No disaster scammer is safe from the NCDF

What do COVID-19, major hurricanes and West Coast wildfires have in common? All three have attracted scam artists, who have bilked disaster victims, charitable donors, insurance companies and government agencies out of billions of dollars. Also, all of these disasters — and the criminals who take advantage of them — are the focus of The National Center for Disaster Fraud (NCDF). Let’s take a look at what this partnership between the U.S. Justice Department and various law enforcement and regulatory agencies does to investigate and prevent fraud.

Investigate and prevent

The NCDF was established in 2005 after Hurricane Katrina to combat the massive fraud schemes that emerged as financial aid poured into the Gulf region. The agency now coordinates investigations into all kinds of natural and manmade disaster fraud. It also helps to prevent perpetrators from finding victims.

Recently, the NCDF posted on its website tips for charitable donors who want to help victims of Hurricane Ida (justice.gov/disaster-fraud). For example, the agency urges people to avoid making cash donations, writing checks to individuals or donating via wire transfer.

COVID and other opportunities

COVID-19-related fraud — including dishonest Paycheck Protection Program (PPP) loan requests and phishing schemes offering fake “miracle” drugs — makes up the bulk of current NCDF complaints. In recent weeks, the Justice Department has announced the indictment and sentencing of a roster of COVID criminals.

This includes a Georgia woman who pleaded guilty to bank fraud after seeking $7.9 million in PPP loans for four medical practices she controlled. In another ambitious scheme, a Texas man submitted 15 fraudulent PPP applications to eight different lenders, seeking a total of $24.8 million.

Of course, criminals will capitalize on any opportunity. A California man received $26,000 in relief funds from the Federal Emergency Management Agency (FEMA) after falsely claiming a trailer burned in the Camp Fire was his primary residence. Earlier this year, a Florida woman was sentenced to more than six years in prison for using stolen identities to file five applications for FEMA disaster assistance that was intended for actual victims of Hurricane Irma.

Calls for help

Agencies investigating disaster fraud depend on tips from ordinary people who’ve witnessed or are victims of these crimes. The NCDF hosts a 24/7 telephone hotline (866-720-5721) and accepts Web form complaints at justice.gov/DisasterComplaintForm. Also, if you believe disaster fraud has delivered a double whammy to you or family members, contact us for more information on how to fight back.

© 2021 Covenant CPA

How to conduct a remote fraud investigation

Before the COVID-19 pandemic, most fraud investigations took place in the office or other work facility. This made it easy for investigators to gather and analyze data and interview suspects and witnesses in a face-to-face setting.

But if your company allows employees to work from home — either temporarily or permanently — you may need to conduct a remote fraud investigation. In addition to suspects and witnesses working remotely, those tasked with conducting investigations (including outside experts) may also be remote. Here’s how to manage these situations.

Policies and procedures

First, develop policies and procedures for remote investigations. If you already have written polices for traditional fraud investigations, use them as a starting point. Some features, such as the role and processes of investigators may remain basically the same.

Cover the entire process, including:

  • The technology solutions you’ll use to communicate with employees and investigators,
  • Backup options in the event of technical problems, and
  • How you’ll share relevant files and documents — both electronic and paper.

Once you’ve developed a draft, have legal counsel review it.

Conducting interviews 

Before conducting interviews, prepare subjects for the process. Let them know approximately how long the interview might take and whether they must review documents before or during the discussion. Stress the importance of sitting in a quiet location with minimal background noise where they can remain undisturbed throughout the interview.

To provide your team with ample opportunity to detect verbal and nonverbal signs of deception, subjects need to keep their video feeds on the entire time. Most computers, smartphones, tablets and wireless connections can facilitate video calls, but be sure to test subjects’ devices and Internet connections before interviews. Consider having a trusted member of your IT department perform the test, instructing this employee not to discuss anything specific about the interview or the fraud allegations.

There are a couple things you should keep in mind. First, any conversation conducted via video conferencing will be recorded and can be used in a subsequent court case. So discuss interview plans with your attorney.

Second, expect the unexpected. For example, how will you proceed if a fraud suspect declines to answer questions, turns off his or her video or audio feed or consults with an unknown third party in the room? Subjects attempting to dodge uncomfortable questions may pretend to have connectivity problems. 

