Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Publishes Top Email Terms Used By Corporate Fraudsters

Posted by Unknown on from the security-unclassified-uscode-smuggle-espionage dept.

Qedward writes "Software developed by the FBI and Ernst & Young has revealed the most common words used in email conversations among employees engaged in corporate fraud. The software, which was developed using the knowledge gained from real life corporate fraud investigations, pinpoints and tracks common fraud phrases like 'cover up,' write off,' 'failed investment,' 'off the books,' 'nobody will find out' and 'grey area'. Expressions such as 'special fees' and 'friendly payments' are most common in bribery cases, while fears of getting caught are shown in phrases such as 'no inspection' and 'do not volunteer information.'"

1 of 105 comments (clear)

  1. Re:Watch your words... by Luckyo · · Score: 4, Interesting

    I take it you never worked in any kind of monitoring and enforcement. In reality, what grabs your attention (in addition to user reports) is the certain known patterns which give you a starting point from which to investigate.

    I did some of investigating certain port scan patterns back when I was admin on a university campus. About 95% of people doing it were innocent of any wrongdoing, usually gamers with games that did massively overly broad LAN IP/port scanning searching for other players running the same game. About 95% of those who weren't were just starting script kiddies, and catching them in act early let me let them off with a slap on the wrist and no real damage to them or other people. Just young nerds who got their "oh my god 10mbps network" back in POTS modem age, saw another couple of hundred clueless people on the same network and figured they could root their unsecured windows machines to pump up their directconnect hub shares.

    And then there were two people I got who were seriously trying to search for vulnerabilities and install trojans on computers of others people for much worse reasons, including one asshole who was actively trying (and succeeding in some cases) to access email accounts and other personal data of young female students to better harass them in real life. These two were banned from campus network and none of those two would have been caught that early in act (if at all), if it were for those of us volunteering as admins following up on certain usage patterns.

    FBI is giving out certain usage patterns associated with certain kind of crime. I can very much envision this being incorporated into some sort of workplace monitoring scheme on the email server which will have about the same kind of accuracy. But it gives a starting point from which to look at, and nothing more. For example, your spam, while it would certainly attract attention, would pretty much immediately be disgarded as "not what we're looking for" for obvious reasons, because while it does meet the criteria for the starting point, it's also obviously not what any enforcer would be looking for.

    Reporting a crime requires crime that was actually perpetrated, and you wanting to report it. In many cases, things can be managed within company/organization without having to involve actual law enforcement with far lesser consequences for all parties involved.