Blog

Cases

Breach Of Fiduciary Duty

Investigation-Training.com

Bill owns BILLY Website Design Ltd in Canada, with subsidiaries in India, China, and Singapore. Bill travels to his subsidiaries every quarter for staff meetings and team building.

Shortly before a trip to Singapore, Bill received a call from Jackson, an existing e-commerce website design and maintenance customer. Jackson informed Bill that another website design company from Singapore had emailed him discounted rates, 30% lower than his current contract with Bill.

Bill did not take this information seriously, as competitors constantly tried to undercut his prices.  Bill felt that Jackson was asking for a discount based on the competitor’s quotation.

As Bill misunderstood his intentions, Jackson was upset and requested a quotation from the other website design company. Jackson was shocked to see the quotation!  The quotation was identical to the first quotation he had received from Bill two years ago! Jackson does not feel good about this and decides to confront Bill.  He forwarded the quotation to Bill and asked: “Do you have another company named BUDGETWebsite Design Private Limited”?

While Bill was in Singapore, he was busy with meetings and presentations with his staff.  Bill happily announced the yearly wage increments and yearly bonus scheme. On the last day of his trip, Bill read his emails to clear the backlog before going to his following subsidiary and was shocked to see what Jackson had emailed him!  

Bill decided to extend his stay in Singapore without informing his team.  He decided to perform a covert investigation into this matter with the help of some local fraud investigators.

Over the weekend, investigators, led by Bill, returned to the office to install hidden CCTV cameras while digital forensics investigators took forensics images of all the computer storage media.

The investigator analyzed the forensics images in the laboratory and found a similar “quotation” on five desktop computers belonging to the sales director, sales executive, two website designers, and the marketing director.

More information was discovered from the CCTV camera footage when the sales director and a woman returned to the office at midnight, accessed the sales director’s desktop, and connected an external USB hard drive.

It also discovered that the owners of BUDGETWebsite Design Private Limited were two females identified as the sales director’s wife and the marketing director’s wife.

Bill initiated an urgent company meeting, and the team was shocked to see Bill’s return.  The investigators interviewed the sales and marketing directors separately about the incident. 

However, both directors argued that no clause in their employment contract stated that family members could not start a similar business! Both directors tendered their resignation letters and left the company.

The investigator interviewed the two website designers and found they had been helping the two directors part-time and were willing to witness the incident.

Bill decided to employ local solicitors to understand the legal implications.  The investigation team led by Bill involved fraud investigators, digital forensics examiners, and litigation lawyers. 

The lawyer applied to the court for a Search and Seizure order to collect evidence at the ex-directors premises and the BUDGET Website Design Private Limited’s office. 

Within two days, the court approved the search and seizure warrant to conduct search and seizure at the ex-directors premises. Concurrently, Bill lodged a police report against the two subjects.

Two teams of investigators concurrently serve the court orders at the two locations to prevent the subjects from destroying evidence. The digital forensics examiner seized computer equipment and storage media at the premises.  Further examination of the seized computer storage media showed that both subjects had been stealing the BILLY Website Design Limited customer database, website design templates, and operational data for the past four years. 

The investigation discovered that approximately 9% of Bill’s business went to BUDGETWebsite Design Private Limited.  A certified public accountant estimated the financial losses to be USD300,000 across the previous four years.

The Verdict

Both subjects returned USD250,000 after negotiating with Bill not to sue them in court. The commercial crime unit stepped in to continue with the investigation.

Lessons Learned

From this case, we can identify the gaps in such business models.  If you are operating a similar business model, consider the following methods to minimize future business risks:

1. Install CCTV cameras (not hidden) at your remote subsidiaries.  These cameras will form the physical security for the business to prevent internal fraud and external intruders.
2. Install a bio-metrics door entrance system to keep records of employees’ access, and it could be used as part of key performance indicators (KPIs) or as evidence should there be an incident.
3. Build good relations and have regular conversations with your customers.  You will get good feedback to help improve your business.
4. Get a local contract lawyer to review each subsidiary’s employment agreement to ensure it complies with the local law. Is the Non-Disclosure Agreement (NDA) and the Non-Competition Clause (NCC) critical to your business?
5. Review your current business practices, policies, and procedures.
6. Consider purchasing the Fidelity Guarantee insurance, a policy to indemnify the Insured employers for the loss of property or money sustained as a direct result of acts of theft, dishonesty and fraud by an employee during employment. Check with your insurance company if there is such insurance in your country.

