Monday, July 4, 2011

Fraud Detection

Fraud detection should form part of an organisation’s overall anti-fraud strategy to identify and stop new or historical fraud at the earliest opportunity. Effective fraud detection saves money and protects businesses and their employees, shareholders and customers.

What is Fraud detection?

Fraud detection is the identification of actual or potential fraud within an organisation. It relies upon the implementation of appropriate systems and processes to spot the early warning signs of fraud.

Key elements of a robust fraud detection strategy include:
Ongoing risk assessments
Staff training and awareness
Fraud reporting mechanisms
Data-mining and analysis
Manual checks and balances
Systems, processes and control reviews

Even the most comprehensive fraud prevention controls can be circumvented by a determined and skilled fraudster. Fraud detection techniques can help to uncover new fraud in action as well as historical frauds.

The benefits of effective fraud detection:
· Saves money and protects businesses and their employees, shareholders and customers.
· Reduced exposure to fraudulent activity
· Identification of vulnerable employees at risk of fraud
· Reduced costs associated with fraud
· Refined organisational controls
· Improved financial and operational results
· Improved shareholder confidence and market position

The hallmarks of effective fraud detection:
1. Have a fraud detection strategy in place
2. Introduce a robust system of internal control for the detection of fraud
3. Establish a credible mechanism for staff to report suspicions of fraud
4. Ensure that your organisations exposure to fraud is considered when introducing new, or when amending existing systems and processes
5. Keep your risk register up-to-date
6. Implement systems and processes to detect the early warning signs of fraud.
7. Be alert to possible collusion between staff and third parties
8. Ensure regular evaluation and monitoring of fraud detection controls
9. Review your ant-fraud strategy on a regular, preferably annual basis
10. Take account of changes in business activities and/or control procedures that may open up new potential fraud risks.
11. Undertake pre-employment screening of prospective staff
12. Consider conduction ongoing periodic checks for staff in high risk areas
13. Ensure regular monitoring of compliance with fraud prevention and detection policies, processes and controls
14. Introduce a fraud response plan to deal with any frauds that come to light.

Things not to do
1. Adopt a generic control procedures and policies across the business where the risk of fraud varies by business area
2. Ignore ‘red flags’. Certain industries and/or activities are exposed to specific fraud risks
3. Rely on fraud to be detected by luck or good fortune
4. Sweep reports of fraud under the carpet

sourced from

Tuesday, March 15, 2011

Cybercrime - Don't be fooled


Most people now use the internet as part of everyday life – to shop, manage personal finances, conduct business and to socialise. But its rise in popularity has meant that it has become a lucrative and anonymous way for fraudsters to prey upon victims.

The term ‘cybercrime’ is often used to describe frauds that are attempted or committed using a computer and/or the internet. It covers a range of activities, including computer hacking, virus attacks (such as ‘botnets’, ‘malware’ and ‘adware’), fake websites, cyber-stalking, email scams, and cyber-extortion, to name a few.

In most cases these activities are designed to steal a victim’s personal, bank account or credit card details for use in fraudulent activities, or to use their computer in an attack on someone else.

Some common types of internet and email scams include:

• Advance fee frauds (sometimes called ‘West African 419’ frauds): you receive an unsolicited email from a person who claims to have access to a large amount of money and needs your assistance (and your bank account) to move it in return for a percentage of the cash.

• Lottery scams: you receive an unsolicited email advising that you have won the lottery, a yacht, a holiday or some other prize – despite never entering a lottery or prize draw. You will be asked to pay a small administration fee to receive the prize (which never arrives). Many of these scams originate overseas.

• Work from home scams (sometimes called ‘money mule’ or ‘money transfer agent’ scams): you receive an unsolicited email from a person you don’t know who wishes to use your bank account to receive funds. You will then be asked to make a payment to another person or organisation after deducting a percentage as your commission or fee. Victims are sometimes lured through fake job advertisements.

• Phishing or vishing scams: you receive an email purportedly from your bank, HMRC, or other legitimate online business such as a shop or auction website. The email will contain a link to a fake but credible-looking website or ask you to call a specified number, where you are asked to update your personal and/or account information. Note: banks and other legitimate online businesses will not do this!

• Scareware: you access a website and receive a ‘pop-up’ telling you that you have some or all of the following – spyware, malware, virus, a Trojan, or pornography downloaded onto your computer. This may be accompanied by a barrage of other pop-ups. You are then offered a programme to purchase which can remove all of the above.

• Game cheat and file sharing websites: your computer is infected by malware when you download a game cheat, or share files online.

• Social networking: you post personal information on your profile page or disclose it on ‘live chat’ facilities which is then used by cyber-criminals to commit identity fraud.

