Gift cards offer businesses a convenient way to reward employees and thank customers. However, as the FBI recently warned, gift card scams specifically targeting companies are on the rise. Since January 2017, losses from such fraud schemes have surpassed $1 million. Here’s what you need to know to avoid being cheated.

Anatomy of a scam

Fraudsters use classic “spoofing” strategies to execute what law enforcement terms Business Internet Compromise (BIC) scams. They email or text an employee, claiming to be someone who can authorize gift card expenditures, such as the company’s CEO or HR director.

Messages typically instruct the employee to purchase gift cards for the executive to give as gifts or to use for office expenses, such as holiday party supplies. The employee is told to send the gift card information, including card numbers and PINs, back to the “executive” (in reality, the scammer) who then cashes out the cards’ value. By the time the business catches on, it’s already too late to recover the stolen funds.

All companies are vulnerable to this type of fraud. But certain sectors seem to be at increased risk, including real estate, legal, medical, and distribution and supply businesses, as well as nonprofit organizations.

Simple steps

Prevention starts with education. Inform employees about the scam and ask them to be on the lookout for emails or texts that ask them to buy multiple gift cards on someone else’s behalf. They should be particularly suspicious if the email urges them to act quickly or to reply with the gift card numbers and PINs.

To be on the safe side, require employees to follow up on any electronically delivered purchasing request with a phone call to the requesting party. And to reduce the chance that employees will receive spoofed emails, ensure that your network security is robust and up to date.

Report and control

The FBI asks businesses to report BIC gift card incidents to its Internet Crime Complaint Center at www.ic3.gov. Also, contact us at 205-345-9898. We can help you implement strong internal controls to prevent fraudsters from taking advantage of unsuspecting employees.

© 2018 Covenant CPA

Charities typically receive most of their donations during the holidays and at year end. It’s critical for these organizations to be on the lookout for fraud throughout the year, but even more so during the busy season. Here are some fraud schemes nonprofits should watch out for and how they can use internal controls to protect against financial losses.

Culture of trust

Charities generally are staffed by people who believe strongly in their missions, which contributes to a culture of trust. Unfortunately, such trust makes nonprofits vulnerable to certain types of fraud. For example, if managers don’t supervise staffers who accept cash donations, it provides an opportunity for them to skim cash. Skimming is even more likely to occur if a nonprofit doesn’t perform background checks on employees and volunteers who’ll be handling money.

However, skimming isn’t the most common type of fraud scheme in the nonprofit sector. According to the Association of Certified Fraud Examiners, religious, charitable and social services organizations are most likely to fall prey to billing schemes. Falsified expense reports and credit card abuse are also common in nonprofits.

Internal controls matter

Even small nonprofits that consider their employees and volunteers “family” need to establish and enforce internal controls. Such procedures must be followed regardless of how busy staffers are processing donations and completing year-end duties.

Possibly the most important control to prevent occupational fraud is segregation of duties. To reduce opportunities for any one person to steal, multiple employees should be involved in processing payables and receivables. For example, every incoming invoice should be reviewed by the staffer who instigated it to confirm the amount and that the goods or services were received. A different employee should be responsible for writing the check.

And don’t forget to protect electronic records that include data on donors, vendors and employees. Staff members should be given access only to the information and programs required for their job. And all sensitive information should be password-protected.

Caution with special events

Many nonprofits depend on money raised from a big annual gala or other special event at year end. During crowded, chaotic fundraisers, you’ll want to discourage supporters from making cash payments. Instead, presell or preregister event participants to limit access to cash on the day of the event. If you decide to accept cash at the door, try to assign cash-related duties to paid employees or board members, rather than unsupervised volunteers.

For more tips on preventing fraud in your nonprofit, contact us. We can help you reinforce internal controls, as well as investigate suspected theft. Call us today at 205-345-9898.

© 2018 Covenant CPA

Your company probably has a contingency plan for such potential calamities as fires and natural disasters. But what about a fraud contingency plan? Even if you don’t believe that one of your trusted employees would ever steal from you, it pays to be prepared. A comprehensive fraud contingency plan can help facilitate an investigation and limit financial losses.

