by admin_lauth | Apr 19, 2019 | Corporate Investigations, Cyber Crime, Cyber Investigations, Fraud, Investigations, Phishing, Technology, Theft, Workplace
The invention of direct-deposit payments in electronic banking have likely saved companies millions of dollars over the years in labor hours, materials, and fees that previously caused problems for companies. However, in an age where your paycheck is sent automatically to your checking account, phishers are seeking to exploit this automation for personal gain.
The Internal Revenue Service has reported an upswing in various types of fraud that directly target a company’s payroll. While the ruses come in many forms, one of the most popular is phishing emails disguised as legitimate correspondence from an employee or upper management. It’s always an instruction to alter payroll information so that funds would be rerouted to the scammer’s bank account. Once the deed is done, the money is withdrawn and the company is responsible to replace the missing funds. While the FTC and the IRS are constantly reevaluating their strategies for containing these types of fraud, this particular scheme is hard to detect and often goes unreported. The email can outsmart security measures set down by the company or within a company’s email server, and scammers take amounts that can just be written off as unfortunate missteps on behalf of personnel.
Frauds such as these have gone through an evolution as security technology becomes more sophisticated and what we know about internet culture continues to grow. Internet frauds used to be about volume and inattention to detail—thus the birth of phishers, who sent emails rife with spelling and grammar mistakes out to mile-long email lists, casting a wide net throughout the web. Education about fraud has forced scammers to be more cautious. Today, companies who have seen this scam in its newest form remark that these phishing emails look so authentic that there may not be a question in their mind before obliging their request. Security measures that have risen from the nucleus of electronic banking combat wire fraud every day in the United States. Large sums in wire transfers now throw up giant red flags. Phishers and scammers are getting more bang for their buck by taking smaller amounts with more frequency, lurking below the radar. This does not require sophisticated hacking skills. Just the ability to open a Gmail account. Phishers make the account look cosmetically convincing, then throw out the lure. One of the most targeted entities is non-profit organizations, because of the benevolent nature of their business. The idea of someone ripping off a charity or relief organization is horrifying, but the simplicity of scams like this make the opportunity too lucrative to pass up.
It’s frightening how simple the fraud is to pull off, but there is recourse for businesses who are vulnerable to such a scam. One of the non-profits who fell prey to this scam was KVC Health Systems, an agency for child welfare in Kansas City. Their IT director, Erik Nyberg, says it starts with comprehensive education on company procedures, “The CEO is never going to email you out of the blue and ask you for any deposit changes. And if you have any sliver of a doubt, call the person who is making the request.” He goes on to discourage executives and upper management employees from using their personal email accounts to send staff correspondence, and to set email filters that will catch suspicious incoming messages. Social media managers are also cautioned against posting any company information to their pages that could serve to bolster a phisher’s credibility.
If your business has been the target of this wire fraud scam, you are encouraged to report them to the Federal Bureau of Investigation’s IC3 tip line.
by admin_lauth | Apr 11, 2019 | Investigations, Private Investigations News, Tips & Facts
Every business—from the mom-and-pop shop to corporate America—will encounter some form of crisis during their operation. Crises come in all shapes and sizes, including employee malingering, internal theft, brand protection, and a myriad of lawsuits that could bring an established business to its knees. When disaster strikes, it is the reflex of most companies to handle the matter internally, often delaying important investigative measures out of uncertainty, ignorance on how to proceed, or both. While an internal investigation allows a company to control available information and minimize any consequences, an independent external investigation conducted by a private investigator is the best course when it comes to finding a comprehensive solution to any corporate crisis. The important thing to remember is you cannot wait when a crisis arises, and hiring a private investigator should be one of the first items on your to-do list.
Independent private investigatiors provide the best solutions from the onset of the investigation. Investigators too often run into roadblocks during investigations because they are working from a narrative and timeline that has already been established by an internal party. When you have a qualified and objective investigator handling the investigation from the beginning, it lays a solid foundation that will lead to credible leads, proper gathering of evidence, and quality conversations with potential witnesses.
