If you devote all your business’s security resources to fending off hackers and other cybercriminals, you may be unlocking the door, literally, to more basic types of theft. “Creepers” are criminals who gain access to offices or other physical facilities via unlocked doors and social engineering tactics. Once in, they steal proprietary information, inventory, computers and personal property, or gather information that makes it easier to hack your network.
Creepers in action
A major energy company’s Houston office was infiltrated by a creeper who’s believed to have stolen sensitive information, possibly to sell to a rival company or foreign government. Surveillance footage released by the FBI shows a man walking through an unlocked door in the middle of the night. He’s wearing office-appropriate clothing and moves confidently, like an employee who has a right to be there.
A Washington D.C. creeper also looked like she belonged where she didn’t. She walked into many supposedly secure government offices by chatting with employees outside the office, then following them through the door. When questioned, she claimed she’d left her badge at her desk.
In other cases, creepers use uniforms and props such as mops, toolboxes and clipboards to suggest they’re cleaners or that they work for building maintenance. They may wear stolen or forged ID badges, assuming that no one will examine them too closely.
To protect your business’s and its employees’ property, keep all doors locked, even during work hours. Issue keycards and photo-ID badges to workers and instruct them to be on the lookout for possible intruders. They shouldn’t automatically assume, for example, that someone wearing coveralls and carrying a ladder is authorized to be there. And they shouldn’t unlock the door for anyone — even if that person seems like an employee — unless they know for certain he or she is.
If workers are uncomfortable approaching a possible intruder, they should immediately report the person to your office manager, HR director or building security. The stranger in question may well be an authorized visitor, but it’s better to be safe than sorry. Also ask employees to report the presence of former employees, who sometimes are recruited to carry out corporate espionage.
Even if you don’t keep high-value inventory or electronics on the premises, install security cameras. And instruct employees to lock up purses and wallets and to password-protect computers whenever they leave their workspaces — even if it’s only for a few minutes.
Virtual vs. physical threats
Obviously, IT security must remain a priority for all organizations. But don’t let virtual threats blind you to the need to protect against physical ones. Contact us for help preventing fraud and other forms of theft.
© 2019 Covenant CPA
The U.S. economy depends on import and export markets to run as designed. After all, revenue from trade tariffs and duties contribute $30 billion annually to federal government coffers. Unfortunately, fraud regularly throws a wrench in the works of global trade, and individual businesses suffer. Your company might, for example, lose money if a seller ships substandard goods or it could get fleeced if it turns out that a shipment doesn’t exist.
The problem with letters of credit
To facilitate international trade, buyers and sellers often rely on documentary letters of credit (DLCs). For a fee, banks issue DLCs that pay sellers from buyers once the specified terms of the DLC are fulfilled. These documents theoretically shift risk to the bank offering the DLC.
According to the Uniform Customs & Practice for Documentary Credits, banks should work with “documents and not with goods, services or performance to which the documents may relate.” Therefore, sellers can present the documents specified in the DLC and receive payment, yet still defraud buyers.
To this end, a seller might:
Falsify documents about cargo status. Even though the seller receives payment under the DLC, the goods never materialize.
Sell substandard goods. Here, the seller ships goods made with lower-quality materials or less than the quantity ordered by the buyer.
Contract with more than one buyer. In this scenario, the cargo exists, but the seller “sells” it to multiple buyers. It collects payment for more than one shipment, but only one company receives the goods. Similarly, a seller might present duplicate bills of lading for the same cargo.
Solutions for protecting your business
So how can you engage in international trade and avoid crooked players? If you’re buying goods, research the seller’s background. Ask for and check references and contact the consulate general in the country where the seller is located. Third-party experts can also investigate the financial standing and business reputations of prospective international trade partners.
You might also engage an independent inspector to verify a shipment. If you include an inspection clause in your DLC, the bank will only issue payment to the seller after it receives the inspection certificate. Or, insert a clause in the DLC that allows you to inspect the goods yourself before payment is released.
Exporters should also be wary
If you’re exporting goods overseas, many of the same principles apply, including performing thorough research on your trade partner. Also, to prevent costly misunderstandings, make sure your contract includes a detailed list of buyer and seller responsibilities. For more information about exporting goods, visit the federal government’s export.gov site or contact us.
