When the value of a stock skyrockets, its investors may think they’ve hit the jackpot. But if the stock in question is part of a “pump-and-dump” scheme, investors may, in fact, lose their shirts. Here’s how to avoid getting taken by this type of investment fraud.

A penny for your stocks

In the typical pump-and-dump scam, a fraud perpetrator buys shares in an inexpensive, relatively illiquid stock (often referred to as a “penny” stock) whose price will react dramatically when trading volume increases. Then the crook makes false or misleading statements to encourage people to sink their savings into the stock and drive up its price. When it hits a certain dollar amount, the fraudster sells, locking in short-term gains and causing the stock to crash. Investors are left with what often are worthless shares.

This summer, the FBI uncovered an international pump-and-dump scheme that netted its perpetrators $15 million in profits over a five-year period. The criminals bought millions of shares in small, thinly traded companies, then staffed call centers to hype the stocks to senior citizens. The scheme might have continued indefinitely if not for the fact that one of the crooks’ “co-conspirators” wasn’t the greedy stockbroker he claimed to be, but an undercover agent.

Hot tips, cold shoulder

As the above case suggests, investment scammers often target seniors with retirement savings to invest. Novice investors who aren’t familiar with how the stock market works are also popular marks. However, even experienced investors can get snared when offered a “hot tip.”

You can help avoid becoming a victim by following some common-sense guidelines. For example, never buy a stock based on an email or telephone solicitation, no matter how compelling the sales pitch. Simply hang up the phone or delete the message.

If you’re intrigued by the sound of an investment, do your research to determine whether the company is 1) legitimate, and 2) a good investment opportunity. Also pay attention to the stock’s trading volume. The more thinly traded a stock, the greater the potential for fraudulent manipulation.

Too good to be true

The bottom line: When an investment sounds too good to be true, it probably is. If you’d like to invest (say, for retirement or other financial goals), but don’t know how to pick stocks or build a portfolio, work with a reputable financial advisor. There are no guarantees in investing, but your advisor can help you steer clear of scams and invest only in securities that meet your criteria.

© 2019 Covenant CPA

Early revenue recognition has long accounted for a substantial portion of financial statement fraud. By recording revenue early, a dishonest business seller or an employee under pressure to meet financial benchmarks can significantly distort profits. Fortunately, fraud experts have tools to expose such manipulation.

Multiple methods

Early revenue recognition can be accomplished in several ways. A dishonest owner or employee might:

  • Keep the books open past the end of a period to record more sales,
  • Deliver product early,
  • Record revenue before full performance of a contract,
  • Backdate agreements,
  • Ship merchandise to undisclosed warehouses and record the shipments as sales, and
  • Engage in bill-and-hold arrangements.

In this last scenario, a customer agrees to buy merchandise but the company holds the goods until shipment is requested. It and any of these schemes might be carried out by one employee or several in collusion.

Expert strategies

Probably the most obvious marker for early revenue recognition is when a company records a large percentage of its revenue at the end of a given financial period. Significant transactions with unusual payment terms can also be a danger sign. When these or other red flags are unfurled, it’s time to investigate.

Fraud experts might compare revenue reported by month and by product line or business segment during the current period with that of earlier, comparable periods. They typically employ software designed to identify unusual or unexpected revenue relationships or transactions.

Reading the signs

If, for example, an expert suspects merchandise is billed before shipment, he or she will look for discrepancies between the quantity of goods shipped and quantity of goods billed. The expert will also examine sales orders, shipping documents and sales invoices; compare prices on invoices with published prices; and note any extensions on sales invoices.

What if the expert suspects merchandise was shipped prematurely? He or she compares the period’s shipping costs with those in earlier periods. Significantly higher costs could indicate an early revenue recognition scheme.

The expert also may sample sales invoices for the end of the period and the beginning of the next period to confirm the associated revenues are recorded in the proper period. If phantom sales are suspected, reversed sales in subsequent periods and increased costs for off-site storage may provide evidence of fraud.

Exposure can be fatal

If improper revenue recognition is exposed to the public, the resulting scandal can destroy a company. Contact us immediately if you suspect it or other forms of financial statement fraud.

