FBI Publishes Top Email Terms Used By Corporate Fraudsters 105
Qedward writes "Software developed by the FBI and Ernst & Young has revealed the most common words used in email conversations among employees engaged in corporate fraud. The software, which was developed using the knowledge gained from real life corporate fraud investigations, pinpoints and tracks common fraud phrases like 'cover up,' write off,' 'failed investment,' 'off the books,' 'nobody will find out' and 'grey area'. Expressions such as 'special fees' and 'friendly payments' are most common in bribery cases, while fears of getting caught are shown in phrases such as 'no inspection' and 'do not volunteer information.'"
Watch your words... (Score:5, Funny)
"So, this new range of paints is a grey area - neither black nor white. But if you spill any, while painting the library, make sure you keep it off the books. Hang on, there's someone knocking at the door..."
Re: (Score:1)
Re:Watch your words... (Score:5, Funny)
Re:Watch your words... (Score:4, Funny)
This paint is terrible! It's a totally failed investment. I better get some new paint and cover up these splotches quickly so no one finds out.
Re:Watch your words... (Score:4, Funny)
New hobby... trolling the FBI / corporate security with innocent usage of suspicious phrases.
My new years resolution is now to use a minimum of one of these phrases in every email I send using the company email system for the year 2013. My employer is large enough that they most certainly use this sort of filtering.
Heck... they're probably tracking my Slashdot account... Hey guys... just kidding!
Re:Watch your words... (Score:5, Funny)
Sadly, several important documents were irreparably damaged by improper regulatory activities which resulted in many important books being cooked, quite literally, by being placed too near to the old radiator style heating systems in the library.
When asked why no-one was notified about important documents being improperly handled like this, many library employees said it was standard operating proceedure to not reveal additional information to internal management, and that it was simply a case of inspectors not doing their jobs that the damage occured.
The library management has begun an internal investigation into the matter, but due to a recent computer mishap coupled with the removal of the obsolete paper copy card cataloge, a considerable amount of vital data was lost or deleted concerning which books the library actually owns, which ones are from inter-library exchange programs, and which ones are missing and unaccounted for.
At the current rate, it is likely that no one will ever find out the true extent of the damages, so disciplinary measures are unlikely to manifest any time soon. Most employees interviewed simply expect a standard "slap on the wrist", followed by business as usual.
Re: (Score:3)
Some other terms ("special fees", "friendly payments", are more telling. Or
Re:Watch your words... (Score:4, Insightful)
Re: (Score:2)
They're not auto-matic indictments, they're just keywords to narrow things down when say...
That's a given. This will flag the e-mails for manual review. But even though false positives will cause no (obvious) trouble for the sender and receiver, they will waste time of those people who are supposed to look for suspicious activity, and if there are too many of them, the system becomes useless...
Re: (Score:1)
Of course it could also be the first tier of a multi-tier analysis system: The first step does a simple keyword filtering to get the number of mails down for the next, more elaborate (and more expensive) automated analysis step, and only the mails surviving the second step are passed to human reviewers. Note that the less mails you have to analyse, the more effort you can put into each mail, so it makes sense to first eliminate the majority of mails with a very fast method.
Also, the keyword search might be
Re: (Score:2)
Re: (Score:2)
They're not auto-matic indictments, they're just keywords to narrow things down when say... you have a tarball of a bazillion emails from wikileaks uploaded to some bitttorrent site. (Yes, I mean for you, not the government to use, it was an example.)
Oh, right...because when the FBI starts looking at your conversations in particular out of those bazillion emails in the middle of an investigation, there's no way they would ever, *ever* just get carried away and look for a problem where there isn't one...
Re: (Score:2)
Re: (Score:2)
You misunderstand. This isn't about getting high amount of accuracy. It's about getting a starting point for such investigation.
Re:Watch your words... (Score:5, Interesting)
I take it you never worked in any kind of monitoring and enforcement. In reality, what grabs your attention (in addition to user reports) is the certain known patterns which give you a starting point from which to investigate.
I did some of investigating certain port scan patterns back when I was admin on a university campus. About 95% of people doing it were innocent of any wrongdoing, usually gamers with games that did massively overly broad LAN IP/port scanning searching for other players running the same game. About 95% of those who weren't were just starting script kiddies, and catching them in act early let me let them off with a slap on the wrist and no real damage to them or other people. Just young nerds who got their "oh my god 10mbps network" back in POTS modem age, saw another couple of hundred clueless people on the same network and figured they could root their unsecured windows machines to pump up their directconnect hub shares.
