Corporate Financial Fraud

CASE STUDY

Investigation for Financial misconduct within corporations

Tags
Digital Forensics, Financial Fraud, Email Fraud, Credit Card Fraud, HR investigation
Corporate Financial Fraud

Background

The General Counsel for a local manufacturer and retailer suspected that an employee had unauthorized access to other employee’s email accounts. It was brought to the General counsel’s attention because the employee disclosed very private and sensitive information. Upon further investigation, it was determined that the employee engaged in an inappropriate relationship with the IT manager, and it was further revealed that the IT manager gave the employee the passwords to everyone’s email.

Scope

The Maryman team was engaged to perform a digital forensic investigation of the employee’s current and previous computer systems and email accounts to determine if the employee was engaging in unauthorized access of other email accounts in the organization. The employee was not a member of IT and should only have had access to her own authorized email account.

Preservation

Both of the computer systems of the employee were forensically preserved for analysis. The email account and logs were downloaded and also preserved.

Analysis and Findings

During the early phase of the investigation, an examination of the computer systems and email accounts did not outright reveal anything out of the ordinary. However, present on the employee’s main computer was a backup of her personal phone. With authorization from the counsel, the personal phone backup was independently preserved and analyzed.

On the personal phone, communications between the employee and the IT manager were analyzed and the inappropriate relationship was confirmed. It appeared that access to all individuals email accounts, including the CEO and inhouse counsel, was given to the employee in exchange for favors. However, this was only the tip of the iceberg.

The communications between the employee and a friend, who was a former employee of the company, revealed a massive financial fraud scheme that was perpetuated against the company for five years. The employee, whose responsibilities included bookkeeping, would make personal purchases on the company credit card, and reclassify them in the accounting system as marketing and advertising costs. In the beginning of the fraud, it was limited to meals out and dinners, but over the course of the fraud, it escalated to even include vacations for family members.

Worse yet, the communications from family members encouraged the employee to continue committing the fraud, even going so far as to say that they were proud of the employee for getting away with it.

At the conclusion of the analysis, it was discovered that nearly $2 million dollars had been stolen by the employee, all while the company was facing financial difficulties.

Next Steps

The General Counsel confronted the employee and demanded full restitution, otherwise it would be referred to law enforcement. Surprisingly, the employee was able to pay back the full amount. However, the analysis also discovered two USB devices that had been inserted into the system, which were indicated to have some financial records of interest to the company. The employee refused to return those devices.

Outcomes

Due to the employee refusing to return the USB devices of interest, the case was referred to local law enforcement for prosecution.
Scroll to Top