Tuesday 20 September 2022
Our National Forensic Team (NFT) has been working 1,000 miles north of Vancouver, at 3,000 feet above sea level in Canada at a gold and copper mine. It is quite a hostile environment that requires a four hour flight in a small plane and there is then only one road up to the glacial plateau where the mine is based. The work involved a Fraud Resilience Review (fraud resilience is a measure of how well an organisation is protected against fraud and corruption) and related training at this mine.
This follows work that the team has undertaken at mines in Zambia, Cote d’Ivoire, Cameroon, and Mali as well as different sites in Indonesia and Kazakstan. The Fraud Resilience review involves assessing the level of protection against fraud and corruption against the 29 factors which impact most on the extent and cost of these problems, then rating the organisation concerned in accordance with a scale of 0 to 50 – 50 being as good as it gets.
The NFT has a long standing partnership with the Centre for Counter Fraud Studies at University of Portsmouth and jointly manages two databases – one concerning 25 years worth of data concerning the measured total cost of fraud (not just what is detected) and a second which contains the fraud resilience data of more than 1,000 organisations. The higher the fraud resilience rating (i.e. the better protected an organisation is), the lower the cost and extent of fraud and corruption.
The temperature was in low single digits, and the weather grey and rainy with occasional bright spells. To make up for it, the food – as is usual at a mine – was plentiful and it would have been very easy to put on weight, as the mine’s General Manager warned us. The mine was in Tahltan territory and it was good to see how our client had partnered with the first nation to help them develop sustainable companies and to invest in the community
We offer a range of specialised services for countering fraud that includes our Fraud Resilience Review and Fraud Loss Measurement exercises. If you have any questions, or would like to enquire about our services, please contact Jim Gee.
Previous similar work by Crowe has included the cost of procurement fraud being cut by more than 50% at a large copper mine in East Africa.
A global non profit approached us after experiencing a case of invoice fraud as a result of a hack. In total, over £163,000 was transferred to a fraudster’s bank account after a hacker intercepted email communications between the company and its supplier. Our forensic specialists responded quickly by attending the site that same day, determining that the company had been compromised by a phishing email.
We initiated steps to address the hack and commenced an investigation, which involved the following:
The investigation found the email account of a former office manager had been compromised by a phishing email for over a year. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Phishing scams include URL links to malicious sites or attachments that contain malware, and when clicked on by the recipient, can infect their device. The hacker compromised the former manager’s account and manipulated communication between the company and their supplier, resulting in a payment being sent from the supplier to a bank account held by the fraudster.
We undertook a review of the information held on the account to establish what other data the hacker potentially had access to, which included over 80,000 emails and identified 291 effected individuals. The types of personal data ranged from bank accounts and sort codes, to national insurance numbers and passports.
To help prevent a similar scenario happening again, we conducted a cybercrime vulnerability review, in addition to providing cyber security training for the employees. In addition to the review, we also performed an internal and external penetration test of the company’s network. A penetration test is an authorised simulated cyberattack on a computer system intended to evaluate the security of the system. Several vulnerabilities were identified, such outdated software, which were reported back to the company to be patched.
Given the nature and extent of the personal information that the compromised email account contained, the hack was deemed as a data protection issue and was reported to the Information Commissioners Office (ICO). Due to the quality of our findings, the ICO responded saying no further action was required as they were satisfied with the swiftness and quality of the response to the hack. This not only saved the company significant costs from a potential fine, but also prevented the pain of a full-scale investigation from the ICO.
You should always consult with an expert before you take action. If you would like further information on how we can help you strengthen your organisation against fraud and cybercrime please contact our Forensics team.
Phishing can also be perpetrated through SMS messages, also known as ‘smishing’. Fraudsters can make the fraudulent message appear in the same thread as a legitimate chain of messages from your bank, for example.
Acting on behalf of a sleeping giant of football, we were involved in a litigation case against an established European giant of football.
The case revolved around the footballing giant breaching confidentiality agreements to trigger a release clause to enable the transfer of a key player that belonged to our footballing client. As a result of the player being unavailable to our client for the remainder of their contract, the losses incurred as a consequence, needed to be quantified. The end figure forecasted, known as the quantum, was hotly contested. Before becoming involved, a strike out application had been made as to whether it was actually possible to quantify any loss. A strike out application is used when the applicant wishes to demonstrate that a case does not have reasonable grounds for bringing it in in the first place.
The case went to the Court of Appeal where concern was expressed as to how difficult it was to quantify the claim, but that this should not stop the case proceeding. The concept of a machine that had eleven working parts which were all working well was introduced - if one of those parts was removed, this would likely result in some sort of impact on the performance of that machine which could, theoretically, be measured – it was at this point we were approached when a robust approach was required to support the Club’s position.
The key question was whether the removal of that player had any impact on team performance and, if so, what was the best way of assessing quantum in that respect. We limited our period of review to 12 months. The issues of foreseeability and remoteness were addressed. Foreseeability and remoteness are the reasonable anticipation of the possible results of an action, and the causation of the loss as a result of a breach of contract or duty. These two factors, and the link with the player’s market value at various dates (as provided by another expert) was pivotal to our approach.
Every area that our client may have incurred losses was categorised. The legal term for categorising the damages incurred is referred to as ‘heads of loss’. The heads of loss we quantified included:
Where relevant, the principles of the “loss of a chance” were used. For example, on the balance of probability, in how many games would the player have been fit to play, or selected, if they had not left. One key aspect of our report was to forensically analyse the season in which the player represented the Club, ahead of their enforced move. It was clear from the players’ appearances, and the team’s results, that there was a correlation between this players contribution and the success of the team, notwithstanding of course the many other factors that contribute towards a team’s performance.
Ultimately, further to intense discussion in experts’ meetings (following forensic accounting reports disclosed by ourselves and the other side), the case was settled on the steps of the Court and a pleasingly satisfactory financial outcome for our Client.
A major mining company in Africa approached Crowe in May 2018 about a suspected invoice fraud of in excess of US$300,000. Crowe’s investigation identified a corrupt network involving suppliers, procurement and human resources and the recovery of over $1,000,000 from the supplier involved.
The mine is located in a remote part of Africa so, rather than send a person to site, Crowe used specialised technology to obtain forensic images of several computers and other electronic data. A forensic image is a direct copy of all the files on a storage device, such as a hard drive. A forensic image will typically include all files saved on a machine, included deleted documents. The technology used by Crowe significantly reduces the upfront costs of starting an investigation and enables remote and covert data collection.
Through the analysis of almost a million files and ten interviews with past and current employees, the investigation revealed the fraud was perpetrated by one employee from the mine and several employees from a supplier. The mine was defrauded through the submission and processing of false invoices. Payments for other goods and services were also concealed, for example the costs of hiring a vehicle were concealed within catering recharges to the mine. The procurement processes were easy to exploit, with a reliance on proof of shipping information rather than proof that the goods were received. In some cases the mine was charged for goods that were never delivered or even ordered in the first place. The individuals involved also committed fraud to obtain goods for their own personal use, including vehicles and expensive food and alcohol.
The investigation also revealed multiple vulnerabilities in the organisation’s procurement processes, and a lack of any verification on the quantity and quality of goods and services provided by suppliers. In addition to rooting out the corrupt network, the investigation findings were used by the mine to renegotiate several supplier contracts and save significant sums of money.
Before engaging Crowe the mine had conducted its own internal investigation that quickly hit a dead-end. By applying its expertise Crowe quickly and thoroughly established the truth of what happened and help the mine to put things right.
You should always consult with an expert before you take action. Get in touch with the Forensics team if you require further information or to discuss our services.
Due diligence is the first step in preventing fraud or corruption when entering commercial engagements, such as dealing with third-party suppliers or during a merger and acquisition transaction. A blog from the Foreign Corrupt Practices Act (FCPA) stated that around 90% of all enforcement actions involved third party intermediaries, yet over 50% of procurement professionals stated that they do not believe that their existing suppliers had been vetted properly.
Due diligence is part of compliance procedures, used when a business is looking to work with any external company. Due diligence goes beyond a “tick box” method – it consists of data collection and analysis. In any commercial relationship, a detailed due diligence process will avoid unnecessary risks and will provide the grounds to make informed decisions.
This can be done through the following:
Regardless of whether you are a large organisation or an individual, it is your company’s responsibility to ensure your company as well as its suppliers follow regulatory requirements, such as the UK Bribery Act. Due diligence is especially important if your company carries out business globally, as some countries will have anti-corruption laws in place but do not have the means to enforce them. Therefore, having a knowledge on what your suppliers (and where possible your suppliers’ suppliers) activity is vital.
Failure to carry out adequate due diligence can impact your business by resulting in:
Below are a handful of examples of when we have recently supported clients on a range of matters related to due diligence and corporate intelligence:
Investing in adequate due diligence prior to third party engagements will prevent more significant losses from occurring in the future. Crowe offer Corporate Intelligence services that carry out financial, integrity and cyber due diligence to overcome the possibility of carrying out business with untrustworthy entities.
If you would like more information on how we can help your organisation, please contact a member of the Forensic Services team.
Fraud and error losses in any organisation should currently be expected to be at least 3%, probably almost 6.5% and possibly more than 10%. Find out more in our latest Financial Cost of Fraud report.
In 2019, the National Crime Agency (NCA) stated that money laundering cost the UK over £100 billion a year. The UK has been used to launder money and hide assets of corrupt elites for many years, and has received criticism regarding its leniency toward Russian oligarchs and kleptocrats. The UK has been a hot spot for money laundering as a result of its thriving financial and professional sectors, in addition to the limited restrictions when establishing a business. Once a seemingly legitimate company is established, criminals will then use the company to launder illicit funds.
Money laundering risks the UK’s national security, its reputation, and jeopardises international confidence in the UK. With this in mind, the Government set out to tackle the issue in its July 2019 Economic Crime Plan. The plan spans from 2019-2022 and encompasses the work carried out in both the public and private sector. In immediate response to Russia’s invasion on Ukraine, the Economic Crime (Transparency and Enforcement) Act 2022 was fast tracked. One element of this act came into force this week.
Earlier this week (1 August 2022), The Register of Overseas Entities was introduced. The register seeks to identify corrupt oligarchs and elites that are trying to conceal ‘ill-gotten gains’ through UK property. The register requires anonymous foreign companies owning or seeking to buy UK land to reveal their true beneficial owners so that criminals cannot hide behind a chain of shell companies. Foreign companies will need to provide verified information of its beneficial owner to Companies House before any application is made to the UK’s land registry. Failure to register is a criminal offence and prevents entities from being able to buy and/or sell UK property in the future. A transfer of land by overseas entities in breach of the registration requirement is also a criminal offence committed by the entity and each responsible officer of it.
The register applies to property purchased since January 1999 in England and Wales, and since December 2014 for Scotland. There is a six-month transitional period to register.
If you suspect there may be corruption in your organisation or would like more information on how to protect your business from risk of corruption, please get in touch with Jim Gee. It is important that organisations fully understand the background of companies and individuals they are considering doing business with and we can undertake detailed checks globally.
The UK has the second-highest amount of money laundered each year. The United States ranks number one with the highest amount (£216.5 billion).
A few weeks ago, we looked at Deferred Prosecution Agreements (DPAs); what they are, why they were introduced, and when they are offered to companies. An aspect we touched upon was Section 7 of the Bribery Act 2010, which allows organisations to provide a statutory defence being it has adequate procedures in place to prevent anyone associated with the business, whether it be sub-contractors or employees, from committing bribery. This article outlines what procedures that companies should have in place to ensure good practice, encourage an anti-corruption culture, and avoid harsher prosecution.
Section 7 of the Bribery Act is titled ‘Failure to Prevent Bribery’ and was established to encourage companies to take liability for corrupt behaviour. Under Section 7, any person associated with the company that bribes another person with intent of obtaining business or business advantage for the company will be found guilty of an offence under section 7. Unless the company can rely on the defence that it has adequate procedures to prevent bribery from occurring, it will be found guilty under Section 7.
The UK Government has produced guidelines as to what constitutes ‘adequate procedures’, the guidelines have six principles to follow. We have summarised these below:
Our Forensic Services team is experienced in advising companies on how to adopt an anti-bribery culture. The team also undertake due diligence reviews on individuals and organisations. If you would like to know more on how your company can implement the measures listed in this article, please get in touch with Jim Gee.
That only two companies have been prosecuted and convicted under Section 7 of the Bribery Act. The first conviction took place in 2015 against Sweett Group plc, and the first contested prosecution took place in 2018 against Skansen Interiors Ltd.
