Smartphones have become such an integral part of our everyday lives that many users joke their devices have become grafted to their hands. We use them to maintain contact in our work and personal lives, correspond through email and social media, and a bulk of Americans have made the transition to conducting their banking through the use of mobile applications. As developers continue their bottomless pursuit to create an app for everything, more and more of our real, flesh-and-blood lives are being stored on our phones: personal details, account numbers, passwords, and other sensitive information that could be misused if it fell into the wrong hands. That’s why smartphone users have to educate themselves on the specifics of a scam called “SIM card swapping.”
What is SMS?
For many telephone, internet, and smart device developers, SMS (short message service) text messaging is the cornerstone of their services. As of 2010, it was the most utilized service provided by communication companies with 3.5 billion users. It became a vital tool in direct marketing campaigns and remains one of the most popular forms of communication in younger users. Because of the ubiquity of smartphones, many companies that require a two-step authentication process for their users’ security implement SMS as a secure means of accessing information. For example, you attempt to log in to your bank account, correctly entering your username and secure password. It’s not uncommon for banking apps to prompt a second form of verification, so the app tells you it will now be sending a four-digit verification code to your phone that you must enter on the app to confirm that you are who you say you are. The code is sent to your phone via SMS. Once this information is transmitted over SMS, users are often derelict in deleting that information from their devices. This is where users are vulnerable to the scam.
How SIM swap scams work
Smartphone users who have lost their phone or who have been the victim of a theft often have the ability to call their mobile provider and provide their secure information in order to have the provider remotely wipe the SIM card and have that information transferred to another phone. Thieves in search of secure information will use tools like phishing mail campaigns, posing as legitimate companies like insurance and credit card companies to get the victim to willingly hand over identifying information such as date of birth, address, and phone number. Once they have enough identifying information, they will call the victim’s mobile provider and pose as a customer. They claim they’ve lost their phone or their phone was stolen from them. Then, using the victim’s identifying information, they will request that the mobile provider remotely wipe their old SIM card and rewrite it to the SIM card in their new device. Just like that, the thief has any and all information that has ever been transmitted via SMS text. This leaves accounts, email inboxes, and secure information vulnerable to fraud. “A high proportion of banking customers now have mobile phone numbers linked with their accounts,” fraud prevention consultant, Emma Mohan-Satta, told Digital Trends, “and so this attack is becoming common in some regions where this attack was not previously so common. Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims who have been specifically targeted through successful social engineering.”
Who is vulnerable?
Anyone who uses their smartphone as part of a two-step authentication is vulnerable to a SIM card swap scam. Once the thief has their hands on your personal information, they can devastate you in minutes by performing bank transfers, rerouting mail, and making purchases in your name. If the SIM card contained any compromising information, such as lewd photos or inappropriate communication with another person, the perpetrators can use that information to blackmail a victim into paying a tidy sum in exchange for the return of the compromising data. A victim named Tina told Motherboard, “This just happened to me over the weekend. I lost service late Saturday night and assumed it was an issue with my always buggy iPhone. Then on Sunday morning my husband got a text from T-Mobile saying that a line on our phone plan had been cancelled (mine) and i soon discovered that $1200 had wired out of my bank account to someone in [redacted] with my same last name.”
While the cost to a single individual can be devastating, a sophisticated thief can do even more to topple a business like a house of cards. It’s common practice for some types of employers to issue their employees a company cell phone to facilitate business, and in this day and age, that almost certainly means a smart phone. Correspondence between coworkers, appointments, account numbers, and sensitive company information can be exposed and exploited for gain. Companies that carry high financial sums in their accounts can be ruined before they even realize there’s a problem.
How to protect yourself
Dependence on smart phones to facilitate two-step authentication plagues many users throughout the country who enjoy the convenience of verifying their identity through SMS. Luckily, tech sites like Motherboard recommend a few ways you can protect your identity and your monies.
