Forensic Accounting Issues

Current Cybercrime Threats to Businesses

Cyber Security.jpg

Introduction: I mentioned in a previous discussion and blog that Knowing Your Cyber System is imperative to protecting your business. This discussion is intended to introduce the concepts of immediate threats experienced by most, if not all, business structures to their cyber environment. There will certainly be additional cyber threat considerations at the business grows and prospers, but these concepts should get you thinking about how to make the business a hard target against attacks.
Main Talking Points:
1. Business Email Compromise (BEC), Email Account Compromise (EAC) scams, and Ransomware attacks continue to cause tens of millions of dollars in losses.
2. Primary attack vectors are BEC, EAC, Ransomware, theft of PII, and Theft of Data from inside and outside actors.
3. The weakest links in cyber defense are e-mails, attachments, and apps.
4. Small Businesses are frequently attacked.
5. Attacks can be motivated towards financial gain, obtaining competitive advantage, or from hostile governments intent on stealing secrets.
6. Potential for corrupt insiders cannot be overlooked.
7. Cyber fraud and cyber crime attacks are often treated as technological problems, but they are also personnel problems.
8. Best mitigation steps recommended by the FBI and U.S. Department of Homeland Security are discussed.

I queried several different sources to gain an understanding of the main cyber related threats to business enterprises, to include the FBI, U.S. Department of Homeland Security, National Institute of Standards and Technology (NIST), Kapersky Labs, CSO Online, and the American Institute of Certified Public Accountants (AICPA). Most tend to agree that the top threats are listed as:
BEC and EAC Schemes
Identity Theft
Data Theft (Inside and Outside Threats)

Business E-mail Compromise and E-Mail Account Compromise Schemes:

