On Tuesday, November 13th Dr. Donald Rebovich, the Executive Director of the Center for Identity Management and Information Protection (CIMIP) of Utica College, hosted an online webinar that focused on how corporations deal with fraud. Throughout the webinar, Dr. Rebovich often refers to a 2016 global study regarding to multiple aspect of fraud prevention.

The study found four key findings with the first being that organizations continue to lack in employing leading practices to build a strong culture of managing fraud prevention. The second key finding was that resources are a significant challenge in building a strong corporate culture with a clear fraud strategy. The third finding was that many North American based organizations lack a fraud risk management program to mitigate fraud. The final key finding referred to the significant lack in fraud prevention polices in third party companies that bigger organizations often use to outsource specific tasks.

Globally, the North American companies often fall behind companies in other parts of the world when it comes to proficient fraud prevention policies. For example, when it comes to creating risk prevention policies, only 54% North American companies collaborate with different branches in the company which is the lowest globally. It is estimated that 21% of North American companies only have the chief financial officer in charge when it comes to fraud prevention. North American companies follow a trend of being the lowest when it comes to a multitude different fraud prevention topic. North America also scores the lowest in their confidence with their fraud risk strategy at 53%. North America also only has 39% of their companies actively creating fraud risk mitigation plans. Only 40% of North American companies have a fraud detection program. North America has improved in their ability to distinguish between foreign and private business at 69%. However, it is still the lowest when compared to the global market. The poor performances from North American companies may be the results of companies failing to provide their employees with an adequate fraud prevention. Only two in five companies have ethics and fraud awareness training annually and sometimes even less often which leads to a lack protocol when dealing with how to handle fraud security. There are multiple different ways that North American companies can improve their fraud programs to become more competitive with the global market. Areas for improvements would be having more frequent risk assessments, having multiple different parts of the company present when creating a risk management program, and require smaller third-party companies to develop better security measurements before they are able to work with bigger companies. A good guideline for companies to follow would be the release guide from COSO. The COSO guide goes over topics such as fraud risk governance, fraud risk assessment, fraud control activities fraud investigation, fraud corrective action, fraud risk management, and fraud monitoring.

Author: Nathan Hull, CIMIP Research Analyst

 

On October 24, Utica College hosted the 7th annual Economic Crime and Cybersecurity Seminar. The Economic Crime and Cybersecurity Seminar is a collaborative effort by the Institute of Internal Auditors (IIA) and Utica College that consists of a conclave of Economic and Cybersecurity experts who put together various presentations to help educate and prevent cases of fraud and cybercrime. The seminar contained five separate presentations that all dealt with different themes regarding economic crime and cybersecurity.

The first presentation was conducted by Dr. Leslie Corbo, Asst. Professor of Cybersecurity, of Utica College which discussed the reliability of the upcoming workforce and phishing emails. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, disguised as a trustworthy entity, in an electronic communication. Phishing emails are the cause of 91% of all cyber-attacks according to Dr. Corbo. These breaches can be very destructive to small to medium sized businesses and usually forces 50% of businesses to shut down within 6 months since 25% of those businesses have no cyber protocol.

The second presentation was designed by Nicole Lent, Cybersecurity and Fraud Risk Analyst II, NBT Bank & Mike Longo, Systems Development Department Manager, NBT Bank. The presentation introduced the concept of Business Email Compromise (BEC). As described by the presenters, BEC is quite similar to the phishing email scams discussed in Dr. Corbo’s presentation. BEC is a collection of a variety of methods that can involve spear-phishing (i.e., phishing emails designed for a specific group or person), and manipulative social engineering methods designed to groom unsuspecting employees into becoming unwitting “tools” for fraudsters to provide access to sensitive information, much of it financial.

The third presentation was conducted by Eric Lurie, Program Coordinator at Cyber Intrusion Unit of the FBI. Mr. Lurie explained the threat of cyber-attacks and the people behind them. The biggest targets for cyber-attacks are federal/state government agencies and colleges/universities. These institutions can be “attacked” by anyone who knows how to construct cyber-attacks such as a distributed denial of service attack, also known as a DDoS attack. The threat level of these attacks differs depending on the attacker. The lowest threat level would be from an individual and the highest threat level would be perpetrated by foreign governments. The fact that there are no borders when it comes to the Internet introduces a new threat that the FBI must adapt too.

The fourth presentation was introduced by Dr. Donald J. Rebovich, Ph.D., Professor of Criminal Justice, Utica College, and Executive Director of CIMIP. Dr. Rebovich discussed the ongoing problem of identity theft against the elderly. Seniors are most likely to be taken advantage of, which results in an estimated loss of $36 billion dollars a year. Dr. Rebovich explained that, through CIMIP’s study of the financial crime database of the U.S, Postal Inspection Service, it was determined that in over 50% of these frauds committed against the elderly, fraudsters form groups to more easily manipulate their victims. In many of the cases analyzed, the crimes were achieved by promising the victims unusually high return rates for their initial financial investments into entities that were completely fictitious. These fraudsters were found to manipulate the elderly, whose cognitive skills are already declining, by feeding into the loneliness that many elderly experience. Fraudsters develop a “faux friendship” that can often blind the victim from fully accepting that the crime actually occurred. While men tend to dominate the victim group, it is women who tend to lose the most financially, according to the study results.

The final presentation was developed by Ryne Cornacchia, Manager of Risk Services, AmeriCU Credit Union. The presentation delved into the idea of synthetic ID theft, debit card, and car dealership fraud. Synthetic ID theft was described as the creation of a fictitious identity using either fabricated or valid elements, such as a Social Security number, name, address, and date of birth. Mr. Cornacchia described the multiple ways that debit card information can be stolen and used against the victim. Car dealership fraud was characterized as involving the manipulation of credit scores and the cover up of accidents that can negatively affect the consumers by overcharging them without the victims ever knowing.

The event was well-attended by members of the Central New York Chapter of IIA, Utica College students majoring in fraud/financial crime investigation, Cybersecurity, criminal justice and accounting and Utica College faculty and administration.

Author: Nathan Hull, CIMIP Research Analyst