Deferred Prosecution Agreements (DPA’s) are a relatively new procedure that are becoming increasingly popular across jurisdictions. They were introduced in the UK in 2014, under the Crime and Courts Act 2013. Their purpose is to encourage large corporate entities to take liability for economic crime, including cases of fraud, bribery and/or money laundering. Since DPA’s were introduced in the UK, a total of 12 have been agreed by the Serious Fraud Office (SFO) with large corporations. In the last month, the SFO has invited three companies to enter DPA’s. As of 1 July 2021, the SFO invited its 10th company, Amec Foster Wheeler Energy, a company that provides engineering and technical services to enter a DPA to settle a case involving historic corruption allegations through the use of middlemen. As of 19 July 2021, the 11th and 12th companies, that have not been named for legal reasons, have been invited to enter a DPA following bribery offences relating to multi-million-pound UK contracts.
However, inviting a company to enter into a DPA has been subject to mixed reviews, as part of the agreement is to avoid harsh prosecution inflicted on corporate entities. Regardless, the Chief Executive at the SFO recently defended the deferred prosecution regime, stating that it is indeed necessary to tackle white collar crime and ensure the executives of companies do not distance themselves from the actions of their companies.
DPA’s are used to encourage companies to take liability for economic crime that their employees have committed. It is an agreement that has been reached between the prosecutor and the party that could be prosecuted, under the supervision of a judge. An organisation will only be invited to enter into a DPA if they agree to fully cooperate with the SFO’s investigations and fulfil any other additional terms set out. These may consist of paying compensation, paying a financial penalty, continuing to cooperate in any future prosecutions of individuals and implementation of a compliance program. Once an organisation has been invited to enter a DPA, the proceedings for the criminal offence that was charged are automatically suspended.
The attributes of a DPA are set out to:
Even if a DPA has been entered into, individuals involved in the illegal activity can still be prosecuted.
There is some controversy that revolves around DPA’s as they enable companies to avoid convictions by paying a financial penalty. On top of a financial penalty, additional fees can also include a compensation order, disgorgement of profits, reparations or donation to charities that support victims of the criminal activity, and a payment to the prosecutors’ costs. It is therefore argued that as a result, DPA’s may be seen as just an additional cost to carry out business, making it an ineffective deterrent.
A DPA is a discretionary tool that is open to the prosecutor to apply – it is not guaranteed to be offered in every case. The circumstances of the case will dictate whether the prosecutor considers that a DPA will be appropriate and, importantly, in the public interest. Factors such as self-reporting, cooperation with the investigation and that fact that positive action had been taken by the company to prevent wrongdoing, will all aid the prosecutor to consider a DPA. The last factor will mirror the actions a company should be taking to support the statutory defence under s.7 of the Bribery Act 2010 and will include things such as training, organisational culture and effective management.
If you would like further information on best practice measures to ensure your company is doing all it can to prevent economic crime, please contact Jim Gee.
To date, a total of approximately £1,130,739,000 has been, or will be paid in financial penalties by companies that have entered into DPA’s, with the sums being paid to the UK Treasury. *In some cases, organisations will have had to pay additional costs to jurisdictions outside of the UK.
*A breakdown of the financial penalties for the two most recent DPA’s have not yet been disclosed. Between the two companies a total of £2,510,065 will be paid for the disgorgement of profits and financial penalties.
Corruption is a form of dishonest behaviour carried out by an individual in a position of authority that abuses their power for illicit gain. Bribery is one of the most common types of corruption. Bribery is the act of providing someone with money, services or even valuable items in return of a favour. Acts of bribery are typically disguised as donations, inflated prices, expenses, commissions or ‘facilitation’ fees. Bribery is difficult to spot and can often go unobserved by organisations and law enforcement.
Bribery has a negative impact on the businesses involved and other stakeholders. It can result in individuals involved becoming vulnerable to blackmail and extortion, and also leave an organisation vulnerable to local and international anti-bribery legislation. Bribery often compromises an organisation’s ‘social licence’ to operate, and could even result in an organisation being debarred from operating in sectors and jurisdictions.
The UK Bribery Act (2010) has extra-territorial reach, meaning that foreign companies that have a presence in the UK, and UK companies that have a presence overseas can be prosecuted if there is failure to comply with the Act. The Act includes four main offences:
The Act introduced corporate liability for bribery. The legislation requires that companies implement adequate controls to prevent persons from participating in acts of bribery. If an employee of a company is found to have given or accepted a bribe, having adequate measures in place can be used as a defence by the business affected.
Recent research found that almost a quarter of UK businesses experienced acts of bribery between 2016 and 2018. In Crowe’s experience, there are several ways an organisation can adopt a proactive approach to tackling bribery and corruption, and emphasis should be placed on risk perception and foreseeability of where and when bribery may arise. Ways to reduce the risk of corruption include, but are not limited to the following:
If you would like more information on how to protect your business from risk of corruption and bribery, please get in contact with a member of our Forensics team.
Our report ‘The Nature and Extent of Pensions Fraud’, in conjunction with the University of Portsmouth Centre for Counter Fraud Studies, estimates the cost of fraud to the UK pensions sector to be upwards of £6 billion per year. While there is a vast honest majority in this sector, there is also a small dishonest minority can cause serious damage. That dishonest minority can operate in many sectors, often placing themselves in positions with access to sensitive data. Pension scheme administrators are therefore an attractive prospect to fraudsters, particularly due to the volume and sensitivity of data that they handle.
From our experience, having conducted several investigations into fraud in the pensions sector, we have identified three common ways by which scheme administrators are being defrauded.
Our Forensic Services team are accredited counter fraud specialists, and are leaders in the pensions sector when it comes to fraud and cybercrime resilience. If you would like more information on how to implement counter fraud or cybercrime measures in your organisation, please contact Jim Gee.
We have produced a ‘Cyber Risk Made Simple’ guide, in partnership with PLSA and Aon, to help pension schemes to improve their cyber resilience.
The 11th Annual Counter Fraud and Forensic Accounting conference, held by the University of Portsmouth took place on 14 June 2022, covering the latest research findings within the sector.
Below is a summary of some of the most recent research and the key takeaways following our attendance.
Dr Elisabeth Carter, Criminologist and Forensic Linguist, and Paul Maskall, Fraud and Cybercrime Prevention Manager at DCPCU, discussed interactions between fraudsters and victims and the importance of recognising safety and risks online. The research highlighted how our relationship with technology is complex and provides an emotional feedback loop, a source of reassurance and inclusivity. The overarching issue with this, is that it can normalise other behaviours that leaves users exposed and vulnerable to grooming and isolation.
Claire Jenkins, Forensic Accountant at Companies House, discussed external fraud factors and risks in a post-COVID world. This research found that a reliance is put on accounts to make decisions and the assumption that they are correct is not always true. This reliance is by people without counter fraud training. Claire’s advice includes using a critical eye, comparison with prior year accounts, knowing your audit reports and to check accountants/auditors via registers available.
Barry Robinson, Head of Forensic Services at BDO Ireland, discussed the effectiveness of using data analytics to prevent and detect fraud. The research aims to explore the effectiveness of fraud prevention and detection techniques by using data analytics, machine learning and data mining. The findings suggest that while data analytics is widely used by businesses in Ireland, there is an under-utilisation of data analytics as an effective tool to fight against fraud.
Additionally, Emmanuel Pascal, Director Governance and Risk Management at Iriguard, spoke about how to efficiently use Data Analytics to counter fraud. Emmanuel presented the testing strategies used to successfully identify fraud schemes hidden in volumes of transactions using different processes. For example, this technique can be applied to sales, inventories, productions and payroll.
We offer a range of specialised services for countering fraud that includes our Fraud Resilience Review and Fraud Loss Measurement exercises. If you would like further insight into the latest Financial Cost of Fraud figures, you can access our full report here. If you have any other questions, or would like to enquire about our services, please contact Jim Gee.
The first Counter Fraud and Forensic Accounting conference took place in 2010, where there were only 45 attendees. This year, 120 people attended in person and over 400 people joined online.
The Lasting Power of Attorney (LPA), introduced in 2007, is a legal document that grants the named individual the power to manage the affairs of another in the event of them becoming incapacitated for any reason.
Matters that can be undertaken using an LPA include access to bank accounts, investments and savings, even the sale of property. Effectively, the person named in the LPA assumes control of the affairs of another. LPA’s are checked against a national database to confirm that the document is authentic before banks and other entities act upon them. There are approximately 3 million LPA’s registered currently and it costs less than £100 to file for one.
LPA’s are arguably the most powerful document in a person’s financial life.
Use of the LPA has increased over the last decade and sadly, fraudsters have taken advantage of this.
There are a few checks required to validate an LPA application and a recent investigation by a consumer watchdog found the counter fraud controls to be ineffective.
In the case investigated by the watchdog, a fraudster obtained an LPA by submitting falsified names and addresses and the victim’s signature forged. This was then used to attempt to sell the victim’s house from underneath them. The fraud was only uncovered when solicitors dealing with the conveyancing queried the LPA and requested a doctor’s certificate to certify the victim’s alleged incapacity.
In this case, it was good due diligence by the conveyancing solicitors that prevented a catastrophic fraud that would have caused the victim severe hardship and deprived their family of their inheritance. However, the actions of the solicitor are not standard procedure and this effectively creates a postcode lottery of whether LPA fraud is likely to be successful or not.
The annual report of the Office of the Public Guardian for 2020-21 warned of the risk that the “weakness in the current process allows the registration of a fraudulent [lasting power of attorney].” It said less than 0.1% of registrations are suspected to be fraudulent. There were more than 680,000 successful LPA applications in 2020-21.
However, the lack of effective fraud controls means that this 0.1% figure – representing 3000 potentially affected individuals of the 3 million registered LPA’s – is likely to be much higher.
Our forensic services team are accredited counter fraud specialists, have access to the right tools to collate and analyse vast amounts of data and other material, and are able to present their findings to both the criminal and civil standards. If you would like more information on how to implement counter fraud measures in your organisation, please contact Jim Gee.
Fraudulent LPA’s can be submitted by strangers or indeed, people known to the victim. The National Fraud Intelligence Bureau recorded 3418 reports of Fraud by Abuse of Position with estimated losses of £67.5 million in 2021, demonstrating that those deemed to be trustworthy are still capable of fraud and the need for robust checks that are regularly reviewed.
Last Christmas, UK shoppers lost £15.4 million to online scams over the festive period alone. However, it’s not just shopping scams you need to be wary of! Below are the top ten Christmas scams we think you should be looking out for.
1. Charity fraud
Fraudsters seek to take advantage of people’s goodwill and generosity over the holidays. Last years figures showed that almost £350,000 of charitable donations ended up in the hands of criminals over the festive period, with a total of £1.6 million lost to online charity fraud in the last year.
If you’re unsure as to whether a charity is legitimate, you can check the charity name and registration number before committing to any payments here.
2. Social media adverts
Despite social media platforms having policies in place that prohibits fraudulent adverts, many still find their way to users’ timelines and homepages. The lack of oversight on social media marketplaces and the influx of novice shoppers online since COVID-19 anticipates an acceleration of victims seeking affordable gifts this Christmas. While the goods in these ads will appear at a discounted rate, they may never be delivered.
In a recent report by Natwest, Facebook marketplace was revealed as the most used site by scammers, closely followed by Instagram.
3. Travelling fraud
As there is a surge of people travelling to see loved ones over the Christmas period, fraudsters take advantage of inflating flight and accommodation prices, offering consumers a lower rate than the market average. Action Fraud reported an average loss of £1,242 per victim from travel fraud – this figure is lower than previous years as a result of COVID-19 restrictions. It is likely to increase as travel is now permitted.
Make sure you always travel with a reputable company and look out for the ABTA (The Travel Association) logo.
4. Counterfeit goods
Sellers will attempt to sell counterfeit goods to Christmas shoppers both online and in-stores. Only last month police seized more than 17,500 counterfeit goods from shops on Oxford Street in London. Counterfeit items can be dangerous as they are sub-standard and not fit for use and put legitimate companies at risk of losing business. It is also worth noting that purchasing counterfeit goods (whether it be voluntarily or not), supports corruption and facilitates criminal activity on a larger scale, including human and drug trafficking, bribery and money laundering.
5. Banking scams
As people increasingly use their cards and enter card details online for purchasing goods and services over the festive period, fraudsters take advantage to pose as your bank provider, this is also known as impersonation fraud. In the first half of 2021, UK Finance’s figures showed there was a total of 33,115 impersonation scams. This scam consists of a fraudster phoning you to verify a payment and will ask you to confirm bank details while on the phone.