There are many definitions of Business E-mail Compromise (BEC) schemes to let’s start with the definition used by the FBI: Business E-mail Compromise is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
E-mail Account Compromise (EAC), according to the FBI is a sophisticated scheme that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. The EAC scam is very similar to the BEC scam, except that it targets individuals rather than businesses.
Criminals can obtain the necessary information to execute BEC and EAC attacks through social engineering and computer intrusion techniques. Social Engineering is the psychological manipulation of people to perform actions or divulge confidential information. The goal of the criminal actors is to gain access to the internal communication systems of the victim business to surveille the business practices of the payment systems. The scams are usually committed by the perpetrator using a hacked or “spoofed” e-mail address. A spoofed e-mail is created by the hacker to mimic a legitimate vendor e-mail to convince the victim to send money to an account held by the criminal. The financial institutions conducting the wire transfers are using actual funds and therefore, are not exposed to losses. The losses are sustained by the victim company.
Ransomware is a form of Malware that targets both human and technical weaknesses in organizations to deny the availability of critical data and/or systems. When the victim organization determines they are no longer able to access their data, the criminals demand payment of a ransom in exchange for regaining access to their systems. Ransomware attacks are decreasing in number but increasing in variants. Ransomware is also known to infect smart phones, as well.
The top targets of Ransomware are academic organizations, government agencies, healthcare organizations and hospitals, and any organization with sensitive client data such as law firms.
Victims are targeted through e-mails, attachments, or links containing malicious code. Opening corrupted attachments and links results in the encryption of files that restricts access to files, or entire systems, until an extortion payment is received. In addition to siphoning data from the victim, criminals hold the data hostage until payment, often in the form of Bitcoin or other cryptocurrencies.
Executive management will have to decide to pay or not pay the ransom based on the facts of the situation, but, in general, payment of the ransom is not recommended. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved.
Identity Theft:
Referring to the NIST Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) illustrates that money is not the only target of cyber thieves. Criminal actors sell the stolen PII on underground markets, i.e., the Dark Web. PII is any information about an individual, including any information that is used to distinguish or race an individual’s identity such as name, Social Security number, date and place of birth, mother’s maiden name or biometric records, medical, educational, financial and employment information. Theft of PII often leads to other crimes such as tax-refund fraud, credit card fraud, loan fraud, synthetic identity theft, and others.
Data Theft:
According to the American Institute of Certified Public Accountants (AICPA), sensitive data is an attractive target for cyber thieves. The crimes occur when a cyber criminal gains access to the internal cyber system of the victim to steal the sensitive data. Sometimes, these crimes target governments or other large organizations with more resources using a combination of malicious methods to first gain access to an organization’s networks, referred to as an Advanced Persistent Threat (APT). Then, the actor proceeds to monitor activity and siphon data in an undetected manner over an extended period of time.
Smaller businesses are also targeted for the theft of sensitive data. The theft schemes targeted towards businesses can be conducted by actors outside of the company, but also from insiders. Corrupt employees, to include contractors and vendors, have access to the most valuable secrets of an organization. Those bent on stealing the intellectual property will exploit weaknesses in the internal controls to copy, download, and remove the valuable information. They can sell the information to competitors, steal the information to start their own companies, or steal the information to take jobs with competitors. Some are complicit with hostile foreign intelligence services intent on stealing the secrets for use by their respective governments. Businesses should also consider the potential for corrupt insiders to plant malware or viruses to destroy the cyber environment. Some insiders will implant hidden “back doors” to the systems for later access by themselves or complicit actors.
The FBI advises that the insiders are interested in the following areas: Information and Communication Technology; Business information pertaining to scarce natural resources to provide global actors an edge in negotiations with the U.S. Government; Military Technologies, Civilian and Dual-Use technologies in clean energy, health care/pharmaceuticals, and agricultural technology. Motives could include greed or financial need, unhappiness at work, allegiance to another country, vulnerability to blackmail, the promise of a better job, and/or drug use or dependence.
The FBI also advises that certain behaviors of the actors may be missed that could have been picked up ahead of time. Those behaviors and warning signs include:
(1) They work odd hours without authorization.
(2) Without need or authorization, they take proprietary or other information home in hard copy form and/or on thumb drives, computer disks, or e-mail.
(3) They unnecessarily copy material especially if it’s proprietary or classified.
(4) They disregard company policies about installing personal software or hardware, accessing restricted websites, conducting unauthorized searches, or downloading confidential material.
