In the wake of these ever-changing times it is quite natural for businesses and individuals to focus more on survival. This includes staff retainment rather than paying attention to protective control measures including conducting forensic due diligence checks. In reference to the above-mentioned question, the blatant answer is NO!
Forensic or investigative due diligence is essentially the uncovering of information through investigating, analysing and verifying significant information such as open source corporate, partnership and other business records, business reputations and regulatory history, sanctions and violations.
In the current climate of working from home arrangements, there are inherent challenges to perform effective forensic / investigative due diligence checks. Fraudsters rely on this operational weakness to carry out scams aimed at obtaining monetary benefits and enticing individuals to divulge confidential and sensitive information. It is extremely crucial now more than ever that businesses (and individuals) stay vigilant and continue to comply to and adapt company policies and procedures and utilise forensic due diligence methods to mitigate key risks, thereby resulting in lower costs and / or minimising further loss.
The following article gives an overview of various fundamental forensics due diligence procedures that can be performed using widely available Open Source Intelligence (OSINT) tools. This will serve as a protective measure against fraudulent acts, particularly around the current increase in COVID-19 related scams with cyberfraud examples including fraudulent access to early access of superannuation funds and product scams in relation to selling fictitious products.
Phishing and Smishing scams relating to Early Access to Superannuation
It is no surprise that superannuation phishing scams requesting personal information have long been in play, but what is different in the light of COVID-19 is that with the introduction of the ‘Early release of Superannuation’ stimulus measure, fraudsters are not just targeting older people but have expanded their target audience to a wide range of age groups. The Australian Competition and Consumer Commission (ACCC) in their recent media release (6 April 2020) on superannuation scams has reported that “Since the Government’s announcement in March, there have been 87 reports of these scams but no reported losses” This statement does not imply that the victims were uncompromised. Highly confidential information in the hands of fraudsters not only provides potential access to personal funds, it also serves as an enabler of many fraudulent acts, most notably identity theft!
A few simple, mitigating checks like the following can be conducted to avoid severe reputational and financial damage, such as:
- Conducting a quick independent Google or similar search of the caller’s contact details before providing any personal information.
- Independently contact the organisation the sender claims to be from to verify the legitimacy of the caller and organisation – a quick call using reputable company switchboard numbers can go a long way
- Review and confirm with regulatory bodies about the procedures put in place for stimulus measures to ensure that individuals are following official protocols.
At a time when people are panic-buying, fraudsters are capitalising on the situation to perpetrate scams. Examples include selling counterfeit products (seller scam), buying products and cancelling payments as soon the product is shipped (buyer scam) or even pretending to be legitimate online sellers, either through an alleged fictitious website or through a fictitious advertisement on authentic retailer sites such as Amazon and eBay. In a recent article, Amazon alone has removed more than 1 million products which claim to protect against coronavirus.
It is imperative that organisations, particularly those operating / involved with high-demand products (e.g. face masks, gloves, hand sanitisers) stay on top of forensic due diligence checks to avoid falling prey to scammers.
Here are some quick time-efficient integrity checks that can be performed:
- Check the ABN/ABR Register to verify details of the vendors
- Conduct an ASIC search to confirm the authenticity and registration of the company
- Use reverse-image searching to verify legitimacy of products and sellers
- Review articles published by ACCC and related associations for the industry of the company or individual to keep up to date with the latest trends and industry performance. This will help you identify cases of price gouging.
- Lookup the vendor or advertiser website using regular search engines to ensure the domain name is not a ‘spoof’
Yes, performing forensic due diligence and integrity checks will take an extra few minutes to complete a purchase order or a request to claim superannuation and may also prove to be tedious while working in remote environment settings, but spending that little bit of extra time will go a long way in protecting yourselves and your businesses from alleged fraudsters!
The Fraud & Forensic Services team at RSM offers a range of forensic due diligence services. Please feel free to contact Roger Darvall-Stevens, National Head of Fraud & Forensic Services, or Milind Sheth, Senior Manager, if you require more information or assistance in this area.