If you’re not expecting a call from your bank, it could be a scam. If you’re unsure, hang up and call your bank on a trusted number listed on their website.
6. Fake delivery
Fake delivery scam texts were received by 60% of the UK population throughout the last year. Fake delivery scams consist of a text that states that a courier has attempted to deliver a parcel. The message will also provide a link, asking for information to reschedule the delivery, and in some cases request a fee to do so. In the first week of December 2020, Action Fraud had reports from 35 people who had been a victim of this type of scam, the 35 individuals lost a total of £103,000.
7. Loan fee fraud
Loan fee fraud is when those applying for a loan are asked for an upfront fee for a loan or credit that they never receive. In 2019, loan fee fraud accounted for 1 in 8 reported scams to the Financial Conduct Authority (FCA). The FCA stated that victims of this fraud lose on average, almost two thirds of their Christmas budget. With many having to endure financial hardship as a result of the pandemic, fraudsters will seek to target those vulnerable or susceptible to taking out loans this Christmas.
8. Phishing emails
Companies send out a series of emails during the run up to Christmas in attempt to sell their products and services. Cybercriminals utilise this to their advantage as the phishing emails appears among several legitimate emails. The emails will attempt to steal personal data by offering you products or deals at discounted rates, money or stating you have won a prize. Research found that 85% of phishing attempts went after user credentials in 2021.
Make sure you recognise the sender email address and grammatical errors in emails, these are the main signs that indicates a phishing email. Do not click on links that appear suspicious!
9. E-cards and gift voucher payments
Electronic gift cards are a go-to for scammers, and are expected to be increasingly popular in 2021 given the supply chain disaster. In 2020, data from the Federal Trade Commission found that gift cards have been the top fraud payment method since 2018. This method consists of cybercriminals emailing you to ask for an urgent payment using a gift card and will provide a link to where they want you to retrieve the gift card from. This is an effective way of defrauding victims gift card payments are untraceable, and the money cannot be recovered.
10. Fake websites
As of January 2021, Google has registered a total of 2,145,013 fake websites. Make sure you’re shopping from a legitimate website by looking out for the closed padlock icon on the left side of address bar. Cybercriminals will spoof legitimate company domains, and can appear convincing at a glance. It can be easy to miss if you’re last minute panic buying gifts.
Data from Action Fraud revealed that 28,049 shoppers were scammed when online shopping last Christmas – this was an increase of 61% compared to the previous year.
Scarcity of commodities increases opportunities for fraudsters to exploit long, complicated supply chains to maximise profits through fraud.
The global pandemic during 2020 was unprecedented and for many, unforeseen. Multiple sectors were forced into hurriedly placing their workforce into unplanned remote working conditions and some, particularly in the manufacturing sector were placed on furlough, with their production lines being stopped altogether.
As we emerge from these restrictions, the impact upon the global supply chains is beginning to become evident. Manufacturers are desperate to secure parts as the absence of just one piece is enough to prevent an entire product line from being shipped. For example, the IT and mobile phone manufacturers in particular have experienced high demand due to people seeking ways of staying in touch during lockdowns. But the scarcity of semi-conductors has created a perfect storm of demand exceeding supply. Lead times on new cars have increased and also numerous other products that contain semi-conductors that are now difficult to obtain.
The scarcity-effect inevitably pushes up the value of those products making them more appealing to criminal networks who either fraudulently obtain genuine components and sell on at massive mark ups, or they substitute genuine parts for counterfeit or substandard ones.
Supply chains are complicated with many touch points along the way. From the warehouses that store the parts, the courier companies that deliver them and to the production lines. Each of these touch points are susceptible to criminal efforts to interfere with.
Fraud committed against organisations engaged in supply chain activities can have severe consequences, particularly those who are contracted to provide parts “just in time” at specific points along the production line. If the parts are simply not where they’re supposed to be because they’ve been redirected by fraud, production lines can stop and service level financial penalties are incurred. In instances of supply chain contamination where genuine parts have been fraudulently substituted for reused, substandard or at worst counterfeits, negative reputational impacts are felt by the organisation that can take years to recover from.
In September 2021, Japanese electronics manufacturer Jenesis were unable to source microcontrollers from their usual supplier. Forced to seek alternative suppliers, Jenesis placed an order through an e-commerce site. When the microcontrollers arrived, they failed to turn on. An expert who examined the microcontrollers concluded that the specifications completely differed from what Jenesis had ordered, despite the packaging appearing to be genuine.
Detecting fraud at any of these touch points can be difficult to investigate and can be further complicated by vicarious liability risk. The best way to manage this risk is to proactively assure these supply chain touch points utilising specialist investigation techniques.
Our forensic services team are accredited counter fraud specialists, have access to the right tools to collate and analyse vast amounts of data and other material, and are able to present their findings to both the criminal and civil standards. If you would like more information on how to implement counter fraud measures in your organisation, please contact Jim Gee.
Taiwan Semiconductor Manufacturing Co., the world's leading semiconductor maker, forecasts that the chip shortage will continue until around 2023. With that scenario looking increasingly likely, chip-hungry electronics makers have little choice but to remain vigilant.
We examine some of the advantages and disadvantages of the various options that are open to an organisation when a potential fraud is uncovered.
For most clients there are two objectives that they want to achieve:
But what if the fraud is much larger than first perceived? And what if there are more people involved, both in the company and outside it? Would a criminal prosecution be best – both to hold to account those responsible and to send out a message of deterrence? Keeping all options available from the outset is vital.
Let’s start with the option of, a private investigator or a DIY investigation? Reporting a fraud to the police can be seen as being ‘the right thing’ to do. A law enforcement investigation will allow special police powers to be deployed, such as the searching of premises owned or controlled by the suspect, and the use of production orders requiring banks to release account details, allowing the money trail to be followed. A criminal conviction is certainly a deterrent and a compensation order may be made at court, although this will only be for the amount that the defendant has been charged with and for offences that are ‘taken into consideration’ at the time of sentencing. This might not reflect the true extent of the loss. In a police investigation, the victim is handing control to the police and so is unable to make decisions about what happens. Even after a lengthy investigation, the Crown Prosecution Service may decide that there is insufficient evidence to justify a prosecution and no further action is taken. All of this also has to be taken into the context that the fraud has to be first reported to Action Fraud, with no guarantee that there will even be a police investigation, and that the criminal courts are open to press reporting.
A common misconception is that criminal action has to take precedence over civil action – there is nothing in law that prevents criminal, civil and disciplinary action from running in parallel, although good case management is required.
The final options include the involvement of a specialist law firm or a qualified counter fraud specialist. Both of these will leave control of what happens within the hands of the client – he or she will be the final decision maker. Very often both disciplines will work together, with the counter fraud specialist gathering evidence and interviewing witnesses and the lawyer advising on next steps to bring the matter to the best outcome for the client. Within the civil law arena, it is possible to obtain court orders that will produce the same effect as police powers – the ability to search, to obtain bank details and to require documents to be produced, even from third parties. Early involvement of a law firm will allow the protection of legal privilege to be applied to the investigation; the use of a qualified counter fraud specialist will allow the best evidence to be obtained from witnesses and from hard copy and digital sources in ways that will ensure admissibility in later proceedings. The evidence will be gathered to the criminal standard, so enabling the client, if desired and the evidence supports it, to launch a private prosecution in the criminal courts.
Our Forensic Services team is made up of qualified counter fraud specialists, data analysts and forensic accountants. We work with specialist law firms that are expert in dealing with financial crime, with the aim of achieving the best, cost-effective outcomes for clients around the world. If you would like to know more on how to be prepared to tackle fraud in your organisation, get in touch with Jim Gee to discuss what options are available.
There were 4.6 million fraud offences in 20/21, a rise of 24% on the year before. For the same period, there were 5,576 criminal convictions.
This is a question that goes through the mind of many managers when faced with a potential fraud and usually the answer is along the lines of “well it can’t be that difficult, can it?”. The result is that they start their own investigation, talking to potential witnesses, having a look at the ‘suspect’s’ computer and emails, and perhaps even going through their desk and locker when they’re not at work. They start accumulating a lot of documents and digital material, some of it relevant, some of it not. But how do they store this material? What notes of their actions do they keep? Often other business needs take priority, things get delayed or missed and interviews with key people or those under suspicion are poorly planned or rushed. Opportunities for evidence to be lost or destroyed by the suspect are given and steps to prevent further losses or to recover what has been lost are not taken.
When someone commits financial crime there are over 25 different criminal offences that might be committed, each with its own ‘points to prove’; there are over 13 different pieces of procedural legislation that need to be followed, depending on whether criminal action is to be considered, civil recovery is to be pursued, or disciplinary action is to be taken. There is then the matter of case law to be considered, the laws relating to evidence, the use of intelligence, surveillance skills, interviewing skills, court-room skills… the list goes on. There are several opportunities provided for procedures to be carried incorrectly, something that at the time might not seem to be a problem but which later on increases in significance, to the extent that it will allow the defence to make arguments for crucial pieces of evidence to be excluded from proceedings.
There have been many occasions where well-meaning investigations have gone wrong and the following cases illustrate just that:
Where financial crime is suspected those investigating should be properly trained and qualified. Our forensic services team are accredited counter fraud specialists, have access to the right tools to collate and analyse vast amounts of data and other material, and are able to present their findings to both the criminal and civil standards. For more information please contact Jim Gee.
Online fraud increased by a third in the UK during the pandemic.
Recent months have seen movement from the UK authorities to try to address the serious problem of financial crime. Our latest report on the subject, ‘The financial cost of fraud 2021’ shows that the cost to UK businesses and individuals now runs at some £137 billion. With the latest ONS data showing that between March 2020 and March this year there was a 26.3% increase in incidents of fraud and a staggering 99.7% increase in cybercrime, what more incentive could be needed for action to be taken?
On 27 July 2021 the UK Government published its action plan to cut crime. The ‘Beating Crime Plan’ received much media attention, although most of this focussed on there being a named officer for every victim of crime, “chain gangs” as punishment for anti-social behaviour and, league tables for police forces to rank how quickly they answer calls for assistance. However, aspects of the plan designed to counter fraud and cybercrime were not widely reported.
The plan proposes that the national body responsible for receiving reports of fraud, Action Fraud, is scrapped. Many commentators would argue that this is about time, with user feedback from the service describing it as “pointless”, “a waste of time” and with a complete absence of updating and contact. The replacement is vaunted to be an “improved” national fraud and cybercrime reporting system, increasing the intelligence capabilities in the National Crime Agency (NCA) and the national security community. How this will also improve the experience of victims and those who report fraud is unclear but to fail to do so will mean that the system is flawed from the outset.
A report by parliament’s Intelligence and Security Committee, found that the UK “offered ideal mechanisms by which illicit financial finance could be recycled through what has been referred to as the London ‘laundromat’”. The gatekeeper of the UK’s anti-money laundering regime is known as the ‘regulated sector’ – the lawyers, accountants, banks, casinos, money-change bureaus and high-value dealers whose services may be targeted by criminals to launder the proceeds of crime. The Money Laundering Regulations place a burden on the regulated sector to report suspicions of money laundering to the National Crime Agency in the form of a Suspicious Activity Report, commonly referred to as ‘SARs’. Failure to report a suspicion is a criminal offence under the Proceeds of Crime Act but prior to this year there have been relatively few, if any, such prosecutions. This changed in June this year, when self-styled money laundering expert Dominic Thorncroft was convicted of failing to notify the authorities of suspicions of money laundering. Earlier the same month the Crime Prosecution Service (CPS) updated its guidance and policy on prosecuting those working in the regulated sector for failing to submit a Suspicious Activity Report (SAR). It indicates that prosecutions are more likely to take place in cases where there was insufficient evidence to establish that money laundering was planned or has taken place, something that would not have happened previously. Given that over 94% of SARs emanated from banks and other financial institutions in 2019/20, its clear that the CPS feels that others in the regulated sector need to do more to combat money laundering.
If you would like further information on how your company can reduce its exposure to fraud or to ensure that it is doing all it can to identify suspicions of money laundering, please contact Jim Gee.
Our latest ‘The financial cost of fraud’ report shows that fraud is costing businesses and individuals in the UK £137 billion each year.
