As governments around the globe mobilize to defend their populations from the novel coronavirus (COVID-19), criminals are also mobilizing — to fleece people. These opportunists have already found ways to use the fear and chaos associated with the pandemic to enrich themselves. But you can protect yourself and your business.
Phishing emails that promise valuable information about the virus have been circulating for weeks. Fake COVID-19 websites loaded with malware have also popped up everywhere. And as many Americans start working from home, often on vulnerable home networks and devices that lack the latest security updates, hacking incidents are becoming more common.
The federal government’s plan to send checks to Americans to help boost the economy will almost certainly bring scammers out in force. The Federal Trade Commission has already warned that crooks may try to convince people they must pay a fee to receive their checks from the government — which isn’t true.
So how do you protect yourself or your business in these troubled times? Here are a few essentials:
Let phone calls go to voicemail. The best way to fight off phone scammers is to not answer the phone if you don’t recognize the number. But if you do answer, be wary of anyone making promises about, for example, interest-free loans or mortgage payment forbearance. If you need financial help, contact government agencies, charities and financial-service providers directly.
Keep your inbox clean. Along the same lines, exercise caution when opening emails, particularly if you don’t recognize the sender’s name. (Keep in mind, however, that hackers can hijack a friend’s account and send malicious emails to you in that person’s name.) Right now, scammers are likely to use enticing subject lines such as “Cure for COVID-19” or “Make big $$$ working from home.” If you open one of these emails by mistake, don’t click on any links or attachments.
Beware of charity fraud. Charity schemes are a time-tested method for stealing money from generous individuals and companies that just want to help. While you’re encouraged to donate money to organizations fighting COVID-19 and assisting its victims, give only to reputable charities you know. If you aren’t familiar with a nonprofit, ask for its tax ID number and verify it with the IRS. You’re also encouraged to research the organization on watchdog sites such as Charitynavigator.com and Charitywatch.com.
Just say “no”
Most Americans are pulling together to fight COVID-19. However, some criminals view the pandemic as an opportunity to profit, so you need to maintain healthy skepticism. If you’re suspicious, hang up, delete or just say “no.”
© 2020 Covenant CPA
The investment “opportunity” could be anything from a new nutritional supplement to a foolproof method for “flipping” houses. But if the investment or product is advertised as “easy money” or promises immediate high earnings, beware. Although there are plenty of legitimate business opportunities out there, there are also plenty of fraudulent schemes that exist for no other reason than to steal your money.
Simple or complicated
These schemes can be relatively straightforward. For example, one New York state man was convicted of enticing investors to sink $10,000 each into a vending machine distribution business he promised would be profitable — even though it was set up to fail.
But they can also take the form of complicated pyramid schemes that generally offer no actual product or service and are sustained by constantly recruiting new participants. Often, these schemes are couched as “clubs” or “gift programs” and promoted through social networks. Whatever they’re called, they usually end the same way: When the pyramid collapses, only the “founders” walk away with any money.
To assist potential investors, the Federal Trade Commission (FTC) has established a Business Opportunity Rule. Among other things, the rule requires sellers to produce a disclosure document and to detail any earnings claims in a separate statement.
Sellers also must disclose prior civil or criminal litigation involving claims of misrepresentation, fraud, securities law violations, or unfair or deceptive business practices; outline any cancellation or refund policy; and provide references nearest to the potential buyer’s location. Furthermore, the disclosure document must be written in the language in which the buyer and seller discussed the opportunity. For more about the rule, visit ftc.gov.
In practical terms, you can protect yourself by studying the disclosure document, earnings claim statement and proposed contract, looking for potential loopholes that might benefit the seller at your expense. For example, are start-up costs particularly high? Is the seller required to buy back inventory you’re unable to sell or would you be out-of-pocket?
Other tips to protect your money:
- Research the seller’s history and reputation online and check for complaints with the Better Business Bureau. (Note that the absence of complaints doesn’t necessarily mean the seller is aboveboard.)
- Find out if there’s an actual market for the business’s products or services.
- Talk to current investors or participants and ask tough questions.