Beef up account security
Many major cell phone service providers are developing new methods of two-step authentication in light of the rise of SIM card swap scams. Many offer their customers the option to set up a secure PIN for their account, completely separate from the login information used to access their account. The PIN is used as a primary verification feature specifically for when customers call into the support center for SIM card-related issues. Previously, many providers opted for a security question for this type of authentication, but the answers to these security questions can often be found on a victim’s social media, such as, “Which high school did you attend?” This way, the PIN is never transmitted through SMS text messaging, and no personal information from a social media profile can be used against them.
Don’t link your number to your online accounts
Once a thief has access to your account, they can easily reset your password and other authentication methods, making it very difficult to quash the problem. Instead of linking your mobile cell phone to your accounts, you can choose a different sort of number, such as a Google Voice number.
Many individuals and companies bypass security measures for a number of reasons, such as lack of time, interest, or the mere belief that they could never be the victim of a SIM card swapping scam. The reality is that it can happen to anyone, and there’s no shortage of victims for scammers. Users who practice their due-diligence can build a security to block them out. When the scammer hits this wall, they simply move on to the next target. Educate yourself and ensure that target isn’t you.
Carie McMichael is the Communication and Media Specialist for Lauth Investigations International. For more information on investigation topics, missing persons, and corporate solutions, please visit our website.
On the Line: Exposing Theft in Manufacturing
When your business is in manufacturing, you are the steam engine on a locomotive of consumer progress. Product quality and efficiency start with you—producing the best results so the next link in the chain has a reasonable chance of success. This means hiring the best people to work in your plant is paramount to clearing the black. Human Resource departments dedicate themselves to recruiting the best of the best for their company, but even the most qualified and dependable candidates can give you ugly surprises with dishonest behavior, including malingering, fraud, and most significantly, theft.
All industries experience internal theft lowering their profits, but manufacturing is one of those most heavily affected. The Association of Certified Fraud Examiners (ACFE) has reported in global industries, internal theft accounts for more than $3.7 million of eroded profits every year. The ACFE has determined, for manufacturing and production industries, the median loss is $194,000 per company. There’s no short of manufacturing industries who suffer this loss, but to a thief, some are more lucrative than others. The top five manufacturing targets of thieves are pharmaceutical, metal, cargo, electronics, and cigarettes. The opioid crisis in the United States is not only responsible for millions of dollars of theft in pharmacies, but also in the plants where drugs are manufactured, or the warehouses where they are stored. Warehouse and plant workers often swipe units of electronics and fabrication materials for use in their own homes. These items can go for a small fortune on the street, or they can be resold on the black market to avoid being traced.
The larger the theft, the quicker it is noticed, but no company should have to wait for a large loss to implement prevention strategies. Any high-ranking employee or human resources employee can recognize the signs of internal theft, if they know where to look. For example, employees might report recent loss, or seeing product in unauthorized locations. Employees may be exhibiting suspicious behavior, like repeated rendezvous in the parking lot, or the surrounding area. Outlandish material possessions, such as new cars, designer shoes, and expensive jewelry, might suddenly be a regular part of the employee’s life. Low morale is one of the most common causes of internal theft, as employees who feel undervalued suddenly rationalize to themselves they deserve to take something from the company for their hard work and sacrifice.
As such, human resource departments are always reshaping their recruitment process to ensure they hire only quality individuals to be a part of their team. And this goes for all ranks within a workforce. While a lower-level employee may not be noticed themselves, higher-level employees are the ones poised to cause significant loss to the company with their status and access to important company records. When everyone is a suspect, HR must implement procedures and methods of prevention that not only educate employees on the warning signs of theft, but also craft a culture that promotes honesty—if you see something, say something. These preemptive measures can be things like a comprehensive employee handbook, specific training to recognize signs of theft, effective security and monitoring systems, and a confidential tip line so that employees can report suspicious behavior without fear of reprisal. In manufacturing industries where groups of employees are assigned to their own sections, it’s important to have regular team meetings to maintain contact with the workforce so policies to protect the company can be reviewed and modified to improve and protect daily operations.
