Reports started trickling into state agricultural agencies in July: Consumers were worried about strange seed packets they had received in the mail. The unsolicited goods weren’t labeled and appeared to be sent from China. In a year already fraught with anxiety and paranoia, the story quickly made headlines.
Perhaps this was the first you’d heard of a scam known as “brushing,” in which some third-party e-commerce sellers set up fake buyer accounts and ship unordered goods (in this case, seeds) to “customers.” Why would they do this? Read on.
A growing fraud
Brushing scammers set up fake accounts with Amazon, eBay and other online platforms so that they can order their own merchandise, ship it to a real address and then post glowing reviews that bolster their ratings. The ultimate objective, of course, is to attract more buyers for their goods.
According to the U.S. Department of Agriculture (USDA), the seeds people received this summer seem to be part of a brushing scheme. (The USDA is continuing to investigate, but at this time, the seeds don’t appear to be dangerous or capable of producing invasive plants.) However, this isn’t the first time Americans have received unordered merchandise from unknown companies. Over the past couple of years, consumers have been surprised by gifts of everything from flashlights to hand warmers to Bluetooth speakers.
Considering that you aren’t obliged to pay for or send back merchandise you didn’t order, this may not seem like a big deal. However, it suggests that personal information has been disclosed or compromised. So if you receive one of their packages, brushers have — at the very least — your name and home address and may also have your phone number and email address. And, as the Federal Trade Commission (FTC) warns, these fraudsters may have set up fake accounts in your name on multiple websites — or even hacked your legitimate accounts.
Nip it in the bud
How can you prevent dishonest businesses from burnishing their own reputations at the possible expense of yours?
- Report a suspicious package to the online retailer or platform (if you know what it is).
- Check your accounts for suspicious activity and change your passwords.
- If it appears accounts have been compromised, review your bank and credit card statements and credit reports. Consider freezing them to prevent fraud perpetrators from opening new accounts in your name.
- File a report with the FTC at ftc.gov/complaint.
Remember that it’s always possible a seller simply sent you something by mistake. Or a friend may have ordered a gift and forgotten to enclose a message to you. So do a little snooping before jumping to conclusions. But if it still seems your mystery package is part of a brushing scam, don’t just brush it off. Report the “gift” and make sure your accounts are secure.
© 2020 Covenant CPA
Skimming isn’t the biggest fraud threat for most businesses. The theft of cash receipts represents only 11% of asset appropriation schemes, according to the Association of Certified Fraud Examiners’ 2020 Report to the Nations. But with a median loss of $47,000, your business will likely feel the pain if it becomes a victim of skimming. Here’s what you need to know to prevent it.
Skimming occurs when an employee steals an incoming payment before it’s recorded. In the most basic skimming scheme, a worker sells goods or services to a customer, collects payment and pockets the money without recording the sale. If the customer receives goods but no sale is recorded, skimming will cause a discrepancy between physical inventory counts and the company’s inventory ledger.
Crooked employees can also skim receivables. This generally is harder to pull off, because overdue accounts appear on the accounts receivable aging schedule. Perpetrators may try to cover their thefts by “lapping,” or borrowing money from one account to make up for a shortage in another.
What to look for
To detect skimming, look for infrequent bank deposits and consistent bank balance fluctuations as well as frequent shortages of cash on hand. If you suspect skimming, we can help you perform physical inventory counts to check if inventory levels match recorded sales. We can also review journal entries for false credits to inventory; irregular entries to cash accounts; and write-offs of lost, stolen, or obsolete inventory.
Your business can help prevent skimming by segregating employee duties. No one person should be responsible for collecting, recording, reconciling and depositing cash receipts. Instead, split up those duties among multiple employees.
Also consider implementing these other preventive measures:
- Monitor spaces where employees handle cash with visible video cameras,
- Require daily bank deposits,
- Investigate no-sale and voided transactions,
- Reconcile cash deposits to all cash and checks received,
- Regularly reconcile inventory records to look for shrinkage, and
- Provide an anonymous tip hotline for employees, customers and vendors.
Certain organizations are more vulnerable to skimming. Small companies (those with less than 100 employees) and those in the education, real estate, and transportation and warehousing fields experience higher rates of skimming and may want to take extra precautions. Whatever your industry, contact us at the first sign of fraud.