During a fact-finding process, internal investigators may not have considered all angles and left many leads unexplored. Potential witnesses within the workforce need to be interviewed and their statements recorded, but an internal investigator—usually a Human Resources representative or upper management employee—may not have the qualifications. Any witness testimony may be tainted because the investigator is not properly trained in interview and rapport. Witness statements could also be false or inconsistent because they fear reprisal from an internal investigator who may have clout when it comes to the employee’s future at that business. When a private investigator is retained weeks after the onset of the investigation, witness’s memories may be inaccurate or even non-existent. In some cases, an employee may have already left the company, or changed addresses. This results in more investigative measures required to locate that employee, which costs money and labor hours to the investigator.
Witness statements are valuable, but not so much as hard evidence that cannot be interpreted for a particular spin. One common example is surveillance footage. An internal investigator may think to pull surveillance footage from a single camera near the site of the incident or crisis, but the investigator may not pull surveillance footage from other cameras that could contain valuable information. Most companies invest in security systems that recycles surveillance tape after a short period of time, sometimes as little as five days. Once an independent private investigator is retained, valuable footage is gone, and other fact-finding measures will be necessary—again, more time and money at the cost to the company.
It is possible for an internal investigation to play out smoothly—at least at first glance. Even if the internal investigator is well-qualified to conduct the investigation, there will always be the question of objectivity when dealing with an internal investigation. A successful investigation that concludes with the termination of an employee who was found to be at fault for the crisis or incident has the potential to result in legal action. In this example, it would be a wrongful-termination suit. When argued in a court of law, it’s easy for the terminated employee to cast doubt on their former employer by citing the investigation into their wrongdoing was conducted by an internal employee with a direct stake in the outcome. When a private investigator handles the investigation from beginning to end, there will never be a question of objectivity, because a private investigator’s task is to find the truth—not manufacture a solution that will mollify their client.
When your company encounters a crisis, do not hesitate to retain a private investigator to find a solution. The time and resources spent on an internal investigation may all be in vain when the chips are down. To protect your business and its profits, take immediate action when a corporate crisis arrives by retaining a private investigator that will provide you with the expertise and objectivity for a successful solution.
If your business has encountered a corporate crisis, call Lauth Investigations International today for a free consultation. Call 317-951-1100 or find us online at www.lauthinveststg.wpengine.com
by admin_lauth | Feb 21, 2019 | Consumer Fraud, Cyber Crime, Cyber Investigations, Fraud, Phishing, Technology
Smartphones have become such an integral part of our everyday lives that many users joke their devices have become grafted to their hands. We use them to maintain contact in our work and personal lives, correspond through email and social media, and a bulk of Americans have made the transition to conducting their banking through the use of mobile applications. As developers continue their bottomless pursuit to create an app for everything, more and more of our real, flesh-and-blood lives are being stored on our phones: personal details, account numbers, passwords, and other sensitive information that could be misused if it fell into the wrong hands. That’s why smartphone users have to educate themselves on the specifics of a scam called “SIM card swapping.”
What is SMS?
For many telephone, internet, and smart device developers, SMS (short message service) text messaging is the cornerstone of their services. As of 2010, it was the most utilized service provided by communication companies with 3.5 billion users. It became a vital tool in direct marketing campaigns and remains one of the most popular forms of communication in younger users. Because of the ubiquity of smartphones, many companies that require a two-step authentication process for their users’ security implement SMS as a secure means of accessing information. For example, you attempt to log in to your bank account, correctly entering your username and secure password. It’s not uncommon for banking apps to prompt a second form of verification, so the app tells you it will now be sending a four-digit verification code to your phone that you must enter on the app to confirm that you are who you say you are. The code is sent to your phone via SMS. Once this information is transmitted over SMS, users are often derelict in deleting that information from their devices. This is where users are vulnerable to the scam.
How SIM swap scams work
Smartphone users who have lost their phone or who have been the victim of a theft often have the ability to call their mobile provider and provide their secure information in order to have the provider remotely wipe the SIM card and have that information transferred to another phone. Thieves in search of secure information will use tools like phishing mail campaigns, posing as legitimate companies like insurance and credit card companies to get the victim to willingly hand over identifying information such as date of birth, address, and phone number. Once they have enough identifying information, they will call the victim’s mobile provider and pose as a customer. They claim they’ve lost their phone or their phone was stolen from them. Then, using the victim’s identifying information, they will request that the mobile provider remotely wipe their old SIM card and rewrite it to the SIM card in their new device. Just like that, the thief has any and all information that has ever been transmitted via SMS text. This leaves accounts, email inboxes, and secure information vulnerable to fraud. “A high proportion of banking customers now have mobile phone numbers linked with their accounts,” fraud prevention consultant, Emma Mohan-Satta, told Digital Trends, “and so this attack is becoming common in some regions where this attack was not previously so common. Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims who have been specifically targeted through successful social engineering.”
