Online fraud coming to social networks

Investigators are gearing up for the day Twitter and Facebook become tools for financial wrongdoing.

By Stephanie N. Mehta, assistant managing editor

worm_virus_email.03.jpg

NEW YORK (Fortune) -- When it comes to perpetrating market manipulation, insider trading and other financial fraud, wrongdoers have used garden-variety office technologies -- e-mail, faxes, voicemail messages -- to cover their tracks or tip off their partners in crime.

Could social networks be the next frontier in financial fraud?

"In the next year," predicts Mike Kinnaman, senior managing director of marketing for the technology group of FTI Consulting, the global restructuring and advisory firm. "I would not be surprised if you see something high-profile involving social networks."

As more corporate users embrace social networks such as Facebook, Twitter and others in their business interactions, it seems likely that individuals or groups committing fraud would use those tools, too. That's why investigators are constantly trying to stay abreast of the latest in so-called "out-of-band" communications, says David Remnitz, an FTI senior managing director specializing in electronic evidence. "We're spending a good amount of time understanding how [social networks] will be used in coming years," he says. "We always need to be one step ahead of the curve."

Remnitz and Kinnaman say social networks aren't a big part of the mix of tools fraudsters use today, but that will change as younger executives who grew up using Facebook in college start to move into jobs and positions in which they might have opportunity to commit electronic crimes.

FTI uses a variety of forensic tools to scour huge quantities of digital data -- from information stored on employee computers and laptops to millions of back-office and financial transactions that traverse corporate servers and networks. Using a combination of intelligent software systems and engineering and accounting talent, FTI often is able to find evidence of crimes that even the most vigilant corporate auditing systems miss.

As Kinnaman explains it, oftentimes companies that suspect fraud aren't even sure what to look for, a situation that's a bit akin to consumers' frustration with Internet search engines. Google, for example, is great if you know what you're looking for, but less effective if you don't even know what questions to ask to find needed information.

Similarly, FTI's technology is able to quickly sort data into buckets that corporate executives wouldn't even consider. Kinnaman tells the story of a sales manager who suspected fraud in his organization but couldn't find evidence of wrongdoing through his usual checks.

FTI's software combed through e-mail and other correspondences and uncovered sets of documents bearing the same or similar words, which FTI then presented to the sales manager.

The manager honed in on several corporate names of companies that were not existing customers of his group, and realized the rogue employees were likely creating files for these non-customers to falsify information. Without the categorization serve FTI provided, the manager likely would not have known to look for the non-customers' names, Kinnamen says.

Remnitz says social networks offer an interesting challenge for investigators and forensic types: The conversations on social networks tend to be more casual, and users are much more likely to mix business and personal disclosures in single discussion thread, much more so than they might in a business memo or even an e-mail to colleagues. As a result the software tools and the investigators who use them sometimes have to work harder to put social-networking communications in context.

Ultimately, though, Remnitz says the same rules that apply to voicemail, e-mail, memos, faxes and other communications should apply to employees' social-networking practices. Workers need to adhere to company ground rules, protocols and ethics, whether they're making a call or Twittering.  To top of page

More Galleries