© 2020 Covenant CPA
New technologies, including artificial intelligence and machine learning, increasingly are being applied to the old problem of occupational fraud. But in most circumstances, common accounting tools — “variance analysis” and “contribution margin” — remain effective in uncovering possible evidence of theft.
Gaps and absences
After your organization finalizes its annual budget, you may perform a variance analysis, reviewing differences between actual and budgeted performance. If, for example, actual wages significantly exceed budgeted wages, the difference could be due to such factors as wage increases, productivity declines or greater downtime. But it could also signal phantom employees on the payroll.
Fraud experts pay particular attention to variances related to inventory and purchase pricing. Supply-related variances could indicate the existence of kickbacks. Or they might suggest fictitious vendors — where payments go to the perpetrator and no inventory is received in exchange.
The absence of variances when they’re expected can also be cause for concern. If the cost of a critical production component has unexpectedly increased, then the actual numbers should show a variance. If no such variance is found, it could be a sign of financial reporting fraud.
Difference between price and costs
The term contribution margin generally refers to the difference between a unit’s sale price and its variable costs. It’s often used to make pricing decisions, calculate the breakeven point and evaluate profitability. But it can also be used to detect fraud.
In general, the contribution margin as a percentage of revenue should remain fairly consistent over time. If the contribution margin is dramatically lower than usual, skimming or inventory theft could be to blame. Just keep in mind that one discrepancy doesn’t equal solid evidence of fraud. It simply indicates that further investigation is warranted.
Discrepancies are just a start
You may have the in-house expertise to expose potential fraud schemes using common accounting tools. But you should take suspicious results to a financial expert. Contact us. We use everything from modern analytic techniques to old-school witness interviews to get to the bottom of financial irregularities.
© 2020 Covenant CPA
The recently released 2020 Association of Certified Fraud Examiner’s (ACFE’s) occupational fraud study, Report to the Nations, reveals that the most common behavioral red flag exhibited by fraud perpetrators is living beyond their means. Also high on the list are financial difficulties and unusually close relationships with vendors and customers.
Some of these signs may be tough to spot if you don’t work closely with an occupational thief. That’s why the ACFE report also looks at correlations between fraud and non-fraud offenses and human resources issues. When these issues are present, supervisors and HR managers may need to increase their scrutiny of an employee.
Recognize red flags
The vast majority (96%) of occupational fraud perpetrators have no previous criminal record and 86% have never been punished or fired by their employers for fraud. This may make identifying the thieves in your midst difficult, but not impossible. The ACFE has found that approximately 85% of perpetrators exhibit at least one behavioral red flag before they’re discovered.
Although a perpetrator may be the friendliest and most cooperative person in the office, many thieves come into conflict with colleagues or fail to follow rules. The survey participants (more than 2,500 defrauded organizations) were asked whether the perpetrator in their cases engaged in any non-fraud-related misconduct before or during the fraud incident. Close to half (45%) responded “yes.” Some of the most common offenses were:
- Bullying or intimidation of others,
- Excessive absenteeism, and
- Excessive tardiness.
A small number also was investigated for sexual harassment and inappropriate Internet use.
In addition to misconduct, some fraud perpetrators exhibited work performance problems. Thirteen percent received poor performance evaluations, 12% feared the loss of their job and 10% were denied a raise or promotion.
When misconduct or poor performance leads to disciplinary action, supervisors and HR managers have a golden opportunity to potentially stop fraud in progress. After all, the longer a scheme goes undetected, the more costly it is for the organization. Fraud schemes with a duration of less than six months have a median loss of $50,000, but those with a median duration of 14 months (the typical scheme in the ACFE report) experience losses of around $135,000.
So if you detect smoke, look for fire. Of course, most underperforming employees aren’t thieves. But it probably pays to observe any worker who routinely flaunts the rules, antagonizes coworkers or lets job responsibilities slip. You may discover other red flags, such as family problems, addiction issues or a lifestyle that isn’t supported by the employee’s salary.
Knowing your employees is only part of the solution. You also need comprehensive internal controls to limit opportunities to commit fraud. Contact us for help.
© 2020 Covenant CPA
The novel coronavirus (COVID-19) pandemic has opened the floodgates to scam artists attempting to profit from sick, anxious and financially vulnerable Americans. On the frontlines fighting fraud are the Federal Trade Commission (FTC), U.S. Justice Department (DOJ) and other government agencies. Here are some of the fraud schemes they’re actively investigating — and the perpetrators they’ve rounded up.
