Phishing, whaling and the tried-and-true methods of stealing money from companies via internal pilfering all made headlines this week. The FBI gave us a high-level view of how pervasive the threats are, while local stories showed the impact fraud can have on smaller players, where bit by bit, thousand by thousands … what’s missing from the till can become an existential threat.
Fraud is no mere attack on individuals, as it moves well beyond the purview of credit cards and bank accounts to enterprises themselves. Companies are targets for cybercriminals and the bad actors of the more homegrown variety – read: employees themselves – due to the (relatively) much deeper corporate pockets that may be ripe for the pilfering.
To get some scope of the issue, consider numbers put forth this month through the FBI’s Internet Crime Complaint Center. Data compiled by that center show that, all told, more than 301,500 consumers reported cyberfraud and malware attacks, and the overall cost reached $1.4 billion in 2017.
Fraud stretched across any number of avenues, from phishing to ransomware, and included tech support fraud and what the center termed “straightforward extortion.”
Among the most strident stats: The center said that whaling, which is when businesses are compromised via email, was among the top complaints across more than 15,600 individuals, causing losses of more than $675 million. In those instances, the bad guys pretend they are company executives and request account information changes, then funnel funds to their own accounts. Or, alternatively, they request data that can be tied to other individuals (such as W-2s).
And in a nod to just how such exploits may go unnoticed, a study of more than 500 chief financial officers and other financial executives, as polled by the Economist Intelligence Unit in a study commissioned by Coupa Software, found that more than 60 percent of respondents say there’s a lack of real visibility into the transactions that take place within their own firms.
Where visibility is lacking, might the stage be set for fraud from within the organization? Unrelated to that study, but still telling, are several examples of fraud that may not make national headlines here in the U.S., but show brazen activity across a few different schemes.
In India, financialexpress.com reported earlier this week, as many as 30 employees of Hero MotoCorp were fired in the wake of discovery that executives were “fudging” travel expenses, and accepting payments and gifts from vendors. The actions were in direct violation of the bike and motor scooter company’s internal code of conduct. Those employees, the publication said, were mostly involved in supply chain and vendor facing activities.
In a few individual cases, the damage that can be wrought by an individual becomes apparent. In the U.K., as noted by thisislancashire.com, a worker stole more than 600,000 pounds from MGS Plastics. The alleged theft via the accused, Kathryn Jones, who pleaded guilty, has put the firm in “dire financial straits.”
A bit closer to home, in Ocean City, Maryland, a number of resorts are looking for what is being billed as a new scam that is called “buddy punching,” which involves “punching in employees” for work shifts that are not in fact reflective of actual hours worked. In essence, the companies are paying wages for work that goes unperformed. The scheme, as reported by the Maryland Coast Dispatch, can cost affected firms thousands of dollars.
And in Palm Beach, a bank teller was arrested in the wake of the theft of thousands of dollars from a vault at Valley National Bank. The accused, Edwin Cardona, was charged with a quartet of felonies that include grand theft and embezzlement of a financial institution.