Blog Image
Profile Image Verifile
December 6 2024

The Different Types of Insider Fraud

This is the second instalment in our 10-part series on unmasking insider fraud and implementing effective risk mitigation strategies.


In our previous post, we introduced the concept of insider fraud and its significant impact on organisations. Today, we'll delve deeper into the various types of insider fraud, providing real-life cases to illustrate each and discussing how they can be detected. Understanding these different forms is crucial for HR professionals and compliance officers aiming to safeguard their organisations.
 

Embezzlement.png

Embezzlement involves the misappropriation of funds or assets entrusted to an employee. Typically occurring over an extended period, it often involves individuals in positions of trust with access to financial accounts.

Real-Life Case: Lesley Stewart

Lesley Stewart, an office manager at a carpentry company, exploited her position to steal £300,000. Over several years, she manipulated financial records and changed HM Revenue & Customs (HMRC) address details to divert funds into her own accounts. Her fraudulent activities were uncovered only after an internal audit revealed financial discrepancies.

Detection Strategies:

  • Regular Audits: Implement periodic internal and external financial audits to identify inconsistencies.
  • Separation of Duties: Ensure that financial responsibilities are divided among multiple employees to reduce the risk of unilateral control.
  • Background Checks: Conduct thorough background screening, including credit checks and employment history verification.
 

Payroll-Fraud.png

Payroll fraud occurs when an employee manipulates the payroll system to receive unauthorised compensation. This can include creating fictitious employees or inflating work hours.

Potential Scenario

An employee in the finance department creates ghost employees in the payroll system, funnelling the salaries into their own bank accounts. Without proper checks, this fraud can continue undetected for months or even years.

Detection Strategies:

  • Payroll Reconciliation: Regularly compare payroll records with actual employee data.
  • Access Controls: Limit access to payroll systems and employ multi-factor authentication.
  • Surprise Audits: Conduct unannounced audits to catch irregularities.
  Procurement-Fraud-and-Bribes.png

Procurement fraud involves unethical practices in the purchasing process, such as bribery, kickbacks, or awarding contracts in exchange for personal gain.

Real-Life Case: Lorna Porter

Lorna Porter worked at a law firm where she defrauded estates of deceased clients. Over six years, she created false invoices and diverted £634,000 into her own accounts. She exploited her trusted position, and her actions were only discovered during an audit prompted by suspicions.

Detection Strategies:

  • Vendor Verification: Conduct due diligence on all vendors and suppliers.
  • Transaction Monitoring: Implement systems to flag unusual or large transactions.
  • Whistleblower Policies: Encourage employees to report suspicious activities anonymously.
 

Invoice-and-Expense-Fraud.png

This type of fraud involves employees submitting false or inflated invoices and expense claims to gain unauthorised benefits.

Real-Life Case: Brandon Leung

Brandon Leung, a barista, inserted his own chip and PIN device to siphon customer payments into his account. Despite having previous convictions for theft, he secured employment due to inadequate background checks. Over time, he diverted £4,000 before being caught.

Detection Strategies:

  • Expense Policy Enforcement: Establish clear guidelines for expense claims and enforce them strictly.​
  • Receipt Verification: Require original receipts and verify their authenticity.
  • Background Screening: Implement comprehensive pre-employment checks to identify past misconduct.
  Theft-of-Business-Assets.png

Theft of physical assets includes stealing equipment, inventory, or office supplies. While sometimes considered minor, these losses can accumulate significantly over time.

Detection Strategies:

  • Inventory Management: Maintain accurate records of all assets and perform regular stock checks.
  • Surveillance Systems: Use CCTV cameras in key areas to deter and detect theft.
  • Access Controls: Restrict access to storage areas and valuable equipment.
  Information-Theft.png

Information theft involves stealing sensitive company data, such as customer information, trade secrets, or confidential records, often to sell or use for personal advantage.

Real-Life Case: Peter Omoruyi

Peter Omoruyi, a convicted sex trafficker, managed to work with vulnerable teenagers in the UK due to gaps in background screening processes. His access to sensitive information and individuals posed severe risks, highlighting the dangers of inadequate vetting.

Detection Strategies:

  • Comprehensive Screening: Include international criminal record checks and verify all past employment.
  • Data Access Controls: Limit access to sensitive information based on role necessity.
  • Monitoring Systems: Implement software to detect unusual data access or transfers.
  Intellectual-Property-Theft.png

This occurs when employees steal proprietary information, such as software code, product designs, or business strategies, to benefit themselves or competitors.

Detection Strategies:

  • Confidentiality Agreements: Require employees to sign non-disclosure agreements.
  • Exit Procedures: Conduct thorough offboarding processes to ensure return of all company property.
  • Digital Rights Management: Use technology to protect and track access to digital assets.

Conflict-of-Interests.png

Conflicts of interest arise when employees make decisions that benefit themselves, friends, or family members, often at the expense of the organisation.

Real-Life Case: Carl Stokes

Carl Stokes, a fire safety assessor involved in the Grenfell Tower tragedy, misrepresented his qualifications. His lack of expertise contributed to inadequate safety assessments, underscoring the dangers of undisclosed conflicts and falsified credentials.

Detection Strategies:

  • Declaration Policies: Require employees to declare any potential conflicts of interest.
  • Qualification Verification: Verify all professional qualifications and certifications.
  • Continuous Monitoring: Regularly update employee information and re-screen as necessary.
  Cyber-Fraud.png

Employees may engage in cyber fraud by introducing malware, hacking into systems, or facilitating cyberattacks, leading to data breaches and financial losses.

Detection Strategies:

  • Cybersecurity Training: Educate employees about cybersecurity best practices.
  • Network Monitoring: Use intrusion detection systems to monitor network activity.
  • Access Restrictions: Implement the principle of least privilege for system access.
 

Why Understanding These Types Matters

By recognising the various forms of insider fraud, organisations can tailor their prevention and detection strategies effectively. Each type presents unique risks and requires specific controls.

Conclusion

Insider fraud manifests in numerous ways, from financial manipulation to intellectual property theft. Real-life cases like those of Lesley Stewart, Lorna Porter, and others highlight the tangible risks that organisations face. HR professionals and compliance officers must remain vigilant, employing robust screening processes and ongoing monitoring to detect and prevent such activities.

In our next post, we'll explore the importance of implementing risk mitigation strategies and how they can protect your organisation from insider threats.


Stay tuned for Part 3: "The Importance of Implementing Risk Mitigation Strategies" coming soon.