Copyright (c) DigitalFrauds2019

Investigation-Training.com

 

Conflict of Interest

by Investigation-Training.com

John and Peter have been close friends since they were young.  A couple of years ago, they decided to start a partnership company that offered website design services. The business grew fast in the first two years and became a team of 18 staff.  Both partners had their teams managing different projects, but the company slowed down, and their programmers resigned en masse.

John heard rumors that Peter had started another partnership and that all the resigned staff had joined that company. John called an external investigator to perform a discrete investigation that wouldn’t come to Peter’s attention.

The Investigation

The investigator started background checks and performed five days of surveillance on Peter.  The investigator gathered evidence that Peter often went to another office after working hours and usually stayed there for 2 hours. From the surveillance video footage, John identified some people captured in the video as his former website designers.

Further investigation revealed that Peter had been claiming from the company for transportation and entertainment incurred on “so-called potential clients.”  John suspected Peter had taken confidential company data to his newly set company.

The lawyer obtained a search and seizure warrant from the court and conducted a search and seizure at Peter’s residential and office addresses to extract evidence. Five hard drives and four thumb drives containing confidential data were sized and presented to the court.

John employed a litigation lawyer to pursue the case.  

Copyright (c) DigitalFrauds2019

Investigation-Training.com

 

Data Theft

by Investigation-Training.com

Thomas was an R&D manager overseeing a team of 17 engineers.  Before Christmas, Thomas decided to clean up any unnecessary files from the network shared drives and perform a full backup before he went for his holidays.

While performing the housekeeping, he realized that one of his engineers’ shared folders contained a lot of technical drawings, documentation, product photos, specifications, and client and supplier contact lists. This engineer should not have accessed many of these confidential files in his daily role.

Thomas then recalled that this engineer had tendered his resignation and would be leaving the company after serving one month’s notice.  Thomas informed the management about his findings.

The management was concerned about this data leakage and deployed a digital forensic investigator team to investigate.

The Investigation

The investigator named the resigned engineer as “Subject.”

The digital forensics investigator obtained a list of server logs from the IT manager to analyze the data movements. The statistics show the amount of data accessed and transferred to the subject’s shared drive. The forensic team noticed that the amount of data accessed and transferred increased by 400% after the subject had resigned.

The investigator decided to set up a covert operation and arranged with the IT manager to visit the office after midnight to perform forensics imaging of the subject’s desktop computer hard drives.

The forensic team at the forensics lab analyzed the subject’s hard drive contents and found no data transfer. The investigator then interviewed the R&D manager to understand their job scopes better.  The investigator ascertained that the project the subject was working on had a network connection and that the USB ports were not disabled. The investigator identified the projects that the subject had been working on before tendering his resignation and identified five devices connected to the shared drives.

The investigator performed a second covert operation to perform forensic imaging of these five devices and forensic analysis in the laboratory, and system logs show data transferred from the subject’s shared drive to a few external devices, including USB hard drives and mobile phones.  However, at this stage, there was still no evidence that the subject copied these files because the shared drives could be accessed by many engineers.

Time was running out as the subject was a foreigner who returned home after serving his notice.  Management made a police report to stop the subject from leaving the country.  Concurrently, a company lawyer applied for a search and seizure warrant to perform searches at the subject’s premises.

The investigator, forensics team, client, and lawyers went to the subject’s house to serve the order. The search and seizure took seven hours, and forty-three storage devices were identified to contain the client’s confidential data, including the entire product assembly specifications.

Digital forensics analyzed these forty-three storage devices, and most of them matched the devices list found on the product the subject accessed.

The company made a police report, and the police detained the subject for further investigation.

Copyright (c) DigitalFrauds2019

Investigation-Training.com

 

Bribery

by Investigation-Training.com

Cindy had been working as a procurement manager for the company for 15 years.  Her job was to source lower-cost construction materials for projects won by the company.

In one of the projects, the structure collapsed and injured two workers. A team of investigators was tasked to investigate the accident.

The investigation revealed that the materials used for building these structures did not comply with the approved specifications.

The business owner suspected that Cindy might have knowingly ordered materials that didn’t meet specifications and requested an internal investigation.

The Investigation

The Investigators made a list of staff involved in the entire project cycle and identified their job scopes in the project management. Staff included project managers, procurement, storekeepers, transportation, site supervisors, workers, and subcontractors.

Documents obtained include purchase orders, invoices, and delivery orders from the supplier of these materials. The Investigator interviewed the procurement manager and the supplier and noted that the materials supplied were correct and complied with the project specifications.