- Ask your legal and financial advisors to review any documents you don’t understand, including the contract.
When to walk away
If you suspect a business opportunity is fake, turn it down. Then report it to your state attorney general’s office, your county or state consumer protection agency, and the FTC. But if you’re unsure about the legitimacy of an offer, contact us. We can help you evaluate it.
© 2020 Covenant CPA
Every time your business interacts with customers is an opportunity to build trust. And it’s an opportunity you can’t afford to neglect. Look at customer data. When customers hand over personal and financial data to your company, they expect you to do everything in your power to protect it from hackers — as well as non-criminal third parties. If you don’t? Just look at some of the companies affected by major data breaches.
Provide fraud notices
Unless you run a cash-only business, you collect financial data from you customers every time you process transactions. If you offer credit accounts to business customers, you probably collect even more information. You’re obliged to ensure this data doesn’t fall into the hands of thieves and fraud perpetrators.
Consumers don’t need to understand the inner workings of your fraud prevention efforts. However, they must trust that you have an effective program in place. Provide notices on your website and train customer service representatives to answer questions about your fraud prevention program. If you require customers to use passwords or answer questions to prove their identities online, explain why these steps are necessary.
Explain how you share data
Criminal activity isn’t the only thing customers worry about. Increasingly, they want to know how businesses willingly share — and often profit from — their data. Given the patchwork of data privacy regulations, most consumers know little about the laws and regulations governing businesses. In layman’s terms, briefly summarize which ones cover your company’s activities, as well as your commitment to honoring the spirit and intent of them. Note that if you have customers in the European Union (potentially any company with a website), you need to comply with the EU’s stringent data protection laws.
As a general best practice, don’t collect any more data from customers than you absolutely need. If you intend to share it with third parties, inform customers at the time you request the data and allow them to opt out, if possible. Keep in mind that some customers will probably go elsewhere if they know you plan to share their data or if your business model is largely based on sharing data. Nevertheless, transparency is critical.
All about communication
Whether you’re trying to prevent fraud or share data with third parties responsibly, keep your customers informed. Good interpersonal relationships are based on trust — and that’s just as true for business relationships.
© 2020 Covenant CPA
Businesses and fraud experts often face a long, arduous process when investigating any occupational fraud incident. When the suspect is a member of upper management, it’s exponentially harder.
In theory, investigating executives shouldn’t differ from the process of investigating rank-and-file employees. In reality, the authority and influence of an executive can slow — even shut down — a fraud investigation. You need a plan to prevent interference and facilitate the collection of evidence that can be used in court, if necessary.
The first step is to brief the executive’s chain of command. As soon as allegations surface, work with your company’s human resources and legal departments to make the suspect’s superiors aware of the situation. If you believe the fraud may involve the executive’s immediate boss, brief someone higher up the chain of command.
To minimize the potential for rumors and information leaks, limit the number of employees with knowledge of the investigation. Instruct them to refrain from discussing the case with anyone within or outside the company. Better yet, hire a fraud investigator to handle most of the investigation. An outside expert knows how to protect confidential information and is able to remain professional and impartial when interviewing suspects and potential witnesses.
If employees participate in the investigation, involve only experienced and trustworthy people. An investigation of an executive inevitably attracts greater scrutiny from the senior executive team and stakeholders such as investors. So make sure the team conducts the investigation in strict compliance with your company’s personnel policies and employment law. Investigation-related electronic files should be password-protected and physical documents stored on-site should be secured in a locked filing cabinet.
Many companies are hesitant to discipline (particularly, to terminate), an executive involved in wrongdoing due to potentially negative publicity. In fact, many senior executives expect to see overwhelming evidence of wrongdoing before they agree to take action against a colleague. Keep this in mind as your team conducts its investigation.
You should try to assemble convincing evidence of fraud before formally interviewing the suspect. To avoid being overwhelmed or overpowered by the executive, a professional fraud examiner or a superior executive should conduct the meeting. Should the need arise to suspend the executive pending further review, make sure someone with the appropriate authority is present.
