Back together again

Fraud examiners came together for the first time since the outbreak of the COVID-19 pandemic at the 33rd Annual ACFE Global Fraud Conference in June 2022. The association’s first hybrid event for both in-person and virtual participants enjoyed record attendance and has proven to be a winning formula.

The delight of meeting face to face for the first time since the outbreak of the COVID-19 pandemic was in plain sight at the 33rd Annual ACFE Global Fraud Conference held in Nashville, Tennessee, in June. Smiling faces and packed sessions marked the association’s first-ever hybrid conference that saw over 5,000 in-person and virtual attendees, another record number.

“Being back in person was like a family reunion and everyone was excited,” says ACFE’s Vice President of Events Leslie Simpson, CFE.

“Sessions were active, and speakers were energized. Some even brought their virtual vibe into their in-person session by making light of being so used to teaching sessions in board shorts on bottom and suit up top.”

Despite upsets caused by the health crisis, the ACFE Global Fraud Conference has been growing each year. And the new hybrid format is a winning formula and one the ACFE will use at next year’s conference June 11-16 in Seattle, Washington.

“Hybrid conferences are a new reality for many organizations that put on educational events, and I couldn’t be happier with how our conference turned out,” says Simpson.

“The wonderful thing about how we executed the conference this year is we truly had something for everyone. It was great being back in person and feeling the energy of seeing old friends and the new faces who joined us for the first time while also maintaining our virtual event so companies who like the convenience of online learning can easily attend this conference.”

Over 110 sessions were available to participants, virtually and in-person. Topics ranged from whistleblowing to biometrics to the rise of ESG fraud to supply-chain fraud to the latest technologies for fighting fraudsters in cyberspace.

“It was wonderful seeing old friends. Being able to feel the energy of CFEs gathering together again was so inspiring,” says ACFE President and CEO Bruce Dorris, J.D., CFE, CPA. “Coupled with a strong online presence for those who were unable to attend physically, the conference was an absolute success.”

The ACFE also put on first-class entertainment with the Middle Tennessee Chapter hosting a concert featuring Marty Stuart and His Fabulous Superlatives. Proceeds from the show went to the ACFE Foundation (ACFE.com/foundation), which has a mission to increase the body of anti-fraud knowledge and support future anti-fraud professionals worldwide. Singer/songwriter Marty Ray also performed in the lobby before the concert.

And the annual conference wouldn’t be the same without country and blues artist Lee Roy Parnell, who during the opening session once again remastered the conference’s first theme song, “White-Collar Crime,” which ACFE founder and Chairman Dr. Joseph T. Wells, CFE, CPA, originally performed in the 1970s.

Online attendees were also able to enjoy virtual zoo visits, mixology happy hours, mindfulness sessions and various cooking demonstrations from chefs. “We saw a post of a member sitting with his children in his living room, watching the zoo tour and sharing the experience with his child. It was great!” says Simpson.

As always, prominent personalities enlivened the discussion about fraud and how best to prevent it. Below, keynote speakers and ACFE award winners describe the lessons learned from their battles against fraudsters.

Tony Kwok: Life lessons

Now in his seventies, Tony Kwok has settled nicely into retirement after spending decades successfully fighting corruption and wrongdoing in his native Hong Kong and in other parts of the world. Even though he’s no longer actively fighting fraud, he still has some important life lessons for aspiring fraud examiners.

Kwok is the former deputy commissioner of the Independent Commission Against Corruption (ICAC), the anti-graft agency that’s largely credited with transforming Hong Kong into one of the least corrupt places in the world. The ICAC is now held up as an example to emulate among countries battling endemic fraud and corruption. And Kwok, who was there from the organization’s inception, has become a highly respected expert in the field as he continues to impart valuable advice to anti-fraud professionals the world over.

“I urge [everyone], particularly those in developing countries with corruption problems, to consider using your expertise to fight corruption so that when you are in your 70s, you can be like me and feel so much satisfaction with your life,” Kwok said.

