Investment Fraud
While identity theft is the most prevalent form of consumer fraud, investment fraud accounts for the most significant amount of dollar losses to consumers. Individuals invest in all types of offerings including traditional investments in stocks, bonds, CDs, and other investment products, as well as nontraditional investments in such things as rare stamps, coins, precious metals, and art. Investments in publicly traded stocks and bonds, as well as private offerings of certain other types of investments, fall under regulation by various entities including the SEC, the Commodities Futures Trading Commission, state securities regulators, and various aspects of the stock exchanges in which the respective security or commodity may be traded. However, investments in other more nontraditional types of investments may not be regulated to any significant degree. Regardless of the many safeguards and regulations in place, investment fraud appears to cover the entire spectrum of investment types and vehicles.
Along with the victims of telemarketing fraud and other Internet and e-mail scams, investors often fall victim to investment opportunities that seem too good to pass up. A recurring theme in many of the investment scams exposed today, especially those that have been ongoing for some time, is that each promised and reported above-market returns over a long period of time.
Most investment frauds involve some legitimate business front or purpose and the purchase of an existing security or putting funds into an existing investment fund. The fraud comes in how the money is actually used versus what is believed by the investor. Common investment frauds involve either pyramid or Ponzi schemes, or so-called “pump-and-dump” schemes. In pyramid schemes, the investment in a security or through an investment firm promises a high-rate of return, where such returns do not exist or are more highly improbable than promised. The scheme is sustained either through the reporting of fictitious returns to investors or through the use of money from new investors to pay off existing investors. The scheme was made famous by Charles Ponzi in the 1920s; he became a millionaire overnight by offering a high rate of return for an investment that was essentially a sham. Pump-and-dump schemes involve the manipulation of the stock price of a security through false information that entices investors to buy the stock, driving up the price, only to have it falter after the truth is revealed. By that time, the perpetrators of the fraud have long cashed out their stock at the higher price and typically a hefty profit.
What to Understand
As investment fraud can take many forms, it is important that you understand the nature of the alleged scheme, or at least the nature of the hypothesized scheme. Investigating investment fraud in many respects is about following the actual trail of money and comparing it to the represented trail reported to investors. Often the fraud involved deception between what investors are being told about the use of their funds and how that money is actually being used. The main forms of investment fraud involve the misuse of invested funds.
You should understand the details around the proposed security or investment vehicle. What was promised? What type of investment or investment vehicle is involved (stocks, bonds, commodities, or other nontraditional investments)? What was the described structure of the investment (direct purchase and ownership, purchase through another investment entity, purchase through a fund)? What were terms and conditions of the initial investment and its return or redemption of proceeds from the investment? What documentation was provided to support the initial investment, as well as periodic reporting (monthly, quarterly, annually) on the investment’s performance? What documentation should exist with the responsible regulatory authority to support the investment made, as well as legality of the investment security or vehicle? Answers to these types of questions typically provide initial guidance on what to look for, which is discussed next.
What to Look For
Where you start looking depends on the answers to the preceding questions. However, we’ve found that investment frauds typically require that we look for information in several general areas. As with any fraud, identifying the deception in investment fraud is the key to exposing the fraud and gathering evidence against those suspected of the wrongdoing. As described, the typical deception in investment fraud is the misrepresentation of how an investor’s investment is being used, as well as the promised return on that investment. To that effect, investment frauds typically involve the use of fraudulent monthly, quarterly, and annual performance reports sent to investors. In addition, investment frauds may also involve the fraudulent reporting of fictitious stock or other security trades to investors, as well as false or fictitious regulatory filings.
In addition, because of the complexity of investment frauds, the number of potential investors involved, as well as the amount of money that may be involved, successfully sustaining an investment fraud may likely entail a significant amount of effort and ability to track effectively what is being fraudulently reported from one period to the next. In other words, those perpetrating investment frauds have to keep track of the fraud, especially where the investment fraud may be embedded into an otherwise legitimate and ongoing business. For a fraud to be successful, there often needs to be a clear distinction to the perpetrators between what’s real and what’s not.
The third general area involves following the money. When investor funds are suspected of not being used or determined not to be used as represented, the question quickly turns to Where is the money? Sometimes that answer may not be concealed as the success of an investment fraud typically revolves around the ability to keep the deception going, not how the money is actually being used. However, in other circumstances the money may be off-book or taken off-book from an otherwise legitimate business, in which case identifying the location of financial records, bank accounts, wire transfers, and the like may require significant investigative skills and undertakings.
With respect to the general areas described so far, we have used computer forensics in the investigation of investment frauds in the following ways.