Unique challenges

Remote fraud investigations present unique challenges — many of which can be anticipated and mitigated. But even if you normally would conduct a preliminary fraud investigation in-house, consider engaging a forensic accounting expert early in the process to help ensure you don’t miss anything.

© 2021 Covenant CPA

Travel — and travel scams — are back

Although COVID-19 remains a concern, many people have started traveling again — both for business and pleasure. Unfortunately, as travel demand has increased, so has travel-related fraud.

For example, some fraud perpetrators posing as airline employees call would-be victims to try to elicit credit card numbers. Other scam artists send phishing emails that appear to offer cheap seats or rooms. And there are plenty of fake websites masquerading as legitimate travel companies.

Don’t fall for fraud

As you plan your next trip, take these steps to help reduce fraud risk:

Ignore unsolicited communications. Whether you receive an email, text, flyer or telemarketing call regarding travel bargains, it’s probably smart to ignore it. Afraid of missing out on a legitimate deal? Directly contact the airline, hotel or rental car company featured in the promotion.

Book with established companies. Whether traveling for business or pleasure, make reservations with companies with names you know. If you’re booking with a new service provider, read online reviews by fellow travelers. Some review platforms allow you to search using keywords, others identify keywords frequently used by reviewers and allow you to filter for those reviews. Also perform an online search with the name of the company and words such as “fraud” or “scam.”

Watch out for lodging scams. Many travelers use online property marketplaces to find lodging. But you need to scrutinize listings. Some fraud perpetrators post ads for nonexistent properties with enticing, below-market rates. If a “property owner” asks you to move the conversation off the site to avoid fees, refuse the request. Reputable platforms provide certain protections, such as insurance in the event the transaction results in fraud. They also keep your credit card information confidential.

Work with trusted services. If you travel frequently for business or pleasure or don’t have time to research trips, consider engaging a travel advisor or travel agent. These professionals maintain close working relationships with legitimate companies, know about the latest deals, may be able to provide insider tips about your destination and can, of course, make reservations for you.

Go with your gut

Before booking your vacation or business trip, scrutinize it for signs of fraud. If you doubt the legitimacy of a service provider or are suspicious of individuals involved in a transaction, go with your gut and look elsewhere. Safe travel requires due diligence that starts long before your journey begins.

© 2021 Covenant CPA

“Vishing” may sound familiar, but unless you’re a fraud investigator, you probably haven’t encountered it. Unfortunately, that could change … soon. To foil a scam that increasingly takes advantage of remote workers, learn what vishing is and how your business can prevent it from infiltrating your network.

Clarifying terms

Vishing isn’t the same as “phishing.” The latter is a type of social engineering fraud that involves email or text messages designed to trick someone into revealing sensitive personal information. Or it may target employees to gain access to worker and customer data, as well as intellectual property.

Voice vhishing (or vishing) scams, on the other hand, involve phones — rather than email or text messages. Vishing schemes often are more aggressive, elaborate and personalized than traditional phishing scams. Therefore, they can be harder to detect.

A look behind the scam

Vishing scams attacking businesses have grown as more employees have started working from home. Typically, fraudsters begin by researching employees online. Armed with such information as an employee’s name, position and duration of employment, the perpetrator poses as a member of the employer’s IT department, claiming he or she needs to install security updates on the employee’s laptop.

Believing they’re giving remote access to a coworker, victims enter their login information into a virtual private network (VPN) set up by the perpetrator. This includes any two-factor authentication or one-time passwords. It’s an honest mistake by the employee that gives the visher real-time access to the company’s actual VPN — and its proprietary information.

Turn a weakness into a strength

Most vishing schemes exploit VPN weaknesses. So if your remote workers access your network through a VPN, be sure to:

  • Restrict VPN connections to managed devices only,
  • Limit VPN access hours, if possible, to mitigate after-hours access,
  • Use domain monitoring to track changes to the company’s domains,
  • Actively scan and monitor Web applications for unauthorized access and modification, and
  • Employ the principle of least privilege (which restricts access to only those privileges needed to perform essential job functions).

Consider implementing a formalized authentication process for employee-to-employee phone communications. For example, you might require a second factor to authenticate the phone call before discussing sensitive information.

Training your employees 

Knowledgeable employees can also help you identify suspicious activity. So be sure to add vishing to your fraud training handbook. Contact us for help if you suspect fraud has attacked your business.