Peddling false hope
The FTC has sent warning letters to almost 100 businesses for making scientifically unsubstantiated claims about their products. Companies from California to Virginia, Indiana to Florida have touted (mostly online or by phone) “treatments” for COVID-19, even though the federal government hasn’t approved any vaccines or cures for the disease.
Letter recipients must stop making deceptive claims immediately and notify the FTC within 48 hours about the actions they’ve taken. Noncompliance can result in a federal court injunction and an order to refund deceived customers. Just last week, the FTC took the seller of a “wellness booster” to court. Originally, the product — capsules containing Vitamin C and herbal extracts — had been marketed as a cancer cure. But the enterprising fraudster pivoted in March 2020 to exploit COVID-19 fears.
Producers and marketers of fake cures aren’t the only companies under scrutiny. The FTC, in joint letters with the Federal Communications Commission, has warned several Voice over Internet Protocol (VoIP) service providers for “assisting and facilitating” illegal telemarketing and robocalls related to COVID-19. This is a violation of the FTC’s Telemarketing Sales Rule.
The DOJ has also come down on several VoIP providers for knowingly transmitting robocalls from “government officials.” Although there’s uncertainty about whether VoIP and similar services can be considered liable for the actions of their users, law enforcement officials are clearly serious about taking down those who would exploit the pandemic for personal gain.
Government agencies also have their sights on smaller, opportunistic scams. Recently, the FTC warned consumers to beware of fake COVID-19 testing sites set up in parking lots with realistic looking signs, tents and workers. Not only have these criminals obtained Social Security and credit card numbers from test-seekers, but they may have helped spread contagion through unsanitary contact with them.
And the DOJ is raising the alarm about the role cryptocurrency is playing in many COVID-19 schemes. Everyone from snake-oil sellers to bad-investment promoters are asking their victims to pay with cryptocurrency. Therefore, it should be recognized as a red flag.
How to stay safe
Many fraud schemes present since the start of the COVID-19 crisis in the United States — small business loan scams, charity fraud and attempts to steal stimulus payment checks — also continue apace. Your best defense, as always, is to hang up on suspicious calls, delete fake-looking emails and be wary of any claims that sound too good to be true. If you encounter fraud, report it to ftc.gov.
© 2020 Covenant CPA
Before the novel coronavirus (COVID-19) pandemic struck, employees who suspected occupational fraud in their organizations had multiple options for notifying their employers. For example, they could use interoffice mail to send information anonymously or meet with HR personnel in person.
Reporting options for employees working from home are more limited — particularly if they wish to remain anonymous. The current working environment only highlights the necessity for a fraud hotline or online portal that workers can access anywhere, anytime. If your business doesn’t already offer a confidential reporting mechanism, start thinking about how you can establish one.
Confidential fraud hotlines are one of the best ways to nab workplace criminals. The Association of Certified Fraud Examiners has determined that the average organization with a hotline discovers fraud within 12 months, versus 18 months for those without hotlines. Hotlines also limit losses — $98,000 less in losses for employers that offer them.
One of the reasons hotlines are important is because, in most cases, subordinates or coworkers know or suspect fraud long before owners or members of upper management do. Yet they may not say anything for fear of reprisal. Anonymity, therefore, is essential.
Establishing a hotline doesn’t have to be hard, but it does require some planning. Consider taking the following steps:
Identify an executive sponsor. Your hotline or portal will require a modest expenditure. If you aren’t the company’s owner or a financial decisionmaker, identify an executive sponsor to make the case for the investment.
Develop a project charter. A charter documents the business benefits of deploying a hotline or portal — for example, reducing financial losses and empowering employees.
Form a steering committee. In addition to executives and technology experts, include legal and HR representatives. They can help ensure that the processes you put in place don’t violate employee rights and applicable laws.
Review technology options. Determine your business’s needs and identify the vendors that can meet them. Learn which systems similar companies use or ask your financial and legal advisors for suggestions.
Up and running
Once you launch an anonymous reporting channel, make sure you position it so that all employees and other stakeholders can access it easily. If, for example, you company has overseas operations, work with local experts to overcome language, cultural and other barriers that might prevent workers from using a hotline.
