From Scalped Super Bowl Tickets to Fake Invoices at Microsoft
October 19, 2018
One employee can do a lot of damage. Just look at the headlines the other day from Microsoft. A grand jury indicted Microsoft’s former director of Sports Marketing and Alliances, Jeff Tran, for allegedly trying to create fake invoices for up to $1.4 million and scalping the company’s Super Bowl tickets for $200,000.
Tran helped build Microsoft’s strategic relationship with the NFL that allowed the company to buy Super Bowl tickets for its employees. Instead of handing them out to his co-workers, Tran allegedly sold 62 tickets for $200,000. The stakes got higher soon after that.
As part of Tran’s responsibilities, he was allowed to approve invoices from certain vendors. According to the indictment, Tran submitted a fraudulent invoice for $775,000 invoice s through one of the company’s vendors, approved the invoice, and diverted payment to his own bank account. He then allegedly made the bold move of submitted another fraudulent invoice for $670,000. That’s when vendors reportedly contacted Microsoft and an investigation was launched.
The internal threat is real and you never know who may be lurking in the shadows waiting to take advantage of weaknesses in processes. In Tran’s case, he was able to approve and pay invoices from specific vendors. So how do you protect yourself from the inside threat?
With Pathlock’s Access Violation Management solution in place, one Global 1000 company uncovered $10M in fraudulent transactions from a lifelong employee in one of its offices in South Africa. It provides real-time visibility of materialized user risks and the financial exposure those risks have on the business. Click here to learn more by reading the Forrester report The Total Economic Impact of Pathlock’s Access Violation Management Solution. It measures the value of reducing manual mitigating controls and quantifying your financial exposure from access management risks.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.