Posts

How to protect against frauds while Looking for job/new business proposals

At times we all look for a change in job or want to explore some business proposal, while doing the same, we also need to protect ourselves against frauds. There could be various red flags, for now below are three which one should look out for, to protect against frauds: 1- Advance payment - Such schemes are aptly called “Advance fee scams” and there are multiple variants, which range from offers of “work from job/business”, “jobs in foreign country”, “balance left in account of a distant relative”, “someone who wants to help people by making donations/charity”, “lottery prizes”.Whatever be the variant/modus operandi, one thing is definite that they want advance payment before providing you the product/service/job/business etc. 2- Unsolicited jobs/business partnership - In the times where for any job there are hundreds of applicants and startups/existing businesses chase venture funds, it’s strange when one gets a “too good to be true” job/investment proposal without even ap

Five Tips to manage risk of fraud in SMEs/Start ups

While large organisations are usually target of fraudsters as rewards are better if their attempts are successful but at the same time it is difficult to succeed as large organisations often have resources in place to counter frauds. For fraudsters it makes sense to target smaller organisations and they make up by targeting larger number of such organisations. The reason for this is that small organisations generally do not invest in tools/resources to counter frauds, which makes sense considering cost-benefit equation. I have documented some tips which do not require much resources but could be very effective to counter risk of fraud for SMEs and startups. Fraud not only causes financial loss but also cause productivity loss (it takes up time of staff which could be otherwise utilised for achieving business objectives) and poses risk to reputation. 1- Fraud Risk Policy - It need not be very elaborate but must cover certain key elements including what is fraud and provide

Five Tips on how to identify a Scam

There are various forms of scams, these include age old dirty notes scam, lottery scams, Inheritance scams, Investment scams to job scams, marriage scams, organ donation scams, education and training scams. While each of the scam has some unique modus operandi but they also have certain common characteristics. I have listed down some and would be happy to update it based on inputs: 1- Scarcity  - There would always be a scarcity of the item/service being offered. Be it a job or investment offer. This is used as a bait to get the target to act fast. 2- Confidentiality - Scamsters would want the target victim to keep the offer confidential, they don't want the victim to consult others. 3- Too good to be true - Target victim usually thank their "luck" and past "good karma/deeds" to be chosen for the offer, it is because the offer is so good, it's almost unbelievable; which it is. 4- Commitment - It may be financial/non financial and usually is notio

5 tips to protect against Business Email Scam (AKA Redirection fraud)

1- Call :  Any change in account details received on email/fax must be validated through call at already known phone number. 2- Test Transaction :  When making fund transfer based on account details received through non- personal channels  (email, fax, courier), always conduct a test transaction of small value, confirm the receipt with beneficiary through phone call (already known number). 3- Don't trust account title:  In the era of automated payments, there's no compulsion on banks in various jurisdictions to validate account title before affecting payment. Banks usually rely on the account number/IBAN (or IBAN equivalent) to credit the payment even if account title doesn't match. So if you get a different account number for making payment and account title is same as usual account title,  it doesn't mean that actual account title for the new account number is same. 4- Control supplier account number update process : There may be a request to update account nu

5 Fraud Prevention Tips - Basics to protect against Identify Theft Frauds

1- Share on strictly need to know basis - What ever you post on social/professional media is accessible to everyone hence be careful about what you post. A smart identity thief would pickup bits and pieces from various sources and obtain necessary information to commit fraud. when you are filling up those "lucky draw" forms, be careful about putting information like date of birth, anniversary date, phone number, address etc. This could be a ploy to gather confidential information 2- Submission of documents - We submit documents like id proof, address proof etc for obtaining various services like a new SIM card, land line phone, gas connection, other private/government services, account opening etc. As far as possible write down purpose for submission of document in a way that it also appears when someone takes extra copies of those documents. This would allow to identify un authorized attempts to obtain products./services which do not match with the stated purpose on th

Everything is connected, is it?

If one wants to have a robust controls framework one can not chose to leave any area out of the scope. It starts from controls around hiring (background checks, sourcing of profiles, vendor payments, staff referrals etc), how the processes are designed (you don't want to provide opportunities by having deficient processes)- number of controls doesn't matter, it's the effectiveness which matters most -prevention/detection related controls should be part of process design, procurement function (vendor selection, transparent bidding etc), IT controls & most importantly when a new system is being bought/old system being replaced, a comprehensive UAT covering all the aspects, you don't want to leave anything to chance. Above all a well designed process which allows staff/vendors to report wrong doing,  & action to be taken in case a event happens. I think designing controls is just half the work & unless these are periodically tested, one can not provide assur

Investigation Reports

I was thinking about it and realized that even though I have worked for over 9 years in Fraud Risk domain but it's recently that I have started writing formal reports. During my stint with companies in India, it was a trend that investigation report would be first discussed with concerned stakeholders and then email would be sent to document the findings, action taken and recommendations. Though we used to capture details of the investigation but never thought much about having formal structure of reports. I had done some experiments with creating a formal checklist type structure in which reports for standard cases (Card not present etc) were to be sent. and that was reluctantly adopted by teams. Of late, I have realized that in certain organizational structures it is very important to have formal report format. It has lots of advantages over informal reports as due to the standard format, people know what kind of information would be available under which heading, any aspects