Vulnerable Victim Fraud

Addressing Elder Abuse and Financial Exploitation Matters: The 2017 Elder Abuse Prevention and Prosecution Act

New Information for the fight against Elder Financial Exploitation Matters

The United States Congress provides victims, families, and Elder Abuse practitioners with powerful new weapons in the fight against Senior Citizen Financial Exploitation cases with the passage of Public Law 115-70-Oct. 18, 2017 – The Elder Abuse Prevention and Prosecution Act. This act is designed to prevent elder abuse and exploitation and improve the justice system’s response to victims in elder abuse and exploitation cases.

The Unites States Senate made the following findings to support this new law:

  • The vast majority of cases of abuse neglect, and exploitation of older adults in the United States go unidentified and unreported.
  • Not less than $2,900,000,000 is taken from older adults each year due to financial abuse and exploitation.
  • Elder abuse, neglect, and exploitation have no boundaries and cross all racial, social, class, gender, and geographic lines.
  • Older adults who are abuse are 3 times more likely to die earlier than older adults of the same age who are not abused.
  • Up to half of all older adults with dementia will experience abuse.

The act is designed to enhance support for Federal cases involving Elder Justice, improve data collection and Federal coordination with Local and State authorities, establish best practices for Local, State, and Federal data collection, and enhance victim assistance to elder abuse survivors. Elder abuse is includes “abuse, neglect, and exploitation of an elder (age 60 or older).

Under this Act, the Attorney General of the United States will designate in each Federal judicial district at least one Assistant United States Attorney to serve as the Elder Justice Coordinator for the district. There are 94 Federal judicial districts, including at least one district in each state, the District of Columbia and Puerto Rico.

The United States Attorney General and the Director of the Federal Bureau of Investigation (FBI) implement regular and comprehensive training to FBI Agents for the investigation and prosecution of such crimes and the enforcement of laws related to elder abuse. Training materials will be extended for other law enforcement officers, prosecutors, judges, emergency responders, individuals working in victim services, adult protective services, social services, and public safety, medical personnel, mental health personnel, financial services personnel, and any other individuals whose work may bring them in contact with elder abuse cases. The training materials will cover conducting investigations in elder abuse cases, address evidentiary and other legal issues, and the interaction with victims and witnesses, including administrative, civil, and criminal judicial proceedings.

The Federal Trade Commission (FTC) will appoint an Elder Justice Coordinator to coordinate and support the enforcement and consumer education efforts and policy activities. The Coordinator will serve as a central point of contact for individuals, units of local government, States, and other Federal agencies on matters relating to the enforcement and consumer education efforts of the FTC.

The Attorney General will collect from Federal law enforcement agencies, other agencies as appropriate, and Federal prosecutor’s offices statistical data related to elder abuse cases, including cases or investigations where one or more victims were elders, or the investigation involved a financial scheme or scam that was either targeted directly toward or largely affected elders, and publish the information on the Department of Justice website.

The Secretary of Health and Human Services (HHS) will provide the Attorney General statistical data related to elder abuse cases investigated by the States’ adult protective services organizations.

The Act amends Section 113A of Title 18, United States Code, to include Email marketing. In this chapter, the term ‘telemarketing or email marketing’ means: A Plan, program, promotion, or campaign that is conducted to induce

  1. Purchases of goods or services;
  2. Participation in a contest or sweepstakes;
  3. A charitable contribution, donation, or gift of money or any other thing of value;
  4. Investment for financial profit;
  5. Participation in a business opportunity;
  6. Commitment to a loan; or
  7. Participation in a fraudulent medical study, research study, or pilot study –
  • By use of one or more interstate telephone calls, emails, text messages, or electronic instant messages initiated either by a person who is conducting the plan, program, promotion, or campaign or by a prospective purchaser or contest or sweepstakes participant or charitable contributor, donor, or investor.

Mandatory Forfeiture of criminal proceeds will be imposed by a sentencing court. If convicted, the defendant will forfeit any property, real or personal, constituting or traceable to gross proceeds obtained from such offense, and any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of such offense.

For additional information to find Financial Services Resources for Elder Fraud Cases, I would recommend researching:

Forensic Accounting Issues

The Opioid Crisis: What Can CPAs Do?

In 2016, about 63,000 Americans lost their lives to drug overdoses and about 42,000 of these deaths were linked to Opioids. Despite progress in the fight, abuse of Opioids is the most significant health care issue going into 2019.  So how does this affect the accounting industry?  The American Institute of Certified Public Accountants (AICPA) requested a review of the Opioid abuse landscape and a subsequent presentation to member CPAs.

I thoroughly enjoyed teaming with Ms. Valerie Rock, CHC and CPC at PYA, P.C., Atlanta, Georgia to research and present the following information to CPAs at the AICPA Forensic and Valuation Conference, Atlanta, Georgia, in November 2018.

Main Points for Consideration:

  1. Drug overdoses are the leading cause of death for Americans under the age of 50.
  2. Drug overdoses were linked to Opioids found in prescription drugs, heroin, and other synthetic drugs such as Fentanyl.
  3. The Opioid crisis affects Medicare, Medicaid, Tricare, and Private Insurance industries.
  4. CPAs occupy many roles found in these programs.
  5. CPAs are in unique positions to be part of the solution to the Opioid Crisis.

What Are Opioids?

                Legally manufactured Opioids are drugs that can treat both acute and chronic pain. Most people are probably familiar with Opioids such as Hydrocodone, Methadone, Oxycodone, and now Fentanyl.  Fentanyl is often prescribed for cancer patients and people in severe pain who cannot tolerate morphine.  Fentanyl is a synthetic Opioid narcotic similar to morphine, but 50 to 100 times stronger. 

What is the Opioid Crisis?

                The Opioid crisis it two-fold.  First, overprescribing Opioids to control pain can result in addiction and dependency.  A second darker side emerges with illegally obtained Fentanyl.  Starting in 2013, the United States was flooded with illegally manufactured Fentanyl from nefarious foreign actors who profited from distributing the drugs.  Illegal Fentanyl is cheaper to make than heroin, very potent, and results in more doses per batch made.  U.S. Drug Enforcement agents see illegal Fentanyl appearing in counterfeit pain pills found in the form of powder, blotter paper, patches, and counterfeit tablets.  Heroin, of course, is illegal and highly addictive.

                Synthetic drugs are created using man-made chemicals rather than natural ingredients.  Examples of other synthetic drugs would be Ecstasy, LSD, Methamphetamine, Synthetic Marijuana, and Designer Drugs (chemically made version of illegal drugs that was slightly altered to avoid having it classified as illegal). YF

What Industries Are Affected by the Opioid Crisis and How are Accountants Involved?

                Opioid abuses have entered the mainstream of American life.  Legally prescribed Opioids appear in established medical communities such as Physician Practices, Hospitals, Pharmacies, Distributors, Wholesalers, and Drug Manufactures.

                The accounting industry is deeply imbedded in the medical community and may appear as Chief Financial Officers, Controllers, Internal Auditors, External Auditors, Compliance Officers, Government Auditors, and Government Investigators. `

What is the Response from the U.S. Government?

                In July 2017, President Donald Trump declared a public health emergency and formed the President’s Commission on Combating Drug Addiction and Opioid abuse.  The President tasked the U.S. Department of Justice to address the problem.  In response, the Department of Justice added more prosecutors to high-risk areas to support the arrest, prosecution and conviction of fentanyl dealers.  A new Opioid Fraud and Abuse Detection Unit was formed to deploy a data-analytics program that focuses specifically on Opioid related health care fraud matters.

                The data analytics teams were assigned to identify:

  • Which physicians are writing Opioid prescriptions at a higher rate exceeding peers.
  • How many of a doctor’s patients died within 60 days of an Opioid prescription
  • Average age of patients receiving prescriptions
  • Pharmacies that dispense disproportionately large amounts of Opioid
  • Regional spots for Opioid issues

Government investigators then began to focus on the flow of money through audits and investigations.  Practitioners began to see increased audit and investigative scrutiny of tax dollars expended through Medicare, Medicaid, Tricare, and private insurance.

Tidal Wave of Litigation

                The drug industry, including Opioid painkiller manufactures, distributors, wholesalers, and pharmacy chains began to experience a tidal wave of litigation.  At least 30 states, cities, and counties have either filed lawsuits or are formally recruiting lawyers to initiate legal actions.  The complainants argue that manufactures used aggressive sales tactics to boost revenues while downplaying the risks and turning a blind eye to excessive orders.

                In August of 2018, President Trump called on the Attorney General to bring a major lawsuit against drug companies that are sending Opioids at a level that should not be happening.

Nationwide sweeps indicted and arrested several medical practitioners who profited from overprescribing the addictive Opioids.  In one case investigated, billing records showed one physician seeing 80 to 145 patients a day, writing prescriptions for all the patients seen, the visits lasted only five minutes or less, follow-ups for medication refills lasted less that two minutes, and the physician did not obtain prior medical records and did not treat with anything other than controlled substances.

What Can CPAs Do?

CPAs have earned the respect and trust of the public through years of public service and are regarded as trusted advisors.  CPAs are encouraged to gain knowledge of the breadth and scope of the Opioid Crisis and become part of the solution.  By understanding how government auditors and investigators identify suspicious trends, CPAs can conduct similar inquiries with clients to identify activity that may hit the “radar screens” of government agents.  Here are some suggestions for consideration by CPAs:

  1. When reviewing accounts and documentation of medical related practices, consider:
    • Do the numbers add up?
    • Can these volumes and revenues be supported by the current staffing?
    • For example, is it possible for one physician to see 100+ patients a day?
  2. For Health Care Entities:
    • Monitor drug costs, particularly opioid drug costs, and investigate significant changes in drug expenses
    • Consider using internal data to identify “super-prescribers” of Opioids
    • Consider sharp increases in drug costs that can highlight inventory issues.
    • Regardless of quantities of Opioids in inventories, evaluate sufficiency of physical and financial controls needed to mitigate opportunities for theft and misuse.
    • Internal audits should be used to test the controls.
  3. For Pharmaceutical Company Payments:
    • Investigate increases in revenue for Opioids.
    • Understand when doctors receive payments from drug companies.
    • Although most payments are small (meals, drinks, etc.), research indicates pharmaceutical payments result in increased prescribing of marketed medication.
  4. For Urine Drug Screens and Testing Revenue:
    • Payers view the billing of urine drug screens as unnecessary and fraudulent when the documentation does not clearly indicate medical necessity per their coverage guidelines.
    • If significant increase is seen, confirm that the appropriate monitoring and auditing is performed.
    • Ensure that documentation supports the order – per state and federal governmental and payer guidance.
    • Ensure there are no medical necessity concerns.
  5. For a Laboratory:
    • Monitor the marketing department’s spending on complimentary supplies provided to physicians and other ordering providers.
  6. To Avoid Litigation:
    • Verify the legality of any payments received from drug companies.
    • Ensure the payments are reported in accordance with the Physician Payments Sunshine Act.
    • If you identify any undefined or uncategorized revenue streams, ask questions about the origin of the revenue.

Conclusion: Guidelines have changed significantly as Opioid prescription use has increased.  Regardless of quantities of Opioids in inventories, sufficient physical and financial controls are needed to mitigate opportunities for theft and misuse, and internal audits should be used to test these controls.  A robust monitoring process is important in identifying potential fraud waste abuse and compliance risks.  It is just as important to have communication protocols in place.  Work with your organization’s compliance officer to determine potential indicators of an issue, including indicators that affect the entity’s revenue, legal, and compliance issues.  If an issue is identified, notify your compliance officer. 

Your knowledge in accounting coupled with health care experience can help identify potential fraud and abuse to mitigate risks.

Cryptocurrencies, Blockchain and Fraud

Cryptojacking – What You Should Know


Main Points to Consider

  1. Cryptojacking attacks are exploding in numbers.
  2. Cyrptojacking uses the computing power of hijacked computers to mine for cryptocurrencies.
  3. Cyrptojacking runs in the background slowing the system, increasing electricity usage.
  4. Illegally mined cryptocurrencies are laundered into the wallets of criminals.
  5. Preventive measures include training to avoid poor cyber hygiene habits.

Why Are They Attacking Me?

When presenting CyberFraud information to business groups and Senior Citizen groups, I am often asked “Why are they coming after me?  The answer is threefold.  First, the crooks want your money and Intellectual Property, and everybody gets that.  Second, they want the Personally Identifiable Information (PII) of you, your clients, your customers, your kids, and your grandkids.  Selling freshly stolen PII is very lucrative in underground criminal markets such as those found on the Dark Web.  Third, they want your computers.

Illegally gaining access to your computers and cyber systems to plant Malicious Software (Malware) feeds a diverse array of scams.  Malware can be designed to lock up your computers for ransom payments, known as Ransomware.  The Malware is often used to lurk in the background to conduct reconnaissance on your business and personal habits for Business Email Compromise scams, the Malware can locate and extract your trade secrets, the Malware can turn your computer into a robot to conduct other cyber-attacks, or the Malware can plant back-doors allowing access to persons intent on damaging or destroying your systems.

What is Cryptojacking?

Ransomware attacks are now decreasing in numbers.  This is not necessarily good news because the attacks still cause millions of dollars in losses and, the malicious software is changing and diversifying to avoid detection. So here comes Cryptojacking to overtake Ransomware as the top cyber threat.

Simply explained, Crytpojacking is the process of hijacking your computer to mine for cryptocurrencies.  In our discussions of Bitcoin and other cryptocurrencies, we talk about the different ways you can obtain Bitcoin.  Basically, you can get Bitcoin by exchanging fiat currency, such as U.S. dollars, to buy Bitcoin from exchanges or other persons; you can incorporate exchanging Bitcoin for goods and services through your business model; or you can mine for Bitcoins.  Mining is the process of solving complex mathematical algorithms to obtain Bitcoin.

When Bitcoin first appeared in 2009, the mining process could be done on home computers.  But each time an algorithm was solved, the next algorithm was more difficult.  More computing power was necessary as the level of complexity continually increased.  Soon, it became necessary to pool the resources of individual computers to solve the algorithms. The mining pools necessarily became larger and larger.  The Bitcoin miners discovered that increased mining power required not only more computer capabilities, but also required more electricity to run the computers and the cooling systems to protect the computers from overheating.

To overcome this challenge, hackers are now hijacking our computers to mine for cryptocurrencies.  The infected computers are banded together to harness the combined computing power for mining purposes.  Voila, no expensive mining pools, no electric bills, little risk of detection, huge profits, and opportunities to launder illegally obtained cryptocurrencies into their own wallets.

Victims of Cryptojacking have noticed their devices slowing down, increased electric bills, and additional heat from their systems.

What Can I Do to Prevent Cryptojacking?

Cryptojacking hackers use techniques found in other computer intrusion schemes to overtake the computers.  They exploit poor cyber hygiene practices such as opening unsolicited emails and attachments, clicking on suspicious websites, using corrupted apps, and identifying weaknesses in the cyber system itself.  The best known preventative measures include updating software systems, immediate use of software patches, changing passwords, strengthening firewalls, continuous monitoring of cyber systems, and continuous training of individual users to recognize cyber attack vectors.

Conclusion: This seems like the same song in a different dance, doesn’t it? As we identify and beat down current threats, the bad actors come up with something new to poison our cyber environment. As we move towards a connected world in the Internet of Things, we can expect the scoundrels to develop and improve their attack capabilities.  Al Capone would be proud of them.