Recruitment fraud has the potential to infiltrate all industries and levels of employment, with 80% of CV’s containing discrepancies. Recruitment fraud is when someone lies about their experience, qualifications, employment history or previous integrity to gain employment. It denies genuine candidates’ job roles, denies employers’ staff that successfully carry out their responsibilities and allows fraudsters into an organisation where they can undertake wider fraud and theft. Subsequently, recruitment fraud represents a significant cost, which undermines the financial health of those organisations which are affected.
Recruitment fraud is a worldwide threat. There have been countless incidents of individuals claiming to have experience or qualifications that they do not have. From a serial fraudster using a fraudulent application to become a pilot; to a salesman that managed to run six schools into the ground after lying on his CV. Considering the importance and trust placed in some of these individuals, it is alarming how negligent due diligence can be on such job roles.
Establishing the true cost of recruitment fraud is a difficult phenomenon to quantify. However, we have carried out research that discovered the impact on the UK economy. In 2019, our ‘The real cost of recruitment fraud’ report found that recruitment fraud costs the UK economy approximately £23.9 billion. The same methodology was applied to the potential global cost of recruitment fraud, which costs approximately £559 billion.
The consequences of recruitment fraud can be significant. It does not only damage an organisations reputation and credibility, but it can have a catastrophic impact on customers, clients and/or patients. An example that illustrates the potential impact it can have comes from the NHS. A former NHS boss was given a two-year suspended jail sentence for lying about his university degree. Peter Knight, the former Chief Information and Digital Officer on a £130,000 salary, lied on his CV about having a Classics degree. Knight was only identified after an anonymous tip, and resigned from his role after two years. Failings in basic security checks of a senior official, who would have otherwise gone undetected, demonstrates how dangerously easy it is to falsify your way to the top. It was fortunate that Knight did not have a clinical role, nor had direct contact with patients. If the NHS is failing to check basic facts about a senior figure, it may be of concern as to what other areas the NHS are failing to check. For example, the academic background of a doctor, potentially resulting in incorrect treatment being provided, or worse, unintentionally facilitating a death of a patient. This case highlights that even the NHS, one of the largest national institutions in the world, fell victim to a simple case of recruitment fraud.
Deterring individuals from carrying out recruitment fraud is not complex or difficult. Effective pre-employment checks are relatively low cost and easy to commission, however, you should always consult with an expert before you act.
If you would be interested in strengthening your fraud resilience, or require background checks on individuals or companies, please contact Jim Gee.
The most common type of recruitment fraud that organisations experience is applicants claiming to have qualifications and/or status they do not possess.
Since the global recession in 2008, there has been an 88% increase in average losses from fraud and error (for the period of 2019-2020). Our latest Financial Cost of Fraud report, produced in collaboration with the University of Portsmouth, reveals that the UK’s fraud losses alone equate to £137 billion. This startling figure suggests that organisations are losing significant amounts that could be reinvested back into businesses, public services or charities.
There are several factors that contribute to the increasing prevalence of fraud, however we believe that fraud is a growing issue as a result of two overarching concerns:
1. The digitisation of processes
Most aspects of life are now heavily reliant upon technology. The digitisation of processes proliferates instances of fraud by increasing an organisation’s vulnerability and therefore increasing opportunity to commit fraud. Technology enables organisations to be defrauded both internally and externally, with its methods remaining inconspicuous at first glance. Fraudsters can now go after large amounts of not only money, but also information, and do so repeatedly if an organisation is unsure where its vulnerabilities and weaknesses lie. Technological processes have also removed direct contact with a fraudster’s victims, which may also contribute toward a lack of empathy or fear of being caught.
An internal threat will consist of a dishonest employee. An individual within the organisation has the ability to access and manipulate data and records for their own personal gain, or they may outright steal data. An insider threat can use several methods to defraud their firm. Some examples include misdirecting money by altering bank account details of suppliers, editing and/or duplicating supplier invoices, or stealing confidential information for an advantage to gain employment at another company.
External threats can range from suppliers to cybercriminals, some of which may even conspire with an employee within the organisation. The ability to access information instantly and deepfake voice technology existing, has enabled fraudsters to pose as other people. Fraudsters can put on a convincing act, and so the difference in whether an organisation is defrauded or not, often boils down to awareness among employees and the avoidance of human error. External threats can include variations of phishing attacks, the provision of false documents, or infiltration of networks through unaddressed weaknesses.
All of the above can be prevented to an extent, if an organisation understands and has an awareness of where and how the opportunity to carry out fraudulent acts arises.
2. Organisations do not consider fraud as an additional business cost
Fraud is a hidden cost and so many deny that it is prevalent within their organisations. Most organisations have only planned a process to react after a fraudulent act has taken place. As a result, the cost of fraud is not being reduced. Yet, evidence has revealed that fraud losses can be reduced by up to 40% within 12 months. The financial cost of fraud can be reduced if loss measurement exercises are carried out and then repeated over time. Research has found that more than two thirds of fraud loss exercises has shown losses to be more than 3% of expenditure. Carrying out regular exercises to monitor the amount being lost to fraud will gradually help reduce this percentage. Accepting that fraud is an inevitable cost will allow you to treat it as any other business cost, one that can be managed and reduced.
A typical fraud case lasts 14 months before it is detected.
Local communities in which mines are situated benefit from the mining industry as they provide a steady source of income to those they employ and develop the local businesses which supply goods and services. As these communities are often in remote and poverty-stricken areas, some seek to exploit the opportunities the mine provides through corrupt behaviour, resulting in both the community and the mine itself suffering the consequences.
Nepotism and cronyism
Nepotism and cronyism are terms used for when family members or those known to an individual receive preferential treatment, and are awarded jobs and other benefits as a result of favouritism. Nepotism and cronyism are completely unethical; however, both are often embedded within the cultures of local mining communities, and considered the norm.
In the mining industry, nepotism and cronyism is often evident within the recruitment process. Unfair advantages are provided to individuals who may not be able to carry out a job role efficiently. This hinders the growth of the mining business in several ways:
The UK National Fraud Authority defines procurement fraud as “A deliberate deception intended to influence any stage of the procure-to-pay lifecycle in order to make a financial gain or cause a loss.” Procurement fraud can be carried out by those external or internal to the organisation.
From our experience, it can be an internal employee from a mine who creates bid rigging schemes and/or creates ‘ghost’ suppliers. Procurement fraud can arise as a result of many factors, including little or no enforcement of the organisation’s procurement policies, falsification of documents, and collusion by an internal employee with an external supplier. The consequences of this behaviour are:
Bribery is the offering, giving or receiving of any item or service that is of value to an individual in exchange for an unfair advantage or favour. In the mining sector, it is often an external source that bribes an internal employee to gain employment, contracts or financial gain. The damaging impacts on a mine include:
If you would like to find out more on how fraud impacts the mining sector, click here to download our report on countering fraud for competitive advantage in the mining and energy sector. Or, if you would like information on how we can help you reduce the chances of fraud and corruption within your organisation.
Crowe UK’s Forensic Services Team have undertaken work for natural resources companies in Central and South East Asia, East and West Africa, Australia, Canada and the United States.
The National Audit Office (NAO) has estimated that the UK Government will spend more than £210 billion on its response to the COVID-19 pandemic. This money has rightly been spent on supporting organisations and individuals across the country in this time of unprecedented economic stress and the vast majority of the money has been legitimately applied for and correctly received.
However, there is always a dishonest minority and on Wednesday 7 October 2020 the NAO published its report, ‘Investigation into the Bounce Back Loan Scheme’, which has taken a closer look at how the Bounce Back Loan Scheme (BBLS) has been distributed.
The report notes that the HM Treasury, British Business Bank (the Bank) and Department of Business, Energy and Industrial Strategy (BEIS) developed BBLS provides registered and unregistered businesses with loans of up to £50,000 or a maximum of 25% of their annual turnover. This loan should help to maintain their financial health during the pandemic. The scheme launched on Monday 4 May 2020 and will remain open until Monday 30 November 2020, with the government retaining the right to extend the Scheme.
The loans are provided by commercial lenders (for example, banks, building societies and peer to peer lenders) directly to businesses, who are expected to repay the debt in full. Failure to do so may have a negative impact on their credit score and may affect their ability to borrow in the future. The government provides lenders a 100% guarantee against the loans (both capital and interest). This means if the borrower does not repay the loan, it will step in and repay the lender. HM Treasury data shows that as of Sunday 6 September 2020, the Scheme delivered more than 1.2 million loans to businesses, totalling £36.9 billion. BEIS and the Bank expect BBLS to have lent between £38 billion to £48 billion by Wednesday 4 November 2020, substantially more than it initially expected.
The government recognises that the decision to provide funds quickly leaves taxpayers exposed to a significant risk of fraud, including fraud caused by self-certification; multiple applications; lack of legitimate business; impersonation; and organised crime.
BEIS’s 2019-20 annual report and accounts highlights likely total credit and fraud losses of between 35% and 60%, based on historic losses observed in prior programmes which most closely resemble the Scheme. Assuming the Scheme lends £43 billion, this would imply a potential cost to the government and taxpayers of £15 billion to £26 billion – an enormous sum.
The nature of the losses are likely to be on a spectrum from high volume, low value opportunistic fraud through multiple fraudulent BBLS applications from fake companies through to high value, low volume fraud by organised crime groups. The number of companies registered each week after the government announced the scheme rose by 285% to a record 21,616 by the end of June 2020.
So, what is to be done? For many years, police resources focussed on fraud have diminished and it is now very hard to persuade them to take on a case of fraud. BEIS and the Bank do not have the counter fraud resources to investigate this scale of fraud. Perhaps it is time for private sector forensic and legal specialists to help tackle this threat – and to ensure that there are clear and visible consequences for the dishonest minority. The government did the right thing in supporting UK business – could specialists from UK business now support the government in identifying and investigating the fraudsters and recovering the losses?
Fraud can take on many shapes and forms with far reaching impact. It costs the NHS £1.29 billion a year (with independent academic estimates actually putting this figure between £3-£5 billion) and is a good example of how it can touch everyone’s life in the UK in one way or another. That’s enough to pay for over 40,000 staff nurses or purchase 5,000 ambulances. Due to the scale and complexity of the NHS it is affected by lots of types of fraud, one of which is the phenomenon of ‘ghost patients’. Ghost patients are people registered with General Practices who do not actually use the practice because they have moved to a different neighbourhood or have died.
NHS Digital records showed that in 2018 there were 3.6 million more patients registered with the NHS in England than there were people in England, and a 2018 investigation revealed the imbalance was the result of ‘ghost patients’. NHS General Practitioners (GPs) receive £150 a year for each patient registered with their practice, and with an average of 1,700 registered patients each the payment is a significant proportion of a GP’s income. The investigation revealed £550 million was wrongly allocated to GP’s who, either intentionally or mistakenly, kept ghost patients on their books.
Ghost patients, and the additional payments associated with them, could be the result of poor record keeping rather than intentional dishonesty. Irrespective of the cause the result is similar, less funding available for the NHS to spend on the good work to keep the public healthy and save lives.
Any organisation thinking about where it may be losing money to fraud should always consult an expert before taking action. For more information on tackling fraud and to discuss measures to strengthen your organisation’s security.
A fraud investigation often reveals a lot more than was originally suspected. Where fraud does take place, it is rarely an isolated incident and so an investigation into its full extent is very important. Investigations - using various techniques - can provide the opportunity to determine who is involved and the fraudsters’ modus operandi, and to identify the process and systems weaknesses which may have allowed the fraud to take place.
A thorough investigation is the only way to resolve a suspicion of fraud. Following the findings of an investigation, a strategy to devise a proactive approach to reduce the nature and extent of fraud can be adopted, resulting in a long term beneficial impact on businesses’ approaches, company cultures and employees’ and suppliers’ outlooks.
An investigation can be carried out using a number of different techniques and these are tailored to each specific investigation. Open source information resources are a common tool to gain insight and background knowledge concerning individuals, businesses, associated persons and assets. Additional methods can include examining (with permission) emails and other data, interviewing employees, and analysing relevant documents. When the relevant data has been identified, it can then be prepared for the most appropriate form of analysis in order to draw conclusions.
Recent COVID-19 lockdown conditions have limited some face to face aspects of fraud investigations. Nevertheless, Crowe has the capacity to undertake remote investigations using its proprietary technology to remotely image computers and interview witnesses and suspects. This is highly effective.
The first stages of a fraud investigation can be the most important to get right and we recommend to always seek specialist advice if you suspect a fraud to have taken place. We have compiled a list of ‘dos and don’ts’ if you find yourself in this position.
