What Columbo Can Teach Us about Internal Investigations

When conducting investigation interviews, take a hint from Lieutenant Columbo, who always got to the bottom of things, even when the odds were stacked against him. His humble, conversational style of questioning put his subjects at ease and enticed more than a few people to spill the beans.

One of Columbo’s signature tactics was his slow and measured way of engaging the subject and building rapport with questions that would “help him to understand” the case. His frequent “oh, and just one more thing” questions as he was leaving a room often pinpointed the very fact on which the case hinged.

Expert investigator and member of the ASIS Investigations Council, Timothy Reddick, CPP, PCI, CFE, likes Columbo’s approach to questioning suspects. He gives the “help me understand” tactic as a fine example of how to draw information from a witness or suspect. Reddick, who was director of fraud and special investigations for the city of Philadelphia before he retired, has many years of interviewing experience from which to draw his conclusions about successful approaches to evidence-gathering.

Never Accuse

The Columbo approach, says Reddick, is friendly and non-confrontational, almost apologetic. “Sorry I have to ask this,” Columbo used to say, eliciting a sympathetic reaction and often an honest answer from the subject.

You need to establish rapport, explains Reddick. “Act like you believe them,” he advises. “That’s how you develop rapport.” Instead of questioning something you don’t believe, ask for clarification. Again, it’s the “help me understand” approach that Columbo used so successfully, never taking on an accusatory tone.
The non-confrontational interview will get you to the truth more often than other methods. Being friendly, establishing rapport and stressing that you are just trying to help to clarify things, is an effective tactic, says Reddick.

Othello’s Error

Another very good reason to give the impression you believe your subject, even if you don’t, is to reduce your chances of committing what is known as “Othello’s Error”, a phrase coined by Paul Ekman in his 1985 book, Telling Lies. According to Ekman, this error occurs when a suspicious observer discounts cues of truthfulness, given the observer’s need to confirm his or her suspicions of deception. The “lie catcher” fails to consider that a truthful person who is under stress may appear to be lying.

“If someone perceives that you don’t believe them or you accuse them of lying, then sometimes their behavior adapters will be the same as someone who is being deceptive. So behavior adapters then become unreliable,” says Reddick. By giving the subject the impression that you believe him or her and using a non-confrontational approach, you can reduce his or her stress level and be better positioned to read any signs of deception.

Unfortunately, sometimes people have the perception you don’t believe them even when you are being non-confrontational. In these cases you have to remember that those adaptors may be unreliable, says Reddick.

Don’t Assume

“If you think you know whether or not they are lying, you are going to be deceived at times,” says Reddick, citing the many myths people rely on to detect deception, including the myth that a subject who avoids eye contact is being deceptive.

“I spent 15 years overseas and there are a lot of cultures that avoid eye contact whatsoever, because looking you straight in the eye is aggressive. And even here, there are lots of people who are very good at deceiving who know the eye contact ‘tell’ and intentionally use it to deceive,” he says.

So if you really want a subject to tell you what you need to know, take a lesson from Columbo. Go into the conversation with an open mind and get the subject to help you “understand”, to “clarify things” for you, and to enlighten you about “just one more thing”.

Computer users warned of ‘Ransomware’ scam

Authorities are warning the public about a cyber scam that locks users out of their computers and attempts to scare them into paying a “ransom” to regain control.

Ransomware is a type of malicious software, or malware, that freezes the computer and activates a pop-up message demanding that the user pay a fee or fine to unlock their computer.

Some of the pop-ups use police logos and claim to be from the RCMP, CSIS or other law enforcement agencies, with messages warning users their computers have been associated with child pornography or illegal music downloading, according to the Canadian Anti-Fraud Centre.

“These types of messages are scams designed to create shock and anxiety so that victims respond by sending money quickly,” the centre said in their website.

Acting Sgt. Kathy Macdonald with the Calgary Police Service’s crime prevention unit said the police would never communicate with the public in that manner.“They would never ask for fines to be paid in that way. That’s not how police organizations work,” she said. People may fall victim to the Ransomware scam by clicking on links or opening phishing e-mails, she added.