Who is vulnerable?
Anyone who uses their smartphone as part of a two-step authentication is vulnerable to a SIM card swap scam. Once the thief has their hands on your personal information, they can devastate you in minutes by performing bank transfers, rerouting mail, and making purchases in your name. If the SIM card contained any compromising information, such as lewd photos or inappropriate communication with another person, the perpetrators can use that information to blackmail a victim into paying a tidy sum in exchange for the return of the compromising data. A victim named Tina told Motherboard, “This just happened to me over the weekend. I lost service late Saturday night and assumed it was an issue with my always buggy iPhone. Then on Sunday morning my husband got a text from T-Mobile saying that a line on our phone plan had been cancelled (mine) and i soon discovered that $1200 had wired out of my bank account to someone in [redacted] with my same last name.”
While the cost to a single individual can be devastating, a sophisticated thief can do even more to topple a business like a house of cards. It’s common practice for some types of employers to issue their employees a company cell phone to facilitate business, and in this day and age, that almost certainly means a smart phone. Correspondence between coworkers, appointments, account numbers, and sensitive company information can be exposed and exploited for gain. Companies that carry high financial sums in their accounts can be ruined before they even realize there’s a problem.
How to protect yourself
Dependence on smart phones to facilitate two-step authentication plagues many users throughout the country who enjoy the convenience of verifying their identity through SMS. Luckily, tech sites like Motherboard recommend a few ways you can protect your identity and your monies.
Beef up account security
Many major cell phone service providers are developing new methods of two-step authentication in light of the rise of SIM card swap scams. Many offer their customers the option to set up a secure PIN for their account, completely separate from the login information used to access their account. The PIN is used as a primary verification feature specifically for when customers call into the support center for SIM card-related issues. Previously, many providers opted for a security question for this type of authentication, but the answers to these security questions can often be found on a victim’s social media, such as, “Which high school did you attend?” This way, the PIN is never transmitted through SMS text messaging, and no personal information from a social media profile can be used against them.
Don’t link your number to your online accounts
Once a thief has access to your account, they can easily reset your password and other authentication methods, making it very difficult to quash the problem. Instead of linking your mobile cell phone to your accounts, you can choose a different sort of number, such as a Google Voice number.
Many individuals and companies bypass security measures for a number of reasons, such as lack of time, interest, or the mere belief that they could never be the victim of a SIM card swapping scam. The reality is that it can happen to anyone, and there’s no shortage of victims for scammers. Users who practice their due-diligence can build a security to block them out. When the scammer hits this wall, they simply move on to the next target. Educate yourself and ensure that target isn’t you.
Carie McMichael is the Communication and Media Specialist for Lauth Investigations International. For more information on investigation topics, missing persons, and corporate solutions, please visit our website.
by admin_lauth | Feb 7, 2019 | Cyber Crime, Cyber Investigations, Resources, Technology, Tips & Facts
Advances in technology are constantly changing the dialogue about how we protect our children from potential predators. Over the last decade, parents have had to reform their strategy when it comes to protecting their child in the real world. Before, parents cautioned their kids on stranger danger, special code words, and remaining aware of their surroundings in public. In a new era of unfettered internet access through multiple smart devices, parents had to contend with the real world being brought into their homes, with predators targeting their children through social media. Now, it appears parents will yet again have to add some new pages to the playbook when it comes to protecting their children from predators on video game platforms with integrated social networking.
Parents with children between the ages of 12-25 will likely be familiar with the online first-person shooter video game known as Fortnite. In the game, 100 players at a time compete to be the last one standing in a battle-royale style of combat. The game features a chat feature allowing players to communicate in team efforts and other uses. It has great potential to foster team building and cooperation between young people, but also has a dark side recently illuminated by an arrest made in Florida in late January.
Authorities arrested 41-year-old, Anthony Thomas, a man who allegedly used Fortnite’s instant-messaging feature to groom over 20 minors, including a 17-year-old, with whom law enforcement allege he had a sexual relationship. The Florida Attorney General’s Office also stated Thomas has been charged with 22 counts of possession of child pornography, and other charges related to his unlawful sexual relationship with the minor. Investigators uncovered he groomed the minors by sending them gifts—including a cell phone so their communication could remain more private. Ashley Moody, Attorney General, remarked about the predation perpetrated, “This case is disturbing, not only because it involves child pornography, but also because a popular online game was used to communicate with the victim.”
