Affinity fraud — where perpetrators exploit connections of race, religion, age, politics and profession — is one of the cruelest forms of criminal deception. Fraudsters often belong to the groups they target and, in addition to stealing money, weaken the bonds within communities.

Affects individuals and businesses

Affinity fraud targets individuals. But it can also hurt businesses if a big chunk of their workforce is affected. If your company employs a large percentage of immigrants, for example, they may be susceptible to fraud perpetrated by other immigrants and could, as a result, be left penniless. In addition to the effect such emotional trauma can have on company morale, it could make employees more susceptible to stealing in their own efforts to recoup their losses.

Even people who usually are skeptical of common cons are more likely to let down their guard when the pitch comes from someone with a common background. Recently, for example, the Securities and Exchange Commission uncovered a $3 million affinity fraud scheme perpetrated by an investment advisor who targeted his fellow Israeli-Americans living in Los Angeles.

Military veterans are particularly vulnerable to appeals from fake military charities or Department of Veterans Affairs loan schemes. Many of these frauds are committed by individuals posing as ex-service members, but some are perpetrated by actual veterans exploiting their military connections.

Don’t be deceived

No one is immune to affinity fraud. Not only could you be targeted as an individual, but scam artists — potentially including your own employees — could seek contributions as part of your business’s philanthropic activities. Don’t be deceived into believing you can spot such scams. Many affinity frauds are recommended by friends, neighbors and colleagues.

To protect yourself, research any investment opportunity or fundraising organization that approaches you, regardless of who makes the approach. A duped individual may present the opportunity to you in good faith. In fact, that’s why Ponzi schemes are often so successful.

Also, refuse to be pressured into participation before you’re ready, and be skeptical if you’re asked to keep an opportunity confidential or can’t get anything about it in writing. If a suspicious investment offer comes via e-mail, forward it to enforcement@sec.gov for investigation.

Hard, but not impossible, to fight

Affinity fraud can be hard to fight because victims are less likely to report it than other criminal acts. They may prefer to work within their community to try to resolve the problem instead of exposing it to law enforcement and media attention. But if you suspect a wolf is operating in your community’s fold, speak up. And contact us. We can help you confirm the existence of fraud.

© 2019 Covenant CPA

Money laundering is the process by which criminals transform their ill-gotten gains into legitimate-looking funds. It’s widespread and wide-reaching, making it a significant corrupting influence on financial systems, governments and certain professionals.

Criminals use many different types of businesses to “wash” their dirty money, but some are more useful than others. Given its high dollar value and availability of inventory, real estate is one of those favored industries.

3 steps

The typical money laundering scheme involves three phases:

  1. Placement. Here the proceeds of criminal activity enter the financial system.
  2. Layering. This is where the money launderer conducts a series of transactions to distance the money from its criminal source.
  3. Integration. Finally, the criminal uses the money, which now appears legitimate and divorced of any crime.

Executing money laundering operations effectively is critical if crooks are to engage in complex organized crime operations and long-running fraud schemes. Not surprisingly, law enforcement has prioritized breaking up money laundering operations.

Many laws exist to prevent it, including the Bank Secrecy Act, the Patriot Act, and the Intelligence Reform and Terrorism Prevention Act. Yet given the vast number of transactions taking place within the U.S. financial system, detecting money laundering schemes remains a challenge, particularly when perpetrated by experienced crooks.

Appealing sector

The size of many real estate deals allows money launderers to clean large sums of money quickly. And because real estate involves so many routine transactions, it can be easy for criminals to avoid detection. But probably the most attractive aspect of the real estate market from a launderer’s perspective is that there are few, if any, reporting requirements for suspicious activity.

To avoid raising red flags, money launderers may use illegal shell companies — companies that exist in name only and whose primary purpose is to process illegal funds. Shell companies usually grant a real estate buyer anonymity. Depending on the sophistication of the scheme, criminals may use overseas financial systems to make tracing the source of funds nearly impossible.

Nevertheless, to expose a dirty real estate deal, transaction participants need to ask questions about the source of a buyer’s money. Difficult-to-trace funds are a red flag for criminal involvement. Other suspicious signs are when a buyer offers to pay significantly above market or a seller tries to dispose of property quickly — even if it means taking a loss.