A thorough investigation is very important. It doesn’t have to be a lengthy process but the thoroughness is crucial. Not to resolve a suspicion of fraud can be very damaging both to the organisation concerned and to those who are suspected. There is no substitute to a professional, legally compliant investigation in order to do this.
Expert determination is a procedure that involves a dispute, or difference, between two parties which are submitted to one or more experts who make a determination on the matter presented to them. The opinion reached is then binding on the parties, unless they both agree otherwise.
If you would like more information on our expert witness service please click here or contact Chris Hine on 0161 214 7567.
An expert determination is usually quicker, cheaper and less formal than arbitration or litigation.
Forensic accountants are often instructed on professional negligence disputes.
In professional negligence cases the defendant may be a firm of solicitors, accountants, or architects that have previously provided some form of advice or work which is now alleged to have been below the standard expected, causing a financial loss.
The claimant must prove three areas:
The latter is a crucial part in any professional negligence claim as unless a direct correlation can be made between the negligent advice/work and any resulting loss, a Court is unlikely to find in favour of the claimant.
There are two broad alternate aspects to any work we undertake – firstly reviewing the work undertaken by an accounting professional to identify whether it has been performed in an acceptable manner, or secondly reviewing the claim on the assumption that work was negligent but being instructed to assess any loss arising.
The test for professional negligence (e.g. an accountant) is fundamentally what you would expect a reasonably competent accountant to have done based on the accounting and auditing standards, generally accepted accounting principles, and practices that were in place at that time. It is not the case that you are giving an opinion on what you would have done at the time but rather, from your experience of conducting similar work and familiarity with other accountants’ work, whether you consider the defendant has carried out their work to a reasonable standard.
As the expert witness must have relevant contemporaneous experience, our forensic team will frequently work alongside experts from other disciplines within our firm to provide a seamless service.
In terms of any resulting award made by the Court, the defendant professional will usually carry insurance against such claims being brought against them and that insurance company will make the funding decision as to the appointment of an expert witness to prepare a report, based upon advice provided by the defendant’s solicitors. The financial consequences of a claim will depend upon the impact on the claimant’s business, but will frequently be assessed in the same manner as a loss of profit or business interruption claim.
If you would like more information on our expert witness service please contact Chris Hine on 0161 214 7567.
Professional negligence is when a professional fails to perform their responsibilities to the required standard or breaches a duty of care, which results in financial loss, physical damage, or injury to a client / customer.
There are various traits that are important to possess to enable you to represent your client in expert witness work. More importantly, the skillset is needed to deliver your prime responsibilities to the court, and ultimately lead to a fair assessment upon which the Court can make their judicial decision.
In years gone by, there was an overwhelming feeling - that ultimately led to reform - that experts were often regarded by those instructing them as ‘hired guns’, making the evidence fit the conclusion that would best assist their clients.
Our overriding duty is to the Court, and not the party instructing or paying us. Ultimately, we must maintain our independence notwithstanding any pressures exerted either from solicitors or lay clients. There have been various cases we have been instructed on where we have had to tell our solicitors – “sorry, but your case can’t be supported on the evidence available”, this is not what the solicitors or client may necessarily want to hear but to avoid such a conversation would be to undermine your own opinion and work.
At times solicitors may try and put some gentle pressure to change an opinion, or a working, but if you are clear that what you have concluded is (to your mind) correct, then your professional duty is to remain resolute.
Another quality required is consistency – a Court will not take kindly to an expert changing his mind with the wind, or worse still, expressing one opinion on a specific matter in one case, then at some point later addressing essentially the same matter but adopting a completely contradictory approach (with no good reason to do so). A Court will always accept if you have had access to new evidence which has impacted your opinion, but someone who is willing to change their opinion so easily is not a robust expert witness whose evidence will be accepted by the Judge.
Further, an element of fairness to any report, or verbal evidence given in Court, is key in supporting a crafted argument – if a report is totally weighted towards one’s own client throughout then it can bring into question the independence of the expert. One useful method adopted by many experts is the adoption of a range of conclusions, particularly when there is a monetary aspect, to give the Court an idea of what range the claim may lie within. This may be couched within terms such as if we assume ‘A’ the claim is £Y, but if we assume ‘B’ then £Z may be more appropriate.
An area in which an expert giving evidence at Court can undermine his own case is where the report may be absolutely fine, in fact it may be one of the best reports ever produced. But if that expert has overly relied on his team to prepare the report, and the understanding of its methodology and underlying assumptions is not fully understood or concluded by the expert, then the expert’s evidence will be quickly undermined under cross examination and a perfectly good report potentially made redundant.
It also helps an expert to be a good story teller – not making things up of course – but delivering a report that takes the reader (and the Judge) on a journey, where the issue is set out, and signposts set early on in the report for what is coming later. There is nothing worse for a judge than to have read a report and by the end be completely lost or confused as to what they have had actually just been told – wherever possible, the simpler and less technical the language, the better.
The Academy of Experts help you find a qualified expert witness to assist you on your case and also provide training courses for those who act as expert witnesses.
One area where we often provide expert support is in the form of Expert Determinations (ED). ED is a procedure which involves a dispute, or difference, between two parties which are submitted to one or more experts who make a determination on the matter presented to it or them. The opinion reached is then binding on the parties, unless they both agree otherwise.
An ED can be beneficial to the disputing parties as it is less costly than going to Court, a faster process, is usually binding on the parties, and is subject to the opinion of an independent accountant who has no allegiance to either side.
The resulting opinion can take one of two forms – non-speaking or speaking. There are pros and cons associated with each. A non-speaking approach is exactly as it sounds, say a company valuation is being undertaken, the non-speaking opinion will state is that ‘the shares are worth £X’. There are no report details to be challenged and as such it is difficult to challenge the outcome, although one side will invariably be happier with the outcome than the other.
A speaking valuation is the opposite of a non-speaking valuation and will set out in detail how the value for those shares has been reached in a format more akin to a traditional report disclosed for Court. It has the benefit of covering the issues that may have been in debate between the parties, explaining why the conclusions have been reached. A speaking valuation may also raise matters which the parties wish to challenge that could end up protracting the process (for instance if they think something is factually incorrect). The threshold for challenging a determination on its findings is high, however, as the test is normally whether there has been manifest error.
We can be instructed either as the expert undertaking the determination or assisting one of the parties in preparing their submissions. If you would like more information on our expert witness service please contact Chris Hine on 0161 214 7567.
In simple terms, we are the numbers support service to litigious disputes, investigations or advisory work and are frequently instructed to prepare reports for Court on what can be very complex, or hotly disputed, accounting/number issues. Sometimes our work can be conducted on an urgent basis within a day, but often the work continues over many months, or even years. Although our clients will always want the best outcome for themselves, our responsibility as an expert witness is to the Court while if we acts as advisors we will present both the strong and weak points of a client’s case, possibly ahead of mediation or consideration of a legal claim. Our work can take us anywhere within the UK, and across any industry, while we also take on overseas matters due to our well established Crowe Global network of over 750 offices across 130 countries.
Our work is not supported by a portfolio of clients like it might be in audit or tax service line, each year a different set of challenges and scenarios is presented to us as we seek to assist our clients in either their dispute, investigation, or analysis. While not professing to be the ultimate experts in every field of industry, we need to be sufficiently capable of being able to quickly pick up how various businesses operate, and what are the real issues that will drive the case either at Court, mediation, or in other negotiations. While we always want to help our clients it is also important that we maintain an independent thought process which sets out the respective merits of a case, both good and bad from our client’s perspective.
The matters we work on are often diverse and regularly challenging, examples of the range of casework we have been instructed on include:
If you would like more information on our expert witness service please contact Chris Hine on 0161 214 7567.
Earlier in July 2022 the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) wrote a joint letter to the Law Society reminding solicitors of their advice regarding ransomware, and if a payment should be made in the event of an attack. Both the NCSC and ICO have seen a recent rise in ransomware payments being made which coincides with the monumental growth of ransomware attacks over the last few years, positioning it as the largest online threat to the UK.
Ransomware is a type of malware (malicious software) that unlawfully encrypts files on a network, holding the business to ‘ransom’ to decrypt them and restore business operations.
The intention of the letter was to reiterate to the legal profession, whose services are usually retained for advice in the event of an attack, that payment of a ransom will not fully protect the stolen data and/or result in a lower penalty by the ICO. This message can then be shared more widely with their clients.
Ultimately, each business will have its own reasons for the tough decision it must make in the event of a ransomware attack. However, the NCSC and ICO are clear in their guidance that paying a ransom does not reduce the impact of an attack or scale or type of enforcement action.
“The ICO will recognise when organisations have taken steps to fully understand what has happened and learn from it, and, where appropriate, they have raised their incident with the NCSC and they can evidence that they have taken advice from or can demonstrate compliance with appropriate NCSC guidance and support.”
• A guide to ransomware - NCSC.GOV.UK
• Ransomware and data protection compliance | ICO
Unfortunately, ransomware will continue to be an effective tool for cybercriminals to extort money from businesses as more and more pay. Organisations need to make sure they are in a position to assess, manage and mitigate the risk to help reduce the potential of being victim of it.
We offer various services that are able to assess your company’s vulnerability to cybercrime from both an internal and external perspective, offering guidance on how to strengthen your position. We also provide training to employees on topics regarding cybercrime and security. If you would like to know more about the services we offer, please get in touch with Tim Robinson.
In the event of a ransomware payment being made, on average only 65% of the data is recovered, with only 8% of companies managing to recover all of their data.
To those initially starting a business, it may seem that small start-up companies would not be an appealing target to cybercriminals. However, cybercriminals are targeting smaller companies as a gateway to larger organisations they may work and/or interact with.
Smaller companies are less likely to have considered cybercrime as a risk, and thus are less equipped when it comes to having security measures in place to detect, prevent and protect itself against potential cyber incidents. It is easier for a cybercriminal to infiltrate a smaller companies’ systems and networks, than it is with a larger organisation that will have a dedicated cyber security team, has extensive measures in place, and maintains certification to regulatory industry standards such as ISO 27001 and SOC 2.
The threat can be both internal and external.
The biggest internal threat is human error. While it is the intentions of some employees to inflict a cyber related incident, the majority of the time it is purely accidental. In 2019, 90% of cyber data breaches were caused by user error. Unsafe practices, and employee unawareness of cyber and information security threats, can leave an organisation – and its assets – vulnerable to cybercriminals. One of the most common examples is an employee accidentally clicking on and downloading a malicious file that then infiltrates an organisation’s internal network with malware.
In addition, external threats can put a company at risk on a regular basis, with statistics showing that 31% of businesses are targeted with a cyber attack at least once a week. Official statistics show that the most common threat vector was by far phishing attacks. Other threats include, but are not limited to ransomware, Distributed Denial of Service (DDoS) and Social engineering.
We offer services that can help build your organisation’s cyber resilience. For more information on the services we offer, please contact Jim Gee or a member of the Forensics team.
That the latest Cyber Security Breaches Survey found that 82% of businesses reported cyber security as a high priority for senior management, but only 19% of businesses have a formal incident response plan.
In comparison to 2019, research found a staggering increase in data breaches among many sectors in 2020 – however, the food and beverage industry came out on top, experiencing a 1300% increase. The trend remained consistent for 2021, with Q1 continuing to show increasing figures.
During the pandemic, many food and beverage companies made the shift to direct to consumer e-commerce. In doing so, an abundance of consumer data is now collected by companies, posing a significant risk if companies are not safeguarding the data to the extent that they need to be.
The information gathered and held by the companies will usually consist of Personally Identifiable Information (PII) in addition to customer payment details, such as debit or credit card information and/or account login details. PII data is valuable to cybercriminals as it can be sold on the dark web, and in turn can be used for fraudulent purposes. The more data there is to access, the more damage that can be caused.
Further, the supply chain within the food and beverage industry is increasingly vulnerable to cyber-attacks. As there has been minimal levels of reporting of cybercrime within this sector, little attention has been drawn to the need for tightened cyber security.
Some entities within the supply chain will not hold vast amounts of data, but as a result of their systems being so easily exploitable cybercriminals will still take the chance to hack or infect systems and networks or use it as an entry point to other entities within the supply chain. In addition to the theft of data, attacks cause other major disruptions. This includes jeopardising the security of products, impeding the movement of products, halting production, and harming the quality and safety of products for consumption.
The sector has been referred to many a time as low hanging fruit for cybercriminals, particularly with the increase in automated operations. A recent example of a cyber attack in the food industry comes from KP Snacks, who were targeted by ransomware at the end of January. The company issued letters to stores stating that the attack severely impaired its IT communications systems, meaning the company were unable to safely process orders or dispatch goods.
