Businesses can be the target of fraud in numerous ways and from numerous sources. Anyone who does business with an organization is an obvious risk—suppliers, clients, employees, executives—the high profile fraud cases of recent years have mainly been internal. But increasingly, fraudsters have no connection to the organizations they target. They may be after credit card numbers, personal information, cash or goods, and they’re using methods beyond the understanding of the average businessperson. Organizations that do a significant amount of business online must be particularly careful.
Are you prepared to handle these types of fraud?
- Identity theft
- Phishing
- Pharming
- Page-jacking
- Advance fee scams
- SEO fraud
- Click fraud
- Mobile fraud
- Online intellectual property theft
You know that controls are key to limiting risk and preventing fraud, but how can you control for something you don’t know exists, don’t understand, or think doesn’t apply to you? Let’s look at some of these types of fraud.
Identity theft involves using an individual’s confidential information without the person’s knowledge, often to obtain new credit cards and bank loans, and to make major purchases. Crooks target businesses in order to obtain the information, often by accessing unsecured databases.
Phishing involves using false email addresses and websites to obtain confidential data. Phishers pretend to be from a legitimate business—often a bank—and request personal information such as account passwords and social insurance numbers.
Pharming involves redirecting users from a legitimate website to a fraudulent one in order to obtain personal information, as with phishing.
There are two types of page-jacking. The first involves mimicking a website to make a counterfeit site appear in search listings above or instead of the legitimate one. This tactic is usually used to sell counterfeit goods. The second involves gaining control of a business’ or individual’s profile or page on a social media platform such as Facebook. The party in control of the profile can access valuable information, send messages to followers and make misleading statements, causing significant public relations damage.
SEO fraud involves a person claiming to be an expert in search engine optimization making misrepresentations about the popularity of your websites and offering services to improve your search engine ranking. The person does not follow through on the claims.
Intellectual property theft is essentially the same online as it is otherwise. A person copies material to which a business owns the rights, such as music, artwork, photos, clothing designs and software. The fraudster then gives away the material, sells it as their own or incorporates it into their own product.
Mobile fraud involves exploiting vulnerabilities in mobile platforms and apps to access sensitive information stored on users’ phones and other mobile devices. This might include passwords, banking and credit card information, contacts, documents and more.
One thing that ties these types of fraud together is poor understanding of the context in which the fraud takes place. Fraudsters can easily take advantage of victims when they don’t have a clear idea of their operating environment and security requirements.
Knowledge, awareness and vigilance are essential when it comes to preventing fraud, and even more so with these newer scams, as they require a certain amount of technical understanding as well as a strong sense of control. But a little knowledge can go a long way, not only toward preventing fraud, but also generally improving the functioning of the business.
The upcoming Finance and Accounting PolicyPro Release 2013-01 – February 2013 includes a new policy for Chapter 4 – Internal Control of Volume II, 6.05 – Fraud.
Adam Gorley
First Reference Editor