The Lucrative Black Market for Customer Trust

“Free travel.”

A combination of words that grabs my attention, and stirs my soul. When? . . . How? . . . I’m thinking Machu Pichu! The Galapagos! High adventure, or a cheap way to satisfy an obligatory visit to a friend or relative. Sign me up!

A Fly Delta Facebook Event promises two free tickets on Delta by joining a fan page. All you have to do is invite 300 people, add a comment on the fan page, and click a box labeled “confirm tickets.” Alas, at 173 Friends, my community of Facebook acquaintances is so paltry, it will be difficult to capture this coveted prize. Not without me having to get a whole lot friendlier. Fat chance! Besides, the final statement in the offer makes me skittish: “After successful participation of an offer, your download will begin automatically.”

If that enigmatic sentence doesn’t pique your fraud antennae, maybe the name of the fan page will: Delta Air. All part of a choreographed online scam, according to the website Hoax-slayer.

In March, 2015, a similar Facebook scam took off, this one riding on the Qantas Airlines brand:

Today we at Qantas Australia are proud that we have seated over 3 Million passengers since January 1, 2015! So to celebrate this record setting accomplishment we will be giving out FREE first class flights for the rest of this year! That’s an entire year of FREE flights! To win, simply complete the step’s below. [sic]

A persuasive ploy that my finicky high school English teacher, Mrs. Gimmelblatz, would have immediately dismissed. “A grammatical catastrophe!” as she often exclaimed. But in less than 24 hours, this shoddy ruse hijacked over 130,000 Facebook Likes, and more than 153,000 shares – a runaway success by any marketing measure. If only it weren’t fraudulent. The imposter pages were shut down, but not before damage was done.

Expect to see more imposters. “The intention of these scammer like-farmers is to increase the value of the bogus Facebook pages they create so that they can be sold on the black market to other scammers and/or used to market dubious products and services, and distribute further scams. The more likes a page has, the more resale and marketing value it commands,” said Hoax-slayer.com. Fraudsters know that customer trust is highly fungible, and the black market is thriving.

Many scammers assume that consumers don’t pay close attention to the intricate branding and product details that designers, marketers and trademark attorneys obsess over. Delta Air Lines uses Delta as its official name, not Delta Air. Qantas doesn’t embellish its brand name with the company’s country of origin. A kangaroo, the proud centerpiece of its red logo, provides graphic confirmation. “One of the ways firms signal their integrity is branding; it makes little sense to invest vast sums in building a distinct reputation only to allow that reputation to be besmirched by fraud,” William K. Black wrote in an article, How Trust is Abused in Free Markets: Enron’s Crooked ‘E’.

Today, fraud can be astonishingly easy to pull off. Why commit messier crimes when you can just cut and paste a logo, or, if you’re working from inside, just use the one printed on your business card? And nailing the impostors is like a legal version of whack-a-mole. One manufacturer, Saddleback Bags, went the other way on fraud protection, taking a novel if-you-can’t-beat-them-join-them approach. The company’s YouTube video has the ostensible purpose of teaching people how to produce a knock-off of one of its leather bags.

Fraud techniques are often learned from others, and they are easily shared. An insight that Edwin H. Sutherland gave the world in 1939, when he coined the term “white collar crime.” He deserves credit for bravery. At the time, the notion that wealthy aristocrats could be criminally corrupt was as heretic as Galileo’s heliocentricism. And today, there’s no better channel for incubating and spreading white-collar fraud than social media. Whether committed externally or internally, fraud has five characteristics:

1. It works by mimicking an existing signal (e.g. brand name, product design, marketing message, or other communication)
2. It exploits trust
3. It relies on an imbalance of information that favors the party committing the fraud
4. It provides the perpetrator a direct or indirect financial benefit
5. It erodes the value of corporate brand assets, and present and future revenue streams

So while companies vigorously play whack-a-mole to thwart outside brand imposters, many are less aggressive about protecting against internal fraud. “Insiders cause the vast majority of theft losses,” according to Black. And, in a recent review of regulatory filings The Wall Street Journal conducted, “more than 300 companies, with a combined market value of more than $450 billion [maintain] internal-control guidelines that were written more than two decades ago.” In fact, The Wall Street Journal reported that “more than 180 companies disclosed ‘material weaknesses’ in their internal controls in 2013 – the latest year for which data were available – an 11% increase from the prior year, according to data tracker Audit Analytics.” (For further information on this topic, please see the updated 2013 COSO framework for fraud risk assessments.)

Absent adequate corporate governance, inside fraud makes travel fakery and similar scams seem like chump change. In March, 2015, over 200,000 protesters took to the streets of Sao Paolo, Brazil to protest billions of dollars that the national energy company, BNP Paribas, stole from consumers, and funneled to corrupt government officials. That’s about the same number of people involved in the historic August 28, 1963 civil rights march on Washington.

Fraud doesn’t spontaneously ignite. Companies must first understand the combination of circumstances that creates fraud before they can effectively fight it. The Fraud Triangle, described by Donald Cressey in a paper titled, Other People’s Money: A Study in the Social Psychology of Embezzlement provides three contributing forces:

1. Financial pressure, or other motivation to steal
2. Opportunity to engage in deceit
3. Rationalization for why it’s acceptable

While companies often can’t control or reduce motivation to commit fraud, they can reduce their risks by decreasing opportunities for abuse, and by monitoring its symptoms:

1. Accounting anomalies – including irregular or missing invoices, an unusually high number of voided transactions, GL journal entries without any supporting documentation, account details that don’t reconcile to the General Ledger, back-dated or post-dated transactions, unexplained variances between tax returns and the General Ledger, excessive number of late payment penalties from vendors

2. Weak internal controls – including missing documentation, no separation between accounting and audit functions, evidence of frequent overrides of transaction procedures, lack of authorization for transactions, lack of integration between accounting and information systems, lack of accounting oversight on departmental transactions, lack of internal conformity on records retention, inadequate protection for valuable assets such as intellectual property and product designs

3. Analytical anomalies – including ratios that are suddenly inconsistent with historical patterns, (e.g. increases in inventory accompanied by a decrease in Payables and/or carrying costs, increases in receivables accompanied by a decrease in bad debt expense), ratios that don’t make sense, excessive Accounts Payable late charges, excessive credit card charges

4. Lifestyle and behavior – an employee who has unusually expensive jewelry, clothing or cars, an employee who rarely uses direct eye contact. In a 2003 scandal at the Washington, DC Teacher’s Union, prosecutors said that union funds were used for “to buy tickets to sporting and entertainment events, plus luxury items including clothing, electronics and art.”

Many executives in smaller companies believe they are immune the risks of stolen trust. “We’re not a very compelling a target,” some tell me. But then I remind them that everyday email fraud flourishes through the same techniques. Who hasn’t received at least one email with a friend or colleague’s name as the “sender,” that contains a short, cryptic message like “You gotta see this!!!” followed by a squirrely-looking weblink? Trust in someone’s good name, exploited through social media. It’s been going on ever since the ‘90’s.

“A generation or two ago, strategic risks were largely confined to anticipating competitors’ next moves and focusing on solutions that could beat them at the same game. Financial risks were hinged on the strength of the US economy and banks’ credit capacity. There were no cyber-threats, no data breaches, fewer regulatory impediments and very short supply chains,” wrote Russ Banham in an article, Emerging Risk: Managing Threats in an Evolving Business World.

All true. And it was a lot less common – and less rewarding – to steal an asset like customer trust, and sell it on the black market.