December 20, 2016
Fraud is defined as “any intentional or deliberate act to deprive another of property or money by guile, deception, or other unfair means" by the Association of Certified Fraud Examiners.
While people tend to think of individuals getting defrauded, fraud against a company is also common. Insider fraudsters commit fraud in the workplace and on the job while criminals, customers and third-parties commit fraud from the outside.
According to a 2016 study by the Association of Certified Fraud Examiners, the typical organisation loses 5% of its revenues to fraud each year.
Criminals collect confidential information in different ways. Online, they use websites, social media pages, etc. Bin raiders physically steal information. Insider fraudsters physically steal information in the workplace, they use visual hacking strategies, and access files in computers.
Criminals study stolen data to determine if there is enough to target one victim or victim organisation. The criteria includes by the volume of information, how easy a target might be, and potential financial return.
If there’s not enough information, the criminal uses other collection strategies. For example, social engineering involves tricking people into breaking security procedures – and mistakenly providing information or downloading malicious software. In a phishing scam, criminals pretend they are legitimate organisations and mail or phone to obtain more information.
Criminals will identify points of weakness in an organisation or computer system. The ACFE 2016 Global Fraud Study found that a lack of internal controls contributed to data fraud most (it was cited in 29.3% of cases). The next weak spot was being able to override existing internal controls.
The fraudster will finally be ready to attack (it can take weeks or years even). The most common types of fraud are identity theft (opening accounts fraudulently, taking over existing accounts, etc.) Dishonest vendors might bill the company for goods or services not provided. Dishonest customers might submit bad checks or falsified account information for payment.
The following safeguards support data fraud prevention in the workplace.