Cost is too high
Investigating allegations of wrongdoing by an executive can be stressful, but it’s critical. According to the Association of Certified Fraud Examiners, the median loss associated with fraud perpetrated by an owner or executive is $850,000, compared with $100,000 for non-management employees. If you suspect executive fraud, don’t hesitate to contact us.
© 2020 Covenant CPA
Financial statement manipulation is the costliest type of occupational fraud. The latest Report to the Nations published by the Association of Certified Fraud Examiners found that the median loss from financial statement fraud was $800,000, compared to median losses of $114,000 for asset misappropriation and $250,000 for corruption.
With any type of fraud, the sooner it’s detected, the more likely losses can be mitigated. One tool management and fraud experts might use to assess the likelihood of earnings manipulation is the Beneish model.
The Beneish model measures the probability that a company’s revenue has been inflated and its expenses have been understated. The model generally computes an “M score” from comparisons between consecutive financial reporting periods of various metrics, including:
- Days sales in receivables,
- Gross margin,
- Asset quality,
- Sales growth,
- Sales general and administrative,
- Leverage and
- Total accruals to total assets in the current reporting period.
These metrics are designed to capture the effects of earnings manipulation or preconditions that can prompt a company to engage in earnings manipulation.
The economics professor who created the Beneish model admits there are some important limitations to the technique. Notably, the model can’t reliably be applied to privately held businesses because it was developed using public company data. Additionally, his sample involved manipulation to overstate earnings. Therefore, the model isn’t useful in circumstances where it could prove advantageous to reduce earnings — for example, to push revenue into the next quarter to help meet a target for that quarter.
Some distortions in financial statement data also could have a cause that’s unrelated to earnings manipulation. A metric might be distorted by, say, a material acquisition during the period examined, a material shift in the company’s strategy for maximizing value or a significant change in the relevant economic environment.
Simply a red flag
Because it’s relatively easy to use, the Beneish model can be an efficient screening tool for earnings manipulation. It’s important to note, however, that a high M score doesn’t prove fraud. Rather, it suggests that further investigation, preferably by forensic accounting experts, is necessary.
© 2020 Covenant CPA
When Dan received a large shipment of highlighter markers, he was confused. He didn’t remember ordering them — and he was the company’s sole office supplies buyer. Yet when he received an invoice for the markers a week later, he approved it for payment. After all, employees were already using the highlighters.
Dan fell for a typical office supply scam — and his company paid for the mistake. Here’s how to protect your business from this type of fraud.
Office supply scams typically begin as telemarketing fraud, with someone calling your business to obtain your street address and the name of an employee. Callers may ask for the person in charge, claim to need information to complete an order or pretend to verify an office machine’s serial number. The goal is to get a name that will lend legitimacy to bogus shipments and invoices.
The fraudster then attempts to perpetrate an office supply scheme, including one of the following:
Phony invoices. A supplier ships poor quality products and then, a week or two later, sends a pricey invoice. The delay is intentional: The fraudster hopes you won’t notice that the final price is much higher than you’d pay for better quality products. The person is also hoping you’ve used some of the products and feel obligated to pay for them.
Promotional items. Some pretenders offer to send you a promotional item. Before they hang up, however, they’ll mention in passing that they’re going to throw some ink cartridges in with the free coffee mug. What they don’t mention is that they’ll also throw in a bill for the ink.
Gift horses. A perpetrator sends a promotional item to an employee and follows up by sending unordered merchandise to you. When you receive the bill with the employee’s name on it, you question the employee. The scammer is hoping the employee will be so nervous about accepting the promotional item that you’ll end up believing the worker mistakenly ordered the merchandise.
Stop supply fraud
To keep your business safe from office supply fraud:
- Tell employees to transfer all telemarketing calls to one or two designated buyers.
- Provide buyers with procedures for documenting and approving purchases.
- Set up a system for generating purchase order or internal reference numbers.
- Instruct vendors to include those numbers on their shipment documents.
- When you receive merchandise, inspect it and verify that you ordered it and that the packing list matches the box’s contents.
If everything’s in order, receiving employees should send copies of the bills of lading to accounts payable for reconciliation with the order.