© 2019 Covenant CPA
It’s one of the most difficult types of fraud to unearth. But it doesn’t directly affect businesses or the average consumer — in large part because its victims rarely report it. In fact, they’re often prevented from doing so by perpetrators.
What is it? Financial abuse of seniors, or elder fraud. Many thousands of Americans are victimized each year and some observers fear these crimes are becoming more widespread. But you can help put a stop to elder fraud. Learn the signs and, as the saying goes, if you see something, say something.
Older individuals with retirement savings, accumulated home equity and other significant assets make appealing targets for unscrupulous family members, caregivers, financial advisors, fiduciaries and scam artists who insinuate themselves into their victims’ lives. Seniors could be at risk due to isolation, cognitive decline, physical disability or health problems. Even the recent loss of a spouse can make an otherwise discerning individual unusually vulnerable.
Exact statistics on elder financial abuse are hard to come by, largely because victims hesitate to report it out of fear of their abusers or embarrassment. But various studies estimate that the percentage of the elderly who have experienced financial exploitation in the past 12 months is between 2.7% and 6.6%. Although there’s no reliable national estimate of the financial losses suffered by victims, one study concluded that financially abused seniors in New York state alone lose approximately $110 million annually.
There are many red flags associated with the financial exploitation of vulnerable seniors. If you notice that an individual seems fearful or submissive toward a guardian or that a caregiver prevents the elder from speaking for him- or herself, start asking questions. For example, has the elder recently authorized a change in financial management, such as who has power of attorney? Or does the senior:
- Have a new guardian or caregiver who conducts financial transactions, such as cash withdrawals, on his or her behalf?
- Seem unusually reluctant to discuss financial matters?
- Appear unable or unwilling to handle basic financial responsibilities such as paying bills or reviewing financial statements?
If you can gain access to the elder’s financial records, look for frequent large withdrawals (particularly daily maximum currency withdrawals from ATMs), insufficient fund notices, uncharacteristic attempts to wire large sums of money, and recently closed accounts. Any of these could suggest financial fraud or abuse.
Do your part
If you have vulnerable elderly relatives, friends or neighbors, do your part to protect them from fraud and exploitation. Report any concerns to law enforcement or your municipality’s senior services division. And if you’re a family member, consider engaging a forensic accounting expert to perform a thorough investigation.
© 2019 Covenant CPA
Lapping is one of the most common ways crooked employees skim money from their employers. In these schemes, a perpetrator uses receipts from one account to cover theft from another. Here’s what lapping looks like and how you can help prevent it.
Lapping scams usually start small, with an employee pocketing a payment from ABC company and using a payment from XYZ company to hide the loss. As time goes on, however, the amounts get larger and the employee is forced to maintain detailed records to track the movement of money.
This house of cards usually tumbles when the employee makes an error. One commonly cited example is the man who stole $150,000 by programming an elaborate computer scam based on 29-day cycles. It collapsed because he forgot that February normally has only 28 days.
As with any fraud, there are usually warning signs that can alert you before a minor lapping scheme grows to epic proportions. These include excessive billing errors, accounts receivable writeoffs, decreasing accounts receivable payments and accounts receivable details that don’t agree with the general ledger.
Customer complaints are another red flag and always merit investigation and follow-up. Also look closely if you see delays in posting customer payments.
Often, lapping signals that a business has inadequate internal controls. The man who stole $150,000, for example, was his company’s chief programmer and had unlimited access to customer accounts. To ensure lapping doesn’t tempt greedy or desperate employees, take a few simple preventive measures.
Have someone review and compare every check that’s deposited to the receivables ledger. This takes a little time but can offer a big payoff. Better yet, require that two people review the records. To be truly effective, the review should include the actual checks, not just ledgers. Because employees who are lapping may set up their own accounts in the company’s bank, it’s important for reviewers to have a list of valid accounts by bank name and number for authentication.
Another easy protection is to closely monitor aging accounts. If you routinely send overdue notices to customers, pay attention to the responses. When customers say they’ve already paid an invoice, for example, follow up.
As with most occupational fraud schemes, internal controls are essential to help prevent lapping. If you suspect fraud is occurring in your organization or need to strengthen your controls, contact us.
© 2019 Covenant CPA
Benford’s Law is a long-standing statistical precept that remains as relevant and widely accepted in fighting fraud as ever. By wielding it effectively, experts can cut down fraudsters who unknowingly reveal their wrongdoings in dubious digits.