Imagine the possibilities

No contingency plan can cover every possibility, but yours should be as wide-ranging as possible. Work with your senior management team and financial advisor to devise as many fraud scenarios as you can dream up. Consider how your internal controls could be breached — whether the perpetrator is a relatively new hire, an experienced department manager, a high-ranking executive or an outside party such as a vendor.

Next, decide which scenarios are most likely to occur given such factors as your industry and size. For example, retailers are particularly vulnerable to skimming. And small businesses without adequate segregation of duties may be at greater risk for theft in accounts payable. Also identify the schemes that would be most damaging to your business. Consider this from both a financial and a public relations standpoint.

Put people to work

As you write your plan, assign responsibilities to specific individuals. When fraud is suspected, one person should lead the investigation and coordinate with staff and any third-party investigators. Put other employees to work where they can be most effective. For example, your IT manager may be tasked with preventing loss of electronic records and your head of human resources may be responsible for maintaining employee morale.

You’ll also want to define the objectives of any fraud investigation. Some companies want only to fire the person responsible, mitigate the damage and keep news of the incident from leaking. Others may want to seek prosecution of offenders as examples to others or to recover stolen funds. Your fraud contingency plan should include information on which employees will work with law enforcement and how they will do so.

Communicate inside and out

Employee communications are particularly important during a fraud investigation. Staff members who don’t know what’s going on will speculate. Although you should consult legal and financial advisors before releasing any information, aim to be as honest with your employees as you can. It’s equally important to make your response visible so that employees know you take fraud seriously.

Also designate someone to manage external communications. This person should be prepared to deflect criticism and defend your company’s stability, as well as control the flow of information to the outside world.

Review regularly

After you’ve created and implemented your fraud contingency plan, review and update it regularly to reflect business and personnel changes. Contact us for help making your plan at 205-345-9898.

© 2018 Covenant CPA

Many retail businesses implement careful controls over the use of their cash registers. For this reason, register-disbursement schemes are among the least costly types of cash frauds. Without such controls, however, businesses risk significant losses. Here’s how to make sure your company is doing everything it can to prevent this type of fraud.

Red flags

Issuing fictitious refunds and falsely voiding sales are a couple of common ways employees steal money. Both methods involve paying out cash without a corresponding return of inventory and usually result in abnormally high inventory shrinkage levels.

But high shrinkage is just one way to spot cash register disbursement fraud. Other red flags include:

  • Disparities between gross and net sales,
  • Decreasing net sales (increasing sales returns and allowances),
  • Decreasing cash sales relative to credit card sales,
  • Forged or missing void or refund documents,
  • Increasing void or refund transactions by individual employees, and
  • Multiple refunds or voids just under the review limit.

Any of these warning signs may warrant investigation. A fraud expert can help you determine whether discrepancies have innocent explanations or indicate a more serious problem.

Prevention measures

Your business can prevent cash register theft by taking preventive measures. These include having written ethics policies and providing employees with antifraud training. In many cases of register theft, several employees are aware that it’s happening. So be sure to provide a confidential hotline or other means for employees to report unethical behavior without fear of reprisal.

Your fraud detection and deterrence program should also include training internal auditors to regularly perform horizontal analysis of income statements. Horizontal analysis — which compares financial statement line items from one period to the next — can identify suspicious trends, such as an increasing number of cash refunds.

Professional help

Taking these simple steps can prevent significant losses. But signs of extensive cash register theft usually indicate bigger issues. Contact us. We can help you nip theft in the bud by strengthening internal controls and, when necessary, assemble evidence for criminal prosecutions and civil lawsuits. Call us today at 205-345-9898.

© 2018 Covenant CPA

With millions of dollars at stake, an overextended real estate developer has a lot to lose if lack of funds causes a project to collapse. To attract investment capital, some developers have been known to resort to financial statement fraud. If you’re considering financing a project, you need to know how to spot such deception.

