Wells Fargo Fires Employees Over Falsified Expense Reports

Fraud committed against enterprises hits firms large and small. Among the most noteworthy headlines this week, Wells Fargo’s latest scandal focuses on doctored expense reports, and beyond the pond in the U.K., several cases show how fraud can be perpetrated against government and insurance agencies. And a study from Barracuda Networks shows how sometimes, even the simplest of email scams is enough to make off with ill-gotten gains.

Expense fraud comes to the biggest of companies, it seems. And for Wells Fargo, add that injury to the list of scandals hitting the bank.

Reuters reported on Thursday (Aug. 30) that the company has either terminated or suspended more than a dozen employees tied to the company’s investment banking unit. The employees were shown the door in the wake of alleged violations of Wells’ expense policy centered on after-hours meals. The violations are far-flung in terms of positions of those being investigated or let go.

Citing people “familiar with the matter,” the report adds that those involved include analysts and managing directors with the company, in locations including San Francisco, Charlotte and New York. They allegedly doctored receipts on meals that were then charged to Wells Fargo.

The Wall Street Journal reported that Wells often reimburses staffers if they order food as they stay late at the office to work on company deals and other projects.

Separately, the trend toward email fraud continues, as the Barracuda Networks reported this past week that the email scams are rather simplified in nature. How simple? Think plain old emails, rendered in plain text, with no links needed to direct the unwitting to being parted with account information (or funds). The tech firm’s study has found that seemingly authentic wording and context are enough to get the fraud job done, or to help persuade a wire transfer.

Barracuda Networks finds that bogus text emails fly under the radar of most fraud detection systems, as they do not have the aforementioned links.

Google Enters Phishing Fray

Google has stated that its own roster of 85,000 employees has seen a full year without any of what gizmodo terms “security mishaps.” In light of that achievement, the firm has pointed to its new practice of using physical security keys for two-factor authentication. That same security key is available for sale, says the site, in the Google store. The site states that the offering “is really two devices” and that “for $50, you get one USB key that can be inserted into your computer to prove that you’re really you, and a backup device that communicates with NFC or Bluetooth.”

Individual Fraud Cases

The Association of Procurement Technical Assistance Centers (APTAC) has sent out an alert stating that businesses are getting phony invoices that “appear for services received from a[n] … assistance center.” But, as noted by APTAC, the vast majority of those centers do not charge for their services. The fees, when levied, are clearly described in advance.

We want you to be aware that this campaign is taking place right now. Someone is sending out invoices in the name of the ‘American Procurement Technical Assistance Consultants’ for services that have not been sought or agreed to. This should not be confused with APTAC — the Association of Procurement Technical Assistance Centers – the professional association to which all PTACs belong … the phony invoices are in the amount of $249 for ‘procurement technical assistance.'”

Across the pond, the Irish Examiner reports that an “invoice redirection scam” cost Louth and Meath Education and Training Board 250,000 pounds in fraud losses. The fraud took place in November.

And separately, data reported on the site londonlovesbusiness.com and sourced from ActionFraud, the U.K. fraud and cybercrime reporting outlet, has found that business losses from employee fraud have doubled year on year. The total from 2017 to 2018 is more than 1,400 cases, costing 88 million pounds. The losses on average have come to 62,000 pounds, up from 50,000 pounds seen in the previous year.

Insuranceage.com, also covering the U.K., said that an individual, Iain Wishlade, was sentenced to 26 months in prison for embezzling 129,000 pounds from three insurance firms where he worked. He was found guilty of lying about medical treatment costs that those firms’ clients were liable for paying and submitted false invoices to those customers.