Protecting personal information and correcting identity theft

Government records are now a vulnerability for consumers personal data. State records are under seige from hackers. Budget constraints have led to more outsourcing to cloud providers or other service providers of the state agency’s email, data storage, and disaster recovery services, for instance. But CISOs are lukewarm about their trust in the third-party provider’s security: Only 4 percent are very confident, with 74 percent “somewhat confident” and 18 percent “not very confident.” A recent data breach in South Carolina exposed over 3 million social security numbers to hackers. Anyone who has ever filed a South Carolina tax return since 1998 may be affected.

Once a breach of identity or personal information occurs, it is important to take action quickly. Upon notifying banks of possible account vulnerability, and credit card issuers of fraud, the next step is to discover the source of the release. In the event of bank account fraud, we are more frequently discovering that regular payees of checks are using account and routing numbers from received checks to create dummy checks or to initiate wire transfers. If a fraud occurs an investigation and forensics can determine which payee pilfered the information and stole the funds. These frauds can be partially prevented by setting up ACH block on accounts, or using a zero balance transfer account as a firewall.

 

Spying on a spouse in a divorce

Suspicion of infidelity or a desire to exit a relationship often creates a motivation for a person to spy on their relationship partner. The results can provide peace of mind that their worst fears of an unfaithful partner are true, or give them confidence that their decision to leave the relationship is valid. “People are dying to know if their spouses are cheating,” said Randall Kessler, past head of the American Bar Association’s family-law section.

Private parties should be careful in the methods used to obtain information on a spouse. Federal and state laws govern the protection of privacy and can create legal liability for eavesdropping, voyeurism, or stalking. As the techniques and technology being used become more robust, adhering to the law is more important. At least five of the 13 U.S. circuit courts have found that the Federal Wiretap Act does prohibit surveillance within marriages. “In one 2011 Nebraska case, a mother who embedded a listening device in her daughter’s teddy bear to record the girl’s father was found guilty of violating the Federal Wiretap Act. And in a 2008 Iowa ruling, a court found that a man had violated his wife’s privacy by taping her with a camera surreptitiously installed in an alarm clock in her bedroom in their home.”

The liability does not stop with electronic recording. GPS surveillance is a booming trend. A Minneapolis man was convicted of sticking a GPS tracker on his wife’s car. “Pretty amazing stuff,” said Mr. Hormann, a former investment salesman and now a truck driver. At least four times in late 2009 and early 2010, he used it to locate his then-wife, Ms. Mathias, court records say. In July, 2010, a jury convicted Mr. Hormann of two charges, stalking and tracking the car. He spent 30 days in jail.

A licensed private investigator should be aware of all GLB, DPPA and local laws so that appropriate spousal monitoring does not turn into a stalking conviction. Also, evidence gathered by a licensed third party is more likely to be admissible in the divorce proceeding. Pictures or data gathered by an adversarial spouse directly may be excluded due to bias or to an improper chain of evidence.

 

Enhancing business security and profitability

Business investigations.

A professional investigator can add value to a companies operations by covertly observing internal processes, operations, and activity. The investigator will gather intelligence from outside the company as well. The details from both sources are compiled and analyzed to improve a business operation

  • Discover fraud
  • Reduce expenses
  • Increase safety
  • Lower injury claims
  • Identify problem employees
  • Improve morale
  • Discover opportunities for efficiency
  • Protect company resources
  • Reveal security vulnerability

 

As a business owner, consider if the answers to any of these questions would be valuable business intelligence or would help the business become more securely profitable:

  1. Where is your key employee really going for lunch?
  2. Is your accountant in financial trouble?
  3. Is your purchasing manager in business with any suppliers?
  4. Is the employee who called in sick really “sick”?
  5. Are all of your company checks processed correctly?
  6. What products are your competitors developing?
  7. Are all of your accounts payable legitimate?
  8. Are any sales being diverted?
  9. Does your business have a security plan?
  10. Do executives occasionally need armed protection?
  11. Are your company checks all accounted for?
  12. Are sales personnel submitting false reimbursements?
  13. Does the person you are suing have assets?
  14. Have employees ever used other names?
  15. Have employees acquired criminal records since hiring?
  16. Are files and records being secured, or being accessed without permission?
  17. Is your company name being used inappropriately?
  18. Is the person suing you actually injured?
  19. Are vendors over billing with collusion from an employee?
  20. Is your inventory a source of business loss?
  21. How will financially distressed employees access company assets?
  22. Is there information which can reverse a customer chargeback?
  23. Who knows how much cash you carry?
  24. Are vendors and contractor up to date?
  25. Are employees keeping your business info confidential?
  26. Do employees operate outside ventures?
  27. Are fund transfers monitored?
  28. How do competitors present an offer to a prospective client?
  29. Are customers private records being disposed of properly?
  30. Are inappropriate files being stored on your server?
  31. Do web visitors extract large volumes of product info?
  32. Are employees active with work on their PC’s?
  33. Is fraud being concealed within your company?
  34. Do employees activities create liability for the firm?
  35. How does your competition operate internally?
  36. Do any of your activities suggest fraud to your bank?
  37. What information is being gathered about you by others?
  38. Have there been undiscovered attempts at defrauding your business?
  39. Are volume clients in financial distress? Their principals?
  40. Are any business partners or associates in financial or legal trouble?
  41. Do you keep a Zero Balance Account (ZBA) for wire transfers?
  42. Does your operating account have ACH blocked? 

