Beware of these prevalent fraud schemes.
Cybersecurity breaches, such as recent hack attacks on Target, Neiman Marcus and J.P. Morgan, grab all the headlines. But most businesses are likely to fall victim to smaller-scale technology fraud – most often schemes perpetrated by their own employees. Here are several to look out for.
Technology can play a critical role in helping prevent and detect fraud, but it’s also used to perpetrate and disguise wrongdoings. The Web in particular has opened up new virtual avenues for fraudsters.
Consider phishing – one of the oldest types of Internet fraud and still immensely popular. Phishers might e-mail executive, accounting or HR staff, posing as a legitimate entity such as a bank or governmental agency, and encourage recipients to download malicious software (malware). Such malware allows the fraudsters to record keystrokes and uncover passwords. The phisher can then use this information to divert funds from company accounts or steal proprietary data.
Respondents to the most recent Association of Certified Fraud Examiners (ACFE) survey estimated that the typical organization loses 5% of its annual revenues to employee fraud. In this survey of fraud examiners, the ACFE revealed that the reported schemes committed by workers in the IT department caused a median loss of $50,000.
IT staffers might, for example, accept kickbacks from vendors or submit fraudulent invoices for equipment or software that wasn’t actually obtained. The risk of this type of fraud is especially high when the same person who approves purchase orders and receives shipments also approves invoices.
Internal control overrides
Employees can also wield technological knowledge to override internal controls intended to prevent fraud.
Organizations that fall prey to tech-related fraud share some common traits. These include poor or nonexistent technology controls (passwords, data validity checks) and lax oversight of technology spending (such as lacking a formal vendor bidding process). Also, many of the employees of such companies have low “technology IQs.”
Detection and prevention
- Certain behavioral patterns can help you spot and stop such occupational fraud schemes. Red flags should go up if IT staff:
- Have been experiencing financial difficulties,
- Appear to be living beyond their means,
- Are reluctant to share responsibilities with other staffers,
- Don’t take vacation or sick days, or
- Are evasive when asked for information.
To prevent illicit activities from occurring in the first place, conduct thorough background checks on all prospective IT employees. Also consider offering an anonymous tipline to staffers, customers and vendors. These reporting mechanisms have repeatedly proven to be one of the most effective tools for fighting fraud.
Technology fraud can be costly, so enlist the help of a specialist to ensure that what keeps your business running isn’t being used to harm it. A qualified fraud expert can conduct risk assessments and help design internal controls that even savvy fraudsters will find difficult to override.