Hacking Exposed

by Aaron Philipp

  Estimating Damages

  Damages in relation to employee misconduct matters simply may be the loss of productivity and efficiency in the workplace resulting from the disruptions caused by the improper behavior. In many matters, the question of “damages” may not ever be raised, because the ability to quantify an amount resulting from the misconduct may be purely an academic exercise. However, in instances of wage or other types of employment discrimination, the damages sought by employees who have been the target of such discrimination may be significant. In addition, breaches of non-compete and non-solicitation agreements may also damage the company from lost customers or other business.

  To the extent applicable, an assessment of potential damages may be relevant to the investigation, especially when decisions are being made by corporate management, outside counsel, and others in determining whether to pursue legal action, including how aggressively, against the alleged misconduct. Their ability to make an assessment of potential damages will often depend on the evidence in support of the misconduct, including how widespread or pervasive the conduct was, how specific the actions were, how long the conduct had been ongoing, and the potential risk to the company resulting from the disruptions, lost competitive advantage, or lawsuits.

  Working with Higher-Ups

  Depending on the severity of the conduct in question, as well as the perceived risk to the company, senior management and the firm’s in-house and outside counsel may become involved in the investigation of any alleged employee misconduct. As with other types of investigations, you must recognize and be sensitive to the different priorities and perspectives each group may place on various aspects of the investigative process.

  As an IT specialist, your primary focus will likely be on the computer forensics aspects of the investigation and the subject matter of this book. However, various other parties will have different priorities. An individual or department manager will no doubt question how pervasive the misconduct may have been and whether other employees were involved or affected. (Who else was involved or knew of the misconduct? How long has this been going on? How do we establish better communication to avoid this in the future?) In addition, concerns will likely be raised regarding the extent the misconduct, and whether it has, or potentially will in the future, affect the productivity of the department. A department manager may also be concerned with how to address the allegations efficiently while minimizing disruption to the department. An IT specialist may have a key role in assisting in management to address these questions. (Does e-mail or other electronic information support who else may have been involved and for how long? Can this be investigated discretely and limit further disruption?)

  Upper management initially may be more concerned with understanding how to mitigate the effects of the misconduct, including how to minimize the perceived risks. (Is the company at risk for a lawsuit? Should the company consider filing a lawsuit? Does the identified misconduct warrant the involvement of law enforcement?) Upper management may also be concerned with how such behavior went unreported and whether the company adequately posted corporate policies, procedures, and federal and state law requirements regarding employment matters.

  While the IT professional may be focused primarily on the systematic approach of collecting, documenting, and evaluating potential evidence, it is important to be sensitive to the various priorities of parties involved in the matter and be prepared to allocate the necessary time and resources to evaluating various elements and/or ramifications of the theft at the same time.

  Working with Outside Counsel

  Given the seriousness of the ramifications from certain types of employee misconduct, including the company’s exposure to lawsuits, outside counsel may be brought in to assist in evaluating avenues for potential recourse that is available to the company. Often, outside counsel will be asked to take over, or initiate, the internal investigation to ensure that adequate evidence gathering and documentation procedures are used so as not to impair the company’s potential causes of action against current or former employees, as well as to ensure that the company’s interests are being adequately protected. As with upper management, the outside counsel’s primary concerns initially may be different from those of the IT specialist charged internally with evaluating various aspects of the identified misconduct. Outside counsel likely will be more interested in protecting the company, evaluating the risk or the potential for lawsuits, and determining the proper legal action, if any, against the implicated employee.

  CHAPTER 18

  EMPLOYEE FRAUD

  Fraud, corruption, embezzlement, white collar crime—we see these words more frequently in the newspaper and hear them more often discussed in the media each year. Since the late 1990s and the accounting scandals at Enron, WorldCom, HealthSouth, and many other companies, hardly a day passes in which an accounting scandal, option backdating allegation, investment Ponzi scheme, or other individual or corporate fraud is not in the local or national headlines. “White collar crime” has become an everyday term used for various types of financial fraud committed by respected employees, managers, and senior executives in the workplace.

  Whether mention of an investigation by the Securities and Exchange Commission (SEC), the US Department of Justice (DOJ), a state attorney general, local law enforcement, or in a civil lawsuit brought by injured parties, various forms of fraud have been on the forefront of business news. In reality, fraud has existed in the workplace since the first business transaction or exchange that took place between two individuals. However, with the digital age and the broad access to electronic information inside and outside the workplace, various forms of fraud have taken on a new life as creative individuals have found more unique ways to deceive their companies, coworkers, customers, and others for personal gain—including some frauds of a staggering magnitude. But the digital age has also seen the development of new arsenal of technical tools and resources to combat and investigate potential fraud, including ways to identify, collect, and analyze evidence that previously did not exist.