Know that you aren’t legally required to pay for anything you didn’t order. Unless there’s a legitimate mistake on an order, you may treat any unrequested merchandise as a gift and use it as you like. If suppliers hassle you, discuss the matter with your legal and accounting advisors.
© 2020 Covenant CPA
All complaints will be swiftly and thoroughly investigated.” No doubt this sentence, or something similar, appears in your company’s employee handbook. Unfortunately, there will likely be a time when you’ll have to put those words into action. Whether an employee alleges discrimination or harassment, or reports a coworker for theft or fraud, you’ll need to handle the complaint appropriately.
Keep these five best practices in mind to avoid unnecessary legal complications:
1. Maintain confidentiality. Take every precaution to keep details of the allegation private — especially the identities of the accused and the accuser. Remind managers that they need to have all conversations behind closed doors, store all meeting notes securely and speak only to those people who are necessary to the investigation. Assure workers involved in the investigation that it will be held in strict confidence and inform them that they aren’t free to talk about any part of the process.
2. Conduct productive interviews. Be prepared with an opening statement that describes what’s being investigated, then ask open-ended questions that encourage employees to say more than “yes” or “no.” Ask all interviewees the same questions so that you can compare answers, identify patterns and uncover discrepancies. Also, have a witness present to verify what occurred during the interviews.
3. Avoid bias. Keep an open mind while gathering facts. Just because an employee has a reputation around the office as a “troublemaker” or “crank,” doesn’t mean that person is lying or guilty of an impropriety. Consider hiring a third-party investigator, such as a fraud expert, to handle interviews. This can help preserve impartiality and show all parties that the investigation is being taken seriously.
4. Document activities. Make detailed notes on all the steps of your investigation. Include the dates and times of workspace searches, computer forensic activity and conversations. After every interview or action taken, review your notes to ensure they capture all relevant information.
5. Close the loops. Even if an investigation turns up no evidence of misconduct or criminal behavior, you need to follow up and close the loop with those involved. When complaints are found to have merit, take appropriate action as quickly as possible. You may be able to handle some minor issues with in-house personnel. But consult your legal and financial advisors — and possibly law enforcement — in more serious cases.
Contact us if you need help investigating a fraud allegation.
© 2020 Covenant CPA
You may think your business has enough insurance already. But if it’s vulnerable to employee theft and fraud — and most businesses are — you may want to consider adding more coverage. Some insurance companies offer policies to protect against loss of money and property due to criminal acts by employees. Here’s how to decide whether your business needs one.
Employee dishonesty insurance can cover not only theft of money, property and securities, but also willful damage to property. If, for example, an employee smashes a computer or kicks a hole in a wall, it’s likely covered. And this type of policy covers losses from all employees. However, coverage generally is based on occurrences. So if more than one employee is involved in a single theft, the payout will be based on that single occurrence.
Rates and deductibles typically depend on a business’s level of risk. But separate employee dishonesty insurance policies are likely to have higher loss limits and more customized coverage than is available with coverage offered as part of a business insurance package.
Employee dishonesty insurance covers only property your business owns, holds for others or is legally liable for. It usually doesn’t cover theft or damages caused by employees of businesses that provide services to your company. (For coverage related to third parties, such as contract workers, you may need to add “endorsements” or buy a broader business crime policy.)
Employee dishonesty insurance also generally won’t cover loss of:
- Intangible assets such as trade secrets or electronic data,
- Loss of employees’ property,
- Damage covered by another insurance policy, or
- The unexplained disappearance of property.
The burden of proof for employee dishonesty claims is solely on the policy owner. Insurance companies will pay claims only if there is conclusive proof that an employee caused the loss.
Finally, employee dishonesty insurance isn’t a substitute for a fidelity bond if a bond is required by a funding source or other contractual agreement. And such bonds can offer advantages. For example, Federal Bonding Program bonds, intended to encourage employers to hire hard-to-place applicants, reimburse employers with no deductible for loss due to employee theft.