(5) They take short trips to foreign countries for unexplained reasons.
(6) They engage in suspicious personal contacts with competitors, business partners, or other unauthorized individuals.
(7) They buy things they cannot afford.
(8) They are overwhelmed by life crises or career disappointments.
(9) They are concerned about being investigated, leaving traps to detect searches of their home or office or looking for listening devices or cameras.
FBI Recommended Cyber Crime Preventative Measures:
(1) Employee Training – because end users are often targeted, employees should be made aware of the threats, how attacks are delivered, and trained on best practices for good cyber hygiene.
(2) Patch Operating system, software, and firmware on all devices. All endpoints should be patched as vulnerabilities are discovered, which is made easier through a centralizes patching system.
(3) Ensure anti-virus and anti-malware solutions are set to automatically update.
(4) Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary and should operate with standard user accounts at all other times.
(5) Similar to administrative accounts: file directory, and network share permissions should also implement least privilege. If a user only needs to read specific files, they should not have write access to those files, directories or shares. Configure access controls with least privilege in mind.
(6) Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.
(7) Implement Software Restriction Policies or other controls to prevent programs from executing from common locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the APPData/LocalAppData folder.
(8) Back up data regularly, and regularly verify the integrity of those backups.
(9) Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline.
The United States Department of Homeland Security provides the following seven strategies to defend control systems as suggestions to protect the cyber environment:
(1) Implement Application Whitelisting – Application Whitelisting (restricting systems      from running software unless it has been cleared for safe execution) can detect and          prevent attempted execution of Malware uploaded by adversaries.                                          (2) Ensure Proper Configuration/Patch Management – Adversaries attack unpatched          systems. A configuration/patch management program centered on the safe                          importation and implementation of trusted patches will help keep control systems            more secure. Use best practices when downloading software and patches destined for      your control network. Take measures to avoid “watering hole” attacks (attacker                  guesses which websites the group often uses and infects one or more of them with              Malware). Use a web Domain Name System (DNS) reputation system. Get updates              from authenticated vendor sites. Validate the authenticity of downloads. Insist that            vendors digitally sign updates, and/or publish hashes via an out-of-bound                           communications path and use these to authenticate. Don’t load updates from                       unverified sources.
(3) Reduce Your Attack Surface Area. Isolate ICS networks from any untrusted                     networks, especially the Internet. Lock down all unused ports. Turn off all unused             services. Only allow real-time connectivity to external networks if there is a defined           business requirement or control function. In one-way communication can accomplish       a task, use optical separation (“data diode”). If bidirectional communication is                     necessary, then use a single open port over a restricted network path.                                     (4) Build a Defendable Environment. Limit damage from network perimeter breaches.     Segment networks into logical enclaves and restrict host-to-host communications               paths. This can stop adversaries from expanding their access, while letting the normal     system communications continue to operate. Containment provided by enclaving also       makes incident cleanup significantly less costly.
(5) Manage Authentication – Adversaries are increasingly focusing on gaining control       of legitimate credentials, especially those associated with highly privileged accounts.         Implement multi-factor authentication where possible and emphasize strong                       passwords. Require separate credentials for corporate and control network zones and       store these n separate trust stores.
(6) Implement Secure Remote Access. Some adversaries are effective at gaining remote     access into control systems, finding obscure access vectors, even “hidden back doors”       intentionally created by system operators. Remove such accesses whenever possible         especially modems as these are fundamentally insecure.
(7) Monitor and Respond. Consider monitoring programs in the following five key             areas:
a. Watch IP traffic on ICS boundaries for abnormal or suspicious communications.
b. Monitor IP traffic within the control network for malicious connections or content.
c. Use host-based products to detect malicious software and attack attempts.
d. Use login analysis (time and place for example) to detect stolen credential usage or        improper access, verifying all anomalies with quick phone calls.
e. Watch account/user administration actins to detect access control manipulation.
Have a response plan for when adversarial activity is detected. Such a plan may include disconnecting all Internet connections, running a properly scoped search for Malware, disabling affected user accounts, isolating suspect systems, and immediate 100% password reset. The Plan may include incident response, investigation, and public affairs activities.
Have a restoration plan, including having “gold disks” ready to restore systems to known good states.