Bottom line

The upshot is that, if a property transaction seems “off” and you don’t receive adequate answers to reasonable questions, walk away from the deal. Someone who knowingly sells to a money launderer could be indicted as a conspirator. For this reason, make sure you work with reputable and experienced real estate brokers and attorneys.

© 2019 Covenant CPA

Fraud experts have long suggested that the presence of three conditions, known as the “fraud triangle,” greatly increases the likelihood that an employee will commit fraud. Over the years, this conceptual framework has been expanded to become a “fraud diamond.” Understanding these models can help you protect your business.

Classic shape

The classic fraud triangle consists of:

1. Pressure. An individual experiences some type of pressure that motivates the fraud. Pressure can come from within the organization — for example, pressure to meet aggressive earnings or revenue growth targets. Or, the pressure could be personal, such as the need to maintain a high standard of living or pay off debt from credit cards, medical bills or gambling.

2. Rationalization. Perpetrators must be able to mentally justify their fraudulent conduct. They might tell themselves that they’ll pay back the money before anyone misses it, or reason that:

  • They’re underpaid and deserve the stolen funds,
  • Their employers can afford the financial loss,
  • “Everybody” does it, or
  • No other solution or help is available for their problems.

Under the fraud triangle theory, most employees who commit fraud are first-time offenders who don’t view themselves as criminals but as honest people caught up by circumstances.

3. Opportunity. Occupational thieves exploit perceived opportunities that they believe will allow them to go undetected. Poor internal controls, weak management oversight and ineffective or nonexistent audits all create opportunities for fraud. The opportunity leg represents the best avenue for preventing fraud because it’s within your organization’s control.

New dimensions

More recently, experts have proposed a conceptual framework that includes a fourth leg, “capability.” A capable individual is someone who may have the job position, intellectual capacity, confidence, resilience to stress and guilt, and ability to coerce and cajole others that make committing fraud easier.

A similar model to this diamond shape is MICE (Money, Ideology, Coercion and Ego). MICE retains the original three sides of the fraud triangle but shares the opportunity leg with a second triangle that also has sides for criminal mindset and arrogance.

Proponents of this model argue that perpetrators with characteristics matching the original fraud triangle are “accidental fraudsters.” This means that they wouldn’t commit fraud in the absence of motivation. Those on the side of the additional criminal mindset/arrogance/opportunity triangle are predators, or pathological fraud perpetrators. These individuals require only opportunity. This is another reason why focusing on the opportunity side is the best way to prevent fraud in your organization.

Designed to help

It’s important to remember that employees who seem to display fraud triangle or diamond characteristics won’t necessarily commit a crime. The models are designed to identify risk and eliminate fraud opportunities. Contact us for more information about protecting your organization from fraud.

© 2019 Covenant CPA

Even if you haven’t heard much about it lately, know this: Health care fraud is alive and well in the United States. Here’s a roundup of recent stats, law enforcement initiatives, common fraud schemes and how you can help prevent these crimes.

Just the facts

During fiscal year (FY) 2018, the Health Care Fraud and Abuse Control Program (a government initiative that coordinates federal, state, and local law enforcement) won or negotiated over $2.3 billion in health care fraud judgments and settlements. During the same period, the Department of Justice (DOF) opened 1,139 new criminal health care fraud investigations. In addition, the DOJ filed charges in 572 criminal cases.

What does this mean for you? The National Health Care Anti-Fraud Association estimates that health care fraud costs the nation at least $68 billion annually.

Many players, many games

Health care fraud can be perpetrated in a variety of ways by many different players. For example, insurance companies may bilk government programs such as Medicare and Medicaid by submitting false documentation, mishandling claims, charging excessive rates or failing to pass along discounts.

Fraud by insured employees is another problem. Employee-initiated schemes include submitting fraudulent claims — often in collaboration with shady medical providers.

Dishonest providers, including doctors, nurses, chiropractors and pharmacists, are responsible for a large volume of health care fraud. They may bill for unnecessary or harmful medical procedures, bill for procedures never performed, “upcode” inexpensive procedures to expensive ones, or bill for brand names and dispense generics. Corrupt practitioners may recruit healthy individuals and bill their insurance companies for costly medical services that are never provided.

What you can do

Fraud thrives in high volume environments. So, the more health care transactions your business or organization processes, the greater the potential for fraud to slip through undetected, and the more vigilant you must be.

You can help combat these schemes by strictly complying with audit obligations. For instance, randomly sample products and services invoiced and compare them with what was actually delivered to the patients. Looking for discrepancies can net you stolen goods and even large-scale thefts. It also sends a message to potential perpetrators that you’re watching.