Consider your options
Before buying employee dishonesty insurance, look closely at what your general liability or business owner’s policy covers so that you don’t pay for the same coverage twice. And keep in mind that some businesses — such as restaurants and retail stores, where employees often handle cash — may benefit from it more than others. For help determining what your company needs and finding affordable coverage, contact us.
© 2020 Covenant CPA
A Small Business Administration (SBA) loan can make big things happen for your small company. But the agency’s loan program is sometimes abused by con artists who know that many small business owners have little experience applying for financing and are, therefore, vulnerable to scams. Here’s what you should know.
Background on SBA products
The SBA provides various financing options with favorable terms and greater flexibility to small businesses and start-ups. It doesn’t disburse loans directly but gives lenders federal guarantees and backing to reduce lending risk. Individual businesses must themselves make arrangements with financial institutions that make loans.
Three key SBA programs are:
1. SBA 7(a) loans. This is the flagship product. It typically frees up working capital needed to acquire equipment, real estate or inventory.
2. Microloans. This program is more targeted. Smaller amounts are disbursed quickly to address short-term needs.
3. SBA 504 loans. This program is commonly used for commercial real estate purposes, such as the cost of buildings, land, equipment and renovations.
Look for red flags
If you’re applying for one of these types of loans, how can you avoid becoming a fraud victim? The government warns small business owners to be wary of companies offering to help them secure money from an SBA program. In particular, watch out for services that charge exorbitant fees or that guarantee you’ll get a loan if you work with them. In general, legitimate services don’t charge upfront fees to broker loans, perform credit checks or “process” applications. So if you’re asked to pay, walk away.
Fraud perpetrators also might claim that your business will be issued a forfeiture letter making it ineligible for any SBA funding if you don’t use their services. High-pressure sales tactics, such as threats or limited-time offers, are reliable indicators that you’re dealing with a fraudster. One way to verify suspicious claims is to call the SBA yourself.
Other bad actors may not ask for money at all. They’re simply after personal information that will enable them to steal your identity or access financial accounts. Don’t provide your Social Security number, bank account information or credit card information to any unsolicited caller or emailer.
Choose assistance carefully
Of course, many reputable businesses help companies apply for SBA loans — and they can make the process easier. But be sure to investigate the reputation of any business that contacts you. Better yet, ask trusted advisors or other small business owners for referrals.
© 2020 Covenant CPA
Some fraud schemes refuse to die. Jury duty scams existed long before phishing, malware and other cybercrime methods became synonymous with identity theft. Yet just this month, the U.S. Marshals Service issued a fraud advisory about this old-school con that’s enjoying a resurgence.
Here’s how jury duty scams work: Perpetrators posing as court officers, U.S. Marshals and other members of law enforcement call unsuspecting victims, warning them that they’re about to be arrested because they haven’t reported for jury duty. When the targets assert they haven’t been notified that they’ve been selected, the scammers ask for information to “verify their records.”
The information the scammers want, of course, is a victim’s Social Security number and date of birth. Some go a step further and request bank account information, claiming they need an account routing number and other details to facilitate the direct deposit of jury checks.
Alternatively, scammers tell victims that they can pay a fine in lieu of arrest. They request payment via a prepaid debit or gift card and ask the victim to read the card number over the phone. In some cases, crooks ask victims to deposit cash into a bitcoin ATM. Both methods ensure that the funds are unrecoverable once they’re transferred.
Know the facts
The truth is, courts virtually never call prospective jurors — even those who don’t report as scheduled. Most courts rely on the U.S. postal system for follow-ups and they never ask for confidential personal information.
Unfortunately, many people are caught off guard by this scam. Disconcerted to learn that they may be arrested for evading jury duty, even those who ordinarily would be cautious about providing personal information over the phone may give the callers what they want.
Remember that the spiel doesn’t matter. What’s important is that bogus jury duty calls are the same as any other telephone scam. You should never give confidential information or transfer funds to unverified callers&ndsh;even when threatened with arrest.
Report and verify
If you think you’ve been scammed by a con artist posing as a court or other official, report it to your local FBI office or the Federal Trade Commission. And if you’re unsure about whether you really do need to report for jury duty, contact your local courthouse.
© 2019 Covenant CPA