However, despite having a plethora of prevention methods in place, bad apples can still slip through the cracks of due diligence. When all attempts to handle a theft in-house have failed, there is still recourse. Many companies feel the need to handle all matters of theft internally, using teams of Human Resource employees or their own in-house investigator, but in-house operatives often lack the cohesive experience that comes from working in private investigations. The initial instinct might be to use an informal, in-house operative. Unfortunately, using an in-house operative has the potential to backfire quickly. If this investigator is known to the company’s workforce, their undercover efforts to sus out the culprit can be exposed easily, allowing the perpetrator to modify their methods, or disappear entirely before being identified. Poor investigations cannot only leave the perpetrator with an out, but can also exacerbate a workforce’s low morale, as employees become suspicious and paranoid.
Hiring a private investigator to investigate an internal theft has a wealth of benefits for business owners. Most obviously, an external, third-party investigator will be a fresh, unknown face to a company’s workforce. This “new blood” can freely move about the company inconspicuously. Their new hire status coupled with expertise in interviewing subjects will allow them to question other employees without suspicion. Private investigators also have a better chance of thoroughly investigating middle to higher management. As previously stated, these are the employees with the most access—able to alter inventory sheets and cost analyses. Over a period of time, a private investigator can hide in plain sight, keeping meticulous records on conversations and reporting surveillance findings that can be cataloged for any terminations resulting from the investigation.
Terminations under messy circumstances like internal theft can often have legal repercussions, on both the side of the employer and employee. Companies may feel inclined to prosecute for the losses to the company, or an employee who feels they were wrongly terminated may sue. Internal investigators who have improperly handled an investigation can be the lynch pin that brings any legal proceedings to its knees. Improperly gathered evidence or illegal methods of fact-finding will compromise the company and their position in terminating the employee. Terminated employees can argue the company fired the wrong person in the interest of finding a solution, or argue the termination is vindictive action. However, an external operative like a private investigator has no stakes in the outcome of any investigation. Their only loyalty is to the truth, and as such, their investigation is dependent on facts, not company politics. Private investigators are impartial third-parties, which leaves very little room for a thief to argue wrongful-termination.
When producing a quality product, the integrity begins in manufacturing. Regardless of the type of product being manufactured, theft at this level of production is profitable to an organized thief—especially one who knows how to cover their tracks. Keeping the investigation in-house certainly has public relations benefits, but ultimately, one of the tenets of quality private investigations is confidentiality. Confidentiality between a private investigator and a company will allow them to deal with the theft discreetly, but thoroughly. Their third-party status means they have no dog in the fight, and their solution will stand up to the highest level of scrutiny.
Employee misconduct in the workplace can have a toxic effect on morale and productivity, which often incentivizes employers to resolve the situation quickly. These days, there are clear benefits to getting out in front of any misconduct complaint as movements like #MeToo have employers scrambling to vet their workforce so they can identify predators before scandal or evidence of misconduct can become public. In a surveillance culture where both bad behavior and good behavior are fodder for a good viral news story, employers everywhere are starting to understand the value in properly handling a corporate crisis. But in their haste to resolve the situation, are employers handling internal investigations properly?
Regardless of the type of business and type of misconduct, (sexual harassment, drug-trafficking, theft, etc.) the first instinct where there is a whiff of employee misconduct is often to keep the information very close to executives. As with any investigation, the controlled release of information has an investigative advantage in identifying the true culprits of any misconduct. This is the beginning of employers remaining too close to the situation. It’s not unusual for a well-meaning employer to appoint themselves as the head of the investigation—but this presents a huge conflict of interest. As a person with a great deal to lose, the employer is, by their very nature, biased and an unbiased investigation is the foundation for anything built on an employee complaint. Without the use of an external investigator, the case loses integrity.
