Develop policies to provide practical guidance for all employees on acceptable business practices covering:

• Business ethics – to create a culture of ‘doing the right thing’.
• Conduct and how to deal with conflicts of interest.
• Gifts and hospitality.

Processes

Ensure that policies are embedded into normal business practices:

• Undertake independent due diligence of all third-party agents and others who are in a position to pay bribes business.
• Ensure that all third-party agents and intermediaries comply with your organisation’s business policies and procedures.
• Review the management of indirect sales channels (eg, agents, advisors, consultants and distributors).
• Include in your terms and conditions of trade the standards of ethical behaviour that you expect of joint venture and other business partners.
• Maintain accurate and timely records of all transactions related to third parties especially in the sales and procurement areas of the organisation.
• Establish mechanisms to enable significant issues to be escalated within the organisation.
• Undertake regular reviews and conduct appropriate audit of relevant business processes to ensure that they remain up to date and corruption risk is identified.

People

The commitment of staff is crucial to the success of your business policies and processes. To this end:

• Set the ‘tone from the top’ as one of zero tolerance towards bribery, corruption and other related crimes.
• Assign specific responsibilities to the board and senior management. Ensure appropriate oversight and adherence to policies and processes.
• Introduce and maintain a credible mechanism for employees to report concerns.

Communication

Ensure that staff and third parties (including customers and suppliers) are fully aware of company policy:

• Communicate clear simple messages across cultures and languages.
• Introduce full disclosure on policy, process and breaches in all reports.
• Ensure disciplinary policy on breaches is communicated and enforced.
• Implement appropriate and ongoing training and education programmes.

Source: Fraud Advisory Bureau

Ken Drumm (42), a brother of the former Anglo boss, claimed in a sworn affidavit that his sibling was tipped off about contact between the bank and a firm of private detectives.

The detective agency, Bluemoon Investigations, offered Anglo its services in tracking down absconding debtors.

The disclosure — contained in papers lodged with the High Court — suggests at least one Anglo figure loyal to David Drumm was leaking information that allowed him to stay one step ahead of the bank’s new management team.

Anglo has been trying to hold the former chief executive to account for a series of disastrous decisions and force him to repay borrowings of over €8m.

According to Ken Drumm, his brother was told the detective agency made contact with Anglo around May 2009 — six months after he quit the bank and moved to the US.

At the time, David Drumm was not making repayments on over €8m from Anglo. He would later file for bankruptcy.

Anglo did not take up the services of the private detectives, but an internal unit was tasked with investigating actions David Drumm (44) took at the bank’s helm.

This action culminated in the announcement, last month, that the bank intended to sue him for misconduct and deception.

Ken Drumm, a builder and nightclub boss, made the tip-off claims in papers filed as part of a dispute with a finance firm.

He is being sued over alleged debts by Dun Laoghaire-based Celtic Invoice Discounting (CID), which has the same owners as the Bluemoon Investigations agency.

In an affidavit, seen by the Irish Independent, Ken Drumm said his brother David was told by a person within the bank that the private investigators had offered their services.

Ken Drumm also stated that he was contacted with other information around the same time by a “senior manager” at the bank.
He did not name the officials who contacted him and his brother, but stated he intended to refer to their claims in defence of the CID lawsuit.

Anglo declined to comment on his claims last night.

The dispute between Ken Drumm and CID centres on an alleged debt of around €60,000, which CID claims is owed from a debt purchase agreement.

It says Mr Drumm was advanced funds for the running of Okohaus Superstructures, a construction company he ran that was involved in building schools for the Department of Education. The firm went into receivership in December 2008 and the debt has not been repaid, CID claims.

Mr Drumm has denied money is owed to CID and claims his reputation was adversely affected by comments allegedly made by CID’s managing director Peter Kerrigan in a phone call to an Anglo official.