Role of internal controls

In addition to contractual audits, internal controls play an important role in preventing and uncovering health care fraud. Contact us if your organization needs help building a robust internal control system.

© 2019 Covenant CPA

When the value of a stock skyrockets, its investors may think they’ve hit the jackpot. But if the stock in question is part of a “pump-and-dump” scheme, investors may, in fact, lose their shirts. Here’s how to avoid getting taken by this type of investment fraud.

A penny for your stocks

In the typical pump-and-dump scam, a fraud perpetrator buys shares in an inexpensive, relatively illiquid stock (often referred to as a “penny” stock) whose price will react dramatically when trading volume increases. Then the crook makes false or misleading statements to encourage people to sink their savings into the stock and drive up its price. When it hits a certain dollar amount, the fraudster sells, locking in short-term gains and causing the stock to crash. Investors are left with what often are worthless shares.

This summer, the FBI uncovered an international pump-and-dump scheme that netted its perpetrators $15 million in profits over a five-year period. The criminals bought millions of shares in small, thinly traded companies, then staffed call centers to hype the stocks to senior citizens. The scheme might have continued indefinitely if not for the fact that one of the crooks’ “co-conspirators” wasn’t the greedy stockbroker he claimed to be, but an undercover agent.

Hot tips, cold shoulder

As the above case suggests, investment scammers often target seniors with retirement savings to invest. Novice investors who aren’t familiar with how the stock market works are also popular marks. However, even experienced investors can get snared when offered a “hot tip.”

You can help avoid becoming a victim by following some common-sense guidelines. For example, never buy a stock based on an email or telephone solicitation, no matter how compelling the sales pitch. Simply hang up the phone or delete the message.

If you’re intrigued by the sound of an investment, do your research to determine whether the company is 1) legitimate, and 2) a good investment opportunity. Also pay attention to the stock’s trading volume. The more thinly traded a stock, the greater the potential for fraudulent manipulation.

Too good to be true

The bottom line: When an investment sounds too good to be true, it probably is. If you’d like to invest (say, for retirement or other financial goals), but don’t know how to pick stocks or build a portfolio, work with a reputable financial advisor. There are no guarantees in investing, but your advisor can help you steer clear of scams and invest only in securities that meet your criteria.

© 2019 Covenant CPA

Early revenue recognition has long accounted for a substantial portion of financial statement fraud. By recording revenue early, a dishonest business seller or an employee under pressure to meet financial benchmarks can significantly distort profits. Fortunately, fraud experts have tools to expose such manipulation.

Multiple methods

Early revenue recognition can be accomplished in several ways. A dishonest owner or employee might:

  • Keep the books open past the end of a period to record more sales,
  • Deliver product early,
  • Record revenue before full performance of a contract,
  • Backdate agreements,
  • Ship merchandise to undisclosed warehouses and record the shipments as sales, and
  • Engage in bill-and-hold arrangements.

In this last scenario, a customer agrees to buy merchandise but the company holds the goods until shipment is requested. It and any of these schemes might be carried out by one employee or several in collusion.

Expert strategies

Probably the most obvious marker for early revenue recognition is when a company records a large percentage of its revenue at the end of a given financial period. Significant transactions with unusual payment terms can also be a danger sign. When these or other red flags are unfurled, it’s time to investigate.

Fraud experts might compare revenue reported by month and by product line or business segment during the current period with that of earlier, comparable periods. They typically employ software designed to identify unusual or unexpected revenue relationships or transactions.

Reading the signs

If, for example, an expert suspects merchandise is billed before shipment, he or she will look for discrepancies between the quantity of goods shipped and quantity of goods billed. The expert will also examine sales orders, shipping documents and sales invoices; compare prices on invoices with published prices; and note any extensions on sales invoices.

What if the expert suspects merchandise was shipped prematurely? He or she compares the period’s shipping costs with those in earlier periods. Significantly higher costs could indicate an early revenue recognition scheme.

The expert also may sample sales invoices for the end of the period and the beginning of the next period to confirm the associated revenues are recorded in the proper period. If phantom sales are suspected, reversed sales in subsequent periods and increased costs for off-site storage may provide evidence of fraud.

Exposure can be fatal

If improper revenue recognition is exposed to the public, the resulting scandal can destroy a company. Contact us immediately if you suspect it or other forms of financial statement fraud.