© 2019 Covenant CPA

When it comes to reducing fraud loss and duration, active detection methods (such as surprise audits or data monitoring) are far more effective than passive methods (such as confessions or notification by police). This was a major finding of the latest Association of Certified Fraud Examiners (ACFE) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse. Yet many companies fail to use active methods to their full potential.

Active vs. passive detection

The ACFE study found that frauds detected using passive methods tend to last longer and produce larger losses than those detected by such active methods as:

  • IT controls,
  • Data monitoring and analysis,
  • Account reconciliation,
  • Internal audit,
  • Surprise audits,
  • Management review, and
  • Document examination.

These active methods of detection can significantly lower fraud durations and losses. For example, frauds detected by IT controls had a median duration of five months and a median loss of $39,000. By comparison, fraud detected through notification by police had a median duration of 24 months and a median loss of $935,000.

Surprise audits and proactive data monitoring and analysis can be especially effective ways to fight fraud. On average, victim-organizations without these antifraud controls in place reported more than double the fraud losses and their frauds lasted more than twice as long as victim-organizations with these controls in place. Yet only 37% of the organizations in the ACFE study had implemented surprise audits or data monitoring and analysis, however.

Close-up on tips

The ACFE categorized tips — the leading fraud detection method — as “potentially active or passive,” because they may or may not involve proactive efforts designed to identify fraud. Organizations that use hotlines for reporting misconduct detected fraud by tips more often (46% of cases) than those without hotlines (30% of cases).

More than half of tips came from employees, but nearly one-third came from outside parties, such as customers and vendors. To ensure that tips are used as an active detection method, an organization should set up a hotline and promote its use among employees, supply chain partners and others. If possible, users should be able to make anonymous reports.

Don’t wait for fraud to find you

Occupational fraud poses a significant threat to organizations of every type and size. Waiting to react until fraud rears its head can result in serious financial losses. Instead, adopt active detection methods that can be deployed continually. Contact us for help.

© 2019 Covenant CPA

As more people use mobile phones, more fraud perpetrators target these devices. According to Javelin Strategy & Research, between 2017 and 2018 the number of fraudulent mobile-phone accounts opened grew by 78%. Schemes in which thieves open a phone account in your name and use it to access your bank account, sign up for credit cards and gain access to personal information are only some of the recent fraud trends. Fraudsters have plenty of ways to defraud consumers through their phones.

Why they’re vulnerable

One of the reasons mobile phones are so vulnerable is that phone security hasn’t kept pace with traditional computer security. Mobile devices rarely contain comprehensive security measures, and mobile operating systems aren’t updated as frequently as those on personal computers.

Yet users routinely store a wide range of sensitive information — including contact information, emails, text messages, passwords and identification numbers — on their phones. Geolocation software can track where phones are at any time, and various apps can record personally identifiable information. Hackers can target a phone and use it to trick its owner, or the owner’s contacts, into revealing confidential information. Or phones can spread viruses to computers — a big problem for companies with “bring your own device” policies.

How thieves get in

Sometimes attackers obtain physical access to a device. More frequently, a hacker achieves virtual access by, for example, sending a phishing email that coaxes the recipient into clicking a link that installs malware.

Apps can be dangerous, too. A user might install an app that turns out to be malicious or a legitimate app with weaknesses an attacker can exploit. A user could unleash such an attack simply by running the app.

What you can do

Encryption is probably the most highly recommended defense against mobile phone fraud. When data is encrypted, it’s “scrambled” and unreadable to anyone who can’t provide a unique “key” to open it. Two-step authentication is also advisable. This approach adds a layer of authentication by calling the phone or sending a password via text message before allowing the user to log in.

Phone owners should always activate PINs or passwords, and other options such as touch ID and fingerprint sensors if available. Conversely, users should disable Bluetooth and Wi-Fi when not in use, and set Bluetooth-enabled devices to be nondiscoverable.

Also request a freeze on the credit information that’s used to open a mobile-phone account with the National Consumer Telecom & Utilities Exchange. This is a credit reporting agency fed by data supplied by phone companies, pay-TV companies, and utility service providers.