• SMS phishing scams (sometimes called SMiShing): You receive an SMS text to your mobile phone confirming you’ve signed up for a service you know nothing about and will be charged a daily fee unless you cancel the order by visiting a specified website. The website then downloads a trojan onto your computer which enables it to be remotely accessed and used by cyber-criminals to attack other servers.

Source: Fraud Advisory Panel

See our earlier post on how to protect yourself from identity theft.

Monday, March 14, 2011

Avoid on line Rip-off's

Don't let fraudsters get away with it

Online shopping and banking is safe and secure if you follow a few simple guidelines and use your common sense.

If you’re shopping online, look for clear signs that you are buying from a reputable company:
• Do they have a real-world presence? Can you see their address and phone number?
• Is their website secure? Look for ‘https://’ and the padlock that should be present on the page you are using when you are giving any payment details (credit card), or personal information
• Do they have clear privacy and returns policies?
• If you’re not convinced, search for the company on the internet and check their reputation. Call them. Trust your common sense and if necessary buy elsewhere.

If you’re using an online auction site, such as eBay, a few simple steps can make things safer:
• Before you start, understand the auction process, the site rules and the auction company’s own safety advice.
• Get to know the buyer or seller. Ask questions. Check their feedback.
• Learn to pick good sellers. Their items have clear descriptions and they will answer your questions.
• Don’t give away your password or personal details.
When it comes to handing over your money, choose a safe way to pay such as PayPal or a credit/debit card.

Conmen are very good at persuading you to do what they want. Learn to spot the telltale signs of social engineers:
• They will promise huge rewards: lottery wins, lost inheritances etc.
• A false sense of urgency.
• Odd, superfluous details.
• Requests for upfront payments or private information.

Keep your guard up and use your common sense. It’s your money so if you get a bad vibe, walk away. Don’t be rushed into anything. Talk to someone you trust before making any big decisions. Remember, if it looks too good to be true, it probably is.

Source; Action Fraud

Friday, March 4, 2011

Bluemoon In Irish Independent 3 March 2011

Please see article below which was published in The Irish Independent

Anglo insider 'tipped Drumm off' about debt investigators
By Shane Phelan Investigative Correspondent
Thursday March 03 2011

AN Anglo Irish Bank official leaked sensitive information to its former chief executive David Drumm in the months after he resigned, the Irish Independent has learned.
Ken Drumm (42), a brother of the former Anglo boss, claimed in a sworn affidavit that his sibling was tipped off about contact between the bank and a firm of private detectives.
The detective agency, Bluemoon Investigations, offered Anglo its services in tracking down absconding debtors.
The disclosure -- contained in papers lodged with the High Court -- suggests at least one Anglo figure loyal to David Drumm was leaking information that allowed him to stay one step ahead of the bank's new management team.
Anglo has been trying to hold the former chief executive to account for a series of disastrous decisions and force him to repay borrowings of over €8m.
According to Ken Drumm, his brother was told the detective agency made contact with Anglo around May 2009 -- six months after he quit the bank and moved to the US.
At the time, David Drumm was not making repayments on over €8m from Anglo. He would later file for bankruptcy.
Anglo did not take up the services of the private detectives, but an internal unit was tasked with investigating actions David Drumm (44) took at the bank's helm.
This action culminated in the announcement, last month, that the bank intended to sue him for misconduct and deception.
Ken Drumm, a builder and nightclub boss, made the tip-off claims in papers filed as part of a dispute with a finance firm.
He is being sued over alleged debts by Dun Laoghaire-based Celtic Invoice Discounting (CID), which has the same owners as the Bluemoon Investigations agency.
In an affidavit, seen by the Irish Independent, Ken Drumm said his brother David was told by a person within the bank that the private investigators had offered their services.
Ken Drumm also stated that he was contacted with other information around the same time by a "senior manager" at the bank.
He did not name the officials who contacted him and his brother, but stated he intended to refer to their claims in defence of the CID lawsuit.
Anglo declined to comment on his claims last night.
The dispute between Ken Drumm and CID centres on an alleged debt of around €60,000, which CID claims is owed from a debt purchase agreement.
It says Mr Drumm was advanced funds for the running of Okohaus Superstructures, a construction company he ran that was involved in building schools for the Department of Education. The firm went into receivership in December 2008 and the debt has not been repaid, CID claims.
Mr Drumm has denied money is owed to CID and claims his reputation was adversely affected by comments allegedly made by CID's managing director Peter Kerrigan in a phone call to an Anglo official.
Bluemoon Investigations confirmed it wrote to Anglo chief executive Mike Aynsley in relation to its services, but said it was "mystified as to why anyone in Anglo would make David Drumm aware of this".
- Shane Phelan Investigative Correspondent