I’ve attended four ACFE Global Fraud Conferences as an ACFE staff member, and every year I end up writing something about changing technology. The updates, improvements and technological advancements seem endless.
And here again I found myself in Keith Elliott’s Pre-Conference session as he emphasized how important it is for anti-fraud professionals to hold themselves to a higher level of accountability during investigations when using social media and new technology.
“How do you handle the amount of data that’s out there?” asked Elliott, Vice President, Operations & Business Development at Reed Research Limited, during the Cyber Intelligence and Social Media Surveillance Investigations session. Information can be acquired in many different ways and forms, but it’s essential that this information is usable. Elliott referred to this as actionable intelligence: legally obtained information that is refined to suit the needs of the client.
Using live, practical examples, Elliott shared tips for drilling down searches to find more relevant results — from Boolean searches and filtering tools to search documentation and web collection. “Google is great,” said Elliott. “But remember, Google is driving the bus.”
Google isn’t the only tool fraud examiners have at their disposal. Elliott asked the room of around 500 attendees to stand up. He then asked everyone who has a Facebook, Twitter, YouTube, LinkedIn or Instagram account to sit down. At least 75 percent of the room sat back down. He then asked the remaining participants to sit if one of their family members had one of these same social media accounts. Only five people remained standing.
Access to social media can be crucial for gathering more information for a case. Elliott shared the “dos” and “don’ts” of using social media in fraud examinations:
- Do use a “sock puppet” (fake profile).
- Search the subject, family and friends.
- Check alternate names.
- Get the information early.
- Properly document information. “It is evidence,” said Elliot. “You need to know who got it, when it was obtained … those are evidentiary issues.”
- Provide sources and methods.
- Frequent status updates.
- It’s not okay to be friends.
- Don’t use your own account. If you look at a subject’s profile, Facebook’s algorithm could decide to suggest you as a friend to the subject.
- Don’t share your sock puppets.
- Don’t use downloaded photos. If you use a downloaded photo as your fake Facebook photo, someone can reverse engineer where the image originated.
Geolocation identifies the real-life geographic location of an object. “When we say geolocation, it’s both the act and the product,” explained Elliott. He had attendees pull out their cellphones to show them how their phone is always monitoring what they’re doing using geolocation. Cellphones are pulling an immense amount of metadata. “This is the greatest tool for fraud examiners,” said Elliott.
In a real-life example, a college student had supposedly suffered terrible injuries in an accident. Elliott and his team were able to use geolocation to find where she was making her Instagram posts. They surveyed the location and caught her healthily partaking in physical boating activities, jumping on a trampoline, etc.
Elliott also explained that the big trend right now is geofencing versus beacons. Proximity beacons work off of a Bluetooth platform. You don’t realize you’re giving that data away when your Bluetooth is on. Geofencing uses GPS and is usually deactivated and dependent on your connection. Elliott’s advice: turn off your Bluetooth when you don’t need it.
Technology Will Continue to Advance
The information I glean every year is new and essential to helping fraud examiners conduct successful examinations. So while it sometimes feels like I’m experiencing déjà vu, understanding new technological advancements will only help fraud examiners find new ways to fight cybercrime.