Evolving threats

In only a decade, mobile phones have completely changed our daily lives. Unfortunately, fraud has kept pace with technology. To protect your personal information, you need to be aware of the constantly evolving threats.

© 2019 Covenant CPA

Fraud experts have long known that “dark web” sites provide information, support and illicit goods to hackers and other criminals. But security company Terbium Labs recently published a report analyzing a treasure trove of fraud guides for sale on shady sites. These “educational” publications provide crooks with detailed instructions on exploiting security weaknesses to hack networks, obtain financial information and steal identities.

Effective tips

Although Terbium found that most of the guides it downloaded were relatively useless, there were still plenty that provided effective tips on compromising networks and disrupting antifraud procedures. The guides cover everything from account takeovers to phishing to counterfeit documents to stolen credit cards. Often, they discuss specific companies. For example, a “Bank Drop Creation Guide” provides detailed instructions on how to create a fraudulent bank account at nine specific financial institutions.

Some of the most dangerous information contained in these fraud guides tells would-be hackers how to use social engineering to breach companies’ security. Using the above example, a guide might contain a script crooks can follow to persuade a bank employee that a fraudulent account is legitimate.

Prized data

Terbium’s analysis of the guides found that certain types of personal information were particularly prized by thieves. Email addresses, which enable phishers to personalize their come-ons and track down a target’s full name and social media accounts, led this list. Passwords, not surprisingly, were a close second. User names, Social Security numbers and dates of birth were also highly sought after.

Among financial data, hackers prefer payment card information — though they show a clear preference for credit cards over debit cards. Card numbers are considered easy to obtain (millions of card numbers are available on the dark web), so the guides provide tips on maximizing profits before fraudulent purchases trigger alarms with the victim or card company.

What can you do?

Given the number of fraud perpetrators and wealth of information available to help them commit crimes, you may wonder how you can protect your personal financial or business’s customer data.

Individuals can reduce their risk by ignoring suspicious emails and disclosing financial information only on sites that provide SSL certificate authentication and encryption. Also, they should share even innocuous-seeming information, such as email addresses, only when necessary. Businesses need to work with experts to build a data security system that addresses their specific risks — and to update it religiously. Also, be sure to implement policies and procedures that prevent employees from inadvertently assisting fraud perpetrators. Contact us for help creating internal controls that will reduce your company’s fraud vulnerabilities at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

Data analytics is changing the way many businesses operate. It’s also changing how forensic accountants do their jobs, providing fraud experts with the means to mine massive mounds of data like never before.

3 techniques

These analytical techniques are among the most efficient and effective at detecting occupational fraud:

1. Association analysis. This method can help identify suspicious relationships by quantifying the odds of a combination of data points occurring together. In other words, it calculates the likelihood that, if one data point occurs, another will, too. If the combination occurs at an atypical rate, a red flag goes up. For example, association analysis might find that a certain supervisor tends to be on duty when inventory theft occurs.

2. Outlier analysis. Outliers are data points outside the norm for a given data set. In many types of data analysis, outliers are simply disregarded, but these items come in handy for fraud detection. Experts know how to distinguish and respond to different types of outliers.

Contextual outliers are significant in certain contexts but not others. For example, a big jump in wages on a retailer’s financial statements might be notable in April but not in December — when seasonal workers come aboard.

Collective outliers are a collection of data points that aren’t outliers on their own but deviate significantly from the overall data set when considered as a whole. If, for instance, several public company executives sold off substantial blocks of stock in the business on the same day, it might signal suspicious behavior.

3. Cluster analysis. Here, experts group similar data points into a set and then further subdivide them into smaller, more homogeneous clusters. Data points within a cluster are similar to each other and dissimilar to those in other clusters. The greater the similarities within a cluster and the differences between clusters, the easier it is for an expert to develop rules that apply to one cluster but not the others.

Cluster analysis has long been used for market segmentation of consumers. But it can also detect fraud, particularly when combined with outlier analysis. Outlier clusters — those that are farthest from the nearest cluster when clusters are mapped out on a chart — generally merit extra scrutiny for suspicious activity. A fraud expert might, for example, use cluster analysis to evaluate group life insurance claims. The expert would look for clusters of large beneficiary or interest payments, or long lags between submission and payment.

