You read it here first

Source: Jaqian

“I can almost guarantee that within the next 60 to 90 days, I will read about a similar case involving a bookkeeper, fraudulent wires, and a stolen credit card. “ – Paul McCormack (You can find the original post here)

And here it is! Well almost…

The credit card was not stolen, and the fraud involved an office manager, not a bookkeeper. But close enough!

USDOJ press release:

“Baker admitted that between June 2003 and June 2009, she embezzled from her former employer, referred to in court documents as the “Law Firm,” by wrongfully writing checks from the law firm’s accounts and diverting them to accounts she controlled and to pay off personal credit cards. Among other things, she opened a bank account in the name of a fictitious company called “Corporate Solutions” in order to conceal the flow of money. Baker’s actions caused wire transfers of large sums of money between and among various banks in the Federal Reserve System.”

The “points to ponder” from my previous post still stand.

Call me Carnac the Magnificent or Paul the Experienced Fraud Investigator (I respond to both), but I can see into the future. I predict that in the next 60 to 90 days, there will be another fraud involving wires, credit cards, and a bookkeeper or office manager.

Who wants to bet against me?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.


“We love our customers” – Then why don’t you protect their information?

Source: Surely

Sure you do. We all love our customers, right? They literally pay our bills. Then why is it that so few companies take steps to protect their customers’ information?

As I discussed previously, it is not unusual for employees to take the entire contents of a customer relationship management system on to their next employer.

Here are ten steps that can help protect your customers’ information:

  1. Select a CRM solution that has robust security features built in.
  2. Grant access only to employees that have a business need.
  3. Monitor employee access, usage, and manipulation of CRM data.
  4. Limit users’ ability to download the contents of the database.
  5. Don’t allow users to view accounts that belong to other salespeople.
  6. Ensure that all users have the most up-to-date virus scanners on their computers.
  7. Terminate access as soon as an employee leaves the company.
  8. Encrypt mobile phones and laptops used to access the CRM platform.
  9. Ensure that a log of records printed and emailed is available and frequently monitored.
  10. Subtly let employees know that your company monitors what they do with the data.
There are additional steps that I typically recommend, but that’s more than enough for now. Your customers thank you for reading this list.
Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

The bookkeeper did it

Source: AMagill

Shalena P. Leggett worked hard while employed by a Sacramento real estate developer. But rest assured, her employer wishes they had never hired her. In fact, they have 468,000 reasons why hiring Leggett turned out to be a very bad idea.

From March 2008 through October 2009, Leggett wired $382,000 from her employer’s bank account to an account in the name of her son’s grandmother. Unfortunately for Grandma, it looks like Leggett used the funds for her own personal expenses and not Grandma’s.

In addition, Leggett stole her company’s credit card and made ATM withdrawals totaling $86,000. (To add insult to injury, we all know that cash withdrawals from credit cards normally come with crushing interest rates.)

Total loss: $468,000

Not a bad return for Leggett, given that she only worked for the developer for 20 months!

Here are some points to ponder:

  1. Could this happen at your business? Does a “trusted” employee have the ability to wire funds from the company’s accounts? (Note: As this case shows, never rely exclusively on your bank to detect internal fraud.)
  2. How often does your company reconcile its bank accounts? Is the reconciliation performed by someone other than the employee who completed the original transaction?
  3. Does the same employee control your company’s bank accounts and handle incoming mail? (Hint: This is a REALLY bad idea.)

The three areas mentioned above are just the beginning. From an experienced fraud practitioner’s perspective, there are many, many lessons to be learned from this fraud.

Here is the problem: businesses rarely invest the time to learn from the misfortunes of others. Unfortunately for them, they may end up being the next victim.

I can almost guarantee that within the next 60 to 90 days, I will read about a similar case involving a bookkeeper, fraudulent wires, and a stolen credit card. The company in question will likely lose at least six figures, and the perpetrator may or may not receive some form of punishment. As for the money, that will be long gone, never to be seen again. The proceeds from embezzlement schemes such as this are rarely recovered.

No one can guarantee that your company can become “fraud free” (if they do, they are lying or don’t know what they are doing). But trust me, you don’t have to ignore the threat or wait for  fraud to happen. Thinking that it will never happen to you is tempting fate. Victims of fraud, especially small businesses, never feel like they had it coming. On the contrary, it normally hits them like a ton of bricks.

With minimal time and money, you can dramatically reduce the likelihood of fraud happening. Really. Prevention does pay off. You can never eradicate the threat of fraud, but you can make it much harder for employees as well as third parties to steal from you.

If nothing else, please invest one minute of your time to consider the points I raised above. It may end up being the best investment you’ve made all year.

If you are interested, here is a press release from U.S. Attorney, Eastern District of California:

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

Say goodbye to your customers

Source: d70focus

They’re all gone. Every single customer you had has just walked out the door. No one told you. They didn’t ask permission to leave (why would they?), but rest assured they are gone.