And be sure to publicize your reporting mechanism at every appropriate opportunity. Executives might routinely mention it in all-company emails and in public speeches, and you should provide information (and links, if applicable) in your employee handbook and on your intranet. For help putting a hotline or portal in place, contact us.
© 2020 Covenant CPA
Scam artists know how anxious business owners are during the current coronavirus (COVID-19) crisis. They know that as you struggle to meet customer demands, pay employees and stay solvent, you’re more likely to drop your guard and fall for a fraud scheme. The last thing your business needs right now is to suffer additional financial losses. So keep an eye out for the following scams:
Fake suppliers. Whether you’re a manufacturer seeking raw materials or a grocer desperate to keep shelves stocked, you may have trouble getting your usual supplies. If a regular supplier is temporarily — or permanently — shut down, be careful about doing business with unknown vendors. Many authentic-looking websites are, in fact, fronts for criminal operations, and if you place an order with them, you may never receive the goods. Also be wary of cold callers promising to source hard-to-get items. If it sounds too good to be true, it probably is.
Defective goods. Even if you do receive your supply order, there’s a chance its contents will be defective. In early March, an international team of law-enforcement agents arrested 121 criminals around the world who were selling counterfeit surgical masks, hand sanitizer and other in-demand products. Depending on your business, buying defective goods could be an expensive mistake — or a public health emergency.
Payment fraud. Online payment fraud was already growing aggressively. But COVID-19 is expected to throw fuel on the fire as more people turn to home services apps, such as those for food delivery and online learning. Consumers usually don’t pay when their stolen credit cards are used to make purchases. But businesses generally do. You’re likely to be held responsible for fraudulent transactions, as well as possible chargeback fees. So be vigilant about maintaining IT security. Retailers might consider adding an Address Verification Service, which confirms a cardholder’s billing address with the card company.
Google scam. Fake robocalls claiming to come from Google have circulated for several years. Now there’s a COVID-19 twist. The recorded message tells businesses “affected by the coronavirus” that they need to ensure their Google listing is correct so that customers can locate them during the pandemic. If you speak to someone, he or she may ask for payment to list your business or try to gain confidential information. Know that Google never makes unsolicited sales calls. If someone tries to convince you otherwise, hang up.
Unfortunately, these schemes represent only the tip of the iceberg. For the latest on COVID-19-related fraud, visit the Federal Trade Commission’s “Business Center” at ftc.gov/tips-advice/business-center. Or contact us.
© 2020 Covenant CPA
As governments around the globe mobilize to defend their populations from the novel coronavirus (COVID-19), criminals are also mobilizing — to fleece people. These opportunists have already found ways to use the fear and chaos associated with the pandemic to enrich themselves. But you can protect yourself and your business.
Phishing emails that promise valuable information about the virus have been circulating for weeks. Fake COVID-19 websites loaded with malware have also popped up everywhere. And as many Americans start working from home, often on vulnerable home networks and devices that lack the latest security updates, hacking incidents are becoming more common.
The federal government’s plan to send checks to Americans to help boost the economy will almost certainly bring scammers out in force. The Federal Trade Commission has already warned that crooks may try to convince people they must pay a fee to receive their checks from the government — which isn’t true.
So how do you protect yourself or your business in these troubled times? Here are a few essentials:
Let phone calls go to voicemail. The best way to fight off phone scammers is to not answer the phone if you don’t recognize the number. But if you do answer, be wary of anyone making promises about, for example, interest-free loans or mortgage payment forbearance. If you need financial help, contact government agencies, charities and financial-service providers directly.
Keep your inbox clean. Along the same lines, exercise caution when opening emails, particularly if you don’t recognize the sender’s name. (Keep in mind, however, that hackers can hijack a friend’s account and send malicious emails to you in that person’s name.) Right now, scammers are likely to use enticing subject lines such as “Cure for COVID-19” or “Make big $$$ working from home.” If you open one of these emails by mistake, don’t click on any links or attachments.
Beware of charity fraud. Charity schemes are a time-tested method for stealing money from generous individuals and companies that just want to help. While you’re encouraged to donate money to organizations fighting COVID-19 and assisting its victims, give only to reputable charities you know. If you aren’t familiar with a nonprofit, ask for its tax ID number and verify it with the IRS. You’re also encouraged to research the organization on watchdog sites such as Charitynavigator.com and Charitywatch.com.