© 2019 Covenant CPA

When it comes to reducing fraud loss and duration, active detection methods (such as surprise audits or data monitoring) are far more effective than passive methods (such as confessions or notification by police). This was a major finding of the latest Association of Certified Fraud Examiners (ACFE) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse. Yet many companies fail to use active methods to their full potential.

Active vs. passive detection

The ACFE study found that frauds detected using passive methods tend to last longer and produce larger losses than those detected by such active methods as:

  • IT controls,
  • Data monitoring and analysis,
  • Account reconciliation,
  • Internal audit,
  • Surprise audits,
  • Management review, and
  • Document examination.

These active methods of detection can significantly lower fraud durations and losses. For example, frauds detected by IT controls had a median duration of five months and a median loss of $39,000. By comparison, fraud detected through notification by police had a median duration of 24 months and a median loss of $935,000.

Surprise audits and proactive data monitoring and analysis can be especially effective ways to fight fraud. On average, victim-organizations without these antifraud controls in place reported more than double the fraud losses and their frauds lasted more than twice as long as victim-organizations with these controls in place. Yet only 37% of the organizations in the ACFE study had implemented surprise audits or data monitoring and analysis, however.

Close-up on tips

The ACFE categorized tips — the leading fraud detection method — as “potentially active or passive,” because they may or may not involve proactive efforts designed to identify fraud. Organizations that use hotlines for reporting misconduct detected fraud by tips more often (46% of cases) than those without hotlines (30% of cases).

More than half of tips came from employees, but nearly one-third came from outside parties, such as customers and vendors. To ensure that tips are used as an active detection method, an organization should set up a hotline and promote its use among employees, supply chain partners and others. If possible, users should be able to make anonymous reports.

Don’t wait for fraud to find you

Occupational fraud poses a significant threat to organizations of every type and size. Waiting to react until fraud rears its head can result in serious financial losses. Instead, adopt active detection methods that can be deployed continually. Contact us for help.

© 2019 Covenant CPA

As more people use mobile phones, more fraud perpetrators target these devices. According to Javelin Strategy & Research, between 2017 and 2018 the number of fraudulent mobile-phone accounts opened grew by 78%. Schemes in which thieves open a phone account in your name and use it to access your bank account, sign up for credit cards and gain access to personal information are only some of the recent fraud trends. Fraudsters have plenty of ways to defraud consumers through their phones.

Why they’re vulnerable

One of the reasons mobile phones are so vulnerable is that phone security hasn’t kept pace with traditional computer security. Mobile devices rarely contain comprehensive security measures, and mobile operating systems aren’t updated as frequently as those on personal computers.

Yet users routinely store a wide range of sensitive information — including contact information, emails, text messages, passwords and identification numbers — on their phones. Geolocation software can track where phones are at any time, and various apps can record personally identifiable information. Hackers can target a phone and use it to trick its owner, or the owner’s contacts, into revealing confidential information. Or phones can spread viruses to computers — a big problem for companies with “bring your own device” policies.

How thieves get in

Sometimes attackers obtain physical access to a device. More frequently, a hacker achieves virtual access by, for example, sending a phishing email that coaxes the recipient into clicking a link that installs malware.

Apps can be dangerous, too. A user might install an app that turns out to be malicious or a legitimate app with weaknesses an attacker can exploit. A user could unleash such an attack simply by running the app.

What you can do

Encryption is probably the most highly recommended defense against mobile phone fraud. When data is encrypted, it’s “scrambled” and unreadable to anyone who can’t provide a unique “key” to open it. Two-step authentication is also advisable. This approach adds a layer of authentication by calling the phone or sending a password via text message before allowing the user to log in.

Phone owners should always activate PINs or passwords, and other options such as touch ID and fingerprint sensors if available. Conversely, users should disable Bluetooth and Wi-Fi when not in use, and set Bluetooth-enabled devices to be nondiscoverable.

Also request a freeze on the credit information that’s used to open a mobile-phone account with the National Consumer Telecom & Utilities Exchange. This is a credit reporting agency fed by data supplied by phone companies, pay-TV companies, and utility service providers.

Evolving threats

In only a decade, mobile phones have completely changed our daily lives. Unfortunately, fraud has kept pace with technology. To protect your personal information, you need to be aware of the constantly evolving threats.