Your phone calls to customers are not returned. Emails are ignored. You’re still waiting patiently for that sales order that will make it all worth the effort. It’s not going to happen. Ever. Your business is toast.

Mike in sales left last week. “Not a big loss.” “Where is he going? Never mind…who cares?!?!”

Mike, the salesman no one was sad to see leave, left with the contents of your entire customer relationship management system (CRM). He also took all your company’s sales manuals as well as your company’s pricing process and cost structure. Mike and his new employer now have all they need to “win” business from your company’s customers. Their calls are being returned. In fact, they just won a huge order from your company’s biggest customer.

CRM is a blessing and a curse. Companies can benefit tremendously from having a complete record of their interactions with customers. However, giving your entire sales force access to your company’s CRM solution can result in exactly the scenario I detailed above (by the way, this is a real case that I investigated).

Think of it this way: you’re having a dinner party at your house for 20 of your company’s employees and significant others. When the guests arrive, you tell each of them to take an unaccompanied tour of the house. Make sure that you have all of your valuables on display, your wallet with cash clearly visible, your watch and jewelry sitting unattended for all to see. What are the chances that something will go missing? Do you really want to take the chance? In the event that something goes missing, how will you catch the thief?

Certainly this scenario is an extreme example to illustrate a point. But that’s the idea. It doesn’t make any sense to let 20 employees and their guests wander around your house when all of your valuables are left scattered around! Yet companies routinely grant employees unfettered access to their CRM database.

My next post will discuss best practices for preventing theft of CRM data. In the meantime, take the time to think about your company’s CRM solution. Would you know if “Mike” from sales had downloaded your entire customer database just before he left the company?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

What can Atlanta Public Schools’ cheating scandal teach corporations?

Photo: CCarlstead

Quotes from the special investigation into CRCT cheating at Atlanta Public Schools:

“We found cheating on the 2009 Criterion-Referenced Competency Test (CRCT) in 44 of the 56 schools (78.6%) we examined, and uncovered organized and systematic misconduct within the district as far back as 2001.”

“We found that 178 teachers and principals were involved in cheating in 44 schools.”

“A culture of fear and a conspiracy of silence infected this school system, and kept many teachers from speaking freely about misconduct. From the onset of this investigation, we were confronted by a pattern of interference by top APS (Atlanta Public School System) leadership in our attempt to gather evidence. These actions delayed the completion of this inquiry and hindered the truth seeking process.”

All we want are the facts, ma’am.

I want to be very clear upfront: this post is not meant to assign guilt or innocence to any of the schools, principals, or teachers that were allegedly involved in cheating on the CRCT. I strongly believe that as soon as an investigator inserts his or her personal opinion regarding whether an individual “cheated” or “committed fraud,” his or her independence can be called into question. With that said, the authors of the Atlanta Public School cheating scandal have been quite definitive regarding who cheated and who didn’t. Clearly, that is their prerogative.

The report sets out three primary reasons why the authors believe that cheating took place:

  1. Targets set by the district were often unrealistic. The administration put unreasonable pressure on teachers and principals to achieve targets.
  2. A culture of fear, intimidation, and retaliation spread throughout the administration.
  3. Dr. Hall, the school system’s former superintendent, emphasized test results and public praise to the exclusion of integrity and ethics.

What can companies learn from the APS investigation? There are many, many lessons that can be learned, but below are my initial thoughts:

  1. Be very careful what you ask for; you might just get it – If a company demands performance but does so through fear and intimidation, there may be short-term gain, which will lead to long-term pain. The tactics employed may come back to haunt them.
  2. Nothing remains hidden forever – Eventually, employees will break and report their concerns to whoever will listen. It is almost impossible to keep a secret of this magnitude in any environment, never mind a corporation where employees have access to email, the Internet, instant messaging, etc. People love to talk, and when they do, what they say often ends up on the front page of newspapers nationwide.
  3. Tone at the top really matters – It starts with the CEO and rolls all the way down through executive ranks to the front-line supervisors. Employees need to know that the company’s senior leadership abides by the company’s code of conduct and expects employees to do the same. Don’t expect an organization to perform in an ethical manner if the leadership appears to be morally bankrupt.
  4. Even the best employees can go “bad” – As I have said before, not all fraudsters are bad people. Even the most ethical employee can commit fraud when the circumstances are right. Ensure that the “perception of detection” – the belief by employees that they will be caught committing fraud – remains high. Don’t allow your company to create a climate where employees can succumb to temptation.
  5. Deploy an employee hotline and follow up on all tips – Companies of all sizes can benefit from an employee hotline. It is by far the most effective method to uncover fraud. Just as importantly, every tip that is received should be investigated to its logical conclusion. As soon as employees believe that the company is not treating tips seriously, they will stop calling and become very disillusioned. In fact, it is not unusual for the tipster to become the fraudster when they see others “getting away with it.”