Ample opportunity to cheat

There are many ways to falsify a financial picture. For projects in the planning phase, a company seeking financing may provide overstated appraisals of the completed property. Or it may fail to mention its inability to secure utility access or approval from local authorities to rezone the property’s intended location.

For projects already under construction, the developer may inflate the percentage of development completed or amount of materials already purchased. Or a developer could neglect to report funds received from previous lenders or investors.

Sweat the small stuff

To avoid shady deals, review project proposals carefully. For example:

Look at supporting documents. In their rush to “improve” financials by manipulating income statements, balance sheets and cash flow statements, some companies may overlook supporting documents such as project-related budgets and forecasts. Compare these to the company’s primary financial statements and, if you find discrepancies, ask for a detailed explanation.

Scrutinize line items. Certain financial statement line items tend to correspond to each other. For example, labor expense and the accounts payable balance should increase at a rate similar to the percentage of construction completed to date. If line items appear out of sync, ask to see the books of original entry such as the accounts payable aging reports or salary expense reports.

Employ analytical techniques. Common size analysis can help you verify the integrity of specific line items. The process converts each item to a percentage of a base number. For example, to analyze wages and benefits expense, you would divide wages and benefits expense by revenue. Once you’ve converted every line item on the income statement to a percentage of revenue, you can compare the percentages within a reporting period and against prior and subsequent reporting periods.

Professional skepticism

Given the inherent complexity of commercial and residential construction projects, there are plenty of ways for unscrupulous developers to con lenders and investors. Contact us at 205-345-9898. We can help you determine whether a project’s financial statements appear sound.

© 2018 Covenant CPA

The expense of preventing fraud is minimal compared to the cost of cleaning up after fraud has been committed. One common fraud deterrent is to monitor employees on the job. But are you legally entitled to monitor employees? The answer is “sometimes.” One thing is certain: You must follow current employment law to the letter.

Two competing interests

Many laws apply to employees’ privacy rights. In general, they attempt to balance employers’ interests in minimizing losses and injuries and maximizing production with employees’ interests in being free from intrusion into their private affairs.

By adopting and clearly communicating employment policies, your company can, within limits, establish its authority to conduct searches and surveillance that might otherwise be deemed intrusive. But before you state your policies, check with your attorney to ensure they don’t violate any federal or state laws.

Allowable actions

In most cases, federal law allows employers to take the following actions (but keep in mind that some state laws may be more restrictive):

Electronic activities monitoring. As a general rule, you can’t monitor employees’ use of electronic devices (including tracking Internet use) without their knowledge. But there are two notable exceptions. First, you can monitor if you have a legitimate business need to do so (for example, to record a client’s buy/sell instructions to a stockbroker). The second exception is when one party to a communication consents to the monitoring. If your company clearly states a policy to monitor communications, an employee is usually considered to have consented by remaining in the job.

Phone call monitoring. You’re generally allowed to monitor business-related phone conversations to and from the workplace. However, you can’t monitor personal calls and must hang up as soon as it’s apparent the call isn’t work-related, unless the employee has given you permission to listen in.

Physical searches. Exercise extreme caution before searching an employee’s person. If you feel a body search is necessary, don’t threaten or apply physical force or prevent the employee from leaving the room or workplace. Aside from possible referral to law enforcement, keep the search results confidential. This is to prevent leaks that could form the basis for libel or slander suits.

Surveillance. You can install cameras in your company’s offices or production areas, but usually not in “private” areas such as restrooms and locker rooms. As with other searches, surveillance records must be kept confidential. Only individuals who must know the information to properly perform their duties should have access to evidence of possible wrongdoing.

Avoiding land mines

Protecting your company from fraud while also adhering to employee privacy regulations can be challenging. To avoid legal land mines, develop your company’s policies with the help of an employment law attorney. Contact us at 205-345-9898 to learn more.