Conclusion: The common link in these vulnerabilities is often the lax behavior of people using e-mails corrupted apps. The careless use of e-mails provides criminals the easiest avenue of penetrating the cyber environment. One of the most effective methods of surveilling the cyber systems is to compromise the internal mailboxes of executives and key employees. From this position, the actors can learn about job positions, levels of authority, speech habits, bank accounts, decision making authorities, travel, vendors, customers, and attachments to emails. Such knowledge allows the actor to successfully mimic the language of users to misdirect wire transfers, steal sensitive information, or plant Malware to inflict damage to the system.
No one can prevent all attempts at cyber fraud making it important to recognize that all business structures, regardless of the size, are targets of adversarial actors. Often, cyber-fraud and cyber-crime attacks are treated as technological problems, but they are also personnel problems. Reviewing past cases have shown that the victims failed to have quality preventative measures in place, as well as cases where controls were in place but disregarded by careless employees. Effective defenses necessarily will have to be multi-layered, continuously upgraded, and rigorously tested to offer the best chance to prevent damage or to discover problems at the early stages.

Forensic Accounting Issues

Five Recommendations to Protect Your Business from CyberFraud

We all know that forming and running a business, as rewarding as it is, will keep the owners and managers extremely busy as they work to grow their operations. They will hear from professional accountants about the necessity of creating good internal controls to protect the company. But oftentimes, the ideal structure of internal controls may require more people to implement division of responsibilities. Then, reality sets in. Wages and benefits spent on hiring more employees who do not generate profits are called unhappy dollars. To reduce these unhappy dollars, divisions of responsibilities are collapsed into a fewer number of trusted employees to guard the money and intellectual property of the entity. Many businesses operate safely and profitably using fewer people to oversee the internal controls, but the risk of fraud increases as these controls are collapsed into the job descriptions of fewer people.
To be sure, determined crooks will defeat the best designs of internal controls in any size of business entity. However, more opportunity for mischief is created in smaller business models with more emphasis on the trust of fewer people, or maybe even one employee. Some of our most devastating embezzlement losses have occurred in this environment of complete trust engendered to a small number of people. This is particularly true in crooked accountant bookkeeper cases, whom I call crookkeepers.
It is extremely important to point out that the accounting and bookkeeping professions produce dedicated and reliable people to professionally maintain accurate books and records. Just like anything else, a few of these people create enormous problems when they decide to commit fraud. Other key employees in a company can also steal money and assets from a business. so let’s discuss some effective methods of preventing or discovering the misdeeds of corrupt employees.
After years of working as a financial crime investigator, I have had the advantage of interviewing a wide variety of criminals. I have always carefully questioned those crooks who agreed to be interviewed. In addition to having them describe the scheme, I would ask: Why did you do this? Well, what kept you up at night? How did you get caught? What would you have done differently to avoid detection? During your scheme, when was the first time you knew that you crossed the line into actual indefensible fraud? What recommendations would you forward to the victims of such schemes to prevent people like you from stealing from them? From this, I and many of my colleagues have gained valuable insights about how to make victims harder targets against fraudulent conduct. These suggestions are not usually found in accounting classes or online searches.
The knowledge gained from conducting the fraud autopsies of numerous cyber and financial fraud cases reveal many clues left behind by the fraudsters. These clues were in plain sight but overlooked during the schemes. More importantly, many of these same clues appear in different cases.
One of the challenges in the practice of Forensic Accounting is to leverage this information to identify practical and cost-effective fraud preventative solutions for business owners, to include partnerships, churches, and other non-profits. Therefore, I always try to find no-cost, low-cost, and then the high-cost solutions. Naturally, people want to hear about the no-cost solutions first, so I came up with a list of five things that stakeholders can apply today, at no-cost, to make their business models harder targets against corrupt employees. So, the list I provide and discuss is:
Know Your Employees
Know Your Vendors
Know Your Credit Cards
Know Your Business
Know Your Cyber System
I am convinced that these recommendations, if implemented, will not prevent the attempts at fraud schemes, but they will offer the best chances for prevention and early detection of problems. That’s the point. You want to identify the warning signs of problems in the early stages to prevent devastating losses from off-the-books and on-the-books fraud schemes. First, though, I want to describe the important differences between off-the-books and on-the-books schemes.