High tech and old school

If you hire experts to uncover suspected fraud in your organization, don’t be surprised if they break out the data analytics tools. But they’ll also likely use some old-school methods — including interviewing employees — to find possible suspects and financial losses. Contact us to discuss at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

Despite the National Do Not Call registry and features such as caller ID, phone fraud is thriving in the mobile phone era. Using spoofed numbers — which appear to be connected to legitimate government offices and businesses or that resemble your own number — fraud perpetrators say anything and everything to try to steal your money.

Recently, scammers have posed as Social Security officials to steal from unsuspecting consumers. Since January 2018, the Federal Trade Commission has received more than 63,000 reports about this scam. Only 3% of reporting call recipients lost money, but the losses total $16.6 million.

Anatomy of a crime

Here’s how the Social Security scheme works: Criminals call from spoofed phone numbers and tell consumers that their Social Security number has been linked to a crime and has been “suspended.” The callers claim that the consumer’s bank accounts will be seized by the government unless they withdraw money and transfer the amount to gift cards. While the thief remains on the line, the consumer purchases the gift cards. Then the caller asks for the gift card numbers and PINs, supposedly for “safekeeping.” With that information, the fraudster uses the cards or sells them on the black market.

The same callers also usually ask consumers for their Social Security number for confirmation purposes. With this critical piece of personal information, crooks can steal someone’s identity.

Truth of the matter

The truth is that the Social Security Administration doesn’t suspend Social Security numbers, nor does it ask people for their numbers over the phone. And no government entity would ask for payment in gift cards. Criminals hope that you aren’t aware of these facts. They also use fear — of arrest, loss of savings and, in some cases, deportation — and a sense of urgency to get what they want.

Fortunately, you can avoid becoming snared in a Social Security phone scam by following some simple guidelines:

  • If you don’t recognize the number appearing on your caller ID, don’t answer the phone.
  • Install a spam call blocker (available in mobile app stores) and use it for any calls that seem suspicious.
  • If you inadvertently answer a spam call, hang up immediately.
  • Never provide personal information, including bank account or Social Security numbers, to anyone over the phone.
  • Report suspicious calls to ftccomplaintassistant.gov.

Businesses beware, too

Note that it’s not just consumers who might fall victim to phone fraud schemes. Fraudsters also target businesses to secure sensitive information such as bank account numbers, routing numbers and passwords. If you’re a business owner, educate employees about phone scams and implement fraud controls. Contact us for more information at 205-345-9898 and info@covenantcpa.com.

© 2019 Covenant CPA

According to the Association of Certified Fraud Examiners’ Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, organizations victimized by fraud lose a median $130,000. But construction companies, in particular, are even harder hit, with a median loss of $227,000. What can you do to protect your construction business? Adopt this checklist.

Ways to tighten controls

An effective strategy for minimizing fraud is to tighten your internal controls. Make sure the following are part of your policies and procedures:

Surprise audits and jobsite visits. These visits can not only help detect fraud, but also send a strong message that combating fraud is a priority — which is a powerful deterrent.

Segregation of duties. Avoid situations in which one person handles multiple financial or accounting tasks. For example, the person who processes cash transactions shouldn’t also prepare the company’s bank deposits.

Bank statements. Have monthly bank statements sent to you or a manager independent of the accounting function. Canceled checks should be reviewed for unfamiliar payees and forged signatures.

Purchase monitoring. Name someone other than the purchasing agent — you or an estimator, for instance — to review vendor invoices, purchase orders and other documents. Use prenumbered purchase orders. Physically check materials and supplies to ensure they correspond to what was ordered in terms of quantity and quality.

Kickbacks and bid-rigging. If your company is suddenly winning bids that you haven’t in the past and that seem like a stretch, verify that your bid processes have been followed. Sometimes employees disguise illegal activities as change orders, so be sure to scrutinize each change order.

Budget analysis. Prepare annual budgets — for your company and each job — and regularly compare actual results to budgets. Scrutinize large or unanticipated discrepancies.

Payroll practices. Have someone independent of your accounting department verify the names and pay rates on your payroll. If you don’t already, pay employees using direct deposit, rather than with checks or cash.

