#
SAPCompliance
Fraud and scams are serious criminal offenses with severe repercussions for society. Nonetheless, sometimes it's worth recognizing the ingenuity and bizarre creativity the perpetrators have in abundance, unfortunately, channeled illicitly.
This VOQUZ Labs article reveals three outlandish fraud and scam cases involving nefarious actors targeting businesses and organizations.
But before we plunge ourselves into the topic, it's crucial to recognize that although the examples may offer entertainment value - courtesy of their audacious nature - each case is serious and provides valuable insights for internal controls and auditing teams.
With no further ado, let's jump straight into the bizarre fraud cases.
AI-generated fake media is becoming more common with the rapid development of the technology. For example, as the New York Times reported recently, 'AI. Obama' and fake newscasters' audio is swarming TikTok.
And the disturbing reality is this: These innovations aren't just available to people who want to do good in the world - criminal groups involved in frauds and scams are increasingly embracing them.
The Wall Street Journal reported the first AI-based voice fraud criminal case in 2019. So what happened?
To put it simply, a UK-based energy firm (whose identity was withheld) lost $243,000 when the 'CEO' of its German parent company called the UK's British company chief executive requesting an urgent payment to a Hungarian supplier.
As you already guessed, criminals mimicked the voice of the German CEO. And worryingly, they did it using commercially available AI software from 2019 - the technology has since advanced tremendously.
An interesting facet of this case is how the fraudsters created urgency (the fraud happened so fast).
The key takeaway from this case is this: Internal controls teams must prepare themselves for what's to come: A rapid increase in the sophistication of AI-generated fraud happening at speed.
And what does that mean? Your company's internal control processes must also step up to the challenge by embracing automated internal controls systems that red flag potential frauds in real-time.
SAP user? If your company uses SAP ERP or S/4HANA, you can embrace internal controls automation with VOQUZ Labs' remQ software (a simple-to-install SAP add-on).
remQ ist eine Software zur kontinuierlichen Überwachung von SAP-ERP und S/4HANA mit einer großen Bibliothek an integrierten Kontrollen, die bei der Überprüfung von Stammdaten und Geschäftsprozessen hilft, um finanzielle Verluste durch Fehler und Betrug zu vermeiden. remQ kann in weniger als einem Tag eingerichtet werden, funktioniert unabhängig von der Größe und Branche des Unternehmens, erfordert kein Beratungsprojekt und reduziert die Kosten für die Einhaltung von Compliance-Regeln durch Automatisierung.
The next example of creativity used maliciously in a fraud comes from the rapidly evolving world of business email compromise (BEC) scams. And it's a topic the VOQUZ blog has covered before: Battling Business Email Compromise (BEC) Scams Within SAP.
A BEC scam is when a bad actor - almost always posing as a trusted entity - manipulates individuals within an organization so that they extract sensitive information or initiate fraudulent financial transactions through email communication.
Cybercriminals can do this in a few ways. The traditional method is spoofing email addresses (like your boss's) and creating similar-looking addresses using different domains.
Today, these attacks are relatively easy to spot using basic security protocols. A more advanced BEC scam involves hackers gaining access to the IT systems of a company (or perhaps even a company's vendor), so the email addresses in the communication are genuine.
But enough of the theory - let's dive into a bizarre, real-life example.
Nigerian entrepreneur Obinwanne Okeke had it all going for him. He even made it onto Forbes' prestigious '30 under 30' list. But in 2021, a US federal court jailed him for masterminding a multimillion-dollar cyber fraud on a British company.
So what did he do?
According to the US Department of Justice, Okeke and other co-conspirators deployed a BEC scheme against Unatrac Holding Limited (a sales office for industrial machinery company Caterpillar), where successful email phishing attacks acquired login details to IT systems.
The scammers then sent fraudulent wire transfer requests and attached fake invoices that totaled almost $11 million.
The key takeaway from this case is this: Automated internal control systems that can alert managers in almost real-time to unusual business process data events (such as fake invoices and irregular wire transfers) are increasingly vital for mitigating the type of fraud risk seen in this case.
The final peculiar fraud takes us to the United Kingdom in a troubling case demonstrating the lengths some scammers will go to.
In 2023, a former Member of the UK Parliament (MP) was jailed for four years for submitting fraudulent expense claims to the Independent Parliamentary Standards Authority (IPSA), which manages expenses for MPs.
There is nothing bizarre about the case until now. Jared O'Mara isn't the first and won't be the last politician in the world to get into a legal quagmire for expense claims accompanied by fake invoices.
But what makes this example so strange and even more immoral is the cover devised to hide the fraud. Shockingly, it takes us into the realm of exploiting a medical condition.
Autism is a neurodevelopmental disorder affecting millions of people worldwide. O'Mara, who has an autism diagnosis, used these personal circumstances to his advantage when attempting to scam British taxpayers.
This is what he did:
Note that the invoices were red-flagged and never paid. Also, the judge in the case said that O'Mara's autism diagnosis did not reduce culpability in the fraud.
A key takeaway from the case is that fraudsters and scammers go to extreme lengths to devise crimes, regardless of the ethical boundaries involved. While we are not privy to all the details, social engineering (exploiting human psychology) was perhaps at play.
After all, the connection between O'Mara's diagnosis and the charity makes his cover for the crime more believable to human sensibilities.
This article revealed bizarre cases of fraud and scams involving:
If there is one final lesson to learn, it's this: Fraudulent schemes come in all shapes and sizes and often are only believable because they are true.
Automated internal controls systems - such as remQ - play a crucial role in alerting companies in almost real-time when potential fraudulent schemes are in operation.
If your business uses SAP ERP or S/4HANA, you have an opportunity to embrace internal controls automation so that your organization can mitigate the risk of fraud and scams.
VOQUZ Labs’ remQ Business Inspector software operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. We would be delighted to answer any questions you have - contact us.
Paul ist Autor und Stratege für RegTech-Inhalte und verfügt über umfangreiche Erfahrungen im digitalen Marketing und Journalismus. Seine Arbeiten sind in der Zeitung „Guardian“ erschienen. Er hat einen Abschluss in „International Relations“, wo er die Einhaltung globaler Sanktionen und grenzüberschreitende Finanzen studierte.
Hast Du Fragen oder möchtest Du etwas hinzufügen? Hinterlasse uns bitte eine Nachricht! Deine Nachricht wird per E-Mail an uns übermittelt und nicht veröffentlicht.