Information can be developed using investigative methods such as subject interviews, voice stress analysis, covert monitoring, IT forensics, cell tracking, video, facial recognition, GPS, document forensics, account auditing, surveillance, live backgrounding, and DNA analysis.

 

Investigation of business partners and contracts

High net worth and affluent individuals have a greater expectation of performing proper due diligence when partnering in an enterprise or contracting for a business arrangement. When claiming fraud, courts are more likely to dismiss claims if the defrauded party had an opportunity to have previously discovered red flags of fraud through a due diligence investigation. “In Karfunkel v. Sassower, No. 602244/2009 (N.Y. Sup. Ct. Sept. 12, 2012), Judge Peter O. Sherwood granted a motion for summary judgment dismissing plaintiff’s claim of civil fraud for lack of both scienter and justifiable reliance, holding that sophisticated parties may not justifiably rely on alleged fraudulent misrepresentations when accurate information is readily accessible.” In this case, the plaintiff alleged to have been defrauded through a scheme of commingling invested funds and business inventory. The court dismissed the claims stating that the losses could have been avoided if the contractual representations had been investigated and verified. “Judge Sherwood found that sophisticated parties have an obligation to conduct their own appraisal of risk when the true nature of their investments can be easily ascertained. Therefore, Karfunkel could not establish that he was intentionally misled if he failed to make use of available means of verification.”

Misrepresentations occur even at more visible enterprises. The Huffington Post was surprised to discover that its vice-president of marketing had an open arrest warrant. A background investigation on the executive revealed that he had failed to appear in a DWI case, 9 years earlier. Publicly traded firm Yahoo was made aware that its CEO had lied about his educational background and earned degrees. Yahoo CEO Scott Thompson does not have a bachelors degree in computer science as he had misrepresented. An investigation by investment firm Third Point discovered the fraud.

If executives at high-profile firms are willing to misrepresent their background, it is certain to also occur at mid-size firms and small business. The damage done to a company due to fraud, embezzlement, or even incompetent management can be catastrophic and frequently not covered by business insurance.

Improving the security of personal and business online privacy

For centuries privacy was effectively established by the functional difficulty to obtain information without extensive manual research, in-person investigations, and complicated records retrieval. The security afforded by this built-in obstacle has largely been removed with the development of the internet and social media. The activities, movements, associations, and interests of people are now readily available using a handful of online resources.

An individual who is in a position to require some higher level of personal security and privacy would need to take some specific action to meet their need to be less vulnerable. Ten of the most effective means to improve security are described.

1. The obvious: Social media privacy settings. Facebook settings, LinkedIn details, and Twitter postings. Of course, setting privacy and being careful on what is intentionally posted online is the first step in protecting your online security.

2. Use at least 3 separate email addresses for online activities. If participating on discussion forums, picture hosting, or any website with a login, remember that there are resources such as Spokeo which will consolidate your accounts within view to the public. You may not publish enough sensitive information in one place to create a vulnerability, but if all postings and discussions were taken together, a person with bad intentions could cross reference enough intel to piece together something useful. As an example, go to a photo sharing site such as Photobucket or 4shared. Create an account, even without uploading any photos. You will discover that a Google search of your email address will reveal this account. From just this one account, a researcher could discover photos showing timelines of activity, associates, background clues, or assets. Even without photos, the username for the account would be visible which could then be searched again, to locate other sites where that online identity has activity.

3. Create a tracking site for your identity. For many clients we create a legitimate bio site with information about the individual. The page will have appropriate photos and positive information intended to be revealed. Behind the scenes however the page serves to track visitors to it. The tracking data will show how many people went to the page, it will reveal where they were located, their IP address, what company they were from (if using a work computer), and most importantly it will reveal what search terms were used to find the page. For example, it would be valuable to know if people were searching for “Joe Brown XYZ Corp. scammer” vs. “Joe Brown experience.” If Google searches (or Bing, or Yahoo) were showing up in the data which showed “Joe Brown home address,” this may also be cause for action and caution.