Bluemoon Investigations confirmed it wrote to Anglo chief executive Mike Aynsley in relation to its services, but said it was “mystified as to why anyone in Anglo would make David Drumm aware of this”.

By Shane Phelan Investigative Correspondent Thursday March 03 2011

If you’re shopping online, look for clear signs that you are buying from a reputable company:

• Do they have a real-world presence? Can you see their address and phone number?
• Is their website secure? Look for ‘https://’ and the padlock that should be present on the page you are using when you are giving any payment details (credit card), or personal information
• Do they have clear privacy and returns policies?
• If you’re not convinced, search for the company on the internet and check their reputation. Call them. Trust your common sense and if necessary buy elsewhere.

If you’re using an online auction site, such as eBay, a few simple steps can make things safer:

• Before you start, understand the auction process, the site rules and the auction company’s own safety advice.
• Get to know the buyer or seller. Ask questions. Check their feedback.
• Learn to pick good sellers. Their items have clear descriptions and they will answer your questions.
• Don’t give away your password or personal details.

When it comes to handing over your money, choose a safe way to pay such as PayPal or a credit/debit card.

Conmen are very good at persuading you to do what they want. Learn to spot the telltale signs of social engineers:

• They will promise huge rewards: lottery wins, lost inheritances etc.
• A false sense of urgency.
• Odd, superfluous details.
• Requests for upfront payments or private information.

Keep your guard up and use your common sense. It’s your money so if you get a bad vibe, walk away. Don’t be rushed into anything. Talk to someone you trust before making any big decisions. Remember, if it looks too good to be true, it probably is.

Source: Action Fraud

The term ‘cybercrime’ is often used to describe frauds that are attempted or committed using a computer and/or the internet. It covers a range of activities, including computer hacking, virus attacks (such as ‘botnets’, ‘malware’ and ‘adware’), fake websites, cyber-stalking, email scams, and cyber-extortion, to name a few.

In most cases these activities are designed to steal a victim’s personal, bank account or credit card details for use in fraudulent activities, or to use their computer in an attack on someone else.

Some common types of internet and email scams include:

• Advance fee frauds (sometimes called ‘West African 419’ frauds): you receive an unsolicited email from a person who claims to have access to a large amount of money and needs your assistance (and your bank account) to move it in return for a percentage of the cash.
• Lottery scams: you receive an unsolicited email advising that you have won the lottery, a yacht, a holiday or some other prize – despite never entering a lottery or prize draw. You will be asked to pay a small administration fee to receive the prize (which never arrives). Many of these scams originate overseas.
• Work from home scams (sometimes called ‘money mule’ or ‘money transfer agent’ scams): you receive an unsolicited email from a person you don’t know who wishes to use your bank account to receive funds. You will then be asked to make a payment to another person or organisation after deducting a percentage as your commission or fee. Victims are sometimes lured through fake job advertisements.
• Phishing or vishing scams: you receive an email purportedly from your bank, HMRC, or other legitimate online business such as a shop or auction website. The email will contain a link to a fake but credible-looking website or ask you to call a specified number, where you are asked to update your personal and/or account information. Note: banks and other legitimate online businesses will not do this!
• Scareware: you access a website and receive a ‘pop-up’ telling you that you have some or all of the following – spyware, malware, virus, a Trojan, or pornography downloaded onto your computer. This may be accompanied by a barrage of other pop-ups. You are then offered a programme to purchase which can remove all of the above.
• Game cheat and file sharing websites: your computer is infected by malware when you download a game cheat, or share files online.
• Social networking: you post personal information on your profile page or disclose it on ‘live chat’ facilities which is then used by cyber-criminals to commit identity fraud.
• SMS phishing scams (sometimes called SMiShing): You receive an SMS text to your mobile phone confirming you’ve signed up for a service you know nothing about and will be charged a daily fee unless you cancel the order by visiting a specified website. The website then downloads a trojan onto your computer which enables it to be remotely accessed and used by cyber-criminals to attack other servers.