Vacation policy. Require full-time employees to take time off every year. Fraud is often exposed when the perpetrator isn’t there to cover it up.

Many benefits

These are just some of the many internal controls contractors should implement to protect their businesses. In addition to preventing and revealing fraud, solid internal controls can help avoid accounting errors, reduce waste and boost cash flow by making billing, purchasing and other processes more efficient. Contact us for more information at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

To increase brand awareness and influence consumer behavior, businesses of all sizes spend vast amounts on social media marketing. Social media “influencers” can help companies reach and engage customers. But not all influencers operate above board. Here’s how to avoid hiring or associating with a dishonest influencer.

The more, the better

There’s no commonly accepted definition of how many followers an influencer must have to claim such status. But in general, the more, the better. After all, clients want access to as many eyes as possible.

Knowing how important followers, likes and shares are, some influencers find it hard to resist the temptation to inflate their numbers. In general, they can command higher fees and attract bigger brands if their social media accounts appear to be hubs of activity.

Red flags

Fortunately, there are several red flags associated with influencer fraud. Pay attention to influencers that seem to have many followers with skimpy accounts. When you click on them, the accounts may lack bios and other personal details. These accounts may also have few followers and accounts that they follow (other than, of course, that of your influencer). In other words, the accounts don’t look authentic. In such cases, the influencer may have purchased or created followers.

Another potentially suspicious sign is that the influencer’s comments, likes, and shares exceed expectations. Higher than expected levels of engagement may sound like a good thing. However, it may also indicate that the influencer arranged for engagement via a “bot farm.” This automated application can be used to make accounts look more popular than they actually are. Or, the influencer may participate in communities of influencers with reciprocal agreements to like and share each other’s posts.

Check before you commit

Before you enter an agreement with an influencer, scrutinize the service provider’s social media accounts and activity. Also call business references to learn if the influencer’s claims about engagement results are accurate — or exaggerated. If you don’t feel comfortable with what you find, look elsewhere. Contact us for more at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

Job applicants aren’t always honest on their resumés. And if you don’t investigate suspicious claims, you might end up hiring an unqualified and unethical employee — which could lead to financial, productivity and legal liability issues. The resumé fibber might also be more likely to commit occupational fraud.

Here’s how to unearth the three most common resumé falsifications.

1. Deceptive dates

Whether to gloss over a termination, a period of job hopping or time spent out of the workforce, some job seekers “adjust” dates to make their employment history seem more consistent. Look closely at resumés that state employment dates in years, not months. Say an applicant claims she worked at her last job between 2017 and 2018. Her tenure may only have lasted two months — December 2017 until January 2018 — instead of the implied two years.

Confirm an applicant’s precise employment dates with all previous employers. Also make sure that candidates complete your entire job application, informing them that, although a resumé isn’t a legal document, a job application is. Lying on it is cause for immediate dismissal.

2. Fake degrees and shifting majors

Workers applying for a position that requires a specific degree are more likely to lie about their education than other applicants are. If a resumé lists an unfamiliar school, or coursework and years but no degree, dig deeper. A school you’ve never heard of could be a diploma mill. A resumé that simply lists Chemistry, State College, 2002, may indicate that the job seeker completed classes in that subject but didn’t actually receive a degree.

Always check applicants’ educational claims by contacting the degree-granting institution. If you’re suspicious of a school, verify its accreditation with the U.S. Department of Education.

3. Embellished titles, skills and accomplishments

Everyone tries to look their best on a resumé. Some, however, embellish their experience, titles, skill proficiencies or grade point averages with outright lies. There’s no such thing as a perfect job candidate: You may want to flag any resumé that exactly matches all of a position’s qualifications.

You should contact all personal references and speak with previous supervisors or HR staffers, notpeers, to confirm titles and job responsibilities. To elicit the best information, ask open-ended questions, followed by more probing, detailed ones. But be aware that some past employers will give only limited information, such as dates of employment.

Time and money well spent

If you’re quickly checking resumés and conducting interviews, you’re less likely to separate the candidates with real potential from those sporting fake credentials. If time is scarce, outsource this process. It’s money well spent if you can save your company from public embarrassment, legal woes or financial losses due to fraud. Contact us with questions at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA