New SDNY Cases Show Continued Insider Fraud Threat

fraud detection

Since biblical times, the greatest threats have often come from inside one’s own organization.

Et tu, Brute?

And recent news from the U.S. Attorney’s Office for the Southern District of New York (SDNY) shows that, even two-plus decades into the 21st century, insider fraud remains a constant threat.

This, as last Wednesday (May 1) a cybersecurity consultant was sentenced for using stolen proprietary information to extort a vendor organization for $1.5 million, threatening to release the company’s files unless they met his demands.

“When those entrusted with sensitive information steal that information on their way out the door, only to extort money with a threat of releasing that information, my Office will hold them responsible for their conduct,” United States Attorney for the Southern District of New York Damian Williams announced in a press release.

Just one day earlier, on Tuesday (April 30), two executives at a healthcare claims processing company were sentenced for running an eight-year-long, multi-million-dollar embezzlement scheme against their employer.

The internal leaders conspired with others to create fake vendors that purported to do work on behalf of their employer, then signed invoices approving payment for the fake work — a scheme that went undetected for nearly a decade.

Two former executives of a White Plains healthcare consulting company “betrayed the trust of their employer by stealing millions of dollars. [The executives used] sham companies to submit fake invoices and trick their employer into paying for work that never happened, then laundered the proceeds,” said U.S. Attorney Williams.

Insider executive fraud within large companies frequently involves high-ranking individuals, often executives or top management, exploiting their positions and access to sensitive information for personal gain at the expense of the company and its stakeholders.

The repercussions of insider fraud can lead to severe financial and reputational damage, particularly for enterprises operating within the financial services and payments sectors — making effective detection and prevention critical.

See alsoRemote Work Forces Small Businesses to Level Up Their Fraud Game

Effectively Protecting Against Insider Fraud

While insider fraud is not a new threat and may not be as flashy as today’s other, artificial intelligence (AI)-driven attacks, it still represents an increasingly dynamic vulnerability that enterprises need to stay on top of.

That’s because today’s employees, including third-party consultants, enjoy unprecedented access to sensitive company data and financial assets. This newfound accessibility and widespread dissemination of sensitive internal information has opened the door wider than it has ever been to potential insider threats.

“One of the biggest differences between the consumer world … and the enterprise world is that different people are allowed different access to different information,” Eddie Zhou, head of AI at Glean, told PYMNTS. “Permissions are a first-class thing you have to think about with enterprises.”

Detecting and preventing insider fraud, particularly when it involves executives, can be especially challenging due to the nature of the perpetrators and the complexity of their fraudulent schemes.

Executives often have privileged access to sensitive information, making it easier for them to conceal fraudulent activities or manipulate records without detection. This access can also make it difficult for internal controls to effectively monitor their actions.

Read more: Third-Party Vendors Emerge as Data Security Threat

Addressing these challenges requires a multi-faceted approach that includes implementing robust internal controls, promoting a culture of transparency and ethical behavior, conducting regular audits and risk assessments, providing avenues for anonymous whistleblowing and ensuring active oversight by independent directors or external auditors.

At the same time, executives may often operate with a high degree of autonomy, enjoying limited oversight from other members of management or the board of directors. This lack of oversight can provide opportunities for fraudulent behavior to go undetected for extended periods.

As PYMNTS Intelligence found in collaboration with Hawk AI, about 43% of financial institutions in the U.S. experienced an increase in all types of fraud this past year relative to 2022, resulting in a rise in overall fraud losses increasing by about 65% from $2.3 million in 2022 to $3.8 million in 2023.

The data revealed also that firms reliant on manual processes are more likely to suffer from fraud than firms deploying automated solutions, which is why leveraging advanced analytics and AI technologies can help identify patterns indicative of fraudulent behavior and enhance detection capabilities.

Still, as emphasized by many of the risk management leaders PYMNTS has spoken to, the first line of defense for today’s businesses is their own employees, making individual education around suspicious behaviors, and the best practice methods to combat them, more important than ever.