© 2021 Covenant CPA

Small businesses, big fraud risks

It’s not always easy being small. For one thing, small businesses (with fewer than 100 employees) experience higher occupational fraud losses: a median $150,000 vs. $140,000 for larger companies, according to the Association of Certified Fraud Examiners. That’s because they don’t always have the staffing or financial resources to implement fraud-prevention programs. Small businesses are also much more likely to fall victim to certain types of fraud — including check tampering and payroll schemes.

Ask your advisor

Private companies aren’t required to have annual audits, but your small business can still work with your CPA to determine where you might be at risk. He or she can train you to recognize the warning signs and help you reduce opportunities for fraud by, for example, segregating duties in your accounting department.

Periodically ask your CPA to review your receipts and disbursements with an eye toward uncovering irregularities. And if you have inventory that could tempt thieves, ask your advisor to verify inventory counts and observe inventory procedures for potential loopholes.

Don’t fall short

One area where many small businesses fall short is in conducting background checks on potential employees. Check all work references and consider running criminal background checks. Workers with a history of occupational theft often seek jobs with small businesses because they think pre-employment screening likely will be minimal.

Even if you don’t have a large enough staff to implement strict segregation of duties, you can still establish oversight procedures that allow you to understand and verify financial information. This might mean reviewing bank statements before they go to your bookkeeper and reconciling them yourself every month. Also set a dollar limit on the checks that employees can write without authorization to protect against check alteration.

Finally, don’t overlook the value of treating employees fairly. Many employees rationalize fraudulent activities because they feel underpaid or underappreciated. Make sure your pay scale is competitive by comparing it with prevailing wages in your area. And take employee complaints — particularly if they’re about possible illicit activities — seriously.

Give employees a voice

One of the best ways to provide employees with a voice and catch fraud before it leads to major losses is an anonymous reporting mechanism — such as a hotline or web portal. We can suggest affordable reporting solutions and help you establish an effective anti-fraud plan.

© 2021 Covenant CPA

Keep fraud out of your law firm

As counterintuitive as it may seem, law firms aren’t immune to criminal activity. Because some firms place enormous pressure on attorneys to produce billable work, they may be particularly vulnerable to fraud. Your firm needs to know what to look for and how to protect itself from potential schemes perpetrated by partners, associates and support staff.

Hold everyone to high standards

A firm’s accounting department — payroll and accounts payable and receivable — is where fraud often occurs. But even trusted partners should adhere to your firm’s internal controls and fraud-prevention processes.

All prospective employees, regardless of level, need to complete an employment application with written authorization permitting your firm to verify information provided. Then, call references and conduct background checks (or hire a service to do it). These checks search criminal and court records, pull applicants’ credit reports and driving records, and verify their Social Security numbers.

Protect with oversight

The design of financial documents can help protect your firm’s financial transactions from fraud. For example, use prenumbered payment vouchers that a designated partner must approve. This is effective because the designated partner knows what the transactions are and how they pertain to your firm’s clients.

A designated partner should also open all bank statements. Even if the partner doesn’t review every item individually, employees will get the message that transactions will be verified. Someone outside your firm’s accounting department, such as your CPA, might review transactions as they’re processed and financial statements at the close of accounting cycle reconciliations.

To prevent fraudsters from manipulating financial records, ensure that accounting and billing systems are accessible only to those partners, managers and accounting staffers who need to use them. Change difficult passwords frequently and keep your firm’s cybersecurity software current.

Special risks

Some smaller firms assign the same person to open mail, make bank deposits, record book entries and reconcile monthly bank statements. In this environment, fraud is not only possible — it’s likely. It’s critical that your firm distribute these tasks to two or more people. If this is impossible, consider outsourcing at least some accounting functions.

Firms of all size — and, in fact, professional service firms in general — need to be especially wary of expense report fraud. A manager should review all expense submissions before they go to accounting for payment. Require backup documentation and an explanation of how expenses relate to client or firm business.

Ethical culture

In the collegial environment of the typical law firm, partners and employees are more likely to be influenced by their peers. Make sure you’ve built a highly ethical culture in which everyone works to deter fraud and is committed to reporting behavior that violates policies. Contact us for help developing effective internal controls or if you suspect fraudulent activity in your firm. 