Cryptocurrencies, Blockchain and Fraud, Uncategorized

Cryptocurrencies, Fraud Schemes, and Money Laundering

  In many presentations I have done to explain Bitcoin and other virtual currencies, the most difficult part for people to understand is how a virtual currency, which cannot be seen or held in our hands, can represent value.   In fact, critics of buying and trading in virtual currencies maintain that virtual currencies will never be a reliable form of commerce.  I am not promoting or demoting the idea of virtual currencies, but it is now unmistakable that virtual currencies have gained worldwide acceptance.  One can argue that virtual currencies will never replace fiat currencies, which is probably true.

Discussion Points to Consider:

  1. Currently, there are about 2000 virtual currencies
  2. Anyone can create a virtual currency
  3. Bitcoin was the first cryptocurrency and is the most well known
  4. Cryptocurrencies are easily converted to and from government-approved currencies (Fiat Currencies)
  5. Cryptocurrencies appear in multiple fraud schemes
  6. Cryptocurrencies are used to launder proceeds from criminal activity

Although virtual currencies have been in existence since the late 1990’s, they lacked reliability and acceptance for conducting financial transactions.  The release of the Bitcoin ecosystem in 2009 disrupted the financial systems in the world’s first virtual currency using cryptology to provide advanced anonymity, and the Blockchain to solve the “double spending” problem.   Thus, Bitcoin became the first convertible, de-centralized, math-based, cryptocurrency.  Bitcoin became convertible to and from fiat currency, de-centralized because transactions could be conducted Peer-to-Peer without government oversight, based on the mathematical solutions of increasingly complex algorithms, and concealed by cryptology.  The structure of Blockchain technology proved that an owner of Bitcoin could not double spend the same Bitcoin.

                What Are Virtual Currencies?

Virtual currencies can be described as a Digital Representation of Value functioning as a Medium of Exchange that does not have Legal Tender status.  All that is required to hold value is Trust and Adoption.  Bitcoin gained in prominence because of the ease of use and semi-anonymity, but government regulators in the United States and around the world have wrangled Bitcoin into a heavily regulated world of banking.  Bitcoin rivals such as Monero and Zcash now offer better anonymity.  Ethereum is another virtual currency which serves as the basis of Smart Contracts (digitalized contracts) for use in commerce.

What is Blockchain Technology?

Blockchain is described as a Distributed Ledger where all transactions are agreed on by Nodes, or participants.  Once approved, the transaction is time-stamped and added as a new Block to the previous Block.  Each new block is individually identified by a unique hash code and is digitally tied to the previous block by incorporating a portion of the hash code.  In this manner, the Blockchain provides an irreversible record of all transactions in ascending chronological order. 

The Blockchain used in the Bitcoin platform is open to the public, meaning that anyone can freely obtain the software program and become a Node in a Non-Permissioned environment.  Nodes can then “Mine” for Bitcoin for their own use or earn Bitcoin fees for approving transactions of other users of Bitcoin.  In this Public format, the Nodes have no need to know or trust each other.  Hybrid forms of Blockchain have been formed to create a Permissioned and Private system where the Nodes know and trust each other.  In both Non-Public and Public Blockchains, each transaction is recorded on a ledger, but the identity of the person or persons behind the transaction is not disclosed.  This is accomplished by using Public Keys to record the transactions, and Private Keys that allow entry into the Blockchain.  Therefore, the identity of the person or persons conducting the transaction remains anonymous.

How are Cryptocurrencies Used in Fraud Schemes?

Cryptocurrencies are emerging as a payment of choice in many fraud schemes.  More and more, we see bad actors avoid government oversight of financial institutions by demanding payment from victims in the form of cryptocurrencies.  And why shouldn’t they? Cryptocurrencies provide anonymity, speed, and worldwide acceptance for the transfer of funds from victims to the perpetrators.  Four main areas of concern are; (1) cryptocurrencies being used in Securities Fraud matters; (2) cryptocurrencies being stolen directly from victims; (3) cryptocurrencies used as payments in Ransomware and Extortion schemes; and (4) using cryptocurrencies to pay for illegal products and services on the Dark Web.