The scam has been around since 2006, hitting Europe hard, then making its way to Australia, the U.S., and finally Canada, said Daniel Williams with the Canadian Anti-Fraud Centre.

Since March, the centre has received 10 reports out of Calgary, including one who paid the $100 “ransom” via Ukash, an online payment service provider, he said. In the most recent case Oct. 19, the scammers used the name “Cybercrime Investigation Department of Calgary,” he added.

In Lethbridge, about half a dozen calls were made to police in the past few months, said Const. Kevin Althouse with the Lethbridge Regional Police Service’s economic crimes section.
Williams said victims might be reluctant to report the scam for fear they’ve been looking at or doing the wrong things online and don’t want to be caught.

Police are warning victims not to send money, to contact a computer technician to repair the virus or malware, and to report the incident to the Canadian Anti-Fraud Centre at www.antifraudcentre.ca or 1-888-495-8501.

Computer users are urged to protect their machines by installing software updates, backing up their data and using a firewall, antivirus or spyware program.


Read more: http://www.calgaryherald.com/Computer+users+warned+Ransomware+scam/7448425/story.html#ixzz2AVy0UMYF

A Message From a Former Student

I wanted to inform you that I have become a victim of a scam that has been going around, the last couple of days, and thought I would inform you of it, as many of your students are probably paying off or will be paying off student loans.

Please be aware of any company that calls from Tricura Canada, they will call and inform the former/current student that they are calling on behalf of the Student Loan Centre, and that it is important that you call them back, and that there hours are from 7:30am to 11pm in your region (They never specify the region). That centre would have to be open 24hrs.

This is the number that they leave 1-866-788-0288, and after doing research on the internet, there are blogs/forums stating not to call this number and that it's all a scam.

I haven't had any student loans in over 10yrs, and this made me very suspicious of their credibility and authenticity. They got my number through my brother in-law, which they got from the phone book. I wasn't even married when I went to college at that time, so I was still under my maiden name. It was a fluke that they just so happened to pick my brother in-laws name, as he would be listed first as his first name starts with an A, and who knows how many others they tried.

If your students have a student loan the only people that should be contacting them is their financial institutions, or the government department, National Student Loans Services Centre (Canlearn).

If they get a call from Tricura Canada, or any other company that is suspicious, please have them contact Toll free:1 888 815-4514 (within North America) and speak to someone from the National Students Loans Services Centre. I have also provided you with their link. https://nslsc.canlearn.ca/eng/contactus.aspx

Please remind to never give out any personal information over the phone, even if it's their bank, unless they call them back themselves. If the person that called them hesitates in give the students the number so that they may call them back, they should be suspicious. If the number is not familiar to the financial institutions that they could get of the site, they should be suspicious. The safest action for your students to do is to call the direct line to the company and ask to speak to the manager and confirm if it was an legitimate call from their company.

 

What Was The Internet Originally Called?

In April of 1963 computer scientist J. Licklider published a memorandum on the topic of remotely networked computers entitled “MEMORANDUM FOR: Members and Affiliates of the Intergalactic Computer Network”.

The memo is the first evidence of computer scientists moving towards establishing a geographically distributed network of computers resembling the modern Internet and, for a time, the “intergalactic computer network” nomenclature stuck.

The title fell out of popularity with the introduction of the Advanced Research Projects Agency’s ARPANET in 1969. The term “Internet” to refer to a large network of remote computers would not be put into use until an appearance in a 1974 paper by Vint Cerf and Bob Kahn and wouldn’t be popularized until the early 1990s.

MP REPORT: Ottawa targets fraud

Canada is a generous country to those wanting to immigrate and call Canada their home. Unfortunately, our generosity has been abused by some who have made false claims regarding residency and false statements on their application form.
Minister Jason Kenney has announced that our government is investigating residence fraud with nearly 11,000 individuals potentially implicated in applying for citizenship or maintaining permanent resident status illegitimately.