The rule is named for Frank Benford, a physicist who noted that, in sets of random data, multidigit numbers beginning with 1, 2 or 3 are more likely to occur than those starting with 4 through 9. Studies have determined that numbers beginning with 1 will occur about 30% of the time, and numbers beginning with 2 will appear about 18% of the time. Those beginning with 9 will occur less than 5% of the time.
Further, these probabilities have been described as both “scale invariant” and “base invariant,” meaning the numbers involved could be based on, for example, the prices of stocks in either dollars or yen. As long as the set includes at least four numbers, the first digit of a number is more likely to be 1 than any other single-digit number.
Benford’s Law carries striking implications for fraud detection. To avoid raising suspicion, fraud perpetrators often use figures they believe will replicate randomness. Typically, they choose a relatively equal distribution of numbers beginning with 1 through 9.
Fraud investigators can take advantage of such errors and test data in financial documents including:
- Tax returns,
- Inventory records,
- Expense reports,
- Accounts payable or receivable, and
- General ledgers.
Although complicated software programs based on Benford’s Law exist to examine massive amounts of data, the principle is simple enough to apply using basic spreadsheet programs.
Benford’s Law, however, isn’t infallible. It may not work in cases that involve smaller sets of numbers that don’t follow the rules of randomness or numbers that have been rounded (resulting in different digits). Also, smaller numbers are more likely to occur simply because they’re smaller and the logical place to begin a count.
Assigned numbers, such as those on invoices, are also iffy. On a similar note, uniform distributions — such as lotteries where every number painted on a ball has an equal likelihood of selection — may not suit a Benford’s Law analysis. And prices involving the numbers 95 and 99 (often used because of marketing strategies) may call for a different approach.
Benford’s Law isn’t appropriate in every instance. And, as advanced metrics forge new inroads into fraud detection, it could fall out of favor. But Benford’s Law is expected to remain a foundational approach to fraud detection for many years to come.
© 2019 Covenant CPA
When market competition heats up, you might provide extra incentives for your sales staff to perform. But be careful: Some employees may step over the line — to earn bigger bonuses or out of enthusiasm for the challenge — and use unethical sales tactics. Take steps to ensure your salespeople always operate with integrity.
Make a commitment to honesty
Culture starts at the top. If you clearly demonstrate, through both words and behavior, your commitment to honesty, your sales team will get the message. Your customers will too.
Try to anticipate the challenges your sales force may face as they attempt to meet sales goals. The temptation to sell more than your company can deliver, for example — or to recommend a product they know isn’t the best solution for a customer’s problem — may be strong. Those and similar sales strategies may land the account, but they do nothing to build the trust and credibility your business needs to keep that account over the long haul.
It’s also important that your company and salespeople don’t try to slip through loopholes when a situation requires taking responsibility. For example, some insurance companies that wrote coverage on homes and businesses damaged during Hurricane Katrina, Superstorm Sandy, and Hurricane Harvey lost goodwill by quibbling over what damage was covered. Ensuing legal battles and negative publicity have done nothing to raise consumer confidence in the insurance industry.
Promote lasting relationships
When your salespeople make a sale, require them to be clear about what the sale includes and what it doesn’t. Reiterate that their job isn’t simply to make sales, but to build lasting customer relationships. To do that, they must always keep the customers’ best interests in mind. To make sure the message gets heard, consider tying compensation to customer satisfaction and repeat business, in addition to sales revenue quotas.
That may mean acknowledging, for example, that one of your products won’t do everything the customer needs it to do. If a customer asks about a feature your product doesn’t have, your sales reps shouldn’t imply that it does. Instead, they should work with the customer to determine whether the desired feature is necessary and emphasize your product’s other features and benefits. Ultimately, however, they must be honest about any limitations.
Your sales force doesn’t need to steer customers to competitors, but they shouldn’t disparage the competition, either. And incentivizing customers to load up on unneeded products during promotions may boost the bottom line, but it won’t do much to build trust.
Too often sales staffs are encouraged to focus on short-term goals, which makes them more likely to do “whatever it takes” to get a sale. It’s up to you and your managers to prioritize the kind of ethical behavior that’s crucial to your company’s long-term success.
© 2019 Covenant CPA
The Web has opened plenty of new avenues for criminal behavior. For example, you may have heard of cybersquatting. Someone registers a site’s domain name that includes a trademark and then tries to profit by selling that name to the trademark owner.