We offer a range of services to assess your company’s vulnerability to cybercrime from both and internal and external perspective, and can provide detailed reports on your organisations third party cyber resilience procedures. If you would like to know more about the services we offer, please get in touch with Jim Gee.
Research has found that around 57% of all cyberattacks targeting e-commerce sites are done by bots.
Most people would say they are aware of what makes a good password. It’s been a long-accepted standard that an online password should be a minimum of eight characters including numbers, capital letters and special characters. However, most people would agree that following these golden rules and using ‘Pa$$word!’, is easily guessable and far from secure. Cyber criminals have a myriad of techniques to decipher a password, so why make it easy for them?
The more unique, complex and long passwords are, the more secure they will be. However, the trouble is that most people have multiple online accounts and remembering unique passwords for each account is hard. People fall back to using the same passwords for different accounts, which is particularly dangerous when shared with an email account login. If a criminal is aware of your login credentials for one account, they gain access to all. Gaining access to an email account opens up rich personal information, potential access to other accounts or impersonation of you to trick others.
The National Cyber Security Centre recommends combining three random words. The thought process behind this is to try to create a password that will be strong enough to keep criminals out, but easy enough for you to remember. Therefore, removing arbitrary complexity which makes them hard to remember and can have little benefit against criminal’s search algorithms. You’ll be less likely to use the same password for multiple accounts.
Although this sounds simple, it is very effective. Just think of three completely random words (e.g. DrainpipeHaircutMountain). Repeat it a few times in your head and you’ll be unlikely to forget it.
You should avoid using words linked to personal information which could be easily found out through social media profiles, such as favourite sports teams, birthdays, names of family or pets. Also, swapping out letters for similar looking numbers or characters only provides a small amount of extra security as criminals are well aware of typical substitutions. Keeping it simple will make it easier for you to remember.
Feel you can do more? Why not make it four random words. The more random words that are used to create passwords, the more password diversity. Previous password complexity requirements could be said to be going against creating more new passwords and making the criminals job easier.
Get yourself a password manager. Password managers can help create and store all your passwords uniquely and safely, across multiple devices and platforms.
Perhaps it’s time to rethink your password strategy?
If you would like to know more about the cybercrime services we offer, please get in touch with Jim Gee.
The National Cyber Security Centre is a UK government organisation dedicated to delivering cyber security support and advice to the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public.
Rarely a day goes by without hearing about the huge sums of money associated with top flight football clubs and the entirety of the sport as an industry. Six clubs from the Premier League are included in the top ten European teams to have spent the most on recruitment in the last ten years. More recently the Premier League clubs’ gross spend totalled £295 million in the January 2022 transfer window alone. This was over four times higher than the spend during January 2021 (£70 million), and is the second highest winter transfer window spend ever. To put this into perspective, the gross transfer spends across the other ‘Big Five’ European leagues (La Liga, Serie A, Bundesliga and Ligue 1) stood at a combined £317 million, which is only £2 million more than the Premier League and England Football League combined. Given the substantial sums involved in football, this has unsurprisingly attracted cybercriminals.
Particular focus was drawn to the cyber security of football clubs in November 2021 after Manchester United’s systems were breached. The club reported that the breach had not impacted matchday operations, and club media channels including the website and app were unaffected. However, staff were unable to access emails. While Manchester United escaped relatively unscathed, other clubs were not so lucky.
In July 2020, a Premier League club almost lost £1 million after cybercriminals compromised the email address of a Premier League club’s managing director during a transfer negotiation, and only intervention from the bank prevented the club losing the money. Other cyber incidents have included an English Football League fixture being postponed due to a ransomware attack which locked the turnstiles into the stadium and disrupted security systems.
Cybercrime in the football sector is a growing enterprise for many cybercriminals. We offer various services that are able to assess an organisation’s vulnerability to cybercrime from both an internal and external perspective. If you would like to know more about the services we offer, please get in touch with Jim Gee.
Most people will have heard of ‘phishing’ but have you heard of ‘whaling’? ‘Whaling’ is when cybercriminals specifically target high profile or high-level executives to try and steal sensitive data.
SQL stands for Structured Query Language – cybercriminals use this language to force servers into delivering protected information. SQL Injection is a common form of cyberattack which a surprising number of organisations are vulnerable to. A study by the Ponemon Institute, The SQL Injection Threat & Recent Retail Breaches, found that 65% of the businesses surveyed stated that they were victims of a SQL Injection-based attack.
Simple to execute, SQL Injections can have catastrophic consequences for many organisations. Attacks can often result in protected databases concerning all kinds of information being leaked, for example personal information about customers or clients. This information can then be sold on the Dark Web and used for other criminal purposes.
The attack involves adverse actors submitting malicious code into an unprotected website comment or search box. The statement, or line of code, is manipulated which can enable the actor to steal, delete or modify data, as well as gain administrative control over systems that run the affected applications. Using input validation, such as prohibiting the use of special characters, is an effective way to prevent SQL injections.
We offer various services that are able to assess your company’s vulnerability to cybercrime from both and internal and external perspectives. If you would like to know more about the services we offer, please get in touch with Jim Gee.
Target, Yahoo, Zappos, Equifax, Epic Games, TalkTalk, LinkedIn, and Sony Pictures have all been hacked by cybercriminals using SQL injections.
Following the Prime Ministers announcement earlier this week, imposing economic sanctions on five Russian banks and three Russian individuals, the National Cyber Security Centre (NCSC) has repeated its advice that UK businesses need to be prepared for possible cyber attacks.
Although no sector has been specifically identified as a likely target, Ukraine has seen several Distributed Denial of Service (DDoS) attacks officially attributed to Russia on Ukrainian banks. DDoS attacks are high volumes of malicious internet traffic directed at a specific target designed to prevent the service from working or being accessible.
Flooding an internet connected financial services organisation with malicious traffic can have serious impacts on those who are legitimately trying to access them. Delayed payments for goods and services can have contractual consequences such as late payment fees or delays in the dispatching of business-critical goods, particularly affecting “just in time” supply chains.
The UK is interconnected globally with many UK banks communicating with banks in Ukraine and Russia. Economic sanctions affecting high net-worth individuals who have assets in UK banking institutions are now unable to transact. This could trigger retaliatory action by Russia in the form of cyber attacks.
No. Cyber attacks can take many forms and DDoS is merely one of them that has been seen recently. In early February, the US, UK and Australian cyber security agencies issued a joint alert that we can expect to see increases in the sophistication and impact of Ransomware targeting critical national infrastructures.
In January, a number of “fake” ransomware attacks targeted Ukrainian government agencies and non profit organisations. These ransomware attacks were similar to the 2017 NotPetya attacks, as they focussed on data encryption and destruction rather than profit for those behind the attacks.
According to Microsoft, the malware lacked a recovery mechanism so any victims who chose to pay the ransom would have been unable to decrypt their data and recover their services.
Organisations and individuals considering fundraising or sending aid to Ukraine should also consider whether this is likely to make them a more active target of cyber-attacks.
It is recognised that it can be problematic for any organisation needing to implement widespread, sweeping changes quickly, in response to changes to external threats. However, the NCSC has issued guidance concerning 11 areas that organisations should review and take appropriate action. These are:
Click here to access the NCSC guidelines on actions to take when the cyber threat is heightened.
We offer various services that are able to assess your company’s vulnerability to cybercrime from both and internal and external perspective, and can help you develop on your organisations current cyber resilience policies. If you would like to know more about the services we offer, please get in touch with Jim Gee.
A recent study found that 82% of UK organisations who have been victims of ransomware paid the attackers. This makes the UK the most likely to pay cyber criminals against a global average of 58%. From those who paid the ransom, 4% were unable to retrieve their data.
The last decade in particular, has seen small and medium sized cybercrime ‘businesses’ develop into national and international businesses. Focussing on the trends that are likely to occur is how the cybercrime ‘businesses’ themselves will develop – sometimes those seeking to protect organisations against cybercrime focus on the latest techniques but fail to look at the organisations who are developing and implementing them.
Firstly, there is likely to be a greater ‘commercialisation’ of what cybercriminals do. They will seek to do what they already do more efficiently and to reduce costs. Additionally, they will seek to increase their revenues both overall, through further growth, and on an attack by attack basis. Subsequently, the increased profitability is likely to result in an investment in the development and implementation of even more sophisticated cybercrime techniques.
There are key signs that this is already happening
There is also scope to use AI to identify fresh vulnerabilities in networks, devices and applications as they emerge. By rapidly identifying opportunities for human hackers, the job of keeping information secure is made much tougher.
It is also likely that a number of other developments will occur:
We offer various services that are able to assess your company’s vulnerability to cybercrime from both and internal and external perspective, and can help you develop on your organisations current cyber resilience policies. If you would like to know more about the services we offer, please get in touch with Jim Gee.
Cybercrime now accounts for more than 50% of all crime in the UK with incidents increasing by over 110% since COVID.
The pandemic had a significant effect on the proliferation of cybercrime in 2021, with some astounding statistics highlighting the scale of the issue. Below are some of the top cyber threats that businesses should be aware of going into 2022.
In 2021, software supply chain attacks alone increased by 650%. Attacks on the supply chain effect both the supplier and its customers. The European Union Agency for Cyber Security (Enisa) believe that organisation’s implementation of robust cyber security controls has resulted in cybercriminals directing their attacks onto the supply chain, as 66% of supply chain attacks are committed by exploiting an unknown vulnerability at the suppliers end. The impact of a successful supply chain attack can lead to significant disruption to the service it supplies to its customers and has the potential to lead to data breaches. Techniques used during supply chain attacks can vary from malware attacks to brute force attacks. This is a two-pronged approach for cybercriminals as they can compromise data held by the supplier, or leverage a connection into the customer’s systems to compromise them too.
2021 saw a rapid spike in ransomware attacks. In the first half of 2021, 304.7 million attacks were recorded, surpassing 2020’s full year total of 304.6 million. Previous years have seen the levels of ransomware fluctuate, however since the end of 2020 ransomware has begun to steadily increase. The National Cyber Security Centre (NCSC) has stated that Ransomware has evolved on two fronts:
Ransomware previously focussed on the availability side of the CIA Triad (see Figure 1), by simply restricting users’ access to their data/systems.
However, attackers now use the threat of exposing an organisation’s sensitive information to increase the likelihood of having the ransom paid, thereby also compromising the confidentiality side too in a single attack. This leaves organisations in a difficult position as data being leaked will have significant consequences, but paying the ransom also does not guarantee retrieving access to data and systems. It should be noted that any decryption software purchased by victims of ransomware can also have an impact upon the Integrity side of the model because there is no guarantee that this untested software provided by cybercriminals does not change data as it decrypts it.
Prevention is most certainly better than cure and a layered approach of education and awareness for the organisations people and regular offline backups that can be restored from is recommended to combat this problem.
Hybrid working is here to stay in 2022, meaning the struggle to deal with cyber threats continues to be increasingly difficult without the oversight of onsite IT support. Research has found that 95% of cyber security breaches are a result of human error. This can be attributed to a lack of awareness and understanding towards cyber security and best practices. Common human errors can include poor password hygiene, delayed patching/updating of devices and falling for phishing emails.
Despite this, it should be noted that it is impossible to eliminate human errors completely and a zero-blame culture where people feel that they can talk to their security teams about any concerns goes a long way to help identify incidents at the earliest possible stage allowing them to be contained before causing major damage to the organisation.
We offer various services that are able to assess your company’s vulnerability to cybercrime from both and internal and external perspective, and provide training to employees on various topics regarding cybercrime and security. If you would like to know more about the services we offer, please get in touch with Jim Gee.
The average ransomware payment increased to $570,000 (approx. £415,000) in the first half of 2021.
This week, the National Cyber Security Centre (NCSC) released an alert for retailers, encouraging online stores to protect customers from cyber criminals. With Black Friday and Cyber Monday deals happening over the next week, online retailers can expect a significant surge in online customers. In 2020, online sales for Cyber Monday reached $10.8 billion, with smaller businesses seeing the biggest increase in sales (up by 501%) compared to larger retailers (up by 486%).
The NCSC’s latest article comes after the threat of a new online scam called ‘skimming’, in which the NCSC notified over 4,000 small business sites whose customer payment details had been stolen through compromised online shops.
Skimming isn’t a completely new phenomenon, in the past the technique has more commonly been used on Automated Teller Machines (ATMs) to steal users’ credit and debit card data. The criminal will alter the machine’s payment card reader hardware, which then collects payment card information. It is usually accompanied by a hidden camera to retrieve PIN numbers.
