Fraud in Plain Sight

A former US Postal Service worker was just sentenced for stealing nearly 19,000 dollars in postal funds.

‍

The Department of Justice reports that Christine Hedges issued approximately 64 fraudulent no fee money orders, many of which were processed when no customer was present. Over time, she quietly diverted 18,939 dollars from the system using her internal access and trusted position.

‍

This kind of fraud is not rare. At InnerActiv, we see similar situations unfolding inside real organizations across finance, customer service, and government—where trusted insiders exploit their roles to carry out misuse that is difficult to detect using traditional security tools.

‍

Banking Fraud Hidden in Plain Sight

‍

Real case from an InnerActiv customer

‍

At a regional bank using InnerActiv, an employee opened loans and lines of credit in the name of an infirm family member without that person’s knowledge. On the surface, nothing seemed out of place. Processing loan applications was part of her job.

‍

Other systems in place were designed to detect common banking risks like unauthorized transfers, identity fraud, or external breaches. But those tools did not pick up on what was happening here. The issue wasn’t a technical breach. It was a misuse of privileges from the inside.

‍

InnerActiv flagged the unusual behavior through endpoint and workflow analysis

• The employee’s loan applications showed patterns that didn’t match her previous work
  
  
• She accessed a private email account unrelated to the bank’s systems
  
  
• Many actions took place outside of normal business hours and without corresponding customer interactions
  ‍
  
  

Because InnerActiv focused on behavior, not just permissions, we were able to detect the risk early and provide clear evidence to support the investigation.

Customer Service Abuse Without Customer Involvement

‍

Real case from an InnerActiv customer

In another case, a national customer service provider discovered internal misuse of account access. Employees were making unauthorized changes to customer records and redirecting phone numbers, all without any contact from the customer.

‍

These actions were taken by employees with valid credentials. But InnerActiv revealed clear signs that something was wrong

• Secure portals were being accessed with no phone call or open support ticket on record
  
  
• Account changes were made at unusual times or outside the expected volume
  
  
• Behavior patterns did not align with those of peers in the same role
  ‍
  
  

These actions did not trigger alerts from identity or logging tools. But by observing actual behavior at the endpoint and connecting it to phone systems and service data, InnerActiv uncovered a clear pattern of misuse.

‍

Internal Fraud Is Common and Costly

‍

These are not isolated cases. Internal fraud is a widespread and persistent risk across nearly every industry. Research shows

• 43 percent of organizations have experienced fraud in the past two years
  
  
• Asset misappropriation accounts for 86 percent of internal fraud cases
  
  
• The median loss per occupational fraud incident is 125,000 dollars
  
  
• Insider fraud in banking averages 1.5 million dollars per case
  
  
• Most schemes go undetected for more than a year
  ‍
  
  

The pattern is consistent. Someone with access misuses it in a way that bypasses most standard detection methods. Financial loss is only one part of the damage. Trust, reputation, and compliance exposure follow close behind.

‍

How InnerActiv Detects What Others Miss

‍

Most security systems are designed to protect the perimeter. InnerActiv focuses on what actually happens inside your environment—on the screen, in the application, and across every user interaction.

‍

What makes our approach different

• Real time insight into what users are doing across applications
  
  
• Visibility into how systems are accessed and used, not just whether access was granted
  
  
• Identification of abnormal behavior based on job role, peer comparisons, and workflow expectations
  
  
• Correlation across systems to spot misuse that spans multiple tools or data sources
  
  
• Clear, interpretable signals that help security teams act with confidence
  ‍
  
  

This is how we surfaced fraud in the banking and customer service cases. It is not about catching bad logins or blocking downloads. It is about understanding user behavior in context and seeing misuse before it causes damage.

‍

The Pattern Is Industry Wide

‍

From public agencies to banks to service providers, we see the same risk signals

• Access looks legitimate but behavior is off
  
  
• Internal systems are being used in ways that do not match expected workflows
  
  
• Customers are not involved in actions taken on their behalf
  
  
• Traditional security tools fail to catch it because they do not see what the user is actually doing
  
  
• Endpoint level visibility reveals misuse early
  ‍
  
  

These are real cases. Real organizations. Real people. And the difference in outcomes came down to whether they had visibility into user behavior or not.

‍

The Takeaway for Security and Risk Leaders

‍

In the USPS case, nearly 19,000 dollars moved undetected through 64 transactions, often processed without a single customer present. The same kind of risk played out in the bank and customer service environments described above—only discovered because those organizations had visibility into user behavior at the endpoint.

‍

Insider misuse is one of the hardest risks to detect, especially when users are operating within the bounds of their permissions. But with the right behavioral insight, it becomes visible and actionable.

‍

InnerActiv provides that insight. We help organizations see what is really happening at the point where people and data meet, giving them the ability to stop fraud before it turns into loss.

‍

Fraud is not a question of if. It is a question of whether you can see it in time.

‍