The minister also announced that the government has begun the process of revoking the citizenship of up to 3,100 citizens who obtained it fraudulently.

In most cases, suspects will use deceitful immigration representatives to fraudulently create evidence of living in Canada while actually living overseas.

This deception is created so that individuals can fraudulently maintain their permanent residence status and later apply for citizenship.

This fraud hurts all Canadians.Those who illegitimately obtain permanent residence or citizenship status have access to taxpayer subsidized education, health care, and other social benefits without ever contributing as a taxpayer themselves.

It also hurts the majority of immigrants who come to Canada, who follow the rules with honesty and integrity.

Minister Kenney has said “Canadian citizenship is not for sale.”

Since the immigration fraud crackdown was launched, 600 former permanent residents have either been removed or denied admittance to Canada.

Another 500 permanent residents have had their citizenship applications denied.

The minister encourages anyone who has information regarding citizenship fraud to call our tip line at 1-888-242-2100, or via email at mailto:Citizenship-fraud-tips@cic.gc.ca

Your government promised to clean-up the abuses of our immigration policies. A promise made. A promise kept.

New BBB Scam Stopper Will Help Consumers Protect Themselves From Fraud

Better Business Bureau and Western Union today launched BBB Scam Stopper, an education campaign to help consumers in the United States and Canada avoid common scams that con artists use to commit consumer fraud.

Consumer fraud is a serious problem in North America. According to the Federal Trade Commission and the Canadian Anti-Fraud Centre, consumers reported losing more than $1.5 billion to all types of scams in 2011.

Western Union has long devoted extensive resources to stopping fraud, including training its agents to intervene if they suspect a customer is the victim of a scam. BBB investigates thousands of scams every year, and tracks scams through reports from consumers and businesses, a number of which use wire transfer.

On the Scam Stopper website, consumers can find facts and tips to stay informed and help reduce their chances of becoming a victim of a scam. The site also explains the science of scams, and how scammers use many of the same “sales tactics” that are used by legitimate businesses. Visitors can also sign up to receive BBB Scam Alerts, weekly emails with the latest scams reported to BBBs across the country.

The site highlights common scams like Emergency Scams (a friend or family member has an emergency, often in another country, and needs money), Overpayment Scams (a buyer overpays and asks for the difference wired back to them), Sweepstakes and Lottery Scams (you’ve won a lot of money, but you have to pre-pay taxes before claiming your prize), and more.

 Personal finance writer/blogger Erica Sandberg has also joined the effort and is blogging and creating public service announcements about scams and fraud for BBB Scam Stopper.
For more information, visit www.bbb.org/scamstopper.

Risks low for Internet scammers

If you consider answering any of the constant tsunami of e-mails offering millions hidden in Africa or elsewhere, I have some fabulous Florida swampland available.

Addressed to “Beloved One,” “Dearest One,” or ever-popular “Undisclosed Recipient,” scammers promise riches in exchange for advance fees.
Once mailed, then faxed, “Nigerian Letter,” or “Nigerian advance fee” e-mail scams now swamp the Internet.

“They very much involve organized crime,” said Det.-Const. Michael Kelly, of the Toronto Police department’s financial crimes unit.

“Dollar amounts are too high and the risks are too low,” compared to robbing banks, he said, adding gangs often use overseas agents to cash victims’ funds and avoid police.
“At least $1 billion a year is lost to mass marketing fraud,” despite educational programs by police, RCMP and federal Competition Bureau staff at six Canadian Anti-Fraud Centre sites, OPP Det.-Const. John Schultz said.

But the CAFC staffer said even that is a a low estimate. By comparing seized “sucker lists” with complaints to police, Schultz said analysts determined “only about 5% of the victims report to us.
“There are a number of reasons,” he said, including embarrassment and people believing police won’t help — especially over small amounts. “But a couple of hundred bucks multiplied by thousands of victims adds up.”