And then there were two people I got who were seriously trying to search for vulnerabilities and install trojans on computers of others people for much worse reasons, including one asshole who was actively trying (and succeeding in some cases) to access email accounts and other personal data of young female students to better harass them in real life. These two were banned from campus network and none of those two would have been caught that early in act (if at all), if it were for those of us volunteering as admins following up on certain usage patterns.
FBI is giving out certain usage patterns associated with certain kind of crime. I can very much envision this being incorporated into some sort of workplace monitoring scheme on the email server which will have about the same kind of accuracy. But it gives a starting point from which to look at, and nothing more. For example, your spam, while it would certainly attract attention, would pretty much immediately be disgarded as "not what we're looking for" for obvious reasons, because while it does meet the criteria for the starting point, it's also obviously not what any enforcer would be looking for.
Reporting a crime requires crime that was actually perpetrated, and you wanting to report it. In many cases, things can be managed within company/organization without having to involve actual law enforcement with far lesser consequences for all parties involved.
You misunderstand law, police and "justice" system (Score:1)
What is being described, and the actions you yourself report, are indications of so-called "fishing expeditions" and vigilantism.
Both are properely identified as immoral, and are often illegal as well.
So, you yourself are a prime candiate to be investigated for criminal activity.
Have a nice day.
Re: (Score:2)
I still recall how one admin I knew answered some dumbass with similar, utterly clueless PoV: "do you also try to teach your father how to fuck?"
In most countries, laws specifically allow network administrators to check for security risks with these methods. Private users? In many cases illegal as that would indeed be invasion of privacy. Network administrator? Legitimate action needed to maintain safety and integrity of network.
Re: (Score:2)
I am not American. Most of EU countries allow for this AFAIK. I know for a fact that mine does.
Finally, this isn't a "fishing expedition" by the very definition of concept. I sat on the same network as everyone else at home. When you hit me with a port scan that scans wide array of ports with known vulnerabilities, you can expect me to start looking into it. Most sane users with good knowledge of computer networking would just IP block the guy at that point and report it to local admin.
"Fishing expedition"
Re: (Score:2)
Funny how all of you (are there more then one?) are posting as AC, and all want police involved, with severe consequences for all parties involved.
That's incredibly confrontational and carries heavy penalties for all involved, including victims who have to be questioned about their private lives and how they know by the police.
Irony (Score:5, Funny)
Re: (Score:1)
(1) Audits are not designed to detect fraud, further, i.e, they are only designed to provide only reasonable assurance that the statements are free from material error. Typically this is interpreted to mean that if members of a company were conspiring to commit fraud as opposed to some lone individual stealing money, it is less likely to be caught.
(2) Most auditors are dumb, especially in the US, in my view largely because t
Re:Irony (Score:4, Funny)
(3) You won't find many accountants on slashdot since they tend not to be among the intellectually/technologically curious types in my experience.
Ah yes, this old problem again:
Counsellor: Well I now have the results here of the interviews and the aptitude tests that you took last week, and from them we've built up a pretty clear picture of the sort of person that you are. And I think I can say, without fear of contradiction, that the ideal job for you is chartered accountancy.
Anchovy: But I am a chartered accountant.
Counsellor: Jolly good. Well back to the office with you then.
Anchovy: No! No! No! You don't understand. I've been a chartered accountant for the last twenty years. I want a new job. Something exciting that will let me live.
Counsellor: Well chartered accountancy is rather exciting isn't it?
Anchovy: Exciting? No it's not. It's dull. Dull. Dull. My God it's dull, it's so desperately dull and tedious and stuffy and boring and des-per-ate-ly DULL.
Counsellor: Well, er, yes Mr Anchovy, but you see your report here says that you are an extremely dull person. You see, our experts describe you as an appallingly dull fellow, unimaginative, timid, lacking in initiative, spineless, easily dominated, no sense of humour, tedious company and irrepressibly drab and awful. And whereas in most professions these would be considerable drawbacks, in chartered accountancy they are a positive boon.