What is identity fraud?

Fraud occurs ‘when a false identity or someone else’s identity details are used to support unlawful activity, or when someone avoids obligation/liability by falsely claiming that he/she was the victim of identity fraud’.

Common types of identity fraud

Application fraud/account takeover:

A fraudster applies for financial services (eg, a new credit card or opens a new bank account) in your name or changes your postal address.

Impersonation of the deceased:

A fraudster uses the identity of a deceased person to obtain goods and/or services.

Phishing:

A fraudster sends you an email claiming to be from your bank or other legitimate online business (eg, a shop or auction website) asking you to confirm or update your personal information such as passwords and account details via a link in the email.

Present (current) address fraud:

A fraudster living at your address (eg. the same block of flats) or nearby uses your name to purchase goods and/or services and intercepts the mail when it arrives.

How does the fraud work?

A fraudster steals or acquires information about you. This may include:

• Your name
• Your current or previous address
• Your date of birth
• Your bank account or credit/debit card details
• Any other personal or financial information about you

This information is then used to:

• Acquire new debit, credit or store cards Open bank or mobile phone accounts Obtain new passports or driving licences
• Apply for benefits
• Take out loans

The Identity Fraudster

1. Steals/acquires personal/financial information about you
2. Uses this information to obtain finance/goods/services in your name
3. Intercepts/redirects goods/services
4. You stop receiving mail or receive mail about goods/services you know nothing about

What happens if you become a victim?

Generally you will not be liable for all of the debt incurred by the fraudster in your name. However you will need to rectify the damage caused by the fraudster (particularly. to your credit rating) and this can take time. 5 steps that you should take:

1. Report the matter to the relevant organisation(s) immediately. Follow their advice.
2. Obtain a copy of your credit report (available from credit reference agencies).Check for discrepancies. Go back to step 1.
3. Keep a record of all correspondence you make or receive in respect of the identity fraud.
4. Consider ‘protective registration’. A small annual fee is charged for this service.
5. Reassess your personal security strategies in respect of your personal and financial information. (Ask yourself ‘how well do I protect it and can I do anything differently?’)

In most cases it will be at the discretion of the organisation which supplied the goods and services to the fraudster to decide whether or not to prosecute. This is because the organisation supplying the goods or services is considered the victim in law – not you.

Fraud hotspots in smaller businesses

Small and medium-sized businesses (SMEs) are particularly vulnerable to fraud in times of economic downturn; many lack the controls found in larger organisations and do not necessarily have the resources to combat certain types of fraud. This factsheet highlights some of the key areas of fraud risk.

Areas of fraud risk

All types and sizes of businesses are vulnerable to fraud. Smaller businesses can be susceptible to a very broad range of fraud risks and a small workforce can mean that it is difficult to segregate duties. Fraud can be committed by employees (sometimes called ‘internal fraud’ or ‘employee fraud’), third parties (such as suppliers and customers) and even by business owners themselves. Some of the most common fraud ‘hotspots’ are summarised below.

Customers

• Card fraud: A fraudster pretends to be a legitimate customer and purchases goods using a stolen credit or debit card.
• Non-deliveries: Customers falsely claim that goods dispatched from an online retailer have not been received.
• Refunds: Customers steal goods from a retail outlet and then return the goods for a cash refund.

Employees

False or inflated supplier invoices:

Employees authorise payments for overpriced and/or non-existent goods or services and receive a ‘kickback’ (such as a cash payment) in return from the supplier. This is particularly noticeable in the property management sector where service charges are calculated on a cost plus percentage mark-up basis.

Fictitious refunds or returns:

Employees generate false refunds and either steal the cash value from the till or arrange for the amounts to be refunded directly to their personal credit card or bank account. Retailers are particularly susceptible to this type of fraud.

Fictitious refunds or returns:

Employees generate false refunds and either steal the cash value from the till or arrange for the amounts to be refunded directly to their personal credit card or bank account. Retailers are particularly susceptible to this type of fraud.