© 2021 Covenant CPA

The interview before the fraud interview

When Anna, the CEO of a small manufacturing company, received an anonymous report about fraud in the accounting department, she wasn’t sure how to act. After all, the complaint could be accurate, but there was also a chance that it wasn’t. She called her company’s attorney, who recommended a forensic accountant to investigate. He also suggested that she perform some preliminary interviews to gather facts — but to be careful not to interrogate employees.

If you’re in a position similar to Anna’s, here’s how to conduct interviews before a fraud expert comes on the case. 

Investigation prep

In advance of requesting any interviews, decide what information you’re looking for. Knowing what you want helps you get to the truth of the matter quickly and avoid getting sidetracked by extraneous information. Then, identify who’s best able to supply that information.

Say, for example, you suspect an accounts receivable employee of siphoning money. You may want to talk to that person’s supervisor and a member of your IT department to get information on work habits, unusual behavior or signs of file tampering. Remember, though, that people may be reluctant to share information if they feel it reflects poorly on them or if it might land someone else in hot water.

Restraint is critical

When you sit down for an interview, set the tone with some introductory questions and ask the interviewee to agree to cooperate. In most cases, you’ll be looking for information that helps prove or disprove your suspicions, and the interview will be fact-finding in nature. It should last long enough for you to obtain all the information the subject has to offer. But don’t prolong sessions unnecessarily.

Aim for an informal, relaxed conversation and be sure to remain professional, calm and nonthreatening. Don’t interrupt unnecessarily, suggest that you have preconceived ideas about who did what, or assert your authority unnecessarily. If you suspect someone is withholding information, try asking more detailed questions. And if someone says something you believe is untrue, ask for clarification. You might suggest that your question was misunderstood or that the employee didn’t give it enough thought before answering.

Finally, never make threats or promises to encourage an employee to change a statement or confess. If the case ends up in court, such tactics could make the evidence you collect inadmissible. If someone persists in lying, ask them to put their statement in writing and sign it. Then turn the statement — and your suspicions — over to fraud experts.  

Give it to the experts

If you decide there’s evidence that fraud has occurred, engage a forensic accountant to investigate further. This expert will interview potential suspects and witnesses to get to the bottom of the matter while gathering critical evidence of a crime. Contact us for help and more information.

© 2021 Covenant CPA

Dividing a marital estate is rarely easy. But it’s made much harder if a divorcing spouse owns a private business and attempts to artificially deflate its profits or hide assets. If you or your attorney suspects this type of deception, engage a forensic accountant to investigate.

Key questions

When working on divorce cases, fraud experts ask several questions about private business interests. For example, does a spouse own a cash business that may have unreported income? Does the owner receive special (or excessive) perks or tax write-offs that affect the business’s profitability? Are numbers intentionally reported incorrectly to affect the business’s value?

n addition, experts investigate whether the company has any subsidiaries or is part of any other business ventures. Sometimes, a business owner may be a silent partner in an entity where ownership isn’t obvious.

Readily transferable.

Anomalies in a business’s income statements may reveal possible deception, particularly:

  • Excessive write-offs,
  • Withheld revenue deposits,
  • A large one-time expense, or
  • A decrease in revenue with no related decrease in variable expenses.

Sudden changes that occur when a spouse is contemplating divorce may suggest unreported income or overstated expenses. However, these changes could also be due to external forces, such as the loss of a major salesperson or adverse market conditions.

When evaluating expenses, experts often focus on the amounts paid to owners and other related parties. These may include payments for compensation, benefits, rent, management fees, and company vehicles and other perks. The owner-spouse also might try to flush personal expenses through the business.  

Balance sheet secrets

Balance sheets may reveal whether an owner is trying to hide assets (for example, in an offshore account) or transfer them to a related party for less than market value. Inventory is particularly susceptible to manipulation. Although notes payable to shareholders can be legitimate transactions, they also may be used to conceal income being distributed to an owner.

Experts review the equity section for any changes in the business’s ownership after the parties filed for divorce. They also search for suspicious withdrawals or distributions from capital accounts. Controlling owners may sometimes attempt to transfer ownership of business interests to close friends or associates to deprive their spouses of portions of the assets or portions of the business income.