The ACFE honored Kwok’s lifelong fight against wrongdoing during the opening session, where he was given the Cressey Award — bestowed by the ACFE annually for a lifetime of achievement in the detection and deterrence of fraud. “I am very grateful to receive this international, prestigious award,” he said during his virtual acceptance speech.

Hong Kong’s transformation

Kwok uses three criteria to define a corrupt society: (1) corruption is widespread and impacts all sectors of society, (2) corruption is out in the open and (3) corruption is well organized through crime syndicates. When Kwok was born in the 1940s, Hong Kong bore all those hallmarks, and the situation grew progressively worse. “By the ’70s it was definitely one of the most corrupt places on earth,” he said.

Corruption impacted everyday life — often in horrible ways. Opium dens and gambling joints on street corners were common sights, and Hongkongers had little option but to bribe firemen, ambulance drivers and even the police for the most basic services. Because of corruption, apartment blocks for the underprivileged were so poorly constructed that they often had to be evacuated.

By the 1970s Hongkongers had had enough, and they took to the streets in mass demonstrations after Peter Godber, the then-chief superintendent of police, fled to the U.K. in 1973 when he came under suspicion for corruption. This marked a turning point for the city and Kwok. Soon thereafter, the authorities created the ICAC, one of world’s first anti-corruption commissions. Kwok quickly signed up as a junior investigator, and he never looked back.

Sometimes success is a matter of being in the right place at the right time, said Kwok, reflecting on the trajectory of his career. “I was lucky to be able to join shortly after [ICAC’s] inception and hence was able to participate and witness how Hong Kong succeeded in transforming [itself] from one of the most corrupt places on earth to one of the least.”

Aside from the fortunate timing of his career choice, Kwok said that he also drew other important lessons from his experiences at the ICAC. For one, fraud investigations are not just about catching the bad guys and throwing them in jail, he said. Often, they can act as an important catalyst for change and the betterment of society.

For example, Kwok cites a series of investigations carried out by the ICAC in the 1980s that exposed fraud and other types of corruption in the financial industry. Kwok led one such investigation at what was then the third-largest bank in Hong Kong — Overseas Trust Bank — which resulted in jail time for a string of C-suite executives who’d committed fraud. The ICAC also brought down the then-chairman of the Hong Kong Stock Exchange, Ronald Li, for bribery.

Revelations of rampant corruption at the very top of high-profile financial institutions led authorities to realize that the sector needed more regulatory oversight and spurred the creation of independent watchdogs, such as the Hong Kong Monetary Authority and the Securities and Futures Commission. “These bodies enabled Hong Kong to become a top financial center,” Kwok said.

Kwok’s decades-long fight against corruption has also made him realize that this is an ever-evolving field and that fraud examiners must adapt to the changing landscape to be successful. “I can confirm that the way I investigated corruption in the ’70s was a lot different from [what happens in] the 21st century,” he said. “Fraud and corruption are becoming a lot more sophisticated, and no longer can you investigate fraud on your own.”

That often means involving a raft of different support teams with expertise in forensic accounting, computer forensics, surveillance and witness protection — to name a few. “Not only do you need to continuously upgrade your professional knowledge, but you also need to adopt a mentality to take a more proactive and creative approach to the investigation,” he said.

Pav Gill: The power of the small

Taking the first step to becoming a whistleblower is a daunting task, and Pav Gill did so reluctantly. But the soft-spoken lawyer who famously brought down the once-revered German payments firm Wirecard has some inspirational words for those individuals who feel helpless in the face of enormous frauds and the powerful players who perpetrate them.

“It takes nothing but one person to start chipping away at this massive, massive injustice,” he told the audience at the opening session. “Just chip away at the tiny bits, and soon enough people will join you at chipping away at the small.”

The power of the small works. Since revealing his identity last year in the documentary “Wirecard: The Billion Euro Lie,” Gill has been on a mission of sorts to show that sticking up for what’s right is worth the trouble, no matter how small you might feel. “We, as members of the ACFE and legal compliance professionals, cannot cower as our very job entails doing the right thing,” he said.