4. Search for data files with personal information. Deep web searches for any tracking info to your identity are helpful. Search “.xls SSN 123-45-6789” to see if your social security number has been inadvertently included in some spreadsheet online. Try your phone numbers, date of birth, and home address. Test for .doc files, .txt files, ,pdf and .php records. If any are discovered the source can be identified.

5. Upgrade your LinkedIn account to see who has searched for you or has viewed your profile. You can also look to see what other profiles were searched along with yours. This can provide valuable insight to what is the intention of visitors.

6. Strip off metadata from any transmitted files. If you are sending, uploading, or posting a file from your PC or phone to a different location, be aware that the data hidden within the file may contain more details than you intend to transmit. Photos can contain the type of camera used and GPS coordinates of the shot, even the serial number of the camera in some instances. PDF files can retain prior versions or redacted data you intended to remove. Word documents frequently retain prior versions and the content prior to revisions. All files have the potential to contain your name and the name of other contributors, as well as time stamps, location data, and IP address of the host machine. A file emailed to one person may end up posted online, so when sending anything do so with the preparation that the data could be public. Also, if you are scanning a faxed document be sure to remove the fax header detail line to make sure that the sender and receiver are both kept anonymous.

7. Google Images. If a web page contains your name, any pictures contained on that page may be associated with you on Google Images. Take a look to see which photos may reveal information about yourself or your location which is not intended. Also check Google Maps to make sure that the picture of your home does not reveal details about your private life.

8. Online public records. Real estate title records of official recorded documents are more frequently available online, without requiring a visit to the recording clerk or courthouse. Because of this, your records can be searched remotely by individuals not located near you. Most counties intend to redact personal information such as social security numbers, drivers license, and bank account info. However this is not always consistent. We frequently discover revealing information in official records which is useful for an investigation. One common oversight is a notarial oath for a signature, which may contain a drivers license number and expiration data. You can check your records  and request redaction if personal information is discovered.

9. Photo recognition. Watch out for your avatars, profile photos, and other likenesses. Even if they are not associated with your real life name, advances in software allow for facial features to be compared and a person identified. Even if today a photo cannot be scanned successfully, that profile shot of you on an anonymous web forum may end up being associated with you at a later date, along with all of the discussion or activity that went along with it.

10. Regular audits of online presence. Whether you do it yourself or have an expert perform a thorough review, checking your publicly available records will help maintain privacy. The results will point to areas where activity needs to be monitored, or even where removal efforts can be pursued. One basic tool which any user can implement is Google Alerts. You can set up an automatic monitoring of any search term, such as your name, company info, or combination of words. If any new web page or reference to them appears online, you will receive an email message with a link to the location.

Online availability of vast amounts of personal information is a reality. While the genie cannot be returned to the bottle, a dedicated and intentional method of managing online privacy will improve the security of those who take the effort to protect themselves. Remember that anything placed online is out there forever.

Due diligence on contractors and partners prevents fraud

In the course of everyday life and business dealings decisions are made to engage with contractors, business partners, vendors and clients. Each instance of doing business represents an opportunity to be vulnerable to outside risks. Appropriate private investigation of relationships protects against liability and damages.

A family in Palm Beach had enlisted the assistance of domestic staff which included housekeeping. One of the housekeepers devised a scheme to blackmail the family. By having such close access to the household, the housekeeper was able to obtain private letters containing information about alcoholism and other family secrets. The housekeepers daughter contacted the family and threatened to release the information if they were not paid $3 million. The plot was defeated, but with great expense. There have been other cases of housekeeping staff stealing valuables or embezzling from bank accounts.

In many cases, doing an initial investigation on domestic staff, and then doing regular updates to trusted contacts is a valuable means to protect against fraud. The updates are important since a person with a previously “clean” background can resort to fraud when life conditions change, such as divorce, financial issues, or narcotics use.

The lack of due diligence on a corporation may also have contributed to the loss of millions by government due to a bankruptcy. When the firm Digital Domain was courted by Palm Beach County and the State of Florida to build a headquarter location with FSU, they did not know that the firms president was already being sued for breach of contract. Several years and millions of dollars later, the county had lost millions in incentives to the company without results. Coincidentally the firm was investigated by an attorney from Greenberg Traurig, who was the firm suing Digital Domain CEO Textor in the first place. Greenber Traurig itself has been a target of claims in the Scott Rothstein fraud case, with reports that it did not disclose documents relating to its representation of TD Bank in the matter.

The fraud investigation in that case was headed up by attorney David Mandel, who pursued the investigation of TD Bank. The success of that investigation was that in January 2012, a Miami federal jury awarded Coquina $32 million in compensatory and $35 million in punitive damages. The verdict was the first-ever based on the legal theory that a financial institution had “aided and abetted fraud” and money laundering by one of its customers.