Hiring an external investigator, like a licensed private investigator, will bring a flattering layer of transparency to any workplace investigation. First and foremost, a private investigator is an independent third-party. Having no personal knowledge of the employees involved—and therefore having no preconceived notions about them—means they can truly approach the case from an indisputable place of objectivity. The employer’s personal knowledge of their employees disqualifies them from such objectivity. Whatever the misconduct du jour, they might never suspect their trusted personal assistant, their senior manager, or their business partner—all individuals with extensive access to company information and property. However, a private investigator will vet this list of possible suspects in search of the truth.
When an employer is unsure of how to proceed when investigating workplace misconduct, it seems like a no-nonsense solution to let the lawyers handle it. And it can often make sense, as they will be fielding any litigation that surfaces. In-house counsel might feel it’s under their purview for the same reasons, but this is very misguided. The lines of their capacities as both in-house counsel and investigator cross one another, thus creating another conflict of interest. While there are states like New York that allow attorneys to act as private investigators without a license to do so, this is still not recommended. Witnesses within the company will likely have anxiety about speaking to the company’s lawyer, and might not be as forthcoming with pertinent details. Leads suddenly begin pancaking into dead ends as nervous employees become less cooperative. Private investigators have the advantage in this situation, as they are not representatives of the individual’s employers in any capacity, and have no power to fire them. It’s the same advantage private investigators have over law enforcement because they have no powers of arrest.
The documentation provided by a private investigator is invaluable to workplace investigations. After all, many reports not handled to the satisfaction of the complainant often lead to legal action, the most common example being the more familiar story of sexual harassment in the workplace: An employee alleges sexual misconduct against another employee. Both parties are interviewed. The interviewer does not tape the interview nor take notes. After a shoddy investigation, the complainant decides to sue the company for negligence. Another common example is the case of an employee who is hastily terminated for FMLA abuse or malingering before the company conducts a thorough investigation.
Not only are paper and ink expensive, but filling out and preparing reports is time-consuming—time that would be better spent trying to improve your business. Private investigators keep meticulous records, just like law enforcement, of all witness statements, evidence, surveillance, and relevant information to the case. This will go a long way towards addressing the complaint after the PI has issued their solution. It’s a perfect package: The investigation is chronicled from beginning to end, all of the relevant information is accessible, and best of all, it was conducted, prepared, and presented by a completely objective, independent third-party. The same third-party can also offer testimony in any court case that might result from the investigation.
Whether you’re investigating sexual harassment allegations, drug-trafficking, theft, or any complaint of employee misconduct, make the proactive choice of hiring a private investigator. It’s the strongest first step you can take in any internal workplace investigation. From the beginning, the investigator will be an impartial, unbiased eye whose only loyalty is to the truth. This kind of due-diligence will go a long way towards demonstrating you, as an employer, have heard the complaint, taken it seriously, and are only interested in what actually occurred. The solution will not be based on pre-conceived notions of colleagues, or biased assumptions, but independent deduction and well-documented evidence. And even if the investigation comes to a less than amiable termination, the foundation laid by the private investigator will protect your business from litigation.
Using a CNC to protect your business means the peace of mind that your trade secrets are safe.
If you own your own business, you know finding the right people to build your company is vital. One “weak link in the chain,” as they say, can tear a business down to its foundation. And as such, it’s not only important to hire the right people, but also protect your business from being exploited in the event a former employee might expose trade secrets. If it is your business’ practice to require a signature of an employee on a covenant not to compete, you should consider having a private investigator on retainer in order to vet any suspicions of non-compete violations.
Often referred to as a non-compete clause, a covenant not to compete or CNC is designed to protect an employer’s business against future competition or theft of trade secrets by a former employee. In essence, the CNC prevents a former employee, terminated or otherwise, from using a business’ trade secrets to either work for or start a rival business. Violators of CNC have an intimate knowledge of a particular business and can use that information to destroy it. In addition to exploiting the successes of a company by using the same strategies, a violator uses their knowledge to exploit the weaknesses of a company. They know where the vulnerable spots are in their business model, and violators can correct this process in the rival business, as well as, target their former employer in advertisements.
