Preying on Fear, Uncertainty, and Doubt: Cyber Fraud in an Economic Downturn

I was recently involved in an investigation in which a laid-off employee retaliated against his former employer by using his knowledge of the company's IT systems to cause major slowdowns in information processing.

Disgruntled employees are nothing new to the corporate world, but a sharp rise in their numbers means nothing good for organizations. Information processing slowdowns due to fraud place undue financial pressure on an organization, which might already be feeling the pinch of the recession.

What else can go wrong from cyber attacks when the economy goes south? It's hard to tell because this is the first full-blown recession to occur in the Internet Age, but certain cyber scams are more prevalent as employees take advantage of the situation.

ONLINE SCAMS AND FRAUD
Economic downturns breed fraud of all kinds, but more cyber criminals are using the bad times to take advantage of unsuspecting consumers through online scams and fraud. According to a report released by the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center, Internet fraud losses reported in the United States reached a record high of $264.6 million in 2008 -- an increase of 33 percent compared to 2007.

The economic downturn plays a key role in this increase because many scamsters have been preying on fear, uncertainty, and doubt that are plaguing workers and consumers. It's a new twist on an old game.

Cyber criminals are using get-rich-quick scams to attract unsuspecting victims. With the U.S. unemployment rate above 9 percent, job seekers might be intrigued by jobs offering easy money for little work. But most of these openings are for "money mules." Crooks use unsuspecting pawns to transfer money obtained through fraud in one country to another.

These cyber-crime profits could come from other scams that exploit the recession. This includes a variety of phishing scams in which cyber criminals employ scare tactics linked to economic uncertainties to obtain sensitive information. In one scenario, cyber criminals send e-mails informing users that their banks are closing or merging and they must verify their account information so they won't lose their credit cards or lines of credit.

Other scams are twists on the classic advance fee in which the cyber criminal cons the mark into advancing money with the promise of a larger payout. These scams come in all shapes and sizes but mainly focus around lottery winnings, assistance in getting money out of the country, and the cashing of counterfeit checks. Their common denominator is that victims believe they have the ability to make money quickly -- an alluring prospect for those who have just lost their jobs.

Also, strapped Web-site administrators, faced with a decrease in online advertising revenue and tempted by the promise of easy money, might agree to deliver malicious software to unsuspecting Web site visitors. Jobless people with technical backgrounds might see the recession as a golden opportunity to become cyber criminals.

INSIDER ISSUES
I've written about intellectual property theft and data theft in previous columns, but the economic situation warrants reexamining the topic because previously loyal employees might turn to fraud with looming layoffs and financial uncertainty.

More than half (55.4 percent) of respondents to a recent ACFE survey said that the level of fraud has slightly or significantly increased in the previous 12 months compared to the level of fraud they investigated or observed in prior years.

The survey also found that:

• Employees pose the greatest fraud threat in the current economy. - When asked which, if any, of several categories of fraud increased during the previous 12 months, the largest number of survey respondents (48 percent) indicated that embezzlement was on the rise.
• Layoffs are affecting organizations' internal control systems. - Nearly 60 percent of CFEs who work as in-house fraud examiners reported that their companies had experienced layoffs during the past year. Among those who had experienced layoffs, almost 35 percent said their companies had eliminated some controls, while 44.2 percent said the layoffs had no effect on controls and only 3.2 percent said their company had increased controls.
• Fraud levels are expected to continue rising. - Almost 90 percent of respondents said they expect fraud to continue to increase during the next 12 months. Additionally, the fraud most expected to increase is embezzlement.
• With budget cuts and layoffs in internal audit, information security, and risk management departments, organizations are lowering their guards against internal threats. As controls decrease, additional opportunities for theft grow.
• Employees, or former employees, might use their knowledge of organizations and their access privileges to steal personally identifiable information and sell it to the highest bidders or use it to commit identity theft. Organizations not only lose money but reputation; adverse publicity could cause irreparable damage.
• An organization invests time, money, and energy into developing intellectual property that gives it a competitive advantage in the market. Loosing this edge can prove costly to an organization that's already suffering from the economic downturn.
• Employees might rationalize the theft of information by convincing themselves that the organization never knew how to use its trade secrets and soon won't need those secrets because it will fail.
• Competitors wishing to put the final nail in the coffin of their competition might be tempted to acquire trade secrets from these unscrupulous individuals. Jobseekers might also leverage the stolen information to offer valuable information in exchange for employment. Others will use the information to start their own businesses with the hopes of making more money in an organization that they can control.

NEXT ISSUE
In the next column, we'll examine how computer forensics now plays a critical role in fraud examinations.

Jean-François Legault, CISSP, CISA, CISM, GCIH, GCFA, is a senior manager with Deloitte's Forensic & Dispute Services practice in Montreal, Canada. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.