In my opinion, if all of the allegations detailed in the report are true, everyone loses, but the biggest losers are the children. They literally don’t know what they don’t know. As they enter college and eventually the workforce, they may never fully appreciate what a disservice they received by “passing” the CRCT.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

New hires can create new problems

In the not-too-distant future, companies will begin hiring again. Some of the newly hired employees will be receiving their first paycheck in months, possibly years. Others will be abandoning small companies that they started in favor of the stability that comes with a full-time position.

These newly hired employees will likely be extremely grateful for their new job, but they may also bring a great deal of baggage accumulated during their unemployment. Are they likely to commit fraud in their newly found role? Not necessarily, but how well prepared is the company that they are joining to prevent and detect fraud?

Throughout the recession, companies have maintained a laser-like focus on cutting costs. In order to be “lean and mean,” checks and balances meant to prevent fraud have often been abandoned or neglected. Even if the internal controls remain, the employees responsible for ensuring compliance may not. They could have been either laid off or assigned to cover the work of other employees that have been laid off previously.

Academics will argue that there is a strong correlation between unemployment and corporate fraud. I’ll leave that discussion for another day, as it deserves its own post. However, there is a strong link between lack of internal controls and fraud (so says the Association of Certified Fraud Examiners). And let’s not forget the “fraud triangle” developed by Donald R. Cressey, which includes three factors that are present when fraud is committed:

  • Pressure – The “would-be fraudster” has an urgent need for money

How many employees, when faced with calls from collections agencies and/or losing their house or possibly their significant other, have not been at least momentarily tempted to commit fraud? Contrary to popular belief, not all fraudsters are “bad” people. In fact, the vast majority of the fraudsters that I have met during my 16-year career are normal people that have made bad choices or experienced a run of bad luck.

  • Rationalization – “It’s OK; I deserve it” or “They’ll never miss it”

Sometimes, by its own actions a company can unwittingly help an employee rationalize why it is OK to commit fraud. For example, a fraudster that I interviewed was passed over for promotion three times with no real explanation as to why. Shortly after the third rejection, she decided to steal from the petty cash. It was her way of punishing her employer. Unfortunately for her, she ended up being the one who was punished; she lost her job shortly after the fraud was discovered

  •  Opportunity – Checks and balances have been removed. There is minimal management oversight, or management is overly distracted with running the business. Preventing and detecting fraud is not a high priority.

Now more than ever, employees have the opportunity to commit fraud. With no one minding the store, the opportunity to take money without being caught may be too appealing to ignore.

So what should a company that’s about to begin hiring do? Here are some areas to consider:

  • Revisit existing internal controls – You don’t have to automatically reinstitute all of the internal controls that were previously in place and subsequently abandoned. However, existing employees as well as new hires should have a strong belief that the company will catch them if they commit fraud. The  “perception of detection” can serve as a very strong deterrent for most employees.
  • Hire ethical employees – Conducting background checks, verifying an employee’s educational credentials, and calling references are all necessary steps to ensure that new hires have integrity and can be trusted. Take the time to understand what makes the candidate “tick.” After all, you are about to grant them access to your business and ultimately, your money. Trust, but always, always verify.
  • Have new hires sign a code of conduct – Establishing early on their employment, ideally on their first day with the company, what is expected of them as employees is often overlooked by small- and medium-sized companies.

Hiring new employees is not a risk-free endeavor, and this is certainly not a complete list of steps that you can take to prevent fraud by new hires.

Your company has weathered the worst economic cycle in recent memory. Now is not the time to welcome a new employee in to the company only to have him or her commit fraud.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

Small business fraud – the untold story

Fraud costs small businesses money – lots of it. But that’s not the end of the story. In fact, for some business owners, that’s only the beginning of a rather painful journey. Whether the fraud involves employees, third parties, or both, the impact on a small business often takes the following forms:

  • Fraud destroys the owner’s confidence – Having a fraud take place on your “watch” can trigger a wide range of emotions. Anger, frustration, regret, and self-doubt are all normal reactions to fraud. How the owner overcomes those emotions can make a huge difference in how quickly the business recovers – or whether it recovers at all.
  • Opportunities to expand disappear – Opportunities to expand typically require a cash investment. While the fraudsters line their pockets with your cash, opportunities to expand evaporate.
  • Family and friends lose faith – Many small businesses, at least initially, rely upon investments from family and friends. When the owner has the unfortunate task of notifying them that the company has been a victim of fraud, the reactions can range from pity to anger. Post-fraud, investors are understandably reluctant to put more money into the business.
  • Likelihood of business failure increases – With less cash on hand, small businesses are often unable to respond to the inevitable “surprises” that occur while running a small business. In the event that a critical piece of equipment breaks or cash is needed to meet payroll, the company’s financial resources can be stretched to the breaking point. Meanwhile, the fraudster is spending the product of the fraud as they please.

Preventing fraud losses keeps hard-earned cash in the business. Just as importantly, it also helps small business owners avoid the severe emotional toll that fraud creates.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.