Sources of Information and Public Records

A surprising amount of a fraud case can be built from information that's publicly available or lawfully obtainable — corporate records, court files, property records, and the digital trail people leave behind online. This lecture covers two things in parallel: where examiners find information, and, just as important, the legal limits on getting it. Hold both halves in your head, because the exam tests them together.

The right answer to a sourcing question often hinges on two checks at once — first, whether a particular record is genuinely public or otherwise lawfully accessible, and second, whether the method you used to obtain it was lawful. Those are separate questions, and a method that crosses a legal line poisons even publicly knowable facts. Information gathered improperly can taint your case, get evidence excluded, and expose you and your firm to liability.

So we treat lawful sourcing not as a footnote but as part of the technique itself.

Public records are the examiner's backbone, and knowing which registry holds which fact is half the skill. Court records reveal prior civil and criminal cases, bankruptcies, judgments, and tax liens that together paint a picture of a subject's history, disputes, and financial pressures — and financial pressure is a classic fraud motive worth noting. Corporate records held by the secretaries of state show who owns, controls, and serves as registered agent for an entity, which is how you pierce a shell or find a hidden affiliation.

For public companies, the S-E-C's EDGAR system holds filings packed with useful detail on finances, officers, and related-party transactions. Property records show real-estate ownership and mortgages — central to tracing where stolen money actually went and what it bought. U-C-C filings, under the Uniform Commercial Code, reveal secured loans and assets pledged as collateral, exposing debts and relationships a subject might not volunteer.

And professional licensing boards confirm credentials and disciplinary history. None of this requires anyone's permission or consent; it's simply a matter of knowing the right registry and asking it the right question.

Beyond formal registries lies open-source intelligence — O-S-I-N-T — information that's freely and lawfully available online. Social media can reveal relationships and associations, a lifestyle plainly inconsistent with reported income, business interests a subject failed to disclose, undisclosed travel, and sometimes even outright admissions people post without thinking. Business websites, news archives, court-watch services, and industry databases fill in the rest of the picture.

The lifestyle angle is especially powerful in fraud work: a payroll clerk earning a modest salary while posting photos of a new boat, a luxury car, and exotic vacations is exactly the mismatch that justifies a closer look. But capture this evidence carefully and the moment you find it — take a screenshot with the date, time, U-R-L, and source visible, preserve it before the subject deletes or locks the account, and document precisely how you located it so you can authenticate it later. Online evidence is uniquely easy to find and uniquely easy to lose, which is why preservation, not just discovery, is the real discipline here.

Now the limits, because the exam tests them hard. The Fair Credit Reporting Act — F-C-R-A — restricts how consumer credit reports may be obtained and used; you can't simply pull someone's credit because you're curious or because it would be handy. There must be a permissible purpose, and idle investigation isn't one.

Pretexting — lying about your identity or purpose to trick a bank, a phone company, or another holder of private records into handing over a person's confidential financial information — is unlawful, and it's a serious mistake an inexperienced or over-eager examiner can stumble into. Don't do it, and recognize it instantly when a scenario describes it. Privacy and data-protection laws, which vary by jurisdiction and are especially strict in many countries outside the U-S, constrain what personal data you may collect, how you may use it, and how long you may keep it.

The recurring exam lesson is blunt: just because information exists somewhere doesn't mean you may obtain it by any means available. Lawful method matters every bit as much as the value of the data itself.

A few practical principles. Corroborate: a single source can be wrong or stale, so confirm key facts across independent records. Document the provenance of every fact so you can authenticate it later and show it was lawfully obtained.

And weave public records into your money-tracing and your interviews — a property record can confirm where embezzled funds landed, and a prior lawsuit can shape how you question a subject. For the exam, run two checks on any sourcing question: is this record genuinely public or otherwise lawfully accessible, and was the method of obtaining it legal? Pretexting for financial data and misusing consumer reports are the wrong answers.

Next, we move into data analysis and digital forensics, including Benford's Law.