Facing all manner of intimidation, including threats to his life, Gill bravely blew the whistle to expose what became Germany’s largest corporate fraud since World War II. In recognition of this valiant act, the ACFE presented him with this year’s Cliff Robertson Sentinel Award, which the association bestows annually on a person who, without regard to personal or professional consequences, has publicly disclosed wrongdoing in business or government.

A life turned upside down

Gill’s own life was turned upside down when he instigated an internal investigation into what was later found to be a multibillion-euro fraud at Wirecard after employees in the finance department questioned some of the free and loose accounting practices at the company.

Headhunters recruited Gill to become Wirecard’s first legal counsel for the Asia-Pacific region. He was initially excited to join what was then seen as a growing fintech firm, but within months that elation turned to deep concern about how exactly Wirecard was generating such impressive revenue streams.

“I have always had a sensitive nose that tells me that something doesn’t smell right, and in Wirecard’s case, the smell was pretty bad from the start. Nothing made sense,” he said.

Not long after Wirecard hired him in 2017, Gill started casting a skeptical eye on Edo Kurniawan — whom the board had handpicked to oversee Wirecard’s international finance operations — since he seemed ill-qualified for the job, said Gill.

Not only was Kurniawan’s finance background suspect but he hired employees from Indonesia and Malaysia who lacked the requisite experience for the jobs he promoted them to in the finance department. More frighteningly, Kurniawan was fond of boasting that he’d married into a family of drug dealers in Indonesia.

Kurniawan, along with Wirecard’s former chief operating officer Jan Marsalek, are now fugitives wanted for their involvement in the fraud Gill helped exposed. But before they went on the run, they made his life hell, and even today they loom in the background as potential threats.

Turning Point

Gill christened the fraud probe he helped initiate “Project Phoenix,” thinking Wirecard would rise from the ashes after a few bad apples were eliminated. However, such hopes soon faded after Marsalek took over the investigation. The board then implemented an anonymous whistleblowing program to weed out “troublemakers” in a faintly disguised reference to Gill and others who wished to uncover fraud.

Gill quickly found his credibility under attack, and intimidation tactics became so fierce that he was forced to resign after he refused to go on a business trip to Jakarta on what he described as a “one-way ticket.”

The threats didn’t stop there. Wirecard executives continued to harass Gill and his mother, who eventually encouraged her son to go to the press. With Gill’s hard evidence in hand, the Financial Times ran a series of articles about Wirecard’s financial shenanigans. Gill also took his story to the Munich-based Süddeutsche Zeitung, one of the largest daily newspapers in Germany, and used Twitter under a pseudonym “@Laan_Pa” to disseminate information that newspapers were less willing to print for legal reasons.

Fighting back worked. By the summer of 2020, the company finally admitted to wrongdoing after CEO Markus Braun resigned and was subsequently arrested. On June 25 of that year, Wirecard filed for insolvency.

Systemic failure

Regulators, politicians and stock analysts had all held up Wirecard as Germany’s answer to Silicon Valley, and the stock price had soared as a result. In reality, it was a house of cards, where top executives were conducting “round-tripping” schemes that moved substantial sums of money from the books of one subsidiary to another to give the illusion of profitability. Ultimately, that house of cards collapsed when the existence of $2 billion in cash, supposedly located in bank accounts in the Philippines, couldn’t be confirmed by external auditors, who then refused to sign off on the company’s financial statements.

Gill sees Wirecard as a textbook example of a broad systemic failure where everyone from regulators to law enforcement to investment analysts failed to carry out their jobs properly. “Everyone chose to ostrich themselves by sticking their heads in the sand and refused to acknowledge or accept what was going on around them,” he said.

Gill’s mother, Sokhbir Kaur, raised him as a single parent in subsidized housing, working several jobs to ensure that he went to the best schools in Singapore. Gill hopes their story and their determination in battling fraud inspires others in similar situations. When you decide to fight for yourself and what is right, “there is no turning back until that mission is accomplished regardless of how daunting and powerful our opponents may be,” he said.