Promised $35 million in 1998, an indebted Toronto bookkeeper sent $2 million in company funds to Nigeria. He was charged. His firm failed. After re-emerging in the 1980s, a century’s-old style of letter scam offering fortunes in exchange for advance fees went viral. Now, via the Internet, senders are based mostly in the U.S., UK, Nigeria, Côte d’Ivoire, Togo, South Africa, Netherlands and Spain.

Most scam e-mailers offering exclusive partnerships include supposed princes, sheiks, ex-military officers, bureaucrats, preachers, lawyers, bankers, oil executives, surviving relatives — and even a purported dying widow who received a message from God to share her fortune. Identical scams flood cyberspace via address-harvesting and bulk e-mail-sending software.
Spelling flubs are common, including:
• “Milloners Club Casino” on a lottery scam script Toronto Police seized recently.
• Several people lost more then $100,000 in a recent Toronto caper that included a bogus $2.6-million cheque with both “Publisher Clearing House” and the correct name, “Publishers Clearing House” printed on the front.

Most people realize foreigners may not be fluent in a second language, but crooks avoid raising suspicions with proper wording, some selling scripts to future scammers without anyone understanding the text. Photos are rarely legitimate.

Documents three recently-convicted Toronto fraudsters had included a bogus Ontario driver’s license bearing an Internet-scalped picture of actress Sarah Michelle Gellar.

While most recipients trash e-mail messages, Kelly said criminals “also do mass mailings,” offering lottery winnings, jokes, religious text, news, stock and crime alerts, and dating and marriage services. Despite many computers having spam-detectors, “phishing” messages seeking money, bank account, passport or credit card information to help supposed friends or relatives are constantly sent.
Even when cash promises crash, some victims reply to requests for more funds to overcome unforeseen problems.

Investigators traditionally regarded greed as a sucker’s failing, but Kelly said many victims “need to believe someone out there loves them” — especially with the leading plague of romance scams that cost Canadians more than $12 million last year. “Victims also say they needed money so badly, to keep the lights on or pay debts,” he added.

Canada has long been home to “boiler-room” bases for targeting Americans, due to heftier U.S. penalties and crooks believing police wouldn’t cross borders.

But Schultz said co-operation and information-sharing increased and the penalties got tougher after President Bill Clinton and Prime Minister Jean Chretien met in 1997.
The long arm of the law now has a longer reach and computer-tracing has improved, according to police.

Lastly, regardless of what is written or said, if an offer seems too good to be true, it probably is.
•People can report thefts or fraud to the Canadian Anti-Fraud Centre at antifraudcentre.ca or 1-888-495-

Inside Job - Gift Card Fraud

October 2012

Gift card fraud exploits security gaps in authorization processes. If your employer or client issues gift cards, do you know the kinds of scams fraudsters might attempt?

A young man walked into a Sony retail store in Central Valley, New York not long ago. With the help of a salesperson, he selected a wide-screen television, a sound system and a laptop. The total cost of these items was nearly five figures.

"And what payment method will you use today?" the salesperson asked as they approached the counter.

"A couple of gift cards," the customer said, presenting them.

The salesperson, who happened to be the store manager, looked at him for a moment. "Let's see how much is on them," she said. Running the first card through a special reader, she squinted at the display, and passed the card through again. After double-checking the second card as well, she told the customer, "Each of these is supposedly worth $5,000." She laid both cards on the counter and wrote their serial numbers on a scrap of paper.

"Yup," the man said. "Everything alright?"

"These are extraordinarily large denomination cards. So I have to ask you for some identification," the manager replied.

"Absolutely," the customer said, patting his pockets as he snatched up both cards. "But I think I left my wallet in the car."

"I see," the manager answered. "I'll be back in a moment."

Inside a black glass dome on the ceiling above the service counter, one of the store's digital video recorders took in the entire scene. It captured no sound, but was placed to view both sides of the counter. Nearby, other cameras took side-profile footage of that area and the entire store.