Distorted value

Although divorce can give rise to angry actions, most business owners would never stoop to falsifying financial records simply to deprive their ex-spouses of a fair division of marital assets. But if the value of a business seems distorted, contact us for help identifying the causes and to suggest reasonable adjustments.

© 2021 Covenant CPA

All that glitters isn’t gold. This includes gold — and other precious metals, stones and jewels that are sometimes used to launder the “dirty” proceeds of criminal activities such as drug trafficking and terrorism. But several U.S. laws and regulations target these international money-laundering operations.

Good as gold

Precious metals, stones and jewels make ideal vehicles for money laundering for several reasons:

Ownership and control. Precious metals are bearer instruments, meaning that like cash, the individual in possession of the precious metal owns and controls it.

Readily transferable. There’s an active, global market that enables criminals to trade them. Because precious metals have many legitimate uses, criminals often can move them without attracting attention.

Relatively stable. Although the price of precious metals fluctuates like those of any commodity, the value of precious metals tends to remain reasonably steady.

Easy to smuggle. Money launderers may use private jets to bypass major airports and cross international lines. Diamonds and other precious stones are small enough to smuggle in someone’s pocket.

Difficult to track. Criminals can manipulate these goods to disguise their source or create a fake document trail to prove their authenticity.  

Defining the dealers

Most precious metals dealers must comply with the U.S. Bank Secrecy Act, which requires that they create and follow an anti-money laundering (AML) program. Certain AML provisions of the U.S. Patriot Act and rules of the Office of Foreign Assets Control also apply to precious metal dealers.

The Financial Crimes Enforcement Network (FinCEN) defines a dealer as someone who isn’t a retailer and who both buys and sells covered goods (as described by FinCEN). A dealer must have bought at least $50,000 and sold at least $50,000 of goods in the previous year. Note that there are exceptions. For example, pawnbrokers generally aren’t considered dealers, but in some circumstances they can be. If you’re not sure about your business, talk with an attorney with AML experience.

AML program

But if you do qualify as a dealer, your AML program must have the following:

  • Written policies, procedures and a robust set of internal controls,
  • A designated compliance officer,
  • Training for employees, and
  • Frequent third-party testing.

Other businesses also should be aware of potential criminal activity. For example, if your company is involved in a transaction involving gold coins, be sure to assess the dealer’s compliance efforts.

Contact us for more information, particularly if you aren’t a precious metals dealer but are contemplating a transaction that involves precious metals or stones. 

© 2021 Covenant CPA

Deepfakes: The newest frontier in fraud

Fraud perpetrators are constantly altering their methods to evade detection. Nimble cybercriminals, for example, are why IT security companies update their software so frequently. The use of deepfakes (a word derived from “deep learning” and “fake”) is one of the latest threats to emerge. Deepfakes are enabled by artificial intelligence (AI) and they’re something your company needs to have on its radar because if you haven’t seen a deepfake yet, you will.

Spotting an imposter

A deepfake involves the use of AI to create video, audio or static images that seem real. You may have seen them in viral videos of famous people, such as one in which Facebook’s Mark Zuckerberg is shown saying he has “total control of billions of people’s stolen data.” As realistic as it looked and sounded, the video depicted something that never happened.

Aside from manipulating public opinion and generating outrage, deepfakes can be used to steal. Employing an expertly altered audio file, someone can trick a bank’s voice authentication tools to grant access to funds. Or a deepfake using audio and video files could convince a company to open a customer account to buy goods on credit. In such cases, the nonpaying customers are untraceable.

Proving what’s real

Since deepfakes use emerging technology, detecting them can be challenging. But depending on a deepfake’s format, some third-party detection solutions are available.

Software designed to detect video deepfakes can use a “liveness” detector, which analyzes a person’s face for natural movements. Computers also can analyze images at the pixel level for manipulation. Deepfake audio software is capable of discerning almost-imperceptible sounds that aren’t human generated.

Keeping current

You can protect your business from deepfake-related fraud by updating your current internal controls. For example, if your company operates a call center, make sure you have procedures that prevent audio deepfakes from gaining unauthorized account access. In addition, keep current on deepfake developments. You might, for example, establish a Google Alert to provide you with articles relevant to your industry and particular vulnerabilities.

Contact us for more information about emerging fraud schemes and for help updating your internal controls.

© 2021 Covenant CPA