Profile Of An Employee Thief.

employee theft

The vast majority of annual losses that result from criminal activity in business and government entities are not caused by shoplifters or burglars in the United States. It is employee-thieves disguised in many forms who commit their crimes, which are, unfortunately, often discovered long after their various schemes begin. (We recently worked a case involving a medical clinic with 120 employees, 27% of which possessed a significant criminal history.  The average for a company this size is 2- 3 %.  In next week’s Part II of this series on employee theft, we’ll go more in depth with the details of this particular entity’s setup, causal factors and how we resolved the issue.)

Their many schemes are identified as occupational fraud by the Association of Certified Fraud Examiners, or ACFE.

Based upon the Gross World Product, the ACFE estimates that global losses from fraud may be $3.5 trillion.  No entity is exempt and just about any employee can be engaged in some form of fraudulent activity and theft, be it office supplies, time, gasoline, telephone calls, cash, assets, food, liquor, artwork hanging on the walls, bed sheets, pillows and blankets, dishes, narcotics, credit cards, checks, information, and whatever else is available for the taking. They pad time sheets and expense reports, submit false medical claims, forge mortgage documents, submit phony bills to clients and customers, and just about anything else that you can imagine.

The businesses or entities most at risk

The businesses most at risk to internal fraud and theft, in the order of losses from highest to lowest, are banking and financial services, government, and public administration, and the manufacturing sectors. Small employers (fewer than 100 workers) are more commonly victimized than larger companies because they usually cannot afford strong anti-fraud measures. They’re also often not in a financial position to absorb losses and  keep their business going as a viable entity.

Shocking statistics about losses

Businesses, globally, experience losses of about 5% a year from schemes committed by employees. The average  loss was about $400,000, and in one-fifth of businesses that were surveyed in the ACFE study, the loss was at least $1,000,000. In the least costly forms of fraud, the cost to business was about $120,000.

In about 87% of the cases the assets was the leading cause of losses. While financial statement fraud accounted for only about eight percent of all cases, it had the highest median loss of about $1,000,000 per occurrence. Finally, corruption and various phony billing schemes made up about one third of all cases but more than fifty percent of the dollar losses, for an average of $250,000.

Many cases will never be discovered in time and therefore, the actual amount of the losses may never be known . In cases that are referred to law enforcement, 55% of the offenders plead guilty, 19% of prosecutions are declined, and 16% are convicted at trial.

Profile of an employee-thief

ACFE reports analyzed a number of factors to identify the thieving employee: gender, personal credit history, education, criminal history, employment history, job duties and responsibilities, lifestyles and other influences in the employee’s life and concluded that long-term employees are the most suspect because of their knowledge of the inner workings of the entity and understanding of the controls that they must circumvent.

As a general rule, occupational fraud is carried on by men and women who fit into the following profile:

  • College educated employees are most likely to steal, those with high school degrees are second, and those with either graduate degrees or some college are least likely to commit criminal thefts;
  • Most who engage in fraud are first time offenders within the criminal justice system. The vast majority (87%) have never been charged or convicted of a fraud related offense, and almost the same percentage (84%) have never been punished or terminated by an employer for fraudulent conduct. Only five percent had prior offenses or had been charged but not convicted;
  • Two-thirds of the crimes are committed by men 31 to 60 years old. The highest concentration is between the ages of 36 and 45;
  • More than 75% of frauds occur in six departments: accounting, operations, sales, executive upper management, customer service, and purchasing;
  • The more authority an employee has, the larger the losses will be, with a median value by owner/executives of $573,000;
  • Losses caused by managers averaged $180,000 and by employees, $60,000;
  • The longevity of employment is related to the amount of losses. This is because the longer a person is employed the more he or she is trusted and is subjected to less scrutiny; and they have a better understanding of the system. Consider Bernard Madoff and the number of years he was able to defraud investors;
  • Employees who commit fraud during their first year (fewer than 6%) will cause an average of $25,000 in losses. Almost half the losses (42%) are caused by employees who have worked from one to five years. Those that worked for the company more than ten years caused a median loss of $229,000.

Now that you understand the make-up of a company thief, next week we instruct on loss prevention.

BNI Operatives: Situationally aware.

As always, stay safe.

 

Is Your WebCam a Peeping Tom? How Your PC’s Camera Can Be Hacked To Spy On You.

webcam spy

Virtually every computer sold today comes with a dirty little secret.

It can spy on you.

What’s more, if hackers can infect your computer with malware they can hijack your webcam and secretly watch you too – regardless of whether they’re based down the street or on the other side of the world.

In some cases, if they’re really sneaky, hackers can even spy on you without the LED on your webcam lighting up.

If you have a webcam – and almost undoubtedly you do if you have a cell phone, pc, laptop, tablet or home (or commercial) camera security system with an Internet connection – then you are at risk of being hacked via your camera’s IP address.

All a hacker needs to do is figure out where your camera is located, and then a stalker can watch your every move.

Luckily, however, there are ways to protect yourself from unsavory or unwanted people spying on you in your own home or business.  We will teach you how to easily protect yourself from being covertly observed without your consent.  But first, let’s explore how a webcam hack can occur. (The more you know, the less vulnerable you are.) For the purpose of this instructional, we will refer to a pc but this information also applies to all of your other electronic devices with cameras.