  The increase in fraud as well as their size and impact over the past several decades also has resulted in the emergence of respected organizations whose sole purpose is to facilitate the education and investigative capabilities of individuals to identify, investigate, and report on fraud, including organizations such as the Association of Certified Fraud Examiners and the National White Collar Crime Institute.

  While individuals and corporations can commit fraud in a variety of ways, the next several chapters will focus on various broad areas of fraud that have been on the rise and that have become a serious concern for corporations, regulatory agencies, and the general public. This chapter will address of employee fraud or fraud committed by employees in the workplace. Chapter 19 focuses on corporate fraud, defined as fraud committed by corporations against their customers, shareholders, or others, where the corporation is the beneficiary or the instrument of fraud rather than the target. Chapter 20 discusses organized cyber crime. Chapter 21 covers consumer fraud.

  WHAT IS EMPLOYEE FRAUD?

  In the broadest sense, employee fraud is any fraud committed by an employee in the workplace that results in damage to his or her employer or company. The term “fraud” is used to describe a vast collective of improper and illegal activities conducted by individuals and companies. The term is often used with a modifier to define the type of fraud (such as vendor fraud, check fraud, billing fraud, and so on). In its simplest form, all fraud is essentially based in deception. Various legal definitions are used to describe fraud as containing certain elements, including 1) a misrepresentation, 2) of a material fact, 3) that is relied upon by some party, and 4) that results in harm or damage to that party. In other words, fraud essentially involves a lie (deception) regarding something important (material fact) that is believed by someone who ends up being harmed.

  Employee fraud typically involves a situation in which an employee is intentionally and improperly enriching
himself at the expense of his employer. Employee fraud includes the misuse or misappropriation of company assets, from the theft cash to complex billing schemes; embezzlement by senior management and executives; and various forms of corruption including conflicts of interest and the payment and/or receipt of illegal bribes or kickbacks.

  RAMIFICATIONS

  The ramifications of fraud can be costly and far-reaching to those involved. Almost all frauds involve some type of monetary damage to a company or an individual. Whether a simple theft of cash from the company or a multimillion-dollar false billing scheme, fraud committed by employees almost always involves money. However, the effects to the organization can go beyond just monetary damages and can include significant criminal investigations, civil lawsuits, and negative repercussions.

  Monetary Loss

  People dream up all sorts of ways to steal money from their employers, as well as ways to get money on the side (such as bribes and kickbacks), usually at the expense of their employers. The most common form of employee fraud occurs when someone simply pockets cash that may be sitting in a petty cash fund or that was collected from individuals at some event, such as a fundraiser, where cash transactions may be common. Other types of employee fraud involve more complex schemes to create fictitious companies or employees that do fictitious work but get paid in real dollars. Fraud can also involve the theft of materials or other assets. However, ultimately it all involves money that belongs to the company but that is being misappropriated (stolen) by the employee(s) in question.

  Investigations by Authorities

  Since fraud is generally illegal, the identification of a potential fraud may also necessitate the involvement of local law enforcement. Depending on the nature of the fraud, the individuals and/or companies involved, as well as the extent (size) of the fraud, various regulatory and investigative authorities may become involved. The most common types of employee fraud may involve the local district attorney or other local law enforcement. However, larger matters may rise to the level of the state attorney general or even the FBI and DOJ if so warranted.

  Investigations of this type are usually focused on identifying the extent of the potential wrongdoing and in prosecuting the individuals responsible for that wrongdoing. Often the focus includes identifying the use and/or whereabouts of the misappropriated or embezzled funds and the potential for recovery through asset seizures or other forms of criminal penalties and restitution.

  Criminal Penalties and Civil Lawsuits

  At times, law enforcement may be successful in identifying and recovering certain amounts of the misappropriated or embezzled funds in question. Certain types of illegal activity also carry defined criminal penalties. In addition, prosecutors in criminal matters also have the authority to seek and request restitution for the victim. However, often a large part of the misappropriated funds have been expended or otherwise no longer exist. In other matters, the whereabouts of the funds may be effectively concealed through money-laundering or other efforts to hide assets. In such situations, as well as situations where criminal liability may be difficult to prove, it is not uncommon for companies to pursue remedies through civil lawsuits against the parties in question. These lawsuits will often involve some element of asset tracing to determine the ultimate disposition of the stolen funds or assets.

  In summary, almost all types of employee fraud have some cost and therefore potential monetary loss to the corporation. While many types of employee fraud are small and involve individual acts of theft of cash or check fraud, others may be widespread involving collusion among various employees, outside vendors, and other parties that can reap millions in potential damages to a corporation if the theft goes undetected. Complex frauds can also be costly to corporations to support both internal and external investigative efforts, as well as potential efforts to recover misappropriated funds or other damages from the perpetrators through criminal and civil remedies.