These legal contracts have a history going back as far as the 15th century, when English common law refused to enforce the Renaissance-era CNCs on the grounds they would place too many restrictions on trade. There have been many arguments made CNCs also interfere with America’s capitalist economy, placing restraints on the free-market standards in the United States. There are only a few states in the union completely prohibiting the use of non-competes, including California, Montana, North Dakota, and Oklahoma. One of the industries where CNCs are most common is the media. Most media-conglomerates force employees to sign CNCs at the time of hire to prevent them from sharing delicate information about media markets upon leaving their position. Another common industry is finance, especially Wall Street, where a person can literally be indicted for knowing too much, having been charged with insider-trading. Many might remember reading about CNCs back in 2005, when Microsoft and Google took a former employee, Kai-Fu Lee, to task by enforcing his CNC after leaving the company. CNCs are everywhere, and as such, businesses would be wise to employ external investigators to get the hard facts on CNC violations.
As was the case with FMLA fraud violations within a company, having an external investigator—like a PI—on retainer, will allow the company to protect itself in the event they believe a former employee has violated their CNC. The fallout from CNC violations can be ugly, with former employees insisting, not only did they not violate their CNC, but also they are being persecuted by their former employer. A private investigator is a third-party, which means they are well within their means to be objective. A private investigator’s loyalty is to the truth, as such, you can rely on cold-hard facts to bolster a case against a CNC violator. This objectivity comes in handy during litigation when enforcing a CNC.
The former employee cannot claim their employer is biased in their fact-finding, because they did not conduct the investigation. While a business can sue a former employee for violation of a CNC, it is not a criminal matter, so a business cannot ask law enforcement to investigate. Luckily, private investigators often have a resume bearing similar experience to law enforcement, as well as ,a very similar set of tools to find answers. They can locate witnesses, witness statements, videotapes, photographs, and acquire documents to build a prima facia case against a CNC violator. Whatever the circumstances, having an objective external investigator on retainer will provide businesses with the assurance they have conducted all necessary steps to safeguard their company.
FMLA fraud can devastate a company, but companies should protect the integrity of their investigations to protect themselves.
The Family and Medical Leave Act (FMLA) provides working families balance to their lives when their circumstances take a turn. Whether it’s caring for new life in the household—such as a newborn or a foster child—or to care for an ailing relative, the 1993 act protects employees from being terminated from their jobs when they must take an extended absence for a specific set of reasons. However, abuses of FMLA are extremely common in the American workforce. While suspicions of FMLA abuse should be taken seriously by employers, companies must conduct thorough and unbiased investigations before terminating any employees. Businesses who do not follow protocol can open themselves up to expensive litigation.
In addition to protecting employees from termination during an extended leave, FMLA also requires their various insurance coverage remain in effect. This protection can be guaranteed for up to 12 weeks. According to the Department of Labor:
FMLA is designed to help employees balance their work and family responsibilities by allowing them to take reasonable unpaid leave for certain family and medical reasons. It also seeks to accommodate the legitimate interests of employers and promote equal employment opportunity for men and women.
FMLA applies to all public agencies, all public and private elementary and secondary schools, and companies with 50 or more employees. These employers must provide an eligible employee with up to 12 weeks of unpaid leave each year for any of the following reasons:
- the birth and care of the newborn child of an employee;
- placement with the employee of a child for adoption or foster care;
- to care for an immediate family member (spouse, child, or parent) with a serious health condition; or
- medical leave when the employee is unable to work because of a serious health condition.
The use of FMLA within these guidelines (with some exceptions) is designed to protect hard-working men and women from losing their jobs when their family suddenly requires their attention. Life can change so fast, and employees can rest easy knowing their jobs will be waiting for them when they are able to return in top-performing condition.
According to Charlie Plumb, an attorney who represents clients in all phases of management, abuse of this protection should be investigated, provided the employer has an “honest suspicion.” He goes on to say, “This honest suspicion standard is really intended to protect the employer against a claim they are interfering against FMLA leave and/or being retaliatory.”
