Here are the technological twists fraud examiners are now up against: crafty phishing e-mails, new online classified scams; and risk of intellectual property loss from MP3 players, music downloading programs, and (yes) lava lamps. 

The welcome e-mail announces "You've got cash! Michele Ramos sent you money with PayPal. Michele Ramos is a Verified buyer." The next few lines say that $760.13 was deposited to your PayPal account, that the transaction ID is LLM737547343253628355, and ends with the address of Ms. Ramos where the goods should be shipped. The e-mail recipient is further encouraged by a note to the right of the body of the message. In a separate box is the security warning straight from PayPal admonishing the reader never to provide their password to fraudulent Web sites including the reminder that PayPal employees would never ask for a password. But despite the e-mail's reassurances, both the URL listed in the security warning as well as the link provided to view the details of the transaction send the reader to bogus sites where personal and account information is misdirected to thieves.

Going phishing with a newer hook
CFEs on the front lines find constant challenges by both new frauds and new twists on the same old heists. This PayPal phishing e-mail with a link that directs to the fraudulent phisher's site is relatively new on the scene. But the new twist is the paragraph that seems to support Pay Pal's security information but also misdirects the e-mail recipient. As with this example, most of what is new in fraud involves the use or misuse of technology.

Darryl S. Neier, CFE, director of the litigation support group at Sobel & Company, LLC, in Livingston, N.J., likens the phishing e-mails that try to trick users into coughing up personal information to the social engineering phone calls of the recent past. "We see lots of old frauds with new twists," says Neier. "Phishers hit both corporate America as well as individuals."

With the new PayPal twist, employees should be trained not just to refrain from clicking any online ad buttons on their work computers but to keep from accessing any URLs provided in these types of fraudulent messages. One would have to have a sharp eye to notice the small "us" added to the otherwise perfect PayPal address. "People should be trained to go directly to the Web page of the requesting institution or make a telephone call to see if new information is needed," says Neier. Or just never visit any non-work-related Web sites on company computers.

Going once, twice...
In addition to phishing, online auction scams continue to rank high on the list of complaints received by the Internet Crime Complaint Center sponsored by the Richmond, Va.-based National White Collar Crime Center (NW3C). The promised goods never get delivered or payment comes in the form of a counterfeit cashier's check. "In the past, buyers and sellers got scammed in the same way except by regular mail solicitations," says Robin Elkins, an enforcement analyst at NW3C. NW3C provides assistance to member law enforcement agencies on white-collar crime. The federally funded program offers its unique knowledge plus the time needed to delve into resources such as thousands of bank or cellphone records.

Online classifieds sometimes similarly leave buyers without merchandise and sellers with counterfeit payments. In a new twist, a seller is contacted by someone identifying himself as an agent representing an international buyer. The agent negotiates a price and proposes to pay with a cashier's check, which usually is several thousand dollars higher than the advertised purchase price. The supposed agent tells the seller to wire the excess funds to a "shipper." The seller's bank releases the funds as soon as the check is deposited as a courtesy to the customer. Once the bank realizes the check is counterfeit, the victim is out not just the payment for the goods but also the thousands wired to the "shipper."

Elkins also reports that the Internet is growing in use as a tool to recruit victims to older scams. The plethora of work-from-home schemes use both valid and counterfeit job Web sites as well as chat rooms and singles sites to find pigeons. Some of the newer scams involve re-shipping arrangements. Victims agree to receive goods in large packages and ship back out in smaller ones. The scam bites people in two ways. Not only are the goods often stolen but the victims pay for the second shipping costs and expect reimbursements that never arrive. "These schemes often hit small businesses like retail," says Elkins.

Twisting the 411
A new twist on an old Internet scam involves the Nigerian (411) scam. Since most e-mail users are hip to the scam by now, some clever perpetrators employ the Internet Protocol (IP) relay system designed to help the deaf use the telephone. A scammer types in a message, generally an order for products, that the IP relay operator reads verbatim to the hearing person on the other line who is often a customer service rep for a small business. The legitimacy of the order from a supposedly deaf person over this service-oriented line spoken in perfect dialect by the hearing operator overrides natural suspicions. The Nigerian scammers deliver the familiar e-mail message asking the reader to help wire millions of dollars out of the country. "Even if the operators suspect the message is a scam they are prohibited by law from interfering in any way," says Elkins.

