The Institute of Chartered Accountants of India (ICAI) Dubai Chapter on Monday hosted an enlightening seminar titled “Approach to Forensic & Frauds,” exploring the rapidly evolving world of cyber fraud and forensic analysis. The event attracted members of the business community and the thriving Indian diaspora in the UAE and featured two distinguished speakers: Aldrin Gerard Earl, Senior Manager of Fraud Risk Management at Bank of Baroda, and CA Arpit Kabra, a forensic expert.
Fraud Psychology and the Fraud Diamond Theory
Earl began by emphasizing the intentional nature of fraud, stating, “Fraud cannot be done by mistake because it’s an intent that you’re doing fraud.” He introduced the Fraud Diamond Theory, which expands on the traditional fraud triangle by adding a fourth element- capability. This theory suggests that pressure, opportunity, rationalization, and capability are the key factors contributing to fraudulent behavior. Understanding these psychological elements is crucial for fraud prevention. By addressing these factors, organizations can create a culture of integrity, strengthen intern
Cyber Fraud Techniques
The seminar delved into various cyber fraud techniques, including-
- Smishing and Phishing:
Smishing: Fraudsters send deceptive text messages, often posing as legitimate organizations like banks or government agencies. These messages typically contain urgent requests, such as verifying account information or clicking on a link to resolve an issue, tricking recipients into revealing sensitive information like passwords or credit card numbers.
Phishing: Similar to smishing but conducted via email, phishing involves sending emails that appear to be from reputable sources. These emails often contain malicious links or attachments designed to harvest personal information or install malware on the recipient’s device. Phishing emails can be highly convincing, often using official logos and language.
Vishing (Voice Phishing): Vishing involves fraudsters making phone calls to potential victims, pretending to be from trusted institutions such as banks, tech support, or government agencies. They use social engineering tactics to manipulate victims into providing confidential information, such as bank account details or social security numbers. These calls often create a sense of urgency, compelling the victim to act quickly without verifying the caller’s identity.
3. SIM Swap Fraud: SIM swap fraud is a technique where fraudsters gain control of a victim’s mobile phone number by tricking or bribing telecom company employees into transferring the number to a new SIM card. Once the number is ported, the fraudster can intercept calls and text messages, including those needed for two-factor authentication (2FA). This enables them to access the victim’s bank accounts, email, and other sensitive information.
Identity Theft and Hidden Cell Fraud
Earl highlighted the surge in these crimes post-pandemic. “After 2020, when we were hit by the pandemic, everything has been transformed into digital,” he noted. This rapid digitalization has sometimes led to compromised security checks in banking services.
The rise in identity theft cases has been particularly alarming. Criminals are exploiting the increased reliance on digital platforms to steal personal information and impersonate individuals for financial gain. Hidden cell fraud, a sophisticated form of identity theft, involves criminals creating fake mobile phone accounts or taking over existing ones to intercept communications and bypass security measures.
These frauds often target financial institutions and their customers, exploiting vulnerabilities in digital verification processes. The seminar stressed the importance of multi-factor authentication and continuous monitoring of digital transactions to combat these threats.
Business Email Compromise (BEC)
Business Email Compromise (BEC) is a sophisticated scam targeting businesses through email. Attackers impersonate someone the recipient trusts, like a CEO, colleague, or vendor. These emails create a sense of urgency and trick the recipient into taking a desired action, most commonly a wire transfer to a fraudulent account. Unlike traditional phishing attacks, BEC scams are personalized and bypass standard email security by not relying on malware or suspicious links. They exploit human trust and require vigilance to detect.Earl detailed the sophisticated nature of BEC attacks. “They use a spoofed email. A spoofed email is a similar looking email wherein one or two digits are changed. It looks the same… so no one will read that in detail,” he warned. He emphasized how fraudsters use social engineering to identify key personnel within organizations before launching their attacks.
High-Profile Fraud Cases
The seminar discussed several notable fraud cases like the ARAMCO-ONGC fraud, the Ranbaxy Case, the Cosmos Bank case, and the AMPL Case. These cases illustrate the diverse nature of fraud across different industries and the constant need for vigilance and improved security measures.
Forensic Analysis and AI
Kabra introduced the role of artificial intelligence in forensics and how novel AI techniques can be instrumental in creating human impersonation and exacerbating cyber threats. He discussed concepts such as “data fiduciary” and “diagnostic review” in the context of forensic investigations.
AI is revolutionizing forensic analysis by enabling rapid processing of vast amounts of data. Machine learning algorithms can identify patterns and anomalies that might escape human detection, making fraud detection more efficient and accurate. The concept of a “data fiduciary” emphasizes the ethical responsibility of organizations handling sensitive data, while “diagnostic review” refers to the systematic examination of financial records and processes to identify potential fraud indicators.
Financial Statement Fraud
The seminar touched upon “window dressing” in financial statements, a technique used to make a company’s finances appear healthier than they are. This can involve manipulating revenue recognition, understating liabilities, or overstating assets. The speakers emphasized the importance of thorough audits and skepticism when reviewing financial statements, especially in high-pressure business environments.
Fraud Detection and Prevention
The speakers discussed the importance of recognizing “43 red flags” that may indicate fraudulent activity, with cues taken from various statutes like the relevant provisions in the Banking Regulation Act, Income Tax Act, 1961, SEBI Regulations, and Bharatiya Nyaya Sanhita. These red flags can include unusual financial transactions, inconsistencies in documentation, or sudden changes in business practices. They also highlighted the use of tools like Power Query in forensic analysis, which can help auditors and investigators efficiently analyze large datasets for anomalies.
The seminar concluded by emphasizing the need for continuous education and adaptation in the face of evolving fraud techniques. The event was attended by the Chairman of ICAI, Mr. Rajesh Somani, along with diplomats, the business community in the UAE, and the Indian Diaspora.
By, Vinod Kumar, Dubai