Insider Threats: £4.6m in self-signed invoices

Written by Red Goat

February 4, 2020

Of the three categories of insider threat; theft, fraud and sabotage, fraud is often the most complex,  inventive and difficult to detect. This case however, has a certain simplicity to it.

The case concerns a Mr Kabbaj who worked for an “unnamed global internet company” according to the US Internal Revenue Service, and for Rakuten, according to Linkedin. A few weeks ago this former senior IT executive pleaded guilty to wire Fraud and could face around 20 years in jail.

How did it get to this?

Four years ago, whilst working for Rakuten, Mr Kabbaj formed a company called Interactive Systems. Over the course of the next four years Interactive Systems repeatedly billed Rakuten for non-existent equipment that it hadn’t supplied. These invoices, you will be unsurprised to learn, turned up on the desk of a Mr H. Kabbaj for authorisation.

Kabbaj was creating these fake invoices, emailing them to himself at his work address, authorising them and then sitting back and collecting the money. So far so simple, but what about the lack of tangible equipment? To cover his tracks Kabbaj would put the serial numbers of equipment his employer already owned onto the invoices.

How much did he make?

Kabbaj defrauded the company of £4.6 million over four years on top of his salary and benefits. According to his linkedin bio his skills include being able to  “Transform business processes and streamline them with technology solutions that deliver rapid ROI” –Which is true, if you understand that he meant rapid ROI for himself, not for the company.

How did he get caught?

Bit of an opsec fail on his part. Kabbaj was discovered when another employee looked closer at the invoices. Anomalies were noticed and then someone look at the meta data on the invoices.  They saw that the invoices were being created on Microsoft Word licensed to Kabbaj, proving that he had sent the invoices to himself..

What can I do to defend against this?

  1. Make sure no one person has power to approve invoices. Have multiple people looking at this.
  2. Crucial jobs should be rotated every so often. This helps train all the team on the tasks that need doing and also means people don’t have years in one role to potentially commit fraud.
  3. Train staff to spot odd behaviour. Kabbaj sent himself 52 invoices and made £4.6 million -there may well have been multiple signs he was up to no good that could have been identified and been reported.

 

Related Content

Amazon Ring Insider Threat

Amazon Ring Insider Threat

What happened? Ring, the Amazon owned home-security company, has admitted firing four employees who accessed users’...

The Facebook Insider

The Facebook Insider

Friday the 13th  is a day that has been long associated with bad omens. This became a reality for almost 30,000...

Trend Micro Insider Breach

Trend Micro Insider Breach

The Tokyo based cyber security company Trend Micro has revealed it has been the victim of a sophisticated insider...