Ghost employees or contractors:

Fictitious employees and/or contractors are added to the business’ payroll and are paid wages and/or expenses.

Misappropriation of assets:

Employees help themselves to cash, stock, IT equipment such as laptops, and stationery or submit false expense claims.

Theft or supply of confidential information:

Employees steal confidential customer and/or client information and use it for fraudulent purposes.

Suppliers

False or inflated invoices: Suppliers invoice for more goods or services than were delivered or supplied, or invoice at a higher price than originally quoted. This may involve collusion with an employee to ensure that payments are authorised.

• Long firm fraud: A business is set up with the purpose to defraud other legitimate businesses.
• Property management: Over-charging by management companies using fictitious time records.

Other third parties

Corporate identity fraud:

A fraudster sets up a false company to trade or steals an organisation’s identity and/or financial information and uses it to purchase goods and services, obtain information or to access facilities in that organisation’s name.

Online banking fraud:

A fraudster gains access to the business’ online bank account and manipulates funds such as setting up standing order payments to his/her own bank account. Businesses that do not have adequate firewall protection are particularly vulnerable to this type of fraud.

Fraud warning signs

There are a number of warning signs that can indicate that fraud may be occurring within your business. These include:

• Changes in employee behaviour
• Changes in cash flow
• Stock shrinkage
• Customer complaints
• High turnover of staff
• Computer and network problems

Manage

• Fraud in a Recession
• Economic recession

A downturn places people under pressure and leads some into dishonesty. Fraud losses make recession induced cashflow, liquidity and credit problems worse. Coping with the consequences of even a small fraud will consume energies when management time is already at a premium.

A recession increases fraud threats from inside the business, for example: Managers desperate to keep their heads above water may be tempted to falsify accounts and sales returns; Employees with large debts may inflate expense claims, ‘borrow’ from the till, steal stock and company assets and collude with customers, suppliers or Contractors: Staff may be more vulnerable to attempts to get them to sell confidential information; Organised criminals may infiltrate companies, placing individuals in positions where they have access to money, goods, or information that can be turned to financial gain.

Recession also brings to light existing frauds as credit lines run out and financial manipulation can no longer be concealed.

External attacks are equally serious. Companies providing customer credit are at risk from an increase in fraudulent applications. Suppliers and contractors will be under pressure and some will defraud business customers. As smaller firms find it harder to obtain credit from traditional sources they will be tempted to turn to new and untried sources of funding, some of which will be offered by fraudsters.

What to do if your business suffers a fraud

Three steps that you should take:

1. Report the matter to the police and other relevant organisations immediately. Depending upon the type of fraud this could include your bank, insurance company, suppliers and/or customers.
2. Consider seeking specialist professional advice.
3. Reassess the way your organization conducts and manages its business to ensure it is adequately protected
   against fraud.

Remember that a recession is the time to take fraud seriously

Identify the areas of your business that might be most vulnerable to loss from theft or fraud, such as sales, stock, purchasing, expenses and record keeping.

• Strengthen any obvious weaknesses you have identified. This might include introducing additional checks for signing off payments or authorising purchases.
• Monitor your bank and credit card statements for unusual transactions.
• Designate a senior member of staff with responsibility for managing risk. He/she should identify areas of vulnerability and recommend changes to business processes where appropriate.
• Ensure that your business premises have adequate physical security protection including locks, keypads and alarms.
• Try to minimise cash transactions within your business.
• Conduct checks on your suppliers, contractors and biggest customers to make sure they are who they say they are and that you are getting value for money.
• Check invoices against original purchase orders and the goods supplied.
• Make sure your staff are aware of the risks from theft and fraud and how to report it.
• Communicate staff expense policies/procedures and monitor compliance. Check references for all new staff; full-time, part-time, temporary, and casual. Further checks may be needed as employees are promoted or require access to more confidential information.
• Adequately protect your IT systems and business information from the cybercrime risks posed by phishing, viruses, hacking and scams.
• Consider how you would respond to a fraud if it was discovered in your organisation.