How Can A Stalker Hack Your Webcam:

To get on your computer, hackers use a remote access tool, or a RAT. If you’ve ever had a tech support rep access on your computer remotely to change settings or try to fix a problem, they used a RAT.

Fortunately, RATs require your permission to let someone on to your computer remotely; the person can’t just take control. That means a hacker has to trick you into letting them on to your computer, and there are several preventable ways they do that.

How Do Hackers Trick You Into Accessing Your PC:

To get a RAT on your computer, hackers have a number of tricks: fake email attachments or malicious links , Trojan viruses, phony tech-support calls, and so forth. Once you’ve been tricked into running a file, clicking a link or otherwise  inviting them on to your system, they will take control and spy on you at will.

Think you are too tech savvy to fall for scam email? Click anywhere on the below indented paragraph to take this quick quiz from our friend, tech goddess Kim Komando, to see if you, like 80% of those surveyed, will fail to distinguish between real email and phishing scams.

Back in December, CBS News joined forces with Intel Security to create a quiz where readers can test their knowledge on phishing emails. The quiz consisted of 10 different emails in which readers simply need to decide: legitimate email or phishing email?

Surprisingly, out of nearly 20,000 people quizzed, 80% fell for at least one of the phishing attempts. Only 3% got a perfect score.

What about you? Take the quiz and see how you do. 

How Can You Spot a RAT?

(Our first line of advice is to avoid unsolicited email attachments and links, run up-to-date security software and thoroughly vet anyone who contacts you claiming to be tech support for a major, known company. Also, you may not know that Windows has a RAT built in. Almost all Windows OS versions contain a RAT for ease of access for real tech support.)

Firewall and Antivirus Software

Firewall software blocks incoming and outgoing port connections, so they are your number one defense against RATs. Firewalls combined with antivirus software catches most threats.

View Processes Running

Right-click your Windows toolbar and select “Task Manager.” Click the “Processes” tab in Task Manager. This window gives you a list of programs running on your machine. Review them for any strange names or names that you don’t recognize as typical programs. If you don’t recognize the name, type it into Google. Several sites tell you if a process is malicious, so you know if you have a RAT on your system.

Odd Startup Programs

In some cases, the hacker might want another program to start when you boot your computer. If you notice any strange programs that start up when you boot your computer, you might have a RAT. These secondary programs are usually malicious software also, so you’ll need to remove them when you remove the RAT.

View the List of Installed Programs

Open Windows Control Panel and view the list of programs installed on your computer. If you notice any odd programs, then it could be malicious. In fact, the popular software TeamViewer used to collaborate remotely with people is often used as a RAT. If you didn’t install it on your computer, you should remove it. This application gives remote access to authorized and unauthorized people.

Slow Internet Connection

If you normally have fast speeds but lately your Internet connection is extremely slow, you should first check the router and wireless connection. However, if the hacker is downloading information from your computer, he uses the bandwidth and creates noticeable lag on the network. If you suspect that someone is remotely accessing your computer, the fastest way to stop it is to disconnect from the Internet.

A security recommendation, protect any and all access to your electronic devices with a really strong password.  This first line of defense has a very high success rate in keeping out most hackers.

BNI Operatives: Situationally aware.

As always, stay safe.

 

 

 

SPECIAL EDITION: Charity Scams – Spotting Them & Guardian Go-To Info Sites

earthquake
(Given the breaking news, this is a compilation piece, thanks to news coverage and background information from CNN, FOX, AARP and Scambusters. )

After tragedy strikes – as it did this Sunday, August 24, 2014 in California — expect two immediate reactions: Well-intentioned people will want to give donations. And scammers will want to take them.

Within hours of any disaster, charity scams go into full swing. Even before  Superstorm Sandy made landfall, 1,000 new websites with “Sandy,” “relief” or related keyword search terms in them had been registered, many of them by scammers.

Some of the bogus websites seek your credit card number to collect supposed donations, possibly also using that information later for identity theft. Others infect your computer with malware that can ferret out sensitive information, such as your account numbers or passwords.

Fraudsters also do their work by blasting out thousands of spam emails, text messages and phone calls. They get their word out on Facebook and Twitter and even go door-to-door.

“Tragedies inspire people to give,” says H. Art Taylor of the Better Business Bureau’s Wise Giving Alliance. “After every natural disaster and manmade catastrophe, we see an outpouring of generosity … along with the inevitable scams and frauds. We urge donors to take the time to make sure their donations are going to legitimate charities.”   Here’s how:

1. Check it out

Before donating to a charity, take time to authenticate it. In addition to the Wise Giving Alliance, charity names and reputations can be vetted at Charity Navigator, Charity Watch, Scambusters and GuideStar. You can also contact the agency in your state that regulates charities. Be suspicious of charities not listed or with questionable track records.

2. Don’t let them in

Unless you previously donated to an organization and have already provided your contact information, it’s wise to assume that an unsolicited donation request by email or phone is a scam. Don’t click on links in emails, Facebook or Twitter; they can unleash computer malware.

3. Examine the Web address

When using an Internet search engine to find charities, treat the results pages with caution. Carefully read organizations’ Internet addresses before clicking on them. Scammers often create rogue websites with sly misspellings, tweaks or sound-alike names. Also know that legitimate nonprofit organizations typically end in .org, not .com.

We know your hearts are big.   Certainly, donate if you can and want to but be careful and be smart.

BNI Operatives: Street smart; info savvy.

As always, stay safe.