Online or digital skimming is a modified technique, where cybercriminals exploit a vulnerability in common e-commerce software which is used at the checkout page on websites. Using a malicious code, it is able to divert the payments and steal the card details of unsuspecting customers. The NCSC found the majority of compromises to come from a vulnerability in Magneto, an e-commerce platform.
The NCSC has advised SME’s in particular to ensure all software is up to date and patched up, which will reduce the risk of hackers infiltrating systems and networks. However, without efficient security controls in place, this kind of threat is extremely difficult to detect. Organisations should have processes in place to monitor the security status of their networks and systems that support the essential functioning of the business as research has found that one in five infected stores are re-infected within a few days.
Additionally, SME’s can do the following to prevent this kind of attack happening:
We offer several services to assist companies in identifying vulnerabilities in their networks. Our services include internal and external vulnerability assessments, and dark web credential checks on company domains. We also offer checks on fake or spoofed domains. If you would like more information about our services, get in touch with Jim Gee.
In 2020, UK shoppers were defrauded by £2.5 million during the Black Friday and Cyber Monday sales.
Cyber-attacks on supply chains are expected to increase fourfold in 2021. Many companies rely on third-party suppliers to provide services and software that are essential for the functioning of everyday operations within the business. As a consequence of this dependency, suppliers can be trusted with an abundance of confidential and sensitive customer information, making supply chains an attractive target to cybercriminals. Supply chain attacks are also low risk high reward for cybercriminals, as a single attack can lead to a series of additional networks to compromise.
Many hackers use malware, with 62% of attacks being carried out using this method. Malware is a blanket term for viruses, trojans, worms and other harmful software that will disrupt systems and networks. Hackers will look for unsecure networks or unprotected servers and hide malware within the services or software deployed to the supplier’s customers. The malware can also be spread through infected weblinks, email attachments or corrupted media. Once the hacker has infiltrated a supplier’s system, they can have access to confidential and sensitive customer data, which can be stolen and used for criminal purposes. Additionally, malware has the ability to not only extract information, but also delete data that is critical to both the supplier and the customer.
We offer a variety of services that can help your company review the cyber resilience of your third-party suppliers. We can also help your company develop incident response and business continuity plans in the event of a cyber-incident at one of your suppliers. If you would like to know more about how we can help your company, please contact Jim Gee.
Over half of organisations have experienced a data breach caused by third-parties that led to the misuse of sensitive or confidential information.
The latest figures from the Office for National Statistics for England and Wales show a 92% increase in cybercrime incidents between March and September 2020. But what explains this huge increase?
Most of our commercial and private lives moved online as a result of the pandemic restrictions, but that alone does not explain what is happening in the world of cybercrime.
It used to be the case that cybercriminals had to be technically proficient to undertake cybercrime but not anymore. Cybercriminals can now avail of ‘Cybercrime-as-a-Service’ (CaaS) where one group of criminals sell or lend hacking tools and services to another group of criminals. There are a wide variety of ‘kits’ available to buy or borrow that include software to launch a phishing or ransomware attack, and ‘fraud packs’ with stolen personal information. This means that the tools are available to a much wider group of criminals, not just those with the technical expertise.
The new ‘business model’ has massively increased the range and impact of cybercrime. CaaS enterprises operate much like a regular business, with management hierarchies, software developers, engineers, and technical support representatives to provide customer support and demonstrations of how the tools work. CaaS enterprises make money from the profit on the products sold or commissions on the ransoms paid by victims. The CaaS model enables the reinvestment of profits into research and development of newer and better tools and techniques.
The CaaS model is behind the huge increase in the official cybercrime figures. There is a ‘virtuous circle’: the better the cybercriminals do the more money there is to invest, and the increased investment improves the cybercriminals’ profits, providing more money for reinvestment. The investment has created tools like automated vulnerability scanners, a topic for another post, that have made it easier and quicker to identify potential victims.
Organisations need to ensure they are protected. After a successful attack an organisation’s spokesperson will nearly always say it was a ‘very sophisticated attack’, but most attacks start by exploiting very basic vulnerabilities.
We offer a range of services to help protect your organisation. A good place to start is its external vulnerability assessment (EVA) that identifies vulnerabilities that could be exploited by cybercriminals. This includes many of the most commonly exploited vulnerabilities like open ports, unpatched software, email domains that can be spoofed.
We also offer a threat intelligence service to keep your organisation up-to-date with the latest and emerging cyber threats.
If you would like more information on the rise in cybercrime, click here to watch our latest webinar. For more information on the services we offer, please contact Jim Gee.
The estimated global cost of ransomware, including business interruption and ransom payments in 2020, was a minimum of $42 billion USD and a maximum of $170 billion.
A July 2019 Crowe report calculated that fraud is likely to cost individuals and businesses US$5.1 trillion a year, with losses rising by 56% in the past decade. To gain an understanding of where your business’ vulnerabilities lie, you must think like a cyber criminal to identify where there is opportunity to take advantage, whether it be internal or external.
At Crowe, our approach to cyber protection is to step into the shoes of an attacker. We will assess a business’s current cyber security measures through the lens of a potential attacker. External vulnerability reviews are used to look at vulnerabilities in an organisation that are visible to cybercriminals. These reveal the extent and types of vulnerabilities that help a cybercriminal to decide on whether they should spend time attacking one particular business over another. Alongside an external analysis, we also investigate with an internal vulnerability check. Similar to the initial stages of penetration testing and authorised cyber-attacks, but without exploiting the weaknesses identified inside the business.
Additionally, access to dark web markets and forums allows us to look for evidence of discussions taking place about attacking particular organisations, and for any compromised emails and passwords. For expert tips on cyber security, read Six Steps To Better Cyber Hygiene. The article has been written as part of ‘The Art of Smart’ alongside other useful insights which look at the challenges around corporate decision-making in the current uncertain environment.
It is business essential that organisations ensure their defences against cybercrime and fraud are up to the mark. Cyberattacks are ranked first among global human-caused risks, according to the World Economic Forum Global Risks Report 2020, costing businesses up to US$11.4 million every minute in 2021.
COVID-19 has seen a significant increase in cybercrime, and it’s not a question of if an organisation will be attacked but when. For an organisation to maintain an effective response, the following three points must be understood:
If you would like further information on the services listed in this article or advice on any other cyber protection matter, please get in touch with Jim Gee.
Through ‘The Art of Smart’ we share expert opinion from inside and outside of the Crowe Global network to provide vital and actionable insight to leaders, wherever they do business.
The pension sector reported approximately two data breaches a month relating to cybercrime, between June 2018 and April 2020. Security breaches were the most commonly reported cybercrime, accounting for 63% of reports, with phishing attacks being the second most common breach, accounting for 30% of reports. Despite this, our research has found that over a quarter of pension schemes do not have an adequate cybercrime breach plan in place.
The figures listed above are prior to the influence that COVID-19 has had on cybercrime. The latest Office for National Statistics Crime Statistics for England and Wales has shown a 92% increase in cybercrime incidents between year ending in March 2020 (876,000 incidents) and year ending in September 2020 (1,679,000 incidents) suggesting that the actual number of attacks on the pension sector is higher.
Pension schemes are an attractive target to cyber criminals due to the extensive data that are held concerning beneficiaries, in addition to the potential funds that can be accessed. The Pensions Regulator defines the cyber risked posed to pension schemes as ‘the risk of loss, disruption or damage to a scheme or its members as a result of the failure of its information technology systems and processes.’ Cyber criminals have a plethora of techniques that can be used to deceive individuals into providing confidential data, or disrupting systems to retrieve information. Techniques can range from ransomware attacks, phishing campaigns, hacking, malware, domain spoofing to rogue employees.
Failing to prevent cybercrime or data breaches can result in a pension scheme suffering reputational damage, financial loss, public embarrassment as well as a fine from the ICO.
Trustees are accountable for ensuring a pension scheme is running efficiently for the benefit of its members’ interests, and as such must identify, assess and manage risks. Therefore, it is the Trustees responsibility to ensure that the schemes’ regulatory and legislative requirements are fulfilled. Trustees must also ensure that third parties, including the sponsor company/employer have the required cybercrime and data protection arrangements in place as many will also hold or have access to confidential information.
The Pensions Administration Standards Association (PASA) states that Trustees should always prepared for when a cyber attack will happen, as opposed to if. A cyber security policy should be in place, outlining the administrator’s approach to cyber security, and its ongoing plans to monitor and update procedures if and when necessary.
In addition, preventive measures must be implemented, that may include, but are not limited to:
We offer many services to help pension schemes with cyber protection. Some of these services are listed online. Our Pension Funds Cyber Vulnerability Survey, and our report on The Nature a Extent of Pensions Fraud are also valuable resources. If you would like further information on how our Forensic Services can help your pension scheme, please get in touch with Jim Gee.
Only 40% of pension schemes have an Incident Response plan. We recommend having an incident response plan that has been tested to supplement other cyber security measures that are in place. Doing so will identify areas of weakness that need to be remedied.
Research undertaken in 2019 found that 61% of UK Independent Schools have been targeted for cyber attacks in the last five years. This figure is likely to be higher now, due to the 92% increase in cybercrime incidents since April 2020 and the shift to online educational provision. The sudden adoption of online learning for students and remote working for teachers and staff may have introduced new vulnerabilities for cybercriminals to exploit. Failing to address the additional risks and implement effective measures would leave a school in a vulnerable position. The shift to online learning and remote access requires a proactive approach to monitor and prevent vulnerabilities being exploited.
Independent Schools are responsible for holding special category data and other sensitive information on students, their families, and teachers. Such information can include ethnicity, religious beliefs, health information, addresses, financial information, among others identifying factors. If this data is stolen, it can both be used against individuals and to facilitate additional crime such as extortion, identity theft and fraud.
The consequences of a cyber-attack can result in financial loss, file encryption or deletion, reputational damage, in addition to potentially damaging a student and their families.
Ransomware is a type of malware (malicious software) that infiltrates a network. It is usually disguised as an attachment or download. Once this is opened, access to files critical for the operation of the school’s systems can be encrypted and rendered unusable. The cybercriminal will often threaten the establishment if the ransom is not met. Such threats can include making the attack public (to damage the school’s reputation) or selling the stolen data on the Dark Web.
Phishing consists of tailored, malicious emails sent to individuals that appear to come from a trusted sender. Attackers will often ‘spoof’ their emails, meaning the email will look extremely similar to how it would appear when sent from a reputable individual or company. The content of the emails will usually contain either a malicious attachment, or a malicious link to a website.
Phishing Emails can purport to come from a member of staff and be sent to parents requesting sensitive information, or to request that fee payments are made to a bank account not known to the school.
Man in the middle (MITM) attack
A man in the middle attack is where a cybercriminal has interjected themselves into the communication process. The attacker can either be a passive listener, by stealing information sent between others, or an active participant, altering messages or impersonating an individual in correspondence.
A MITM attack can be carried out in several ways, it can be by:
If you would like to find out more on how to address the most common cyber vulnerabilities, download our full report on Fraud and Cybercrime Vulnerabilities in Independent schools.
Over half of ransomware victims do not recover their files after an attack. This is because the attacker either fails to deliver the promised decryption keys, or have poorly implemented the encryption/decryption algorithms. We are aware of one firm who paid the ransom five times, each time in the vain hope that their data would be decrypted.
In 2019, 88% of organisations globally, experienced a phishing attempt. Phishing is continuously used by cybercriminals as it accounts for 90% of successful cyberattacks. Over recent years, phishing attacks have become much more sophisticated, with adaptations of the traditional form of email phishing being created.
Phishing is an attack vector, consisting of tailored, malicious emails sent to individuals that appear to be from a trusted sender. Attackers will often ‘spoof’ their emails, in order to make it look like it has been sent from a reputable individual or company. Spoofing emails consists of falsifying company information from an official company website to ensure the email looks believable. The content of the emails will usually contain either a malicious attachment, or a malicious link to a website.
Regardless of how aware an organisation may be in terms of cybersecurity, it will only be as strong as its weakest link. If a phishing email does get through the cybersecurity measures in place, the only defence left is the employee that has received the phishing email. CybSafe carried out an analysis on data from the UK’s Information Commissioners Office (ICO), revealing that human error was the cause of 90% of cyber data breaches in 2019, with phishing being the main cause. Phishing accounted for almost half of all reports to the ICO in 2019. The research also found that there had been a significant increase in end user mistakes from the two years prior, rising from 61%, to 87% to now 90%.