© 2018 Covenant CPA

Online shopping enables consumers to buy almost anything from the convenience of their own homes. But comfortable surroundings can lull online shoppers into a false sense of security. You wouldn’t leave your wallet unattended in a busy shopping mall or enter a sketchy-looking shop, yet you may be taking similar risks on the Internet.

One of the biggest risks is shopping on fraudulent sites or making purchases from crooked marketplace sellers who have no intention of shipping the goods you’ve paid for. Here are three suggestions for protecting yourself:

  1. Use feedback features. When shopping in online marketplaces such as eBay or Amazon, pay close attention to ratings and comments provided by previous customers about individual sellers. Bear in mind, however, that some online review platforms allow sellers to request the removal of negative reviews. And while reputable marketplaces and review sites do their best to block fake reviews, it’s possible for sellers to boost their profile by paying “customers” to post five-star ratings and raves.
  2. Perform basic research. Before making a purchase from an unfamiliar retail site, plug the site’s name into a major search engine. Because negative information may not appear at the top of search results, look beyond the first or second page. In some extreme circumstances, disgruntled customers set up their own sites to air grievances about an online retailer or you may find news of legal action. Also be wary if you find almost no information about a retailer. Some scam artists frequently change the names and addresses of their sites to stay one step ahead of the law.
  3. Always pay with a credit card. Credit card companies generally allow their customers to dispute fraudulent charges and get their money back if they don’t receive the goods they purchased. So beware of online sellers who ask you to pay by check, ACH or wire to avoid credit card processing fees. Online marketplace scammers sometimes ask customers to skip the site’s payment system and pay them directly. This is dangerous because it places a transaction beyond the reach of the marketplace’s fraud detection and prevention systems.

Most online merchants deliver on their customer commitments. However, a small percentage take advantage of the Web’s anonymity to commit fraud. Be sure to check out any site or seller you intend to do business with and, just as important, listen to your gut. If something makes you uneasy, don’t proceed with the transaction. Contact us for more information at 205-345-9898.

© 2018 Covenant CPA

Your company has landed a lucrative new account, and the customer has already placed several small orders, paying in full, on time. Now the customer wants to place a larger order, but has requested that you first expand its credit account. Warning! There’s a chance that you could become a victim of bankruptcy fraud. Your new customer may be planning a “bust-out” — a common bankruptcy-related scam.

Bust-out scams

In a bust-out, fraudsters create a bogus company — often with a name similar to that of an established, reliable business — to order goods they have no intention of paying for. In fact, they plan to sell the products for fast cash, file for bankruptcy and leave you, the supplier, holding the empty bag.

In a variation of the scheme, bogus operators buy an existing company and use its good credit to order the goods. Either way, they sell the products they order below cost, for cash, and then file for bankruptcy, writing off the amounts of the supplier’s bill.

You can avoid becoming a bust-out victim by carefully vetting businesses that were formed only recently. Also be wary of established companies with new ownership — particularly if the new owners seem to want to keep their involvement under wraps. And pay particular attention to customers that have:

  • Warehouses stuffed with high-volume, low-cost items,
  • Disproportionate liabilities to assets,
  • No corporate bank account, and
  • Principals previously involved with failed companies.

Fraudulent conveyance schemes

Bust-outs are far from the only bankruptcy-related scams. In fact, the most common type of bankruptcy fraud is concealing assets — or fraudulent conveyance. This scheme involves hiding or moving assets in anticipation of a bankruptcy. The owner of a business on the brink of collapse may, for example, transfer property to a third party — most commonly, a spouse — for little or no compensation. The third party holds the property until bankruptcy proceedings have concluded, and then transfers it back to the business owner.

Alternatively, the business owner files for bankruptcy and then, with the court’s approval, sells property below value to a straw buyer. The owner’s relationship with the buyer isn’t disclosed, but the buyer holds the property until the owner is ready to reclaim it at an agreed-upon price.

In either case, the goal is the same: to keep property and monetary compensation out of the hands of creditors.

Prevention first

Fighting bankruptcy fraud typically requires professional legal and financial help. The best protection is prevention, but if you suspect one of your customers is trying to pull a fast one, contact us at 205-345-9898.

