Applying OSINT to Fraud Prevention and Corporate Investigations
By Charles Brown
Get the latest news and insights sent straight to your inbox
In the digital era of the 21st-century, crimes such as fraud, illicit trade and security are evolving and new tactics and techniques are emerging that can make them harder to spot, and harder to investigate.
As these crimes increase, organisations incur huge losses. According to UK Finance, the trade association for the banking sector, criminals stole almost £754 million through fraud in the first half of 2021, a 30% increase from 2020.1 Similarly, illicit trade is thought to cost the economy $2.2 trillion every year.
In this complex environment of operational, legal, regulatory and reputational risks, organisations need to stay informed about organised crime methodologies and typologies. They also need access to data about who they are working with, both internally and externally, Here, a key tool available to investigators is open source intelligence (OSINT).
OSINT investigations extract insights from open source data (OSD), thereby uncovering information about prospective business partners, clients, suppliers, and employees. With the help of next-generation OSINT tools, corporate investigations teams and anti-fraud professionals can make the quick and accurate decisions required to prevent reputational and financial damage.
In this article, we’re going to examine where OSINT is useful and the benefits it can have within fraud prevention and corporate investigations. Let’s get started.
Suggested reading: You can learn about OSINT and the key features of an effective OSINT tool in our free eBook — The OSINT Handbook
Increasing numbers of online transactions, the pressures of Covid-19 and the increasing availability of personal data online have conspired to make fraud even more prevalent. There are two high-level types of fraud that need to be considered:
- Insider Fraud: Insider fraud emanates from within an organisation and involves expenses fraud, corruption, sabotage and data leakage. At the corporate level, insider fraud could involve skimming money from contracts, bribing or accepting bribes, fraudulent accounting, or the organised theft/embezzlement of assets and finances. Insider threats are more pervasive than ever due to the disparate connections formed between modern organisations and their international labour force and supply chains.
- External fraud: External fraud includes a whole host of activitites including digital payments fraud, card washing, cybercrime, and corporate hi-jacking, where criminals pose as a business to solicit payments for goods and services from legitimate businesses. At consumer level, fraudsters are investing more time into social engineering scams and online retail fraud.
How applying OSINT helps
Insider fraud cases are often solved by identifying connections between an employee and a potential perpetrator. Internal data can be useful here, but key links can often be found in open source data. For example, a friendship between an employee and supplier on publicly available social media could expose an insider threat.
Due diligence is an important preventative measure: organisations need to work hard to understand their business partners, performing detailed and comprehensive background checks. These checks need to extend into all available sources for the best outcomes, meaning that the utilisation of OSD is critical.
External fraud cases can also be addressed with the help of OSINT. Identifiers such as usernames, IP addresses or phone numbers can often be traced back to an individual using a combination of data sources. However, discovering and mapping together these traces often requires investigators to navigate across the surface web, deep web and dark web. As a result, the best investigatory outcomes require access to cutting-edge OSINT tools that facilitate secure dark web searches1, data collection, analysis and visualisation within a single platform.
With the help of modern OSINT tools, researchers can investigate these disparate open source data resources to identify key connections, create an accurate understanding of a prospective business partner or client and resolve fraudsters’ identities. As a result, the likelihood of exposure to fraudulent entities can be significantly reduced and instances of fraud can be solved more easily.
Protect your brand and prevent illicit trade
Brand protection is a burgeoning industry in its own right. A Deloitte business survey found that 87% of executives rated reputational risk as more important than other strategic risks, with a particular focus on bribery, fraud and corruption.2
Reputational risks are threefold:
- Direct risks pertain to the actions of the business itself
- Indirect risks to the actions of employees and the board
- Tangential risks through third-parties and peripheral entities
Organisations face risks through direct, indirect and tangential association to illicit trade, criminal networks and unethical activities. For example, without establishing rigorous controls and procedures, organisations may lose sight of how third parties utilise their name, image, products, licences, copyright, and branding. As a result, third parties may circulate counterfeit, faulty or non-compliant goods in the business’s name, or form indirect links to illicit or unethical industries without authority or permission.