Below are variations of the traditional phishing attack:
If you would like more information on how Crowe can help your organisation and its employees fight against phishing scams, please contact a member of the Forensic Services team.
According to Google, cybercriminals have been sending over 18 million COVID-19 related emails to Gmail accounts every day since the pandemic began.
Cybercrime is rapidly evolving, and businesses need to ensure they keep up with new and emerging threats. Businesses can improve their cybersecurity by performing regular penetration tests to help identify vulnerabilities in their systems. A penetration test, also known as a pen test, is a form of ethical hacking which is performed by an authorised cyber-attacker to evaluate the security of a system.
Penetration testing is essential for identifying potential or actual vulnerabilities to malicious cyber-attacks launched across a computer network that could threaten the confidentiality, availability and integrity of the information being stored and processed. The results of the assessment help businesses to close the issues in a planned manner and improve the security of their systems. Penetration tests should be performed at least once a year to ensure any new threats that have emerged since the previous test are tackled promptly.
It is recommended that penetration testing is conducted across the entire network. However, if your business is particularly concerned about the security status of certain aspects of the network, such as the internal or external infrastructure, these can be tested independently. An internal penetration test helps identify what an insider attack could achieve, which can be perpetrated by anyone who has access to the inside of your network.
External penetration testing helps identify vulnerabilities in the internet-facing infrastructure of your business’s network, also known as the perimeter systems. These systems are directly reachable from the Internet, and are often the part of your network that is most regularly attacked by external hackers. In addition to internal and external tests, penetration testing can be performed on web applications to identify security vulnerabilities resulting from the design or coding of your business’s browser-based application.
Crowe offer a range of penetration testing services to help businesses protect themselves against cybercrime.
According to the FBI, domain spoofing scams have cost over $26 billion (approx. £19 billion) in the last six years.
Domain spoofing is when a cybercriminal impersonates a company or one of its employees by creating a website link or email address similar to that of the legitimate company domain. The website or email will be altered slightly by changing only a few characters, so that the link or email will still read and appear to be the same as the original. Visuals and information from company websites are used to ensure the illegitimate domain is convincing. The content of a spoofed website or email, will use company branding and formatting, enticing its victims to follow instructions presented to them.
Email spoofing deceives the email recipient by posing as a trusted source. Email spoofing is commonly used in phishing and spam campaigns as recipients is unlikely to open emails from unknown senders.
Website spoofing is when a fake website is created, impersonating a legitimate website. Website spoofing can be an increasingly sophisticated attack as the spoofed website will capture sensitive information, such as login details or even banking credentials.
Crowe offer a service that checks whether an organisation’s emails can be spoofed and whether spoofed emails can be received by the organisation. We also offer a service that monitors the web for spoofed websites, and can help to have spoofed websites removed. For more information or visit our cybercrime services page.
As we move into 2021 businesses must prepare themselves for the cyber threats that will likely impact them in the coming year. Perhaps unsurprisingly, throughout 2020 there were significant cyber threats that arose as a result of COVID-19, which are likely to continue throughout 2021. From traditional phishing scams that incorporated COVID-19 themes to the steady increase of ransomware attacks, cybercrime is going to be a major threat to businesses this year.
Ransomware is a type of malware which encrypts the user’s data and holds it for ransom in exchange for money. Ransomware is a growing area of concern for many businesses, as it can be executed relatively easily and cheaply, while also possessing the potential to cause significant damage to a company’s reputation and finances. A 2020 cyber security report found a global surge in ransomware attacks, with an increase of 50% in the daily average of attacks in Q3 2020. The report also found ransomware attacks in the UK increased by 80% in Q3 compared to Q1 of 2020.
It is not just the frequency of attacks that has increased, but also the cost of the average pay out for each attack. A security threat report into average ransomware pay outs in 2020 saw a large increase quarter-upon-quarter from Q4 2019 to Q3 in 2020. In Q4 2019, the average ransom pay out in Q3 2019 was $84,116 which increased significantly to $233,817 by Q3 2020, with an increase of 21% in the last quarter.
The rising trend in frequency of attacks and pay-out costs is likely to continue throughout 2021 due to the ‘small effort big reward’ of conducting ransomware attacks. Our Dark Web report found that various criminal services are available for purchase on the Dark Web for the purpose of attacking businesses, which can include ransomware ‘packs’. In some cases, the cybercriminals even offer customer support on how the victim can pay the hacker to receive their encrypted items back.
In April, Google reported that almost a fifth of all phishing emails they blocked every day was related to scam emails that concerned coronavirus. The scams often impersonated authorities, such as the World Health Organisation (WHO), in an attempt to deceive the victim into downloading malware, or inputting their credentials which can be used for criminal purposes. Due to the further disruption that COVID-19 is likely to cause throughout 2021, along with the production of several vaccines, cybercriminals will undoubtedly look to exploit this disruption to commit crime using phishing scams.
A majority of businesses have relied heavily on remote working throughout the pandemic, which is likely to continue particularly through Q1 of 2021. As a consequence, the focus of cybercriminals is likely to shift toward targeting insecure home networks and poorly protected VPN networks. Many individuals who rely upon their home network have never changed their Wi-Fi password, or have created their own passwords, which can be cracked relatively easily by cybercriminals. Some individual’s may also believe that even if their network is compromised, they will be protected by their VPN, however some VPNs are more resilient than others, so it is essential thorough research is conducted into the best service for your business. For example, in July 2019 80% of the top 20 free VPN apps in Apple’s App Store shared user data with third parties, despite Apple’s effort to clamp down on data-sharing apps.
As cybercrime continues to evolve it is essential businesses stay vigilant to the threats. Businesses should provide regular staff training and in particular performing mock phishing tests. It is likely that a majority of the cyber threats next year will be perpetrated through phishing scams, so businesses and employees alike need to ensure they are properly educated and aware of the threats. Business also need to ensure that research has been conducted into their VPN provider to ensure they are adequately protected.
To help protect your business from emerging threats we are offering a weekly threat intelligence report which you can subscribe to on a monthly or annual basis.
The weekly report highlights four areas which may be impacting your business:
Find out more on how our Threat Intelligence service can help you protect your business in 2021.
If you need further information please get in contact with a member of our Forensic Services team.
An INTERPOL assessment of the impact of COVID-19 on cybercrime has revealed a significant shift from cyber-attacks on small businesses to major corporations, governments and critical infrastructure.
Throughout 2020, there have been several high profile cyber-attacks that have targeted large businesses. In June, car manufacturer Honda suffered a ransomware attack, which affected its operations. The virus spread across multiple plants and various countries, including the UK, North America, Italy, Japan and Turkey. Ransomware is a type of malware that encrypts a user’s data, which results in the cybercriminal requesting a payment from the user to release the data. There have also been other high-profile hacks involving Garmin and Canon, who experienced disruption to their services and theft of data, respectively. Government services are also being targeted, with thousands of Canadian government user accounts hacked as a result of a ‘credential stuffing’ attack in August. ‘Credential stuffing’ is when a criminal uses stolen account credentials to gain unauthorised access to user accounts through large-scale automated login requests.
COVID-19 has changed the way many organisations operate, both in the public and private sector. This more remote way of working presents opportunities for cybercriminals to commit crime. For example, as businesses and government bodies have encouraged more remote working, cybercriminals are able to exploit insecure remote networks and systems which have been put in place to support staff working from home.
This increase in consumer dependence on online services, and the possibility for criminals to commit crime from their own home, has resulted in criminals changing from more ‘traditional’ methods of crime, such as burglary, to cybercrime. Also, the increase in vulnerabilities and the financial reward of targeting larger organisations means there has been a shift in focus from smaller businesses to bigger targets.
Although the primary focus of cybercriminals is currently on major corporations, governments and critical infrastructure, smaller businesses are still vulnerable to many forms of cybercrime and should remain vigilant to cyber-threats. As reported in the Verizon Business 2020 Data Breach Investigations Report, small businesses accounted for almost a third of data breaches in 2020. Despite the current focus on bigger targets, cybercriminals clearly remain a threat to smaller enterprises.
If you would like information on how to protect your business against cybercrime, please get in contact with a member of the Forensics team.
The threat of the Dark Web is real, and it is growing.
A recent study carried out by Dr. Mike McGuire at the University of Surrey revealed that there has been a 20% increase since 2016 in the number of dark net listings that have the potential to directly harm an enterprise, with four in 10 dark net vendors selling targeted hacking services aimed at Fortune 500 and FTSE 100 businesses.
The Dark Web is a component of the internet that cannot be reached through search engines, as it exists on an overlay of proxy servers. Proxy servers are a gateway between a user and the internet, and act as an intermediary directing online traffic to the requested address. These servers also allow the IP address of a user to remain unidentifiable and untraceable when accessing websites. An IP address is a digital address for your device, however it is subject to change depending on your location. To access the Dark Web, a specific piece of software called Tor is required, which conceals the users IP address and allows access to webpages which cannot be accessed through regular browsers, such as Google Chrome.
The Dark Web has become a marketplace for illegal goods and confidential information. Crowe’s Dark Web: Bad for Business report, in collaboration with the University of Portsmouth, found tools and services designed to defraud or perpetuate cybercrime against 21 of the top 50 UK brands (as identified in the 2017 brand directory league table). The research team found template bank statements, utility bills and passports; bank account numbers and sort codes; advice on phishing and fraud packs containing guidance on how to carry out various forms of fraud.
The true size of the Dark Web is unknown, but it is thought to form around 5% of the deep web. All content that cannot be found through a search engine is classified as the deep web, which forms part of the World Wide Web. The Dark Web has given way for a plethora of fraud, corruption and cybercrime to occur effecting both organisations and individuals.
Policing criminal activity on the Dark Web is a particularly difficult challenge as a result of Tor’s complex data encryption, anonymity and hidden services/applications. The Dark Web has become a method favoured by criminals to target organisations, so it is vital that businesses understand the Dark Web, and the threat it poses.
Crowe offers a low-cost subscription services for organisations interested in monitoring the Dark Web for emerging threats. It can be deployed quickly and provides a regular report of any discussions relevant to the organisation. For more information on how Crowe can help your organisation, please contact Jim Gee.
There is an epidemic of fraud and cybercrime in the UK, growing to represent almost half of all crime in the UK (45%). Cybercriminals target all demographics of individuals and sizes and types of businesses if they can see a weakness which can be exploited.
Cybercrime can be considered an umbrella term for all illegal activity that has used technology to perpetrate a crime. It is transnational, meaning that the borderless realm of the online world can reach and effect all those with an online presence. As technology continues to evolve and adapt, the nature of cybercrime coincides with this notion. Cybercrime continues to rise in scale and complexity affecting essential services, businesses and private individuals alike.
Failure to prevent a cyberattack goes beyond physical or digital damage, having the ability to inflict long term repercussions. Businesses in particular can suffer from reputational damage including the loss of customers or clients, loss of sales and a reduction in profits. Subsequently, economic damage is incurred from the attack itself in some instances, the disruption of production lines, and costs that have arisen from the need to resolve and investigate the issue at hand. For example, Honda recently experienced what was believed to be a ransomware attack effecting the company’s ability to access its computer servers and internal systems and hindered its production line in multiple countries.
It is essential that businesses ensure that the necessary processes and security measures are in place to protect company and client/customer information, going beyond the companies own measures and assessing any third parties involved in the management and storage of data. If a company is failing to actively take care of sensitive information it may be subject to regulatory sanctions and/or large fines.
It is essential to remember that no business is exempt from cyber-attacks, and all companies must be prepared for any potential threats.
Further information on tackling cybercrime can be found here.
Complete our Cybercrime Vulnerability Scorecard for a quick and free assessment of your cyber vulnerabilities.
Cybercrime Governance and Data Law in the Pensions Sector
PASA Cybercrime and Fraud Working outputs
Helping your clients navigate the new normal
Ukraine: Cyber Threat Affecting the UK
‘Log4J’ vulnerability exposes thousands of organisations to risk of immediate cyber attack
Meet the team
We care about your business. Close working relationships are at the heart of our service delivery which sees our clients stay with us year after year, trusting us for our specialist advice and open dialogue.
We understand the forensic landscape. Our expertise, market knowledge and access to professionals across our global network means we are well placed to offer insight and pragmatic advice to your businesses at each stage of its lifecycle.
We help you to make smart decisions that have lasting value. Working with you, we will help you to successfully adapt and overcome challenges you may face, both today and in the future.