 

Asset recovery when the debtor is bankrupt

Asset recoverySuppose that you have a valid judgment, or at least a claim against a party for damages but the debtor is insolvent. How do you recover any assets in this scenario? These methods require qualified legal advice and support from professional investigators skilled in the specific area of asset recovery. Let’s take a look at some strategies which can provide pathways to recovery or seizure of funds and assets in this situation.

 Fraudulent Transfers

If the individual or entity has already filed a bankruptcy petition and the case is still in process, there are a few methods for a creditor to obtain a more favorable outcome. Using the “fraudulent transfers” provisions of the US Bankruptcy Code, creditors can assist the trustee to reclassify assets as debtor assets even if they are presently titled or held by other parties. The debtor may have intentionally transferred funds or other assets to nominee third parties for the purpose of placing them outside the reach of creditors or the trustee. These are discovered by through qualified investigative methods, and can be presented to the trustee for consideration when located. Provisions for recovering from improper transfers can be found in the Code at 548(a)(1).

Even if the debtor did not intentionally transfer assets fraudulently, creditors can use the theory of constructive transfers to reel in assets. In these instances, the transfer is made without receiving something of reasonably equivalent value in exchange for the transfer. These outbound assets or funds can be identified for possible clawback. Less obvious asset transfers can be in often overlooked forms, such as a promissory note held by a debtor. A loan which is forgiven by the debtor, or offered with below market terms can be made part of a claim to recover assets. Specific mechanisms for identifying constructive fraudulent transfers is in the US bankruptcy code at 548(a)(1)(A).

Going even further, a creditor can make the argument that the date of insolvency was when the debtor began operating a fraud or Ponzi scheme. This can open up an entirely new set of assets for recovery. For example, suppose a debtor began operating at a loss for several years while continuing to receive revenue from clients or investors. During this period the debtor continues to pay salaries to principals and Imageexecutives. At the same time there are preferential payments to entities such as closely held management companies, principally owned real estate leases, or selected payables vendors. A financial forensics investigation can pinpoint the instant in history which the debtor became technically insolvent so that outflows of assets beyond that date can be assessed. An analysis of payments will reveal which payees received preferential treatment and which were paid late or not at all. Preferential payees including principals or executives may be a source or clawback.

Third Party Liability

If the fraud was extended due to the actions of third parties, vicarious liability can extend to those individuals or entities as well. A bankrupt debtor may have been able to continue its enterprise because of lax oversight of its bank accounts, continued recommendation by investment advisers  or preparation of positive financial statements by accountants. In one example, a company opens a bank account with the stated purpose of operating a local retail store. The account is used to collect payments from investors around the country. Instead of expected account activity showing merchant deposits and cash entries, the account statement shows large volume of ACH and wire transfers from out of town banks. A review of the policies and procedures of the bank who holds the account, compared with the actual activity in the account will reveal whether the financial institution followed its own internal or regulatory requirements in monitoring the client. If it can be demonstrated that according to policy the account should have been reviewed or even closed, a claim can be made that the institution enabled the fraudulent debtor to operate longer than it would otherwise would have, and therefore expanded losses to creditors.

If a third party prolonged the life of an otherwise defunct corporation a claim can be made that the third party carries some liability for losses to the entity. Consider an example where a contract salesperson brings in new business or investors to an insolvent company. If the company was able to continue to operate for a longer period of time, the contractor may have enabled the deepening of the fraud. It may have been unwittingly, but not if the contractor knew or should have known that the corporation was not viable. An area of investigation in this scenario would be to analyze communications, emails, voice mails, or other correspondence to see if there were any suggestions made to the salesperson to “just get a few more sales to cover payroll.” This could indicate that the sales were being made simply to temporarily delay the discovery of the insolvency. An investigation would look at whether a professional overlooked obvious red flags of fraud, or did not look into doubtful representations made by a client or vendor. Creditors who incurred losses which were enabled by information furnished by such a third party may be able to claim against that person or firm. A separate legal theory for connecting third party liability is “foreseeable injury,” where the professional had a reasonable expectation for a party to be damaged, even if there was no contractual relationship with the client.

The actions which created the debt to a particular creditor can also be scrutinized to determine if related parties contributed to the liability. For example, suppose a bankrupt company owes money to a creditor due to an unpaid invoice for services. Were all of those services provided exclusively to the debtor? Did any benefit company principals individually, or other entities?

A formal bankruptcy petition filing allows greater powers for discover of a debtors finances and activities. Prior transactions can be scrutinized for indications of fraudulent transfers or third party liability. If a debtor is insolvent, but not formally in bankruptcy there may be a benefit of using the strategy of an involuntary filing by creditors to obtain this ability. On the other hand, it has the consequence of prioritizing claims which may not favor one particular creditor.