The investigators went to the accident site to interview the workers and established that numerous CCTV cameras monitored the entire site.  The Investigator went to the security office for permission to view the video footage.  During the video inspection, the investigators found that one of the supervisors was onsite during the night unloading materials.

The Investigators interviewed this supervisor again and noted that his replies did not match what they had seen on the video footage.  The Investigator reviewed the video footage with the supervisor, and the supervisor admitted that another supplier, not on the vendor approval list, had approached him to exchange the purchased materials with the lower quality materials.  The supplier had offered the supervisor $1,000 as an inducement.

The supervisor had accepted the offer and had exchanged the materials during the night to avoid detection. His actions caused hurt and injury to two workers.  The business owner lodged a police report.

Cindy was innocent in this incident.

Copyright (c) DigitalFrauds2019

Investigation-Training.com

 

Criminal Breach of Trust (CBT)

by Investigation-Training.com

Joshua was a website developer for XXX company, an online shopping website.  His duties were to ensure bug-free and zero downtime for the online purchasing systems he developed.

Joshua spent his free time with friends discussing how to generate passive income.  The group decided to invest in the stock market and took investment courses to enhance their knowledge.

The course trainer had a strong profile for making money from shares and stock, and many of his students followed his tips and made quick profits.  The methods and tips were accurate and excited many students. 

Joshua received insider news that the ZZZ company price would decline in the next few days due to an anchor buyer’s termination of a significant contract. One of the strategies Joshua learned was to “short sell stocks,” where Joshua borrowed shares from his broker. The strategy was to sell the “short selling stocks” at the current market price and to buy back at a lower cost to cover whatever he had sold. By “short selling stocks,” he had the advantage of not needing to pay upfront, but “buy-back-to-cover” for what he had sold at a declined share price before the payment settlement date would allow him to make the profits. 

In this transaction, Joshua short-sold 2,000 shares at $3 each and “buy-back-to-cover” 2,000 shares at $2 each.  He made about $2,000 profit after deducting the brokerage fee.  He was thrilled with the profits.

A few weeks later, Joshua received another insider tip that a second major buyer would terminate a vast contract with ZZZ company.  Joshua used the same strategy and “short-sold” 20,000 shares ten times his previous transaction at the share price of $2.50 each and sold all 20,000 shares.

Unfortunately, the news turned out to be inaccurate.  Instead of the second buyer terminating the contract with ZZZ company, the first anchor buyer signed a new central contract with ZZZ company, and the share price rose to $3 each.  Joshua would have to buy back 20,000 shares at $3 each, which is $60,000, before adding the brokerage fee. Joshua had the $2,000 profit from the first transaction, but there was still a shortage of at least $58,000 to settle in a week.

Joshua had tried to borrow money from friends and family members, but the amount was too large, and no one could help. Under pressure, Joshua decided to change the company’s online shopping website’s bank account to divert customer payment to his bank account.  He intended to corrupt the system to avoid detection once he got the money to pay off his debts. 

Within days, Joshua could pay off his debts to the share broker.  However, Joshua became greedy.  He decided to keep the personal account on the online shopping website longer to receive more money, corrupt the system, and quit the job.

Joshua had forgotten that staff were allowed to purchase via the company’s online shopping website, and the finance manager bought some items and received an e-invoice.  She noticed that the bank details were different from the company bank account.

The director was informed, and the employer performed a covert investigation with the help of external investigators and digital forensics examiners.  Joshua admitted to his wrongdoing. 

The Verdict

The company lodged a police report, and Joshua was sentenced to five years in jail for the Criminal Breach of Trust (CBT) offense and to pay back the company’s losses.

Lesson Learned

From this case, we can identify the gaps in such business models.  If your business model is similar to this case, consider the following:

1. The programmer should be unable to change the bank details for online payment.
2. The business owner must approve any changes to bank account details. Use the company’s partial bank account information, such as the first and last four digits, to reflect on all documents, such as e-invoices, packing lists, and delivery orders. E.g. 1234-xxxxx-8288
3. The shipping department should not release any goods if the partial bank account numbers on the delivery order differ from the ones on the company’s official memorandum.
4. Perform at least half-yearly risk assessments and audits on the process involving money and stock transactions.
5. Review the business processes, policies, and procedures.
6. Purchase Fidelity Guarantee insurance, a policy to indemnify insured employers for the loss of property or money sustained as a direct result of acts of theft, dishonesty, or fraud by an employee during employment. Check with your insurance company to see if such insurance exists in your country.

Copyright (c) DigitalFrauds2019

Investigation-Training.com