But are you familiar with typosquatting? You should be — because these schemes can make just about any organization, along with visitors to its website, the victims of fraud.
Like cybersquatting, typosquatting (also known as URL hijacking) involves the purchase of domain names in bad faith. It takes advantage of an inclination among users known as “fat fingers” — basically, our tendency to hit the wrong keys and enter misspelled trademarks or brands. For example, in a case involving the retailer Lands’ End, a typosquatter registered domains such as landswnd.com and lnadsend.com. Other human errors — for example, typing the wrong URL extension (.com instead of .org) or omitting punctuation marks such as hyphens — can also work to typosquatters’ advantage.
Some fraudsters seek to divert consumers away from competitors or just draw traffic to their own sites (often pornography or dating sites). A recent report from security firm DomainTools LLC says that major media outlets, including USA Today, the New York Times and the Washington Post, are frequently targeted. DomainTools found hundreds of fraudulent domain names related to these publications.
Other typosquatters go further. For example, the websites they divert to might feature a phishing scheme, whereby a visitor is induced to enter login information or download malware. Such tactics can make big money for fraud perpetrators — particularly if they target the right sites. Earlier this year, an anonymous typosquatter announced that he had stolen 200 bitcoins (then worth an estimated $760,000) from Dark Web sites over the previous four years.
Typosquatting can also be used for corporate espionage. In one case, a law firm sued a programmer who had obtained a domain name similar to its own, except for a minor typo. The law firm alleged that the defendant had used his doppelgänger domain name to create fake email accounts and intercept email sent to the firm.
When it comes to avoiding typosquatting, awareness is probably the best defense. Your company should regularly check various mistyped versions of its URLs and consider purchasing as many similar domain names as possible. Contact us if you’re worried about fraud — both on- and off-line.
© 2019 Covenant CPA
Affinity fraud — where perpetrators exploit connections of race, religion, age, politics and profession — is one of the cruelest forms of criminal deception. Fraudsters often belong to the groups they target and, in addition to stealing money, weaken the bonds within communities.
Affects individuals and businesses
Affinity fraud targets individuals. But it can also hurt businesses if a big chunk of their workforce is affected. If your company employs a large percentage of immigrants, for example, they may be susceptible to fraud perpetrated by other immigrants and could, as a result, be left penniless. In addition to the effect such emotional trauma can have on company morale, it could make employees more susceptible to stealing in their own efforts to recoup their losses.
Even people who usually are skeptical of common cons are more likely to let down their guard when the pitch comes from someone with a common background. Recently, for example, the Securities and Exchange Commission uncovered a $3 million affinity fraud scheme perpetrated by an investment advisor who targeted his fellow Israeli-Americans living in Los Angeles.
Military veterans are particularly vulnerable to appeals from fake military charities or Department of Veterans Affairs loan schemes. Many of these frauds are committed by individuals posing as ex-service members, but some are perpetrated by actual veterans exploiting their military connections.
Don’t be deceived
No one is immune to affinity fraud. Not only could you be targeted as an individual, but scam artists — potentially including your own employees — could seek contributions as part of your business’s philanthropic activities. Don’t be deceived into believing you can spot such scams. Many affinity frauds are recommended by friends, neighbors and colleagues.
To protect yourself, research any investment opportunity or fundraising organization that approaches you, regardless of who makes the approach. A duped individual may present the opportunity to you in good faith. In fact, that’s why Ponzi schemes are often so successful.
Also, refuse to be pressured into participation before you’re ready, and be skeptical if you’re asked to keep an opportunity confidential or can’t get anything about it in writing. If a suspicious investment offer comes via e-mail, forward it to firstname.lastname@example.org for investigation.
Hard, but not impossible, to fight
Affinity fraud can be hard to fight because victims are less likely to report it than other criminal acts. They may prefer to work within their community to try to resolve the problem instead of exposing it to law enforcement and media attention. But if you suspect a wolf is operating in your community’s fold, speak up. And contact us. We can help you confirm the existence of fraud.
© 2019 Covenant CPA
Money laundering is the process by which criminals transform their ill-gotten gains into legitimate-looking funds. It’s widespread and wide-reaching, making it a significant corrupting influence on financial systems, governments and certain professionals.
Criminals use many different types of businesses to “wash” their dirty money, but some are more useful than others. Given its high dollar value and availability of inventory, real estate is one of those favored industries.
