Ensnared In The Web: Fighting Fraud with Internet Searches

We now have tools we can use to search on the Web for the minutest details of suspected fraudsters. Use Google Alerts, social network sites, financial and relational blogs, classified and auction sites, plus new targeted search engines to find evidence that will stick.

Recently, a client called to tell me someone had stolen one of his trucks containing an entire load of industrial heating, ventilating, and air-conditioning (HVAC) equipment. The police recovered the truck some 20 miles down the road, but more than $200,000 worth of products was still missing.

My client's investigative and loss-prevention team worked closely with the police, conducting interviews and working their leads down to the wire. However, the products eventually turned up through a Web search. I'd been keeping an eye on auction sites, as well as resale and trade sites, and had found an HVAC vendor on www.Craigslist.com reselling all the same stolen parts five states away. The vendor even gave serial numbers and posted photographs of the equipment! We had found our crook.

USING GOOGLE ALERTS 

When my client first called, he requested that I search eBay for these goods. I knew I'd never find the items on eBay and sure enough, after many searches by make, model, and serial number, I'd turned up nothing. I also didn't find anything through a general Google search.

But I was just getting started. I decided to let "Google Alerts" do some searching for me. I went to www.Google.com/alerts and entered the model numbers of the HVAC units as the "search terms" and received automatic daily e-mails culled from Google News, blogs, video, groups, and the Web.

The alerts gave me hundreds of bad leads, but I finally found a good possibility on www.Craigslist.com, on which a suspect volume reseller in the Southeast United States had posted photos of similar HVAC equipment. Craigslist.com organizes its markets by geographic location, and is similar in spirit to an open-air market. Anonymous users can find just about anything on the site.

I found our crook by posing as a prospective buyer. All I had to do was call the suspect and ask him to take photos of the electricity input-output (I/O) area on one unit and bingo - the faceplate next to the I/O on the machines contained a matching serial number.

I told my client that his HVAC units were several states away, and he then worked with the authorities to seize his stolen equipment from the thief and press charges. To my best knowledge, the reseller had bought the hot equipment off the back of a tractor trailer driving through his town. He said he "didn't remember who he bought them from."

LOSING INTELLECTUAL PROPERTY 

One good trade-secret leak or advance notice of a product release could be worth millions of dollars to insiders, who could use the knowledge to gain an edge in the market. Competitors also would love to capture such information so they could deconstruct the product faster than you can say "iPhone knock-off." Indeed, all the major media syndicates and technology companies struggle to keep their intellectual property in-house under lock and key.

Several years ago, a fellow investigator told me he had a client who was a secretary at a syndication house and an avid amateur artist who specialized in drawing cartoons with Hispanic characters. The client claimed that someone who worked for the syndicate (most likely her supervisor) actually stole a doodled cartoon from her desk and developed it into an extremely popular Hispanic animated character. Unfortunately, the client had a difficult time proving her claim because she had thrown away most of her other doodles, or she hadn't dated or trademarked the ones she'd kept. Today, that Hispanic character, represented as one of the huge balloons in the Macy's Thanksgiving Day Parade, is probably worth a billion dollars.

In another case of intellectual property loss that began in the Midwest but ended in China, a chain store alerted my client, a large household product manufacturer, that someone was trying to push a knockoff version of its unique patented sugar substitute.

Printed on the sugar substitute packet was the name of the packaging company, which I found to be a foreign-owned facility that was primarily a shipping and receiving front for the product's producer in China. I searched online import/export databases such as www.piers.com and found the Chinese shipper. That company's Web site actually displayed my client's patented scientific recipe! The fraudulent company wanted to prove it knew how to make the sugar substitute "just like the real thing" so they published it for perspective buyers. I gave the client the bogus company's contact information. (I wasn't around to see the legal outcome.)

COMBATING INSIDER SABOTAGE 

Sometimes insider tips and design specifications show up on financial message boards (such as www.finance.yahoo.com, www.RagingBull.com, and www.google.com/finance). Check them out to read the rumors and accusations of company mismanagement.

In the late 1990s, these financial message boards were the places for "pump and dumpers" to post fraudulent rumors that sent stocks soaring or plummeting. We still see a steady run of pump-and-dump activity, but now it's mostly in anonymous postings on Web logs - or blogs as most of us know them.

A great Web site to troll for technology developments and opinions on blogs is www.engadget.com. It's hard for me to believe these knowledgeable, supposedly impartial participators and reviewers who are revealing technology company secrets aren't actually working for those same firms.

During my investigations, I've often found that supposedly objective blog posters are actually company employees discussing privileged company insider information. Sometimes, they don't realize what they're doing is inappropriate or violates the company policies to which they've agreed and signed. In at least a dozen cases I've investigated, the offending posters are younger men who enjoy the adulation they receive.

They discover a little information about new product releases and they can't wait to share it so they can be treated like gods with sacred information.

Run searches in www.technorati.com and www.icerocket.com to discover if intellectual property is being shared about your company. Both search engines specialize in blog and social-network indexing.

STOPPING REPUTATIONAL DAMAGE 

Organizations have to protect their reputations. If one wild rumor gets out on the Web, stocks could crash, and investors could be sent running.

Your organization would be concerned about protestors marching in front of your building claiming unfair practices, so it should also worry about the disgruntled employee who goes home and writes a blog post filled with lies and bitter resentment. This post could turn up a year later during a merger and acquisition due-diligence search. Red-faced management will have to explain away the lies, which by then might seem truthful.

You can use the Web to chase myths and find online instigators and thieves, but first you're going to need suspects' usernames from their personal e-mail addresses. You can often access suspect employees' personal addresses through your organization's human resources records. (Check with your legal counsel before conducting any online searches for employee information.)

If a threat came from someone outside the organization, you'll probably already have a username from an e-mail or blog posting.

Next, search for those usernames (or suspects' names) on various relational and social-network sites such as Flickr.com, Myspace.com, Facebook.com, and Linkedin.com. (Pay special attention to the photo blogs because you might just find your stolen products or designs on display.) If you can't find usernames or actual names, search by product name, type, and product features. Also look for bloggers or posters by geographic area.

In one case, a company asked me to find a person who was posting sensitive intellectual property on a message board that it was monitoring. I needed to track him down within a few hours, but all I had was his username from the message board. Fortunately, he had used that same username when he had posted pictures of himself and his friends from a biking trip on Flickr.com. Information posted with the photos included his first name and his possible home, San Diego. I matched his image with his company badge photo database, and we had our man.

You can also use similar sites such as Kodak.com and photobucket.com. (Search for your company name on these sites; you might be surprised at some of the inappropriate photos you see.)

Myspace.com targets the "Y generation," so expect to find mostly 30-somethings and younger. Don't forget to change the search from "Web" (default) to "myspace" when you're entering usernames in the search box on the site. You don't have to be a member to search for information.

You can search by name, userhandle (pseudonym), e-mail address, and other advanced option items. If your suspect has left his or her privacy settings open, you can gather profile photos, nicknames, and postings. Also, search by username to see if you can find the subject's posts on other Myspace boards on which he or she might have posted comments.

Facebook.com, the fastest-growing social network in the United States and the dominant site in other countries, doesn't target any particular age group. Unfortunately, you not only have to be a member, you have to be connected to suspects to search for information in their profiles. However, like Myspace.com, you can obtain a significant amount of information from users' photographs, or posted usernames. Again, you can search by an e-mail address like supercoolgirl@gmail.com and a user might come back with the handle, ZuprKewlGrrl. Now you have a whole new username.

Finally, both Facebook.com and Myspace.com, like all other social networks, assign each user a unique number that is indicated in the URL of the page. For example, this URL -- http://profile.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=68735632 -- indicates that the user's ID number is 68735632. You can search for just that number in www.Google.com to see if anyone is pointing to that site from within their own profile or if any leads develop. Most likely, you'll get the actual link right back in Google on the number you searched. Look at the Cached page given on the Google page result for any recent edits.

Keep an eye on the search engine www.hi5.com, which is extremely popular in India and many other countries.

Every time I perform a business due diligence, I first check with www.Linkedin.com, a professional social network for job hunters, networkers, and people trying to reconnect with old colleagues. (www.Spoke.com is a similar site.) Individuals tend to post too much about themselves in these profiles. Compare this information with what they gave on their job applications.

In one case, an executive wrote on his pre-employment check form that he had graduated from the Fontainebleau, France, campus of INSEAD, an international business school. However, he gave different educational credentials on his Linkedin.com profile. I called INSEAD and found that he had never attended the school.

Keep trying the newest search engines, and exploit them for every possible information nugget they can offer. Here are three I've been using: www.yoName.com, www.spokeo.com, and www.lococitato.com.

REPLACING SURVEILLANCE TEAMS 

Even if new social networks, services, and Web sites don't seem to be useful now, they could be potential tools later. A person's guard is almost always loosened up in social situations, so they talk more, say more, and share more. Users sometimes share info on social networks they wouldn't in face-to-face encounters. Years ago, a site like www.Flickr.com wouldn't have had any real purpose in an investigation, but today it's the go-to source for matching usernames to photos.

In the past, you'd need a savvy surveillance team to gather pertinent data. Now, if you look on the correct sites, you can find the info with just a few keystrokes.  

[Some links might not be available. —Ed.]

Cynthia Hetherington, Associate Member, is the publisher of "Data2know.com: Internet and Online Intelligence Newsletter," and author of "Business Background Investigations" and "The Manual to Online Public Records" (both Facts on Demand Press). She's a Licensed Private Investigator and the president of Hetherington Group, an investigative consultancy specializing in due diligence. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.