© 2018 Covenant CPA

To head off employee theft, businesses need to know what crooked employees are most likely to steal. The number one preference is cash. But if that’s off limits, the next choice is something expensive that they can use outside work. And, of course, the most costly and useful items in most offices are laptop and desktop computers and other technological devices.

Mark equipment

How can your company protect its technology assets from theft? First, consider adding security plates and indelible markings. These additions can help you track stolen equipment, inhibit resale and discourage thieves from ever trying to steal.

Security software also can track a stolen computer online. As soon as the thief connects to the Internet, its software contacts the security firm’s monitoring system, which traces the machine’s current IP address. To locate a physical address, firms use GPS and Wi-Fi tracking. However, there can be legal obstacles to obtaining the actual address of a thief.

Most computers and mobile devices can also be tracked by sites and apps such as Google, Facebook and Dropbox, which capture the IP addresses of users when they log into their accounts. Apple products can be tracked using iCloud.

Fasten it down

To keep laptop and desktop computers where they belong, you can lock them down with cables and attach motion sensor alarms. If you store numerous laptops on your premises, consider locking them in heavy-duty cabinets or carts when not in use.

To deter desktop computer theft, consider a locked steel case bolted to the desktop. If you prefer not to drill holes in furniture, you can attach super-strength adhesive security pads to desks or other furniture to prevent thieves from lifting the equipment off the surface.

Keep it safe

It’s worth the effort to add extra security and keep your company’s assets where they belong. Also make sure that your business insurance provides adequate coverage for computer losses. Contact us for more information at 205-345-9898.

© 2018 Covenant CPA

Tax identity theft may seem like a problem only for individual taxpayers. But, according to the IRS, increasingly businesses are also becoming victims. And identity thieves have become more sophisticated, knowing filing practices, the tax code and the best ways to get valuable data.

How it works

In tax identity theft, a taxpayer’s identifying information (such as Social Security number) is used to fraudulently obtain a refund or commit other crimes. Business tax identity theft occurs when a criminal uses the identifying information of a business to obtain tax benefits or to enable individual tax identity theft schemes.

For example, a thief could use an Employer Identification Number (EIN) to file a fraudulent business tax return and claim a refund. Or a fraudster may report income and withholding for fake employees on false W-2 forms. Then, he or she can file fraudulent individual tax returns for these “employees” to claim refunds.

The consequences can include significant dollar amounts, lost time sorting out the mess and damage to your reputation.

Red flags

There are some red flags that indicate possible tax identity theft. For example, your business’s identity may have been compromised if:

  • Your business doesn’t receive expected or routine mailings from the IRS,
  • You receive an IRS notice that doesn’t relate to anything your business submitted, that’s about fictitious employees or that’s related to a defunct, closed or dormant business after all account balances have been paid,
  • The IRS rejects an e-filed return or an extension-to-file request, saying it already has a return with that identification number — or the IRS accepts it as an amended return,
  • You receive an IRS letter stating that more than one tax return has been filed in your business’s name, or
  • You receive a notice from the IRS that you have a balance due when you haven’t yet filed a return.

Keep in mind, though, that some of these could be the result of a simple error, such as an inadvertent transposition of numbers. Nevertheless, you should contact the IRS immediately if you receive any notices or letters from the agency that you believe might indicate that someone has fraudulently used your Employer Identification Number.

Prevention tips

Businesses should take steps such as the following to protect their own information as well as that of their employees:

  • Provide training to accounting, human resources and other employees to educate them on the latest tax fraud schemes and how to spot phishing emails.
  • Use secure methods to send W-2 forms to employees.
  • Implement risk management strategies designed to flag suspicious communications.

Of course identity theft can go beyond tax identity theft, so be sure to have a comprehensive plan in place to protect the data of your business, your employees and your customers. If you’re concerned your business has become a victim, or you have questions about prevention, please contact us at 205-345-9898.

© 2018 Covenant CPA