The typical money laundering scheme involves three phases:
- Placement. Here the proceeds of criminal activity enter the financial system.
- Layering. This is where the money launderer conducts a series of transactions to distance the money from its criminal source.
- Integration. Finally, the criminal uses the money, which now appears legitimate and divorced of any crime.
Executing money laundering operations effectively is critical if crooks are to engage in complex organized crime operations and long-running fraud schemes. Not surprisingly, law enforcement has prioritized breaking up money laundering operations.
Many laws exist to prevent it, including the Bank Secrecy Act, the Patriot Act, and the Intelligence Reform and Terrorism Prevention Act. Yet given the vast number of transactions taking place within the U.S. financial system, detecting money laundering schemes remains a challenge, particularly when perpetrated by experienced crooks.
The size of many real estate deals allows money launderers to clean large sums of money quickly. And because real estate involves so many routine transactions, it can be easy for criminals to avoid detection. But probably the most attractive aspect of the real estate market from a launderer’s perspective is that there are few, if any, reporting requirements for suspicious activity.
To avoid raising red flags, money launderers may use illegal shell companies — companies that exist in name only and whose primary purpose is to process illegal funds. Shell companies usually grant a real estate buyer anonymity. Depending on the sophistication of the scheme, criminals may use overseas financial systems to make tracing the source of funds nearly impossible.
Nevertheless, to expose a dirty real estate deal, transaction participants need to ask questions about the source of a buyer’s money. Difficult-to-trace funds are a red flag for criminal involvement. Other suspicious signs are when a buyer offers to pay significantly above market or a seller tries to dispose of property quickly — even if it means taking a loss.
The upshot is that, if a property transaction seems “off” and you don’t receive adequate answers to reasonable questions, walk away from the deal. Someone who knowingly sells to a money launderer could be indicted as a conspirator. For this reason, make sure you work with reputable and experienced real estate brokers and attorneys.
© 2019 Covenant CPA
Fraud experts have long suggested that the presence of three conditions, known as the “fraud triangle,” greatly increases the likelihood that an employee will commit fraud. Over the years, this conceptual framework has been expanded to become a “fraud diamond.” Understanding these models can help you protect your business.
The classic fraud triangle consists of:
1. Pressure. An individual experiences some type of pressure that motivates the fraud. Pressure can come from within the organization — for example, pressure to meet aggressive earnings or revenue growth targets. Or, the pressure could be personal, such as the need to maintain a high standard of living or pay off debt from credit cards, medical bills or gambling.
2. Rationalization. Perpetrators must be able to mentally justify their fraudulent conduct. They might tell themselves that they’ll pay back the money before anyone misses it, or reason that:
- They’re underpaid and deserve the stolen funds,
- Their employers can afford the financial loss,
- “Everybody” does it, or
- No other solution or help is available for their problems.
Under the fraud triangle theory, most employees who commit fraud are first-time offenders who don’t view themselves as criminals but as honest people caught up by circumstances.
3. Opportunity. Occupational thieves exploit perceived opportunities that they believe will allow them to go undetected. Poor internal controls, weak management oversight and ineffective or nonexistent audits all create opportunities for fraud. The opportunity leg represents the best avenue for preventing fraud because it’s within your organization’s control.
More recently, experts have proposed a conceptual framework that includes a fourth leg, “capability.” A capable individual is someone who may have the job position, intellectual capacity, confidence, resilience to stress and guilt, and ability to coerce and cajole others that make committing fraud easier.
A similar model to this diamond shape is MICE (Money, Ideology, Coercion and Ego). MICE retains the original three sides of the fraud triangle but shares the opportunity leg with a second triangle that also has sides for criminal mindset and arrogance.
Proponents of this model argue that perpetrators with characteristics matching the original fraud triangle are “accidental fraudsters.” This means that they wouldn’t commit fraud in the absence of motivation. Those on the side of the additional criminal mindset/arrogance/opportunity triangle are predators, or pathological fraud perpetrators. These individuals require only opportunity. This is another reason why focusing on the opportunity side is the best way to prevent fraud in your organization.
Designed to help
It’s important to remember that employees who seem to display fraud triangle or diamond characteristics won’t necessarily commit a crime. The models are designed to identify risk and eliminate fraud opportunities. Contact us for more information about protecting your organization from fraud.
© 2019 Covenant CPA