How are Cryptocurrencies used in Securities Fraud Schemes?

 Currently, one of the hottest investment markets involves high-risk Initial Coin Offerings (ICOs), and these ICOs often result in significant losses to unwary investors.  Certainly, there are legitimate ICOs to consider.  However, regulators have found that many are ripe with fraudulent misrepresentations that can result in significant losses to investors.  ICOs can provide a means for startups to avoid high costs of regulatory compliance found in Initial Public Offerings (IPOs).   ICOs involve crowdfunding centered around cryptocurrencies and sold to investors as Utility tokens or Asset-based tokens.  Tokens are promoted as Future Functional Units of Currency.  A holder of utility tokens can exchange value for a good or service in the future while asset-based tokens are backed by an underlying asset.  Some ICOs can fall outside of existing regulations and escape normal monitoring by government regulators.  We have seen cases where scammers will use ICOs in Pump and Dump schemes and Advance Fee schemes.

Investors in Bitcoin are at risk from Market Manipulation of Bitcoin prices.  Bitcoin, known for volatile price changes, is vulnerable to current-event price swings where illicit actors take advantage of news events to manipulate the prices.  Regulators are scrambling to keep pace as increasingly complex investments are expanding across national borders. 

Question: How do you steal cryptocurrencies?   Answer: Steal the Private Keys.

The Public Keys allow access to the Blockchain ledger to record transactions, but the Private Key unlocks the currency.  Therefore, the sophisticated thieves target the computers and smart phones of the owners to learn how the cryptos were purchased, which bank accounts were used to transfer fiat currency, passwords, security questionnaire answers, contacts with other persons transacting in cryptos, websites visited to buy and sell cryptos, and above all, the identity of the Private Keys.  If Private Keys are found, the criminal can permanently transfer the currencies into their own wallet.

Third-party repositories of Private Keys can become hacking targets.  Also, willing buyers and sellers will find one another in on-line forums to meet in person to buy and sell cryptos.  People carrying cash and/or their Private Keys are then susceptible to robbery, referred to as Stage Coach robberies. 

Ransomware and Extortion attacks are directed to large and small businesses, health care organizations, governmental entities, or other businesses holding sensitive information.  Bitcoin is the most common method of transferring the extortion amount, but other cryptocurrencies offering more complete anonymity are also used.

The Dark Web is the part of the internet accessible only by special programs and are available to anyone.  The Dark Web is used by actors to sell stolen goods, sell Malware and other cyber infections, stolen identities, stolen credit cards, pornography, illegal drugs, and actually any other tool of criminal activity. Cryptocurrencies such as Bitcoin, Monero, and ZCash are used to buy and sell illegal items or services. Tumbler and mixing services are also found on the Dark Web.

What About Money Laundering with Cryptocurrencies?Sophisticated criminals are often burdened by their own success, that is, hiding the money from regulators and investigators can be difficult.  Everybody loves cash but spending too much cash only tips-off authorities monitoring cash transactions.  Cryptocurrencies make it possible to easily hide, transfer, and clean the illicit money.

Money laundering is usually explained in three steps: Placement, Layering, and Integration.  Placement means that the dirty money is placed into the financial system, usually the Federal Reserve financial system in the United States.  Layering means the money is transferred through multiple accounts to confuse the financial trail.  Integration means that the dirty money is then transferred into legitimate accounts and businesses to distribute cash and/or purchase expensive assets.

Cryptocurrencies are purchased using the approved (Fiat) currency of a country.  The purchases of cryptocurrencies can be done through government-approved exchanges, or through unregulated exchanges.   

Current emerging money laundering threats with cryptocurrencies are found in multi-national exchanges, online gambling sources, and mixing/tumbling services. Online gambling is gaining legal acceptance in the United States and other countries and offers multiple, diverse opportunities to cleanse the dirty money. Mixing and tumbling services will take individual cryptocurrency transactions and tumble them through multiple wallets to obliterate the trail of transactions. Mixing and tumbling services are not necessarily illegal, however, nefarious operations abound on the Dark Net.  