Re: (Score:3)
(3) You won't find many accountants on slashdot since they tend not to be among the intellectually/technologically curious types in my experience.
HEY! I exist, darn it! :D
But never mind me, I once found a Chartered Accountant (British Variety, ICAEW I reckon) who actually gave me some very insightful pointers on the working of the british tax system, and he was masquerading as an AC! So we do prowl on Slashdot ;p
----
I won't comment on the relative merits of various accountancy qualifications, partly because that's a pissing match on the level of vi vs emacs (nano rules, bitches!) and partly because I have already done so in the past, it's back there
Re: (Score:2)
As a CPA, former auditor, and forensic consultant,
Well, I'm not a CPA - but my wife is (now) and of course in her studies I picked up a thing or two...
I can tell you 3 things: (1) Audits are not designed to detect fraud, further, i.e, they are only designed to provide only reasonable assurance that the statements are free from material error. Typically this is interpreted to mean that if members of a company were conspiring to commit fraud as opposed to some lone individual stealing money, it is less likely to be caught.
Exactly, but it's also with respect to the Auditing Plan submitted by the firm being audited, which does have standards (GAAS, IIRC) that it must comply with. Though as a forensic consultant you probably are looking for any traces regardless. But it's a pretty big loophole that firms could use to hide fraud, simply by leaving it out of the Auditing Plan.
(2) Most auditors are dumb, especially in the US, in my view largely because the CPA exam is far too easy and largely memorization based.
Can't speak to that. Though I do know they've been maki
Re: (Score:2)
Well...
1-An audit firm is the sum of it's constituent audit partners...blaming the whole firm is effectively meaningless.
2-An audit is as effective as the engaging audit partner is willing it to be.
3-Although ICAS will have us believe that audit rotations have no *benefit*, even it's President (Sir David Tweedie) can't ignore the fact that auditors are getting...*too cosy* with the clients.
Sorta like this? (Score:5, Funny)
I know this is a grey area, and this may sound like a cover up, but we need to keep this failed investment off the books or do a write off. Nobody will find out.
Re: (Score:2)
Are there any special fees or friendly payments? If so, I'm in. Give me a call. My phone number is 419....
Re: (Score:2)
Are there any special fees or friendly payments? If so, I'm in. Give me a call. My phone number is 419....
I'll join too. Just call me at 911-5673.
Nah, the warez people have got this (Score:5, Funny)
Re: (Score:2)
So they're only looking for (Score:2, Funny)
Duh (Score:4, Funny)
Re: (Score:1)
but...but....it was an email, not a book.
Re: (Score:2)
Re: (Score:1)
Any idiot that SENDS AN EMAIL from his corporate account discussing a fraud, using whatever phrases, deserves to get caught. What the fuck does "Off the books" mean if not "DON'T WRITE ANYTHING DOWN".
And, if you are going to send an email telling everyone to delete the incriminating emails, make sure you delete that email.
Furthermore, Mike Brighty, another Hasbro Sales Director, was clearly aware not only of the pricing initiative itself but also of its illegality when he suggested to Ian Thomson to ask Lesley Paisley of Littlewoods to delete an incriminating e-mail ('its highly illegal and it could bite you right in the arse!!!! suggest you phone Lesley and tell her to trash?')
Source: http://webcache.g [googleusercontent.com]
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
Once corporate people discover encryption, we will be doomed.
Re: (Score:2)
I wonder why the above comment has been moderated "funny". I think he was dead serious. But it's good to know that at least SOME criminals are such utter morons that they would leave a digital "paper trail".
Other reasons.... (Score:2, Funny)
A lot of these phrases also apply when you are having an affair with the secretary and/or wife of the boss...
Re: (Score:3)
Re: (Score:2)
A colleague runs a hedge fund in New York, and he's paying his secretary $200k yearly. He's stupid if he doesn't have a professional prostitue, preferably with a Ph.D., working for him :)
all sounds pretty innocuous to me--- (Score:5, Insightful)
Isn't that how investment bankers talk all the time?
Re: (Score:2)
Isn't that how investment bankers talk all the time?
Yeah, I thought "write off" was standard operating procedure.
Though I don't suppose that means it can't be fraud too...
