Digital Investigative Safety: The New World of Fraud Examination
/Imagine you’re on assignment working a case and you’re spending a lot of time out of the office. You run into a café to grab a coffee and while there, you figure you’ll sit down to check some emails. You log on to the café’s free Wi-Fi and load up your account. Your phone pings you to say that you have an alert from your bank so you check that too. You might even log into Facebook or Twitter to see what’s going on in the world or with your friends and family. Nothing you’ve done in these 30 minutes has been secure.
Keith Elliott, Vice President, Operations & Business Development at Reed Research Limited, explained in his Pre-Conference session at the 2016 ACFE Fraud Conference Canada in Montreal that in this age of interconnectivity, digital investigative safety has never been more crucial.
“A lot of what we’re speaking about today didn’t exist 20 years ago. Did not exist 10 years ago. The advent of technology is incredibly unique where we’ve given up a piece of privacy,” said Elliott. He explained that while it’s important to respect your client’s privacy, whatever your role is, maintaining personal privacy at work and at home is just as important.
“We understand in this day and age that Wi-Fi isn’t safe,” said Elliott. “We have to think before we click. If you’re accessing secure email for work purposes, doing banking online on your personal computer, accessing a profile for something that’s a database for your company — all of that is information that could be, can be and will be compromised if you use an unknown Wi-Fi.”
Elliott also advised attendees to use better passwords — the longer, the better. “Make your password 11 or 12 characters long and change it every six months,” he said. “A six-character password can be hacked in less than about a month. A 12-character password, alphanumeric with specific characters — the sun will burn out before that’s crackable on a forced attack. It’s mathematically just not possible.”
When conducting social media investigations, Elliott shared these dos and don'ts:
Do:
- Use a “sockpuppet” (an online identity used for deception).
- Search the subject, friends and family.
- Check alternate names.
- Get the information early.
- Properly document information.
- Provide sources and methods.
- Check for frequent status updates.
Don’t:
- Become friends with the person you’re investigating.
- Use your own account.
- Share “sockpuppets.”
- Use downloaded photos.
These tips help keep fraud examiners safely disguised while searching for actionable intelligence, or legally obtained information that’s refined to suit the needs of the client.
“As investigators and fraud professionals, it is important to hold ourselves to a higher level of accountability,” said Elliott. “Often we can acquire information in many different ways and forms, but it is essential that this is useable actionable intelligence.”
The moral of the story? Be smart and stay secure while you seek to uncover the truth.