Grooming is defined as “a process by which a child predator gains the trust of a victim by building a relationship with the child and then breaking down his or her defenses.” Once a predator has earned their trust, they begin exploitation. Minors who are groomed in the gaming community are particularly vulnerable because the predator may literally be on their team. Cooperative play between players fosters a healthy, “there’s no ‘I’ in TEAM,” mentality, but predators use this relationship to manipulate the minor.
One of a predator’s greatest weapons when grooming a minor online is pop culture. The predator—perhaps unlike the minor’s parents—shows their target they’re “hip and cool”, and are able to converse at their level about something they enjoy. This causes the minor to lower their guard, and the predator begins their manipulation game, culminating in the exploitation of said minor. Online gaming is becoming so ubiquitous predators have developed a way to sense when a minor’s gaming is suddenly being supervised. The moment a minor’s behavior changes—they stop responding to messages, or do so uncharacteristically—the predator can pick up on that and cease all communication before they’re caught.
Unfortunately, even if a parent is supervising the communication between their minor child and other players online, it doesn’t mean they cannot be groomed. In the grooming process, between the introduction and the beginning of the exploitation, predators often suggest moving their communications to a third-party app, like What’sApp or Snapchat. These are apps where communications disappear with ease, and a parent performing their due-diligence in supervising their child’s internet safety may not notice, or even know how to access. TeenSafe says it’s critical parents learn to recognize the signs of grooming in their minor child.
Signs of Grooming
- Your child wants to spend more time online or playing games on a console, but won’t tell you why.
- Your child does not want to discuss what he or she does online, or what websites he or she visits.
- You notice your child is using inappropriate language he or she would not have heard within your home or at school.
- When you walk in a room, your child quickly changes the computer screen, mutes the volume on their gaming console, or turns it off all together.
Fortnite and other games with similar messaging platforms have been on law enforcement’s radar for the last few years as the instances of these cases continues to grow. In August of 2018, Titania Jordan, a digital safety expert, appeared on The Doctors to provide parents with helpful tips—not just for supervising their children’s gaming—but also for establishing boundaries that can nip grooming in the bud.
- Do not allow minors to have computers, game consoles, or tablets in their room without supervision. Keeping these devices in common areas will increase visibility and deter predators from targeting them.
- Instruct your child to never reveal any personal information about themselves to people they’ve met online, especially very specific information, such as where they live or where they go to school.
- Create a culture of openness in your home where children feel comfortable coming to you if they feel uncomfortable about an interaction they’ve had online.
People of all ages play video games, but the vast majority of players are either minors or young adults, and parents often find themselves overwhelmed with the strange new world of online gaming. Titania Jordan reminded parents knowledge is power, recommending they verse themselves in the games their children play. This can only heighten your ability to detect when something is off. This means doing research online, and actively listening when your children describe normal gameplay behavior.
Having an internet connection in your home may feel like you’re inviting predators into your home. And true, there’s no time to supervise every single activity your child does online. This is why it’s so important to nurture an open line of communication between parent and child. Not only will parents be able to sense when something is amiss in their child’s online interactions, but a strong bond between parent and child makes it less likely that an online predator will be able to isolate the child emotionally and manipulate them for the purposes of exploitation.
by admin_lauth | Feb 1, 2019 | Missing Person, Personal Investigations, Resources, Tips & Facts
As the Western idealization of a family unit continues to grow and change, more and more parents are either opting to place their child for adoption or adopt themselves rather than have a biological child. As such, adoptions are on the rise. The Adoption Network estimates the number of children in foster care at any given time in the United States is around 428,000. Of that staggering number, about 135,000 are adopted every year. Children are put up for adoption under a wide umbrella of circumstances in varying degrees of frequency, but what is not uncommon is a child’s adolescent or adult curiosity about the exact nature of where they came from. Because adoption agencies have their own privacy restrictions regarding birth parents, adopted children are often left with only a few meager details and options. Private investigators, however, are well-equipped to find a child’s birth parents; with a comprehensive tool chest and a wealth of experience in searching for persons who may or may not want to be found.