Alex Gibney: A lesson in fraudster psychology 

Alex Gibney has been making films about fraud in one way or another ever since his directorial debut in 1980, “The Ruling Classroom,” which documents a social-studies experiment at a California middle school that simulates American society and ends in corruption.

Since then, he’s won accolades galore for his documentaries that examine the inner workings of fraudsters’ minds and lay bare for the public the extent of such wrongdoing in our society. His subjects range from the rise and fall of energy company Enron in “Enron: The Smartest Guys in the Room” to the downfall of Theranos founder Elizabeth Holmes in “The Inventor: Out for Blood in Silicon Valley,” to the opioid epidemic in “The Crime of the Century.”

Gibney is this year’s recipient of the ACFE Guardian Award, and he talked to President and CEO Bruce Dorris, J.D., CFE, CPA, at the conference. While the award has traditionally been presented to a journalist, Gibney’s body of work falls squarely under the criteria required to receive this honor — someone whose determination, perseverance and commitment to the truth has contributed significantly to the fight against fraud.

“I stumbled into an obsession with the psychology of fraud, and many of my films center around it,” he said.

Over the years, Gibney has learned a thing or two about that psychology and how it applies to all of us. When he first started making such films, he thought he could clearly separate the bad guys from the good ones. But it wasn’t that simple. It turns out that “we are all a little bit naughty under the wrong circumstances,” and that often good people can cross an invisible moral line by ignoring wrongdoing when they should’ve spoken up.

That may be why Americans are so fascinated with these stories but have conflicting feelings about them. Gibney recalls the publicity tour for his documentary on Enron and how fascinated people were with Lou Pai, the Enron executive who cashed in on millions of dollars in stock just before the company collapsed and evaded federal prosecution. “I think the subtext to the question was: ‘Where do I go to be more like Lou Pai,’” laughs Gibney.

Noble cause

But more intriguing is how annoyed people seem to be with Sherron Watkins, the internal whistleblower whose brave efforts to warn about the Enron accounting scandal fell on deaf ears. That reaction may seem odd, but it could partly be due to fraudsters’ skills in spinning a good tale. And in the corporate world, good story telling goes hand in hand with a belief in a noble cause, making the ends justify the means, at least in their eyes.

“It makes the fraudsters hard to catch because they lie with conviction,” Gibney said. “One of the key things about deception is self-deception. There is a moment when you really believe in the lie.”

That attitude marks the first signs of corruption as it means people are willing to bend and then break the rules to achieve their objectives. This applied to Elizabeth Holmes who may have wanted to revolutionize health care through Theranos’ blood-testing machine, but used it on real patients when she knew it was unworkable. It’s a similar story for Enron CEO Jeff Skilling, who believed that unfettered free markets were a catalyst for social good, justifying the need to fudge financial numbers to achieve his goals.

“What I see in executive suite [fraudsters] is that sense of belief in a mission which is not the good news. That is actually the bad news,” he said. “So, if you see someone that believes fervently in their cause, trust but verify.”

Michael Lewis: Complexity, fraud and listening to contrarians

Michael Lewis isn’t a fraud examiner. But as a journalist and author who has written multiple books about financial shenanigans on Wall Street, he has important insights into the nasty underbelly of markets and how fraudsters can thrive there.

The latest market selloff could be a good case in point as investors look for guidance amid concerns over rising inflation and the potential for a recession.

“When there is this kind of convulsion in the marketplace, it is an excellent opportunity to see who is prone to the con because everybody is looking for somebody to tell them what is going to happen,” said Lewis.

“The truth is that there is no predicting what is going to happen. So, when you see someone get up with great certainty and say they know what is going to happen, put a little check mark on their file because that is the person you are going to be investigating in three years from now.”

In a virtual interview, Lewis spoke to ACFE’s Chief Strategy Office John Warren, J.D., CFE, about why CFEs should pay attention to cryptocurrency, the legacy of the 2008 financial crisis and the increasing complexity of markets.