Just say “no”
Most Americans are pulling together to fight COVID-19. However, some criminals view the pandemic as an opportunity to profit, so you need to maintain healthy skepticism. If you’re suspicious, hang up, delete or just say “no.”
© 2020 Covenant CPA
When the value of a stock skyrockets, its investors may think they’ve hit the jackpot. But if the stock in question is part of a “pump-and-dump” scheme, investors may, in fact, lose their shirts. Here’s how to avoid getting taken by this type of investment fraud.
A penny for your stocks
In the typical pump-and-dump scam, a fraud perpetrator buys shares in an inexpensive, relatively illiquid stock (often referred to as a “penny” stock) whose price will react dramatically when trading volume increases. Then the crook makes false or misleading statements to encourage people to sink their savings into the stock and drive up its price. When it hits a certain dollar amount, the fraudster sells, locking in short-term gains and causing the stock to crash. Investors are left with what often are worthless shares.
This summer, the FBI uncovered an international pump-and-dump scheme that netted its perpetrators $15 million in profits over a five-year period. The criminals bought millions of shares in small, thinly traded companies, then staffed call centers to hype the stocks to senior citizens. The scheme might have continued indefinitely if not for the fact that one of the crooks’ “co-conspirators” wasn’t the greedy stockbroker he claimed to be, but an undercover agent.
Hot tips, cold shoulder
As the above case suggests, investment scammers often target seniors with retirement savings to invest. Novice investors who aren’t familiar with how the stock market works are also popular marks. However, even experienced investors can get snared when offered a “hot tip.”
You can help avoid becoming a victim by following some common-sense guidelines. For example, never buy a stock based on an email or telephone solicitation, no matter how compelling the sales pitch. Simply hang up the phone or delete the message.
If you’re intrigued by the sound of an investment, do your research to determine whether the company is 1) legitimate, and 2) a good investment opportunity. Also pay attention to the stock’s trading volume. The more thinly traded a stock, the greater the potential for fraudulent manipulation.
Too good to be true
The bottom line: When an investment sounds too good to be true, it probably is. If you’d like to invest (say, for retirement or other financial goals), but don’t know how to pick stocks or build a portfolio, work with a reputable financial advisor. There are no guarantees in investing, but your advisor can help you steer clear of scams and invest only in securities that meet your criteria.
© 2019 Covenant CPA
When it comes to reducing fraud loss and duration, active detection methods (such as surprise audits or data monitoring) are far more effective than passive methods (such as confessions or notification by police). This was a major finding of the latest Association of Certified Fraud Examiners (ACFE) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse. Yet many companies fail to use active methods to their full potential.
Active vs. passive detection
The ACFE study found that frauds detected using passive methods tend to last longer and produce larger losses than those detected by such active methods as:
- IT controls,
- Data monitoring and analysis,
- Account reconciliation,
- Internal audit,
- Surprise audits,
- Management review, and
- Document examination.
These active methods of detection can significantly lower fraud durations and losses. For example, frauds detected by IT controls had a median duration of five months and a median loss of $39,000. By comparison, fraud detected through notification by police had a median duration of 24 months and a median loss of $935,000.
Surprise audits and proactive data monitoring and analysis can be especially effective ways to fight fraud. On average, victim-organizations without these antifraud controls in place reported more than double the fraud losses and their frauds lasted more than twice as long as victim-organizations with these controls in place. Yet only 37% of the organizations in the ACFE study had implemented surprise audits or data monitoring and analysis, however.
Close-up on tips
The ACFE categorized tips — the leading fraud detection method — as “potentially active or passive,” because they may or may not involve proactive efforts designed to identify fraud. Organizations that use hotlines for reporting misconduct detected fraud by tips more often (46% of cases) than those without hotlines (30% of cases).
More than half of tips came from employees, but nearly one-third came from outside parties, such as customers and vendors. To ensure that tips are used as an active detection method, an organization should set up a hotline and promote its use among employees, supply chain partners and others. If possible, users should be able to make anonymous reports.
Don’t wait for fraud to find you
Occupational fraud poses a significant threat to organizations of every type and size. Waiting to react until fraud rears its head can result in serious financial losses. Instead, adopt active detection methods that can be deployed continually. Contact us for help.
© 2019 Covenant CPA