A potent example of the risk presented by illicit trade and supply chain networks is when Apple, Google, Dell, Microsoft and Tesla were exposed for their links to child labour and cobalt mining deaths. This incident forced a major remodelling of their supply chains and increased emphasis on supply chain due diligence across the technology sector.3 While such companies have the financial resources to mitigate such scandals, others may not be unfortunate.
How applying OSINT helps
With OSINT, organisations have the ability to conduct more thorough due diligence on suppliers, contractors, clients, employees and other organisational associates. OSINT enables organisations to enhance their understanding of their networks, a crucial element in maintaining firm control of associated business entities and their conduct.
In this fast-developing regulatory context, the benefits of robust due diligence are also synergistic with environmental, social and governance (ESG) best practices. Performing detailed searches of business partners, suppliers, clients, and employees helps tackle instances of illicit trade and brand misuse whilst enabling businesses to control their ESG commitments.
Enhance corporate security
Corporate security relates to the mitigation of a range of threats and risks to a business’s assets and operations. Historically, corporate security departments primarily focused on the protection of people, physical assets and information through activities like manned guarding, access control and CCTV operations. However, as the business environment has become increasingly more complex, corporate security teams are contributing toward the management of a range of additional reputational and regulatory risks including things like bribery and corruption, cyber security, corporate espionage, and hostile activism. The enduring possibility of data leaks, sabotage, insider hacking and other forms of corporate espionage also necessitate internal and external corporate risk monitoring. Monitoring vulnerable or complex contracts, internal flow of funds and associations with new suppliers, clients and networks enables internal teams to take control of issues before they develop.
Looking to identify and manage corporate security risks more effectively?
Explore how Videris can help enhance anti-fraud and security protocols. Book your free demo today.
How applying OSINT helps
OSINT enhances the internal risk monitoring process, both when a subject is not yet known or when there are some pre-existing leads or clues to follow. Deploying OSINT to glean insights from corporate records and social media can uncover anomalies on internal subjects that might indicate potential bribery or illicit activity. Monitoring such threats enables businesses to take incisive internal action before the information is exposed in the public sphere.
As with fraud and illicit trade, thorough due diligence is important here. Uncovering connections between employees and suppliers, and malicious actors, or even competitors allows organisations to take action before potentially catastrophic risk exposure. Establishing connections is straightforward with modern OSINT tools, especially those with the ability to produce detailed visual reports of subjects and their links to media and news articles, blog posts, social media, and corporate records.
Choose the right solution to ensure success
Videris was developed to meet the need for leading-edge, holistic fraud prevention and corporate investigation tools. Our platform can help guide investigators through each stage of their investigation, from collection and analysis through to visualisation.
Furthermore, Videris is already being employed by leading organisations across multiple sectors, enabling them to greatly enhance their anti-fraud and security protocols whilst unlocking a competitive edge in an increasingly ESG-oriented business landscape. If you want to learn more, read about how much time Videris can save your investigation process.
Videris provides a seamless user experience with capabilities to assist in anti-fraud and corporate investigations, most prominently:
- Enhanced search capabilities: Videris provides search functionality that penetrates beyond the superficial detail of surface web browsers. Extend searches across OSD sources spanning the surface, deep and dark web. This can include multilingual grey literature and corporate records, academic, nonprofit and public sector information, blogs, and national and local news articles.
- Cross-matching: Videris’ Intelligence Automation (AI) uses cross-matching algorithms to quickly bring connections to the fore, even when exact-phrase mentions are limited. Use these tools to identify links between your subject and other networks, entities or individuals.
- Security: All of these tasks, and more, are conducted from a single, secure ecosystem. Videris can be deployed on the cloud or on-premises and allow investigators to do their work without the risk of individual or organisational exposure.
Book a demo with us today, and see for yourself how Videris can enhance your anti-fraud and corporate investigation processes.
1UK Finance Half Year Fraud Report 2021
2Deloitte Global Survey on Reputation Risk