Lewis best sellers include “Liar’s Poker” about his time as a bond salesman at Salomon Brothers in the 1980s, “The Big Short” about the 2008 financial crisis and “Flash Boys” that recounts how high-frequency traders gamed the market. Lewis says his next book could be on cryptocurrency. That’s not because he thinks bitcoin will replace the U.S. dollar. Rather, his interest lies in the enormous amount of wealth created over a short period of time through the rally in crypto coins and tokens.

“I am looking at characters who were previously not that important, but who have become very important because a bet they made a few years ago has paid off,” he said. “I am figuring out how to write a book about it.”

Crypto lessons

The sudden popularity of all things crypto arguably holds certain lessons for CFEs and could potentially point to dangers ahead. “Excessive confidence and certainty in things that are inherently uncertain is a red flag. And it is a red flag that doesn’t get pointed out and people get rewarded for it,” he said.

But the other red flag stems from the increasing complexity of crypto and the broader financial system. That’s a theme that Lewis has tackled in the past whether he was writing about the collateralized debt obligations (CDO) blamed in part for the global financial crisis or the high-frequency trading technology that allowed some players to front run others in the market. “All of a sudden you can’t explain to your mother what you do for a living because it has got so complicated,” he said.

While there has been a push for greater transparency in the financial system, that complexity makes it increasingly difficult to fathom what is truly happening. “In some ways, we can know more about what is going on inside of Goldman Sachs than ever before, but there is a new form of opacity,” he said. “Complexity is the new opacity.”

That’s why it’s now more important than ever not to be intimidated by those claiming the subject matter is just too difficult to comprehend. “That is what happened with Bernie Madoff; it’s so complicated you can’t understand it,” he said. “That’s the giant red flag … the complexity masks the behavior.”

Plain English

It falls on journalists like Lewis and CFEs to ensure that they “poke and poke” until their questions are answered in plain English, and it is then they can figure out whether this involves fraud or is simply someone taking advantage of market loopholes.

When you are untangling the financial web, it helps to look for teachers to explain what is happening, says Lewis. This is what he did when writing the “Big Short.” In this case, those teachers were the handful of investors who had gone all in to short the mortgage market in the run-up to the 2008 financial crisis. “What they all had in common was that they didn’t accept what everybody was saying,” he said.

Two of these investors, Charlie Geller and Jamie Shipley, were buying up cheap insurance across different sectors against what many people thought were once-in-a-lifetime tail risks. When it came to the mortgage market, they soon realized that those risks were very real and imminent, and that the CDOs being churned out by Wall Street banks and ratings agencies were highly fraudulent. They took their concerns to the FBI, the Securities and Exchange Commission and the press, but to no avail.

The story holds several lessons, not least the importance of listening, especially to those who might at first appear odd and are going against the grain of conventional thinking. “[For fraud examiners] it takes a lot of nerve to listen to those arguments because it sounds so implausible, but you have to listen to arguments like that because sometimes they are right.”

This applies to whistleblowers who may come across as eccentric at times but could hold the key to a big fraud case. “You have to be able to listen to the argument and evaluate the argument rather than the source of the argument,” he said.

Gurbir Grewal: Keeping corporations on the straight and narrow

Gurbir Grewal jokes that he has never been in the public eye as much as he has since he started as the Securities and Exchange Commission’s director of the division of enforcement in July last year.

“Now when I go to speak as SEC enforcement director, it is almost a cottage industry, whether it is accounting firms or law firms, it generates all sorts of press and media coverage,” said Grewal, noting his comments are his own.

Indeed, the former New Jersey attorney general has a lot on his plate as he tackles everything from crypto fraud to the unregistered sale of securities to changing the tone at the top among corporations that are still very vulnerable to fraud.

“When I came into the door here, I didn’t fully realize how vast and deep the waterfront is that we cover,” he said in an interview with President and CEO Bruce Dorris, J.D., CFE, CPA. “There has been a steep learning curve for me on a lot of the subject-matter issues.”

Rebuilding trust

Grewal has vowed to approach his job with a prosecutor’s mindset and work with the SEC to rebuild public trust in the nation’s institutions and markets. “It has become apparent to me that there is this erosion of trust, not just in our government institutions, but in our financial institutions as well.”