What not to do

• Forget that severe economic pressures can cause previously honest people to become dishonest.
• Assume all information provided by prospective employees…

Wireless Safety

Wireless technology is now built into just about every gadget we’re likely to own – from mobile phones, PDA’s and laptops through to iPods, cameras and book readers. It is a functionality which is less a feature than a consumer requirement.
Always being connected especially when you’re on the move, can seem like a wonderful thing. You can surf the internet, write and pick up emails, download important files – everything you can do in the office or at home – wherever and whenever you wish. But all this comes at a price. The price is the security of your data.

Wireless communications offer a window of opportunity for the data thief

Mobile phones, PDA’s and laptops now come with two wireless technologies as standard: Wi-Fi and Bluetooth. Many people forget to turn this functionality off on their mobile and laptops when they are not in use. Mobile phones in particular are often switched on permanently because users don’t think to check. As a result their presence is advertised to other wireless users 300 feet away or more. Since the signals are always seeking connections they are easily discovered and unless properly secured, can be hacked in a matter of minutes.

Wireless communications offer a window of opportunity for the data thief

Mobile phones, PDA’s and laptops now come with two wireless technologies as standard: Wi-Fi and Bluetooth. Many people forget to turn this functionality off on their mobile and laptops when they are not in use. Mobile phones in particular are often switched on permanently because users don’t think to check. As a result their presence is advertised to other wireless users 300 feet away or more. Since the signals are always seeking connections they are easily discovered and unless properly secured, can be hacked in a matter of minutes.

Securing mobile Wi-Fi- computers

There is one very simple wireless security solution; turn if off if you are not using it. With most laptops, all it takes is a flick of a switch. Wi-Fi signals travel further then Bluetooth signals and this should be borne in mind especially in heavily populated areas.

One of the main risks with mobile Wi-Fi is that it can be configured to automatically connect to available networks. This puts your computer at risk as it may hop on to any free hotspot without notifying the user. All the potential hacker then needs is some free software, readily available on the internet, to steal passwords, contacts and other personal or confidential data.

Wi-Fi on the move- phones

The main security risk with mobile phones is Bluetooth.

Bluetooth transmissions work up to about 30 feet or more. Again in a public place this can advertise your presence and the fact that your device can be connected to and either hacked or hijacked.

Hijacking is a favourite ploy of many fraudsters. They can steal a mobile number silently and with great simplicity then use it to dial premium numbers for services which would be difficult to explain to a person’s spouse or partner. The resulting bill can be an equal embarrassment, with no way of proving to the service provider that it wasn’t the subscriber making the calls. The best way of staying secure is to switch Bluetooth off by going into the phone settings and disabling it.

Wi-Fi at home

Home wireless networks have a range of around 300ft indoors and 300ft or more outdoors, depending on a number of factors, including the strength of the transmitter and the number and type of obstructions in the way of the signal.
‘War driving’ is a common tactic used by fraudsters who drive around residential areas to identify and exploit weak home wireless networks for their own gain.

An easy way of making a wireless network more secure is to place the transmitter near the centre of the home, away from windows .Modern wireless networks come with certain security features built in eg. Firewall; The ability to encrypt traffic. These features should be enabled at set up.

How to protect yourself:

Always

• Disable automatic connection on your computer to Wi-Fi networks.
• Turn Wi-Fi off on your computer when it’s not in use
• Turn the Bluetooth signal to ‘undiscoverable’ on your mobile phone when it is not in use.
• Set a Bluetooth pass code on your mobile phone and change it frequently

It’s booker beware in the holiday lets market

This article was written by Sandra O’Connell and was published in The Irish Times Saturday 14th August 2010.

SANDRA O’CONNELL