Re: (Score:2, Funny)
Re: (Score:2)
They forgot (Score:2)
Re: (Score:2)
This article isn't about scammers casting a wide net to find victims for confidence tricks; these are business partners and colleagues actually conspiring to commit corporate fraud or tax evasion.
The confidence trick is a meta-scam: It pretends to invite you to become a partner in crime, while you are in reality the intended victim. They're two different things.
Write off (Score:3)
I am puzzled (Score:3)
Iff you ever do something within the grey area, then do so without witnesses. Leaving an email trail that somthing is done in "the gray area" to "keep things of the books" is pretty much the opposite. It is very likley that reacting to such emails takes a misbooking or a thing for which you can at worst get fired straight to a criminal level.
I for my part always walk away in business if somebody suggest me things in "the gray area". If i am somehow related to that person i would point it out during in a few words during the coffee break.
If colleagues/boss engage in such things i also walk away. Gives me the option later to deny knowing about it in detail.
Re: (Score:2)
Nokia? Is that you?
OMG!!! (Score:2)
Those are the same words that investment bankers and banks in general use all the time!
I knew the whole banking industry was just a ball of fraud.
Corporate Speak! (Score:1)
GNAA leverages core skillsets and world-class synergy through teamwork to provide clients worldwide with robust, scalable, modern turnkey implementations of flexible, personalized, cutting-edge Internet-enabled ebusiness application product suite esolution architectures that accelerate response to customer and real-world market demands and reliably adapt to evolving technology needs, seamlessly and efficiently integrating and synchronizing with their existing legacy infrastructure, enhancing the sodomy-read
Re: (Score:2)
I am NOT a member, so I don't know all the in's and out's. I just thought this was a great example of the babble heard in company meetings throughout the nation.
As long as fraudsters don't end up in government.. (Score:2)
the FBI have my blessing.
Don't Miss The Interesting Thing (Score:3)
Folks, this is the future. Computers can cross-reference and correlate things at lightning speeds and, once something approaching true artificial intelligence comes along, they'll be able to tell (with 99% accuracy) when someone is lying or telling the truth.
Recommended reading: the "Troy Rising" series by John Ringo. Even if you're not into the "oo-rah" and military stuff, Ringo's one of the best when it comes to realistic artificial intelligences. By the third book ("The Hot Gate") one of the protagonists has struck up a friendship with one of the fabber AIs. The AI admits as much to her, that it can not only tell when a human is lying, it can tell when that person is engaged in illegal activity, just by observing behavior.
In the Troy series, the privacy issues are handled with strict "protocols" (i.e., laws hard-coded into the programming) that govern AI behavior, but this is something that we're going to be facing in the future. What the FBI is doing here is going to look like the first crude steam locomotives compared to what AIs will be capable of in not too many years from now.
More terms for M-x spook (Score:2)
Sounds like emacs' spook [gnu.org] will be getting an update with more keywords and phrases!
But how often are these terms used in other cases? (Score:3)
One obvious issue is how often these phrases show up in legitimate contexts. For example, "grey area" might be used frequently if one has a legal department. Not to volunteer information could easily be an instruction to an overly talkative employee or executive or the like to not blab about what the company is currently trying to do but hasn't gotten to work quite yet, or even has gotten to work and are industrial secrets. The last is a surprisingly common problem- a relative of my at one point was the COO of a baking company that was owned by someone who knew little to nothing about the industry (having inherited it) and on at least two occasions blabbed to people outside the company secrets about their manufacturing processes in apparent attempts to impress people. And that was in baking. In the circumstance my relative couldn't get the owner to stop (it is a bit hard to tell your boss to shut up) , but similar issues probably show up in a lot of industries.
So while some of these phrases seem obviously problematic (off the books is the most obvious one) I suspect that others could by themselves be often very innocent.
Most common phrase leading to malfeasance (Score:3)
"I accept this position as CEO."
Strange (Score:2)
I would of expected the most common words to be "I", "we", "the", "a", and so on and so forth.
Never write when you can talk... (Score:2)
"Never write when you can talk. Never talk when you can nod. And never put anything in an e-mail." -- from 2005 by Eliot Spitzer, former Attorney General, New York State.
Re: (Score:3)
Re: (Score:2)
Time to get your meds adjusted and change the tinfoil in your hat, there, Sparky.
Re: (Score:2)
Re: (Score:1)