© 2019 Covenant CPA

Fraud experts have long known that “dark web” sites provide information, support and illicit goods to hackers and other criminals. But security company Terbium Labs recently published a report analyzing a treasure trove of fraud guides for sale on shady sites. These “educational” publications provide crooks with detailed instructions on exploiting security weaknesses to hack networks, obtain financial information and steal identities.

Effective tips

Although Terbium found that most of the guides it downloaded were relatively useless, there were still plenty that provided effective tips on compromising networks and disrupting antifraud procedures. The guides cover everything from account takeovers to phishing to counterfeit documents to stolen credit cards. Often, they discuss specific companies. For example, a “Bank Drop Creation Guide” provides detailed instructions on how to create a fraudulent bank account at nine specific financial institutions.

Some of the most dangerous information contained in these fraud guides tells would-be hackers how to use social engineering to breach companies’ security. Using the above example, a guide might contain a script crooks can follow to persuade a bank employee that a fraudulent account is legitimate.

Prized data

Terbium’s analysis of the guides found that certain types of personal information were particularly prized by thieves. Email addresses, which enable phishers to personalize their come-ons and track down a target’s full name and social media accounts, led this list. Passwords, not surprisingly, were a close second. User names, Social Security numbers and dates of birth were also highly sought after.

Among financial data, hackers prefer payment card information — though they show a clear preference for credit cards over debit cards. Card numbers are considered easy to obtain (millions of card numbers are available on the dark web), so the guides provide tips on maximizing profits before fraudulent purchases trigger alarms with the victim or card company.

What can you do?

Given the number of fraud perpetrators and wealth of information available to help them commit crimes, you may wonder how you can protect your personal financial or business’s customer data.

Individuals can reduce their risk by ignoring suspicious emails and disclosing financial information only on sites that provide SSL certificate authentication and encryption. Also, they should share even innocuous-seeming information, such as email addresses, only when necessary. Businesses need to work with experts to build a data security system that addresses their specific risks — and to update it religiously. Also, be sure to implement policies and procedures that prevent employees from inadvertently assisting fraud perpetrators. Contact us for help creating internal controls that will reduce your company’s fraud vulnerabilities at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA

Data analytics is changing the way many businesses operate. It’s also changing how forensic accountants do their jobs, providing fraud experts with the means to mine massive mounds of data like never before.

3 techniques

These analytical techniques are among the most efficient and effective at detecting occupational fraud:

1. Association analysis. This method can help identify suspicious relationships by quantifying the odds of a combination of data points occurring together. In other words, it calculates the likelihood that, if one data point occurs, another will, too. If the combination occurs at an atypical rate, a red flag goes up. For example, association analysis might find that a certain supervisor tends to be on duty when inventory theft occurs.

2. Outlier analysis. Outliers are data points outside the norm for a given data set. In many types of data analysis, outliers are simply disregarded, but these items come in handy for fraud detection. Experts know how to distinguish and respond to different types of outliers.

Contextual outliers are significant in certain contexts but not others. For example, a big jump in wages on a retailer’s financial statements might be notable in April but not in December — when seasonal workers come aboard.

Collective outliers are a collection of data points that aren’t outliers on their own but deviate significantly from the overall data set when considered as a whole. If, for instance, several public company executives sold off substantial blocks of stock in the business on the same day, it might signal suspicious behavior.

3. Cluster analysis. Here, experts group similar data points into a set and then further subdivide them into smaller, more homogeneous clusters. Data points within a cluster are similar to each other and dissimilar to those in other clusters. The greater the similarities within a cluster and the differences between clusters, the easier it is for an expert to develop rules that apply to one cluster but not the others.

Cluster analysis has long been used for market segmentation of consumers. But it can also detect fraud, particularly when combined with outlier analysis. Outlier clusters — those that are farthest from the nearest cluster when clusters are mapped out on a chart — generally merit extra scrutiny for suspicious activity. A fraud expert might, for example, use cluster analysis to evaluate group life insurance claims. The expert would look for clusters of large beneficiary or interest payments, or long lags between submission and payment.

High tech and old school

If you hire experts to uncover suspected fraud in your organization, don’t be surprised if they break out the data analytics tools. But they’ll also likely use some old-school methods — including interviewing employees — to find possible suspects and financial losses. Contact us to discuss at 205-345-9898 and info@covenantcpa.com.

© 2019 CovenantCPA