  TYPES OF EMPLOYEE FRAUD

  The most common, or well-known, forms of employee fraud involve asset misappropriation, including embezzlement and various forms of corruption. However, many years ago, frauds committed by employees were more cash-based or involved fraudulent check writing and/or cashing. As depicted in the movie Catch Me if You Can, some of the more famous frauds of years past involved elaborate check fraud schemes. While cash and check fraud type schemes are still prevalent, employee fraud in today’s business environment has become much more sophisticated along with the technological advancements of the digital age.

  It would take much more than the pages in this chapter, or even this book, to adequately describe the many different ways individuals have devised over the years to commit fraud in the workplace. The creativity employed by individuals with regard to identifying ways to extract wealth is surprising. However, ultimately employee fraud comes down to various types of asset misappropriation, including embezzlement and larceny, and different forms of corruption.

  Asset Misappropriation

  Asset misappropriation is the broadest and most common form of employee fraud and includes the misappropriation of cash and other assets. Assets can be misappropriated from almost all aspects of a business. However, larger occurrences of fraud tend to occur predominantly in areas where individuals have access or control over cash or company processes and controls over payroll, expense reimbursement, accounts payable (paying vendors, suppliers, and others), and accounts receivable (the receipt or collection of payments/revenues from a company’s customers).

  Asset misappropriation can take the form of simple cash skimming type schemes by individual employees to complex frauds involving multiple employees, outside vendors, and other third-party accomplices. Common types include check fraud, including false, tampered with, or forged checks; fraudulent expense accounts; and manipulation of payroll practices, including the creation of ghost employees. More sophisticated frauds involve the establishment of fictitious companies to do fictitious work in return for payment. Each of these types of frauds involves falsified or fake documents and efforts by the parties involved to conceal the truth behind their actions, yet inevitably leave evidence behind for the trained fraud examiner, forensic accountant, and computer forensics specialist to find.

  Embezzlement vs. Larceny

  Embezzlement and larceny are both types of asset misappropriation, with the distinction being primarily one of whether the appropriated material was originally entrusted to the individual or not. Embezzlement is generally defined as the taking of something for one’s own use where a violation of trust is involved. In other words, the accused was originally entrusted with the cash, funds, or other property that she subsequently converted or took for her own use. Larceny, on the other hand, could involve the same theft (of cash, funds, or other property), but by an individual who was not entrusted with the safekeeping of those assets. As such, while the misappropriation of assets is described throughout this chapter, remember that it involves various types of unlawful practices that encompass such things as embezzlement.

  What to Understand

  Often a company’s first indication that it may be the victim of fraud will be through an anonymous tip or a whistleblower—someone who either has knowledge of the potential wrongdoing or who has become suspicious of the activities and/or personal lifestyle of a coworker. At times, a company, or an individual employee, may have circumstantial evidence about ongoing frauds including declining sales and profitability, unexplained expenses, and so on, but may fail to realize the connection between poorer financial performance and the reality that the corporation may be losing money from ongoing fraudulent activity.

  When addressing whether computer forensics can be useful in evaluating the indicia or evidence of fraud, you must understand the basics about a typical fraud examination. One of the first areas to be evaluated by a fraud examiner or investigator will be the indicia of fraud (the questions and/or evidence that gave rise to the initial inquiry about an employee). This indicia may incl
ude financial and/or operational concerns, as well as matters that may be personal to the individual in question. Financial issues may involve questions around unusual payment practices, transactions, trends in expenditures, or unexplained financial results. Operational issues may relate to an individual’s control over a certain business area (such as payroll), questionable internal controls, or other practices that may raise questions about an individual’s actions (i.e., the opportunity to commit the fraud). In addition, people often first notice changes in the standard of living of a coworker, especially an employee who is believed to be on the same pay scale. New cars, expensive trips, and lavish personal expenditures (such as jewelry, electronics, and so on) often peak the natural curiosity, and even jealousy, in people who are quick to ask “How can they afford that?”

  Next, a fraud examiner or investigator will analyze the various methods by which the suspected fraud could be committed, including identifying evidence that will be needed to evaluate the allegations. From a financial perspective, questions may center around the financial transactions believed to be at issue (such as payroll records, expense reports, fictitious invoices, and so on) and identifying the various parties that would necessarily have to be involved under different scenarios and the veracity or credibility of documents produced in support of those transactions. Questions will also be asked regarding the availability or opportunity to commit the fraud, and whether the employee(s) in question had control over a certain aspect of the business or areas of operations to accomplish the fraud without assistance. Internal controls, or the lack thereof, will also be questioned during this phase to evaluate what, if any, controls would needed to have been circumvented or avoided to accomplish the suspected fraud.