to the review and disclosure of those credentials” in connection with his appointment as chief executive of Yahoo. Days later, Thompson stepped down as part of a shakeup at the top of the troubled Internet company.

All this has seriously hurt the reputation of Yahoo and diverted the board from rebuilding the company. The brand has been damaged and morale within Yahoo has most certainly suffered. Had a modicum of Pre Employment Screening been applied, this error would have been spotted and rectified before it managed to topple the Yahoo CEO.

This most recent incident of resume padding by an executive underlines the importance of conducting full and robust pre employment screening for all significant hires within a corporation or organisation. At best, this has damaged Yahoo in the short term, but the threat for derailing a business due to unqualified personnel undertaking crucial tasks is self evident.

Government run Queensland Health in Australia managed to hire a surgeon from the USA who had already been reprimanded by USA health authorities and barred from certain surgeries.  Dr Patel was convicted by a Queensland Court of manslaughter and sentenced to seven years in gaol for the deaths of patients under his care. Some basic pre employment checking could have avoided the deaths and millions of dollars lost due to compensation, inquires and legal costs. A very painful lesson to learn.

To reduce the threat of resume padding and false claims made by candidates, it is strongly advised that all organisations should utilise Pre Employment Screening procedures.

PES is the abbreviation commonly used for `Pre Employment Screening’. PES generally refers to the process whereby a prospective employer arranges for information relating to a potential candidate to be checked and verified to confirm the suitability of the candidate for employment or as a contractor.

PES provides an objective assessment as to the potential candidate’s capacity and capability to undertake the duties & responsibilities as per their experience and qualifications. The prospective employer has the ability to assess whether the candidate has fully disclosed their attributes and or any negative incidents such as a bankruptcy record or having being terminated by a previous employer. Any false claims by the candidate as to education qualifications, previous employment or experience will be exposed.

Resume padding is also known as résumé fraud. A recent survey found that over 55 percent of hiring managers claim that they have caught a lie on a candidate’s application. Ninety-three percent of those hiring managers who spotted the lie did not hire the candidate because of it.

The top five ways candidates lie on their résumés are as follows:

1.    Lying about getting an education qualification

2.    Falsely claiming membership of a professional association

3.    Altering dates of employment to cover up periods of unemployment

4.    Lying about technical abilities

5.    Inflating job titles and position responsibilities

Below are some of the résumé padding adventures of top executives:

Ronald Zarrella, Bausch & Lomb chief executive officer
Zarrella falsely claimed an MBA from New York University’s Stern School of Business. He attended the program from 1972 to 1976, but never earned his MBA. His claim was never checked by his prior employers.

Richard Li Tzar Kai [younger son of Li Ka Shing] and Chairman of  Pacific Century CyberWorks Ltd.
The Pacific Century CyberWorks website claimed that Li “graduated from Stanford University with a degree in computer engineering.” Li actually left after three years without graduating.

Kenneth Lonchar, chief financial officer of Veritas software
Lonchar invented his education, claiming he earned an accounting degree from Arizona State University and was a Stanford MBA graduate — in fact, he simply held an undergraduate degree from Idaho State University.

The fallout was Lonchar resigned and Veritas stock price fell about 16 percent.

Are you seeking assistance with Pre Employment Screening of employees or contractors? If so, we at Regents can help you – just visit our Pre Employment Screening Webpage for further information

Digital photocopiers pose security threat for identity theft

The digital photocopier being used in your home or office may offer an identity thief or fraudster gateway direct to your personal or sensitive data. Though most users are unaware, nearly all digital copiers sold since 2002 contain a digital hard drive — similar to the one in a personal computer or laptop — that stores images of every document copied, scanned or emailed by the photocopier.

Please note that digital photocopiers differ from standard digital scanners in that digital photocopiers are usually known as a MFP (multi function product / peripheral / printer) or else as a MFD (multi function device) and are able to function as stand alone without having to be hooked up to a computer. [The main difference is that a digital scanner requires an explicit PC connection to function].

Most offices and home users are unaware of the potential risks involved with digital photocopiers. Security surveys regarding photocopiers by a University found that more than 60 percent of users were unaware that copiers store images of all documents on a hard drive which could be accessed later by technicians or outsiders.

Manufactures of the digital photocopiers do caution consumers about the default settings that result in all images being saved to the internal hard drive for later review. However, these warnings have mainly fallen on deaf ears with offices not treating the data with the proper security protocols. The digital photocopiers do also have encryption packages to protect the data but few users know to, or can be bothered to, engage the system so that the images are protected by a password. Some machines do have a product that will automatically erase images from the hard drive but these come as costly extras.

Therefore the average business or home user remains oblivious to the dangers posed by these digital copiers. As digital copiers are often used in offices to copy items such as passports, credit cards, IC cards, driving licences, utility bills etc; this data on a hard drive can be a goldmine for identity thieves and fraudsters. Investigations organised by a leading university in New York found that it’s easy to buy an old digital copier loaded with images of data such as social security numbers, driving licences, bank records and income tax forms. Two digital copiers were found to have been used in government offices including a Police Department.

The team simply pulled out the hard drives from the digital copiers and used free forensic software tools on the Internet so that tens of thousands of documents were recovered within one day. A leading expert on digital security commented that any company needs to conduct a review of all IT equipment storing data as part of the business and take steps to ensure the data is encrypted or else destroyed via standard forensic IT steps to ensure security.

Do you need to know more about our services and how Regents can assist you with preventing information loss and securing your computer network? Simply go to our Computer Forensics page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.