Off-the-books schemes primarily appear in cases where the perpetrator(s) will steal money and not really care if the transactions are recorded in the accounting system. Thefts of cash and other valuable assets, maybe from the inventory system, are common. Opportunities to steal cash make good people go bad and bad people go worse. Many thieves will steal cash knowing that it may be discovered one day. They rely on poor internal controls and lack of proof to keep from being fired or prosecuted. So, people like me will be telling business folks to reduce the opportunities for cash thefts by getting the cash into the bank accounts as soon as possible. Keeping cash in storage, even safes, will not deter the thieves. One secret in removing cash from the business is establishing a positive relationship with your financial institution about your banking procedures, particularly in cash deposits. Your banker is required to report suspicious patterns of cash deposits which may appear designed to avoid Currency Transaction Reporting requirements of cash transactions over $10,000.00. A more personal relationship with your financial institution may alleviate these concerns. Please do not forget about protecting your intellectual property and trade secrets from theft. These thefts would not necessarily appear on your accounting system.
On-the-books schemes are described as schemes where the corrupt employee is stealing money while creating false and fictitious accounting entries to hide the thefts. In a normal accrual-based dual-entry accounting system, each transaction will create a debit and credit entry. At the end of each transaction, at the end of each day, at the end of each accounting period, debits and credits should equal. The sophisticated thieves certainly know this. Some of our most significant and devastating losses from embezzlements are on-the-books schemes designed to survive the review and audit process. Undetected, these schemes can last several months or years, and may never be discovered. Payments of bribes and kickbacks can be hidden in webs of misdirected accounting entries. Corrupt business partners and company executives can drain the profits out of a business and hide behind falsified accounting entries. Crooks will look for and exploit weaknesses in the internal control systems. For example, we have seen many theft suspects in churches and non-profits admit to some form of taking money, but they will say that they are being reimbursed for previous personal expenditures. Without a reliable internal control system covering reimbursement of expenses, it becomes difficult to independently prove or disprove these representations. These schemes present significant challenges to the auditing profession and even more challenges to businesses operating without professional audits.
Know Your Employees
When doing presentations on fraud prevention, I field several questions about how to hire quality employees such as “What questions should be asked?” “Can we ask about their criminal record?” “Can we review their Social Media”. These are valid questions, but present-day government rules, regulations, procedures, and laws make the answers more complex. I always recommend the services of competent legal counsel to navigate these issues.
After investigating and studying numerous corrupt employee matters, I can say that clues were left behind by many of the thieves during the application and hiring process. I always request or subpoena the employee files to review the initial application and disclosures. In many, but not all, cases, the corrupt employee embellished accomplishments, omitted key information, or outright lied on the application. The clues were undiscovered because no one conducted research on the applicant’s representations. A Google search is not adequate. A misrepresentation on an application could very well be a mistake or honest oversight. The hiring and interview process offer the best chance to address these issues. Verification of key information about education, previous employers, awards, accreditations, are easily verified before an interview even takes place. These recommendations gain in importance when hiring people in key financial and management positions. Here are some additional steps for consideration:
Identify Employees in Sensitive Positions for increased vigilance
Review and Verify Applications/Resumes
Obtain Credit Reports
Consider Background Checks for Employees in Sensitive Positions
Consider Fidelity Bonds
Know Your Vendors
In the above discussion of on-the-books fraud schemes, I point out that the perpetrators will record false and misleading accounting entries to hide their fraud schemes. One of the most common methods of doing just this is to form fake vendors and add the vendors to the approved vendor list. Once the fake vendor is added to the approved list, fake invoices are submitted to the company for payment. The payments are then directed to bank accounts controlled by the embezzler. Sounds simple, right? This format appears in many long-term embezzlement cases causing hundreds of thousands or even millions of dollars in losses. This is why I recommend monitoring the vendor list and looking for the conflicts of interest and unholy financial relationships between vendors and your employees, particularly with new vendors.
Know Your Credit Cards
Investigators and Forensic Accountants often see cases where personal expenses are charged to the corporate credit cards. We also see situations where the embezzler will obtain personal credit cards from the same credit card company used to sponsor corporate credit cards, charge personal expenses on the new cards, and pay all the credit cards with corporate funds. I call these parasite credit cards. If the person using the credit cards is the same person responsible for paying the credit card companies, losses can accumulate very quickly. I have seen cases where the losses from parasite credit cards hits the six and seven-figure dollar range. Misuse of company credit cards does not always stand alone in a fraud scheme and is often combined with other methods of stealing money. Here are some additional steps for consideration:
Determine how many credit cards are being paid through the company
Determine who has custody over the credit cards
Clear company policies concerning proper use of credit cards should be in written guidelines.
Always review the credit card statements.