Finding the Second Set of Books
As discussed earlier, it’s not uncommon for the individuals perpetrating the fraud to run a second set of books that keep track of everything they are doing. One of the vital roles that computer forensics plays in this type of investigation is assisting with the identification and location of the alternate ledgers, be they Excel spreadsheets, QuickBooks files, Act! Databases, or other forms. The fundamentals of computer forensics still apply.
Where to Look for These Records
We discussed in Chapter 18 where to look for alternate ledgers and second sets of books. This type of fraud is a bit different because it is institutional, and the perpetrators may not feel the need to hide the books in the same way as a single employee who is embezzling money. Let’s review that list with some pointers specific to this type of fraud.
Changing a Filename This is the most simple example. Instead of calling the ledger mysecondsetofbooks.xls, the individual renames the file pinkbunnies.jpg, with the hopes that whoever may be looking for the financials will pass right by this file, thinking it’s a picture of bunnies. You can use a file signature analysis to combat this tactic. One quick and easy way to do this is with the file command on your UNIX flavor of choice (or cygwin). However, the granularity of what types of files it can detect and differentiate leaves a bit to be desired. If you have access to a commercial forensics tool such as EnCase, you can use the file signature facilities in the software to perform this analysis quickly and easily.
Encrypting a File Many ledgers are hidden using encryption. The individual knows the file is bad, and if the information inside the file gets out she will be in a lot of trouble, so she take steps to encrypt it. What method she actually uses varies based on the file type and the complexity of the user. Most people will just use the password protection features of the software used to create the file (for instance, applying a password to an Excel spreadsheet) and let that be it. Others may use more advanced forensic techniques. Util
izing a tool such as Access Data’s PRTK can be crucial in not only cracking the password but also the identification of what type of scheme was used to encrypt it.
External Media The use of some type of secured thumb drive, while less common in this case than in employee embezzlement, can still provide relevant results. We have described in detail in other chapters how to identify that thumb drives were used and how to locate what files may have been stored on them. Performing this same analysis—but this time with a focus on looking for accounting-related files in the link files, temp files, and registry keys—can be an extremely fruitful path of investigation. It can also help you determine who was involved, as it is common for these thumb drives to be passed around between the conspirators.
File Type Searches Because the fraud in these matters is generally institutional, the answer may be right in front of your face. They may not hide the second set of books because they think there’s no reason to do so. It is their computers and their networks, and they know what goes in and comes out. As such, you shouldn’t neglect to perform simple searches across the user shares and computers to see what comes back with respect to financial databases.
Falsification of Official Documents
Same story, second verse. Just as with other types of corporate fraud, corporate officers often forge documents such as quarterly or annual statements to make them look as though everything is on the up and up. Computer forensics can assist you in answering two questions: What are they using to create these falsified documents? How are they deriving the numbers to put into them?
Finding Falsified Documents
Because these documents are generally publicly distributed, you have the advantage of knowing exactly what they contain. You can put together a keyword list that, when run across the universe of documents, should bubble up the majority of the falsified documents. Once you have a list, you can look for a few things from a forensics standpoint that can advance the investigation.
Authorship History As discussed in Chapter 12, office documents can be a treasure trove of metadata information. Use this information to determine who developed these records and talk to them. Find out what process they used to create the documents and how they arrived at the numbers. Ask about approval processes and who saw the document before it went out. Also look at the revision history, and if the document had been e-mailed to anyone, and talk to those individuals as well.
Data Sources If the document links to other files (such as an Excel spreadsheet that has database input, for example), run that link to ground. See exactly where it is connecting to and what information is contained within the data source. Look for other similarly structured data sources that may contain the true set of books.
Other Disk Activity Around the Modified Times Look at the MAC times for the files in question, and use those times to see and correlate other activities on the computer. Look for programs that were run in the User Assist, determine whether thumb drives were connected or if LNK files show other documents or databases being accessed at the same time. These documents were not created in a vacuum. Just like legitimate financial records, these documents generally have some source and inputs. By accurately mapping out how these documents are created, you can help complete the picture of how the fraud occurred and what other important data sources may be out there.
Mortgage Fraud
The housing and mortgage banking business is a trillion dollar industry in the United States, but it is also big business for perpetrators of mortgage fraud. In 2008, the FBI estimated that annual losses due to mortgage fraud in the United States exceeded $4 billion. With more than a decade-long housing boom in the United States fostered by continued economic expansion, rising home values, low mortgage rates, and weakening underwriting standards, among other factors, mortgage fraud has become much more prevalent and pervasive in recent years. Just how much more did not become evident until the beginning of the melt-down in the subprime mortgage markets in 2007 and the ensuing financial crisis and economic recession in the United States and around the world. With heightened scrutiny on so-called subprime mortgages (mortgages taken by borrowers with lower credit ratings than “prime” borrowers) in recent years, regulators, politicians, the media, and the general public became more keenly aware of the various types and pervasiveness of mortgage fraud in the mortgage lending arena.