Conclusion:  Criminal actors now have assortments of tools to bounce illegally obtained fiat currencies through multiple cryptocurrency transactions, multiple wallet addresses, and multiple countries in blizzards of transactions at a very high rate of speed.  Moving and hiding proceeds from criminal fraud schemes has become faster, more efficient, and harder to detect than ever before.  So, the cat and mouse game continues.  While authorities become better at identifying and following cryptocurrencies, the bad actors adjust and adapt to advances made by the good guys. 

Forensic Accounting Issues, Uncategorized

Cyber Attacks: Effective Employee Training

Computer Fraud Button.jpg

IBM recently announced the results of research worldwide data breaches and reports the average cost of a data breach is $3.86 million. The average cost for each stolen record containing sensitive and confidential information is $148.00.
In my previous blog we discussed the variety of ways that business cyber systems are attacked and compromised, and in these discussions, we emphasize the use of e-mails to penetrate the cyber defenses by our adversaries. In general, the actors will compromise cyber defenses by using social media and/or computer intrusions. Most of the cyber defense recommendations I have read will recommend “Training the Employees”, but how do we train our employees to protect the businesses? So here are some suggestions for training employees to spot suspicious e-mails, attachments, or apps.
First, I would recommend briefing your employees on the current trends in cyber crime in businesses. We discuss those trends in the previous blog – but the current trends are Business Email Compromise and Email Account Compromise scams, Ransomware, Theft of Personally Identifiable Information (PII), and Theft of Data by outside actors and/or by corrupt insiders. One common denominator running through each of these attack vectors is the careless use of emails that allow penetration by the bad actors. The cyber criminals are always looking for weaknesses in your IT system such as outdated software, outdated or absence of anti-virus and anti-malware software, weak passwords, and any other wormhole into your system. But one common denominator running through the threat vectors is the use of Phishing and Spear Phishing attacks to convince someone to respond to a spoofed email or open an attachment containing malicious code to infect your system.
From my experience, the best scenario to training your employees is a small group setting led by someone with actual experience in working cyber fraud cases. You don’t want the discussion leaders to just regurgitate what they find on the internet. Have everyone in the room silence their phones. The meeting should be in a quiet setting so that everyone can speak and be heard in a normal conversational manner. PowerPoint presentations are not required but acceptable if people are comfortable enough to interact and ask questions. Early or mid-morning times are great, as is lunchtime, but not while people are eating lunch while the discussions are ongoing. The training should be in the range of 45 minutes to 1.5 hours with cushion for additional time for questions and answers if needed. The afternoon hours can work but people tend to lose interest after lunch or close to quitting time. I would also recommend ongoing training to stay up-to-date on emerging threats or employee turnover.
Prior to training session:
1. Discuss date, time, location
2. Discuss Media Requirements
3. Discuss length of time
4. Evaluate any prior training to minimize duplication
5. Discuss nature of the business to tailor presentation to actual needs
Here is a suggested outline for a training session:
I. Introductions
II. Case Examples relating to your business environment.
III. Current Threat Vectors
a. BEC and EAC Scams
b. Ransomware
c. Theft of PII
d. Theft of Data (outside actors and corrupt insiders)
IV. Methods used by Adversaries
V. What is an E-mail
VI. What is Phishing and Spear-Phishing
VII. What is Malware
VIII. What is Spoofing
IX. How to Identify possible Spoofing
X. Recommended Protective Measures
a. Discuss several options and suggestions from list
XI. Conclusion
a. Be aware of organization’s footprint facing the internet
b. Have a response plan
c. Consider cyber-crime insurance
d. Encourage Employees to suggest protective measures
Conclusion: Cyber defense is often considered a technological problem however, it is also a human problem. Creating effective defenses in your business will be dependent on the buy-in by employees. Can you motivate your employees to practice good cyber hygiene? Will they comply with rules and regulations in place to prevent cyber intrusions? The answers to these questions may be the difference between an expensive attack or effective prevention of the attack in the first place.