The rate at which information technology is developing has been denoted by some as Orwellian, but the ubiquity of public databases and fact-finding software available to the public is higher than ever. Hiring a private investigator may be costlier to the individual than conducting the search oneself, but without the proper tools and expertise, individuals can follow false leads and dead ends for years at the cost of their time and personal finances. Private investigators, especially ones who specialize in locating biological relatives, can cut down the time and expense individuals would ultimately incur during their search. The complexity of adoption laws and procedures (often varying state-to-state) is a knot of cable wires that is difficult for any private citizen to untangle.
Private investigators with a variety of specialties are suited for this work because there is no chain of command in their business. Most notably, private investigators are often their own bosses, with the freedom to pick and choose the cases they want to focus on. Unlike the underpaid, overworked civil servants who work in child services, or the overwhelmed agents at an adoption agency, private investigators only handle less than a half-dozen cases at one time, so an adoption case will not just become another folder in a tall, precariously leaning pile on someone’s desk. There are no jurisdictional boundaries preventing a private investigator from going across state lines, as long as they are licensed in the state or being contracted by a private investigator who is licensed in the state. While there are limitations to what information can be gathered from the state based on the birth-parents wishes, the autonomy of a private investigator is ideal for tracking down either birth parents, or children who have been placed for adoption.
The Child Welfare Information Gateway estimates, of all parents placing their biological children for adoption, nearly half of those parents will then seek out those children after they have reached adulthood. Parents in search of a biological child always have a search advantage as the legal adult at the time of the adoption. They play a pivotal role in establishing the boundaries that might preclude this child from ever contacting them again in the future. Depending on the terms of the adoption agreement, the adoption agency may not be able to release information about anonymous birth parents to their biological children.
The privacy laws surrounding adoption in the United States date back to the beginning of the 20th century, and were put in place to protect the privacy and identity of all parties involved in an adoption. It’s only in recent years that the Adoption Information Act has made it possible for both parents and children to request information about the other in situations where all of the aforementioned parties have waived their right to privacy. Adoption laws have also gone through a metamorphosis in recent decades where parents are required to fill out detailed medical histories for the benefit of the child’s physical and mental health growing up. In addition to information about their own birth (date, location, hospital), a birth parent’s medical background might be the only information an adopted child possesses.
Locating a birth parent or child is a form of investigation known as a skip trace. “Skip” refers to the action of searching for a person, derived from an old colloquialism, “to skip town,” or leave with very little notice or instruction. Trace refers to the process and resources involved in finding the person, such as international online databases, surveillance, and location technology and services. Skip traces in adoption cases can go both ways: A child in search of their birth parents, or a birth parent in search of the child they placed. Private investigators who take adoption skip traces have a mountain of data to sift through, including adoption registries, religion-related services (such as options offered through the Catholic church) and a mountain of databases, including—but not limited to—welfare, child protective services, private adoption agency, foster care, police, court, hospital, and international records.
Depending on the level of information available to either a birth parent or biological child (and subsequently the investigator) adoption cases can have a mixed bag of possible results. In scenarios where a private investigator is unable to find a birth parent, it’s typically because there is not enough information on the record to begin with. Because of varying degrees of regulation across all adoption agencies (both state and private), the level of information and quality of record keeping is a crap-shoot, and investigators often hit dead ends in those types of investigations. In other circumstances, after many long hours of research and investigation, the private investigator is able to locate the birth child or parent, only to report back to the client the subject in question has no desire to reunite with them in any fashion. These are solutions often unsatisfactory to the client, but it is a difficult reality, and the client will have some semblance of closure regarding their questions about the subject. However, in the event private investigators locate the birth child or parent, and the subject is willing to re-initiate contact, private investigators can be ideal liaisons to bringing biological parents and children together in adulthood. They can alleviate some of the most common anxieties surrounding meeting strangers, and have experience with reconnecting displaced parties that will inform a gradual process of reestablishing contact.
Life has an infinite potential to get messy very quickly, and a child being placed for adoption is one of the consequences of the indeterminate. Fortunately, private investigators not only have the sleuth skills to find persons under all circumstances, but an acute ability to read people that benefits the precarious nature of the cases they take on. When a birth parent and child are open to meeting again under more pleasant circumstances, private investigators can build strong bridges across decades of separation, confusion, and curiosity.