These devices recorded how, when the manager turned away, the customer quickly left the store and blended into the crowd of passing shoppers. A moment later, the manager was on the phone to Sony's corporate office in New Jersey. Soon she was reading the serial number of each card to Lynn Schiess, CFE, LPQ, LPC, who at that time was a fraud specialist in Sony's loss prevention unit. (Schiess now is a loss prevention auditor with apparel manufacturer Lacoste.)

Schiess discovered that the cards had been purchased recently in a nearby store that had been closed for more than a year. That just didn't add up. Clearly, someone — perhaps an employee in another store — had coded the cards in an unorthodox manner, which cast doubt on whether Sony had ever received payment for them. As Schiess would eventually learn, Sony's internal controls at the time didn't provide for post-transaction assessments of how customers had paid for gift cards. And that turned out to be a major unmitigated fraud risk.

Schiess didn't have much to go on in attempting to track down the culprit(s). She watched the video footage of the young man in the store and realized that by itself the recording was useless for identification purposes. So, Schiess and her supervisor began reviewing exactly how store employees loaded cash values on gift cards in the amounts that individual customers requested and how they initially configured the cash-loading devices.

She knew that each store had one or more machines for activating and adding cash value to cards. But she couldn't figure out how someone could have used an activation machine for a closed store to create two gift cards whose cash value had probably been falsified. The answer to this puzzle became clear, however, when a co-worker Schiess didn't know all that well became unusually chatty with her.

THE CURIOSITY FACTOR

Schiess and her colleagues in the corporate office relied on an IT technician for help with their PCs or applications. This bright employee knew that Schiess' team investigated fraud in Sony stores.

The IT technician, after five years on the job, had mastered the help desk and had been given additional responsibilities. However, unbeknownst to Schiess, the technician's recently expanded role included maintaining a supply of — and initially configuring — the devices that stores used to activate gift cards and add cash value to them.

Part of that preparatory process included assigning to a machine a unique store identification code and running a test transaction on a gift card to confirm the machine would operate properly in the store. After the technician had determined that a card machine was working and had sent it off to a store, standard operating procedure called for him to remove the cash value from the card he had used, which remained in his possession. And therein lay another fraud risk: At that time Sony internal controls didn't require tracking the serial numbers of the cards on which the technician had performed these test transactions.

Soon after the unidentified customer tried to use the bogus cards, the help desk technician began to frequently stop by the loss prevention unit "just to chat," which he had never done before. Schiess thought this was odd but not necessarily suspicious. Regardless, she mentioned it to her supervisor, who had worked in loss prevention for decades.

"[My supervisor] immediately interpreted our help desk guy's behavior as a red flag," Schiess recalled. "In his experience, some fraudsters had drawn attention to themselves by trying to find out whether investigators knew about their fraud."

So Schiess and her supervisor visited the IT department head on the chance that the technician's behavior might be related to the falsified gift cards. When they told him about the case, he immediately brought up the technician's new and pivotal role in the gift card process and agreed to keep an eye on the technician while Schiess pursued her investigation.

Schiess' next priority was to confirm the identity of everyone involved in the attempted fraudulent redemption. She now had a credible fraud theory — one that focused on an employee in the corporate office, not in a store — and she set out to find evidence supporting or disproving that theory.

FAMILIAR FACE

Schiess' investigation continued with a background check on the IT technician, including an online search for information about him and people with whom he associated. When she discovered he had a Facebook account with a public profile and photos, she immediately recognized a face she had seen in the video of the attempt to use the $5,000 gift cards. The bogus customer and the IT technician were friends. Next step: perform an admission-seeking interview.

Schiess and her supervisor confronted the technician with this evidence. He promptly confessed and vented his pent-up resentment against the company, which he felt had denied him a raise and bonus that his hard work more than justified.

Not long after he began working with gift cards, he said, he had come across the unique identification code of the closed store.

