Everyone has used phrases such as "under the pump", "recognise revenue" and "discount" in their emails but a fraud investigator cautions that if you're a salesman you may want to mind your language.
Blare Sutton, a senior fraud investigator with global financial services firm Ernst and Young told a gathering of security experts in Sydney yesterday that such phrases could be indicators of criminal activity or potential to commit fraud, which he estimated ran to 5 percent of lost revenue a year or $2.9 trillion. And although email was the traditional medium analysts looked at, social media services were also worth scrutinising, he said.
Sutton cited the example of a salesman who brought forward expected sales into the current quarter to generate bigger bonuses and deferred missed targets into subsequent quarters, hoping he could smooth the numbers later.
The employee was found to have misstated revenue leading to $2.5 million in fraudulently claimed bonuses, was prosecuted and jailed. But when investigators looked at his emails there was a clear pattern of words and phrases that raised red flags.
When they went back to look at the salesman's year-before emails, they found similar behaviours and deduced that $200,000 in bonuses were fraudulently granted in a "dry run", Sutton said.
He said the company claimed this money back from it's insurer. Which was about the median loss to fraud of $160,000 an incident, he said, although a third of frauds were more than $1 million. Frauds perpetrated by middle managers averaged $10 million, and about 8 percent of companies surveyed said they were victims of fraud, he said.
In another case, a global distributor based in Mexico saw an increase in such phrases during a period of shocking corruption allegations that resulted in the board sacking it's chief executive officer. Immediately following his departure, instances and frequency of suspect words in emails declined because "the message [that fraud wasn't tolerated] was conveyed and employees stopped talking" about criminal activity, Sutton said.
Words that showed "subconscious" tendencies included problem, concern, revise, discount, correct, miss, Figure out, It's OK, find it, complex. And when regulators such as the Australian Securities and Investments Commission were breathing down a company's neck, Sutton's team looked for incidences of their mentions in emails.
"It's basic language," he said. "There was nothing about the fraud [in the emails], it was subconscious language that led to an anomaly from which we could do a traditional investigation."
Sutton said investigators were scoring incidences of such words in emails and on social media services against factors such as pressure or incentive, opportunity and rationalisation and graphing them for study.
"Even criminals rationalise their actions on email," Sutton said. This showed visually individuals worthy of closer scrutiny, he said, or those that may be fraud risks when the three factors came into alignment.
He cautioned against the use of such measures as the sole determinant when investigating possible malfeasance. In a case he investigated, the tone of an employee's emails suggested wrongdoing but the false positive was recorded because the suspect was going through a painful marriage breakdown and those aspects were reflected in his electronic communications.
ASIAL Security 2010 exhibition and conference finishes today.
Copyright © CRN Australia. All rights reserved.
Issue: 335 | January/February 2015
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.