A familiar scenario is one where an employee has been granted leave under FMLA for a serious illness or injury. The employer then happens to see posts from the employee on social media having fun out with friends, exercising, or driving. The employer might think, “If they’re well enough to do these things, they must be well enough to work.” While this might sound like an open and shut case from the employer’s point of view, Allen Smith of The Society of Human Resources Management, provides an example where this philosophy proved problematic:
“Joan Casciari, an attorney with Seyfarth Shaw in Chicago, said she handled a case that involved an employee who was put on FMLA leave for depression. The employer later discovered, through surveillance, she was doing Christmas shopping with her family and having a wonderful time. But her doctor confirmed “retail therapy” was consistent with her condition and the fact she could shop did not mean she did not require FMLA leave.”
Luckily for the employer in this anecdote, they did their due diligence and consulted a medical professional who could corroborate the circumstances of her FMLA qualifications. Some employers are far hastier. When employers do not conduct comprehensive and objective investigations into suspicious FMLA claims, they can open themselves up to lawsuits that can be devastatingly expensive and a public relations nightmare.
Vigilance of adherence to the guidelines of FMLA becomes manageable when Human Resource directors keep an eye out for certain patterns of behavior, such as absence patterns, especially when they coincide with non-work events (holidays or something personal that they may have mentioned in the past). Employers should also be suspicious of absences directly contradicting any medical certification in frequency or duration.
Once an employer has a reasonable suspicion of FMLA abuse, they should most certainly investigate. However, internal investigations into these kinds of abuses can be very messy for Human Resources and upper management. The aforementioned scenario involving “retail therapy” could have been a disaster if the company had not done their due diligence. Some employers are not so diligent.
Another scenario involving a maintenance worker at a nursing home and rehabilitation center panned out much differently. The employee in question noticed his superior was exhibiting a pattern of absence he found suspicious. He began reviewing surveillance footage to compare to his own personal log of her comings and goings in order to prove she was abusing company time. After discovering the independent investigation, the superior served a series of performance adjustments to the employee before terminating him. The termination came after the employee had submitted an FMLA request. The court found the dates of his termination tied in too closely with his request for FMLA, allowing the employee to take the case to trial.
Scenarios like these are why Human Resources and management should 1) be vigilant of FMLA abuse, and 2) conduct a thorough and unbiased investigation in order to ensure the company is protected from litigation. Many companies choose to handle investigations internally in order to minimize the amount of exposure. However, internal investigations spearheaded by current members of staff, will not only disrupt daily operations, but can also have negative effects like the case of the nursing home. The employee conducting his own investigation may have had honest suspicions of his superior’s misconduct, but he was certainly not a unbiased source to investigate.
Private investigators are probative routes often overlooked when a company has an internal investigation. There are many circumstances under which companies do not want to give up control over an internal investigation, and a private investigator is the definition of a third-party. However, the objectivity of a private investigator is the number one reason why companies should consider them as an option. The personal biases of the persons involved in the previous examples caused the investigation to go south. As an independent contractor, a private investigator’s only loyalty is to the truth. They are vital to ensuring an investigation is a transparent expedition for the truth. This goes a long way towards protecting a business from subsequent lawsuits or bad press.
When handling an investigation internally, employers are limited to what surveillance they can attain from their own equipment or social media. Private investigators are licensed to track individuals and photograph their activity in public. Persons who fraudulently claim to be out for injury can be photographed doing tasks directly contradicting their FMLA claim, like yardwork or lifting heavy groceries. In addition to tracking their public movements, private investigators may also conduct undercover operations in order to investigate any frauds. They are invaluable in this regard as they are not known to those within the company. Whether you’re looking for an FMLA weekender or an FMLA moonlighter, if someone has made a fraudulent FMLA claim, a private investigator is the most-equipped professional to prove or disprove the suspicion.