Soon thereafter, an operational store needed a gift card activation machine. At that point, the fraud triangle's three components (pressure, rationalization, opportunity) coalesced in the IT technician's mind. He already was motivated to seek revenge and had fully rationalized his moral entitlement to it. Now, with a tempting opportunity to commit lucrative fraud in what he perceived as a low-risk situation, the technician launched his rash, short-lived plan.

This is how he did it. Just before legitimately configuring the activation machine, the technician temporarily assigned the closed store's code to it and fraudulently issued himself two unfunded $5,000 cards. He then changed the store code to that of the operational store and sent the machine off to it. There was no audit trail to follow; only he knew he had "borrowed" the activation machine to give himself a $10,000 gift. Feeling confident, he then recruited his friend to convert the cards into assets they could keep for their own use or sell for a tidy, illegitimate profit.

Schiess' supervisor obtained a signed confession from the IT technician, and then Sony pressed charges and terminated him. Ultimately, he received probation. Sony had suffered no loss, but Schiess was acutely aware that serendipity had played much too large a role in solving the case.

"It was pure luck that this fraudster was nervous enough to draw attention to himself and careless enough to use as an accomplice someone whose photo was on the technician's public Facebook page," she said. "I knew we needed better controls and risk assessment reports to help us keep tabs on these exposures. Otherwise, frauds like this would continue to occur."

DÉJÀ VU WITH A TWIST

A year after the above case, business appeared to proceed normally in another Sony store. Anyone looking at soundless footage from its security camera over the sales counter would have seen the store manager, in plain view, using a gift card activation machine connected to a point-of-sale (POS) register. And he wasn't alone; other employees also were visible nearby, interacting with the manager. It seemed as if nothing out of the ordinary was happening — even though the manager was in the process of stealing $280,000 worth of gift cards.

He didn't know it, but Sony had taken the previous gift card fraud seriously and had greatly improved internal controls. Schiess and her colleagues in the finance and IT departments had created reports to identify indications of potential gift card fraud whenever they appeared.

Sony expected the reports to cover an important security flaw in the company's gift card activation and POS systems. Management had decided that the cost of a hardware upgrade to eliminate the flaw was greater than any losses the exposure would allow. They reasoned that the reports would alert Schiess to any such frauds. And indeed the reports detected and flagged the manager's fraud — but not immediately.

Although the company knew of the security flaw, the manager had discovered it by accident. One day, about a week before his fraud began, the manager was legitimately activating a gift card for a customer. The customer presented a credit card to cover the funding for the gift card, but the customer's credit card issuer denied the transaction. Because the customer didn't have enough cash to pay for the gift card, the manager cancelled the gift card transaction, returned the gift card to the usual storage cabinet and gave it no further thought.

However, a few days later, another customer asked to buy a gift card, and the manager used the same card he had cancelled earlier. When he began to add cash value to it he discovered that the value he thought he had erased was still on the card — even though Sony had received no funding for it. The stunned manager put the card aside and activated another for the current customer. Then the manager began planning a fraud in which he would intentionally initiate and cancel gift card activations after adding large amounts of cash value to the cards. His fatal flaw was to assume that the company was unaware of the security flaw he had discovered by accident.

At first, the manager fraudulently added relatively small amounts to gift cards. No one inquired about these transactions, so he plunged ahead. In just one week, he issued himself $280,000 in illegitimate, unfunded gift cards. Well before he finished his spree, however, a report tipped Schiess off to the high number of gift card cancellations in the manager's store. She reviewed the store's security video and saw the manager processing stacks of gift cards with nary a customer in sight.

"He just went wild and fraudulently activated more than 100 cards," Schiess said.

Other employees, who were arranging displays and performing similar routine tasks, had no idea the boss was stealing. But Schiess combined intelligence from reports and video and knew exactly what the manager was doing. She alerted the finance department, which deactivated the falsified cards before anyone could use them. The manager confessed, and Sony reported the fraud to law enforcement, who arrested him.

"We learned from our experience," Schiess said. "Improving internal controls saved us from incurring a huge loss. And our discovery and prosecution of these frauds might have deterred other employees from committing similar abuses."