Technology facilitates identity theft. Genealogy sites, for instance, list detailed information about generations of family members. Birthdates of deceased and living relatives as well as mothers' maiden names become starting points for capturing identities. "Thieves can take mail or other documents to get this information but technology allows the crime to grow because of the access to so many more people at once," says Elkins.

Personal data assistants (PDAs) grant rich opportunity for identity theft. Whether lost or stolen, the savvy thief can mine personal information from e-mails and calendars as well as address books stored on the devices. Fraudsters use secure PDAs, cellphones, and now even iPods to perpetrate this new trick, says Derrick Donnelly, the chief technology officer at BlackBag Technologies Inc., in Santa Clara, Calif. "I always tell people that if they've got a secret they shouldn't tell their computer," says Donnelly.

MP3 players with bad bling
Cute little iPods and other MP3 players that come with accessories that add "bling" now threaten the security of a company's intellectual property.

Donnelly, who was head of IT security at Apple Computer for five years, explains that iPods can hold many gigs of data and can be used for more than just music. Both iPods and jump or thumb drives complicate security because they are so easily hidden. "Security personnel are attuned to searching laptops or watching for briefcases full of paper but aren't yet scrutinizing harmless music players," he says.

Once connected to a Mac or PC, users access the attached devices as they would an internal drive. The huge phone call centers are concerned about this feature. Employees at work ostensibly use the devices to listen to music between calls but they could just as easily be downloading entire customer databases through the easy connections. "More technical people understand all the capabilities of the iPod and the software available," says Donnelly.

The sync feature between a host desktop computer or laptop and the iPod allows easy transfer of notes, calendar, and contacts in their exact forms. Additionally, users can install an operating system in the iPod that can be used to boot up regular computers. "The regular computer might have effective monitoring systems but the iPod can invade and leave the original system looking pristine," says Donnelly. Donnelly's employer provides tools for forensic analysis of iPods as well as the ability to safely acquire a forensic image of the portable drive for use in court.

P2P road to fraud
Peer-to-Peer programs (P2P), used to download music, open up companies to potential fraud as well. The systems work within the Internet but outside normal systems on their own sub-networks. Downloading one popular program, for instance, opens the target computer to potential use by other computers on the network whenever the software is running. Once the music is downloaded that computer becomes a node on the P2P network. Someone else looking for the same song might be directed to the original computer when the music is requested. Because the P2P network runs behind the company's firewall, companies may not know that illegal music is being downloaded out of their computers. "P2P networks are a concern in insider trading because of the direct access to time-sensitive information," says Donnelly. "They also avoid using e-mail which is easy to track."

E-mail is still an effective method of transferring intellectual property out of the company. Donnelly points to how improvements in Google mail could be used to steal data. First, anyone with the slightest technical ability can figure out how to use the system to give out multiple accounts to other people. "Each user gets a full gigabyte of e-mail storage," says Donnelly. "That's a huge amount of data that also gets stored on (Google's) server not on the company's."

Clever thieves embed files, words, and sometimes pictures in the body of e-mail messages. "Intellectual property is dramatically on the rise with the aid of technology," says Neier. "Someone can send out an entire customer database in an e-mail that looks like the sender is offering a picture of his kid."

Old schemes like lapping, check kiting, and vendor frauds get new life with computerized accounting, too. "Forensic accountants are encountering the same stuff now as 40 years ago," says Neier. "The difference is that it's buried deeper now in segregated partitions or different sections of a hard drive."
Neier recommends notifying an Internet crime complaint center of all new schemes. "Law enforcement needs to know of trends," says Neier. "If they get one complaint it might not be a big deal but if they get 500 they can act quickly."

Keeping ahead of the developments isn't easy. Not only are fraudsters aggressively hatching new tricks but new products and services enable fraud. Small jump or thumb drives for instance are showing up incorporated into a variety of things like Hawaiian tiki masks and lava lamps. "An investigator might see nothing out of the ordinary in a cubicle with pictures of the employees' family, a cup with pencils, and a lava lamp," says Donnelly.

In the next issue: yet more twists and turns.

Cynthia Harrington, CFE, CFA, is a contributing writer for Fraud Magazine.