Scandals, the perception that insiders have access to information outside the public domain and delayed accountability for crimes, have contributed to this phenomenon. And that is bad for everyone, he said.

Grewal has a three-part solution to restoring this diminishing trust:

1. Robust enforcement.
2. Robust remedies — penalties that really deter misconduct and are not priced in as the cost of doing business.
3. Shared effort with professionals, such as CFEs, to create a culture of active and robust compliance.

“The tone at the top matters. That is the first thing that is required for robust compliance,” he said. “People just have to make it part of their brand, that they are going to work ethically and play within the rules.”

Compliance also requires corporations to go beyond check-the-box policies by truly addressing the risks in particular businesses, encouraging reporting and cooperating with the SEC, he said.

“If we do all of those things, we can restore confidence in our markets and protect investors better, but it is a shared effort with folks in this room, gatekeepers, lawyers and other compliance professionals,” he reminded attendees. “But it starts at the top.”

Failures in compliance

The SEC has already clamped down on poor compliance among some big-name companies as it seeks to send a message to others in the market. This includes one of the largest advertising firms WPP, which has been expanding its footprint in different parts of the world but has failed to address the risks of corruption in certain countries.

The company agreed in September to pay more than $19 million to resolve charges that it violated the anti-bribery, books and records, and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA). “Hopefully that sends a message to folks in this space who are growing by acquisition that you really need to have systems in place,” he remarked.

The regulators also hit JP Morgan Securities in December with a $125 million penalty for a books and records violation, the highest fine the SEC has imposed for this type of infraction.

“You might say this is just books and records, but you’re all fraud examiners and where do we go to see what happens when something goes wrong?” he asked. “As a broker dealer they need to maintain these records, so if there is an allegation of wrongdoing after the fact, we can come in.”

While JP Morgan had policies in place to meet books and records requirements, the very executives responsible for implementing it were telling their teams to start an offline WhatsApp chat to talk about different transactions, said Grewal.

Responsible behavior

The SEC is trying to reward responsible behavior by forgoing fines should management do the right thing and cooperate with the regulator. While every case is unique, Grewal emphasizes that cooperation is more than doing the bare minimum. It means having the right policies and procedures in place, remediating misconduct once you identify it, putting together a report that you show the SEC and then working with them in the investigation.

“But where people lose credibility is when they come in and the self-report becomes an advocacy piece to say, ‘the conduct wasn’t so bad, we discovered it and you shouldn’t find a violation here,’” Grewal warned.

“That doesn’t work. It is really about the robust self-report, acknowledging the misconduct and then we will make the assessment.”

It is likely that fraud examiners will see more and more wrongdoing come to light as the markets turn south amid fears of a looming recession or even stagflation. Grewal noted, “[Investor] Warren Buffett said that when the tide rolls out you see who has been swimming naked; right now, you are going to see a lot of naked swimmers.”

Grewal encourages CFEs to push executives and higher management to self-report to the SEC. “Tell them the enforcement director said it is always better when you come to us first before we come to each of you,” he said. “I have seen this movie play out dozens and dozens of times. The self-report is the way to go.”

Rachel Wilson: Sleepless nights and cyber threats

If you are someone who tends to shrug off cyber threats, just listen to Rachel Wilson. Your nights may be less restful.

Wilson should know about the dangers lurking behind your computer screens. She is the first-ever head of cybersecurity for Morgan Stanley Wealth Management, and she spent years at the National Security Agency (NSA), where she spied on and hacked the computer systems of terrorists and other enemies of the United States.

She spoke to a packed house during the opening session, and she didn’t mince her words about the rising risks we all face from fraudsters in this space.

“What we are up against is unlike anything I have ever seen in my 20-plus-year career in this space,” she said. “These are dire times, and I don’t think we have seen the worst of it yet.”

Here are some facts that keep a cyber expert like Wilson up at night.

North Korea’s fraudulent funding

North Korea may be cut off from the global economy amid stiff sanctions for its development of a nuclear program. But its government has other ways to fund itself — hacking banks throughout the world.

