“Virtual currencies, perhaps most notably Bitcoin, have captured the imagination of some, struck fear among others and confused the heck out of the rest of us — including me.” – Senator Tom Carper, chair of the Senate Homeland Security and Governmental Affairs Committee, November 2013

Today is day 2 of our Fraud Awareness Week series, Fraud Stories and Lessons Learned, and we want to highlight the rapidly emerging problem of cryptocurrency fraud. Brad Moody, EVP of Operations for Lowers & Associates, points out the rapid increase in crypto-related fraud noting that in 2016 there were only 340 active fraud cases of such fraud and by 2020, there were more than 80,000 cases in the U.S. alone.

In this fraud story, Brad explains how current schemes to capture victim organizations’ cryptocurrency are amplifying the need for effective internal controls, anti-fraud training, and third-party penetration testing.

Listen to the story here:

Interestingly, one of the best ways organizations can protect themselves from cryptocurrency fraud is through the same tried and true practices used to prevent social engineering, phishing, and other related attacks. Employees are increasingly subject to scams through email and link-sharing, so it’s important to look at how to detect and block such activity but also to train employees on how to recognize and avoid becoming victims to such scams.

David Gardiner, Senior Vice President of Lowers Forensics International, offers further advice: “Crypto based currencies are now becoming a professionally acceptable form of tender. Now more than ever, corporations need to proactively mitigate their risk and exposure. This can be done through a myriad of operating procedures including the process of facilitating not only their outbound, but even incoming payments. Strict rules of engagement, much like the protocols already used in wire transfers (verbal confirmation, dual signature authentication, etc.) should be followed here as well.”

Stay tuned tomorrow for another fraud story from the front lines of Lowers & Associates.

Wikipedia defines social engineering, in the context of information security, as the “psychological manipulation of people into performing actions or divulging confidential information.” Our increasing reliance on vast networks of digital technology for information storage, research, controls, and transactions makes organizations highly vulnerable to social engineering fraud.

There is a strong urge to combat this risk with a technological fix like stronger encryption or better management controls. The problem is not a technical one because social engineering fraud is based on the exploitation of human interactions and human frailties.

… Continue reading

One of the more pervasive human risks in modern organizations is fraud through “social engineering.” Social engineering fraudsters gain access to your most valuable assets by using deceitful tactics to turn trusted employees or partners into unwitting and unwilling accomplices. This occurs at a typical loss rate of $25k to $100k per incident. This stealthy crime can be very hard to detect because the accomplice is unaware of being complicit, giving the perpetrator time to escape.

… Continue reading