The FBI defines mortgage fraud as the “material misstatement, misrepresentation, or omission relied upon by an underwriter or lender to fund, purchase, or insure a loan.” As with all frauds, mortgage fraud is founded upon deception. Mortgage fraud encompasses a broad range of frauds by individuals and entities to profit from the overall mortgage industry. Some frauds are perpetrated by consumers against lending institutions, while others are targeted at consumers in addition to the lending institutions. In the latter, both parties typically suffer.
Given the size of the US mortgage market and the destabilizing effects resulting from unsound lending practices and efforts to undermine the mortgage financing system, mortgage fraud is a chief concern for the federal government and an acute focus of the FBI. The FBI describes mortgage fraud in two main categories: fraud for housing and fraud for profit. Fraud for housing is typically perpetrated by consumers on lenders and financial institutions where the fraud is in the misrepresentation of material information typically in relation to loan eligibility requirements (such as income, employment, and so on) so that the consumer can qualify for a loan to purchase or refinance a home. While pervasive, especially given the deteriorating underwriting standards over the years, fraud for housing accounts for a small minority of the overall losses experienced each year.
Fraud for profit schemes typically involve industry insiders who take advantage of the consumer and the lenders, as well as weaknesses in underwriting and the overall loan process. The FBI estimates that more than 80 percent of all reported losses resulting from mortgage fraud involve collaboration or collusion among industry insiders (such as real estate agents, mortgage brokers, loan officers, appraisers, loan underwriters, and so on). Fraud for profit schemes include so-called equity skimming schemes and property flipping, among numerous others, and also may involve identity theft (such as the use of someone else’s identity to secure a mortgage loans). Often these schemes involve the fraudulent receipt of proceeds from the sale of a home (funded through a lender and secured by a mortgage) where the perpetrators of the fraud either skim a large amount of proceeds from an overinflated loan value or flat out have no intention of repaying the loan.
What to Understand
Mortgage frauds can range from simple misrepresentations of information on a loan application to complex schemes involving multiple parties collaborating to steal from lenders, as well as from consumers. Mortgage fraud can occur at almost every point in the process of a mortgage loan, from the initial sales listing to a loan origination and closing. The first point to understand is at what point in the process the mortgage fraud is suspected to have occurred and what relevant parties were involved at that stage of the process.
In fraud for profit schemes, the seller is often the primary perpetrator of mortgage fraud. A seller, with assistance from others, may be able to orchestrate a higher appraised value for a property than warranted, may be able to steer a prospective buyer to a loan officer willing to overlook deficiencies in a borrower’s overall loan application and qualifications as a buyer, or may make other arrangements with borrowers to bypass more standard and stringent underwriting criteria. Sellers may also be able to manipulate the entire lending process by fronting straw buyers and falsifying information in each step of the process. Sellers in this situation often have help from someone “inside” the process, including real estate brokers, appraisers, loan officers, or underwriters friendly to the seller. In other situations, sellers sometimes recruit unsuspecting buyers to participate in their schemes with the promise of quick-and-easy returns through acquiring and flipping real estate. However, these unsuspecting investors ar
e often left holding an overvalued property with an extensive mortgage that the investor neither intends to live in nor can afford.
Your next step is to understand what documentation or information in the loan process may be misrepresented (such as overstated property values, overstated borrower income, and so on). Fraud for housing schemes typically involve a misrepresentation or omission with regard to some part of the loan application—namely, a borrower’s qualifications. Common borrower misrepresentations include false claims of their personal income, liabilities, or assets to make them appear more creditworthy.
Regardless of the mortgage fraud scheme, the misrepresentations, omissions, or other deception likely occur in one of several areas, including the borrower’s qualifications to receive the loan, the value of the property in question, or the underlying credit score and credit-worthiness of the borrower. Most mortgage fraud schemes involve the manipulation of one or more of these processes, often with the assistance of sellers, appraisers, loan officers, and others.
What to Look For
Understanding in what part of the loan process the mortgage fraud may have occurred, who the suspected perpetrator is, and whether the perpetrator may have had, or would necessarily had to have had assistance from insiders, will determine what you look for in investigating the fraud. You’ll often focus on identifying altered documents, as well as identifying collusion with insiders through communications, payments (such as kickbacks), or other conflicts of interest.
Hacking Exposed Page 50