According to Wilson, an estimated 7,000 people within the North Korean government are dedicated, fulltime hackers. Many of them are recruited as young as 11 years old and are torn away from their families to be trained as bank hackers. That sort of dedication means that the so-called Hermit Kingdom has become very adept at this particular skill. Last year, the United Nations published a report supporting the allegations of 27 countries, which asserted that the North Korean government had targeted their central banks to the tune of more than $3 billion over the last three years. “All of that money went into their missile and nuclear programs — reasons why all of us need to be on our toes,” she said.

Iran disrupts

Iran does not necessarily hack for monetary gain, but it has found this to be an easy way to disrupt and attack its enemies, particularly the United States. Building a nuclear program or sailing an aircraft carrier into New York harbor are lengthy and expensive projects. But putting 40 hackers in a basement to wreak havoc through denial-of-service (DoS) attacks is simple and efficient. Iran did this between 2012-2014 to Wall Street banks and could do it again if there are renewed tensions with the U.S., Wilson stressed.

Criminals move in

But the real change over the past five years has been the entrance of criminals. They are now the predominant players performing this type of offensive cyber activity — and they are doing it purely for financial gain. Unlike the clock-and-dagger operations that occur between nations, this type of fraud impacts us all. “Now 70% of this malicious cyber activity we see on the internet is financially motivated and coming after all of you in your corporate, professional and personal capacity,” said Wilson.

Who are these criminal hackers? Often, they are the same people who lend their expertise to governments in China, Russia and North Korea. Government pay may be poor, but these hackers can use their skills to supplement their income once they get home.

“This is essentially a democratization of very advanced cyber capabilities that are now available for sale and rent on the dark web,” noted Wilson. “These fraudsters are using these capabilities like our kids learn how to use new toys. They are watching YouTube videos and they are leveraging these capabilities that were once the bastion of nation states but are now broadly available.”

Be vigilant

At a time when we increasingly use computers and mobile phones for everything from remote working to banking to shopping, we must all be more vigilant than ever to potential fraudulent activity. However, many of us are unprepared to protect ourselves from the advances of cybercriminals.

Wilson recalled how one fraud examiner admitted to her that she still uses the same password she has used over the past decade, and she uses it everywhere. It is a habit that is all too common and can land you in trouble as fraudsters, who regularly buy stolen passwords on the dark web, know this all too well. That’s why password hygiene is so important, said Wilson, who recommends using a password management system.

And avoiding the internet altogether isn’t the solution, either. Wilson says that it is better to bank online, for example, rather than receive statements and send checks, which can be stolen and put to ill use by fraudsters. “We looked at all of the fraud that our customers experienced over the course of the pandemic, and we could reduce those numbers by a shocking 70% by simply getting rid of two particular pieces of paper: paper statements and personal checks,” said Wilson.

This year Wilson is also keeping a sharp eye on Russia. While it appears that the Russian cyberattacks many had expected in the wake of the Ukraine have failed to materialize, there may be more to this than meets the eye. “Perhaps some of the activity that we can’t quite put our finger on might actually be nation-state sponsored,” she posited. “The Russians have a long track record of covering up what are in fact government cyberattacks as criminal activity. And with the spread of cybercriminal activity this has been easier to do.”

Indeed, attacks that appear criminal may in fact be intended to hurt U.S. industries. As an example of this, Wilson notes that a year ago banks would have said that 30-40% of accounts opened on a particular day would be fraudulent. In the last four months, the volume of fraudulent account opening has hit 90-95%.

That means that operational costs to attend to fraudulent activity is becoming exorbitant. “If we are spending $10 to prevent $1 of fraud, who is winning? Certainly not us,” said Wilson. “If it has gotten to the point, as it did in February, where multiple large American banks shut down their online new-account-opening flow, that is effectively a denial-of-service attack. I don’t think it’s a coincidence that is happening at exactly the same time that you had millions of Ukrainian refugees seeking to open bank accounts in the United States.”

Food for thought.

Paul Kilby is former editor-in-chief of Fraud Magazine. Contact him at pkilby@ACFE.com.