Know Your Business
Of course you know your business, but how closely do you monitor the different types of expenses being charged to the business? While unraveling on-the-books fraud schemes, we find that many of the expenses charged to fake companies made absolutely no sense to the business model of the victim. Many embezzlers will try to outfox you by charging “soft” costs like “consulting”, reasoning that no one can really tell what is going on. Careful monitoring of the expenses being paid is critical in catching schemes at an early stage.
Know Your Cyber System
I field many questions concerning protecting businesses from cyber-related crime. In short, we should consider the difference between financially motivated cyber fraud schemes vs. cyber-attacks designed to damage the computer system. Cyber fraud schemes can originate from corrupt employees or from outside forces intent on stealing assets. Intellectual property, trade secrets, and client lists, are glaring targets of corrupt employees and outside cyber criminals. For profit cyber-attacks include Business Email Compromise schemes, Email Account Compromise schemes, and Ransomware schemes. Cyber attacks designed to damage the cyber system can originate from outside the business or from disgruntled insiders. Here are some basic steps for consideration:
Learn about Common Attack Vectors and Mitigation Best Practices
Conduct a Security Audit and Assess Controls
Keep your Cyber system modern and up-to-date
Employee Training
Consider Business Insurance
Create a Response Plan
I am convinced that any one or more of these no-cost recommendations would have prevented or discovered significant embezzlement schemes resulting in hundreds of thousands of dollars in losses in actual cases. These are lessons learned from analyzing internal fraud schemes as well as information gleaned from debriefing the actual thieves.
These recommendations are only briefly described to keep this blog within a reasonable length. I plan on writing additional blogs and podcasts to provide more detail on these matters, particularly on protecting the cyber system of businesses.

Forensic Accounting Issues

Mobile and On-line Banking Safety Considerations

I was recently interviewed by Margarette Burnette, a personal finance writer at NerdWallet and asked to offer an opinion to the question she entitled “Is it Safer to Bank by Phone or Computer? In this article she says “Two thirds of Americans use mobile or online banking as their main way to access their accounts. If you belong to that group, chances are you lean heavily on a smart phone or computer to pull up your bank information. But both gadgets also happen to be popular targets for online fraudsters itching to infiltrate your accounts”. You can view her report at the link I provided.
After researching the issues and thinking about some of the hard-earned lessons of investigating actual cases, I responded by saying that the safety infrastructure in both methods is very solid and constantly improving. They need to improve because determined fraudsters are always trying new methods to defeat the security structures of the systems. I chose to turn the question around and approach the answer from the perspective of the criminals. In other words, by “Thinking Like a Thief”.
If I were running a criminal organization and wanted to compromise the online banking world, my efforts would be directed towards attacking the smart phone side. People are trending away from relying on desktops, laptops, and tablets for every-day use. The smart phone is really a portable computer, completely mobile, and has many of the same security features as PCs and laptops. As our society moves more towards the connected world of the Internet of Things (IoT), 5G technology, smart homes and cities”, and the increasing capabilities of smart phones, we become more tethered to these devices. Criminal actors are always finding new ways to crack through the security features of our PCs, laptops, tablets and related peripherals. But they are also honing their skills to attack smart phones.
And, let’s face it, two of the weakest links to protecting our home, business, or smart phone cyber systems are e-mails and corrupted apps. Crooks rely on lax behavior by users such as not shielding their smart phones screens, using unprotected wi-fis, sending or receiving unsolicited emails, opening unverified attachments, downloading sketchy apps, or protecting the phones from theft. Considering the increasing reliance on smart phones, it appears to me that cyber criminals will be devoting more time and resources towards compromising the smart phone environment.
The reporter’s question may generate different answers but regardless of the devices used, learning and practicing good cyber hygiene has never been more important.

Additional blogs and podcasting on cyber security best practices are forthcoming.

Vulnerable Victim Fraud

Wait, Whadayamean Grandma is Laundering Money?

Can this really happen? The answer is yes and here’s how it works. Financial institutions and investigators are seeing more situations where victims of fraud schemes are recruited to deposit checks from other fraud victims and then forward money to the criminal actors. In a sense, the first victim is becoming an unwitting money launderer. This is particularly true in cases where Senior Citizens are victimized.

One of the most distressing crime trends in current times is the increasing losses due to financial abuse of Senior Citizens and other vulnerable victims. Current population demographics indicate that the general population in the United States is getting older. Many Seniors possess significant assets, others struggle with poverty, and many are somewhere in the middle. The Baby Boom generation is now entering retirement years after building nest eggs of savings and retirement accounts.

To be sure, criminal actors are targeting the wealth created by the aging population. The estimated value of savings and retirement accounts in the United States approaches $27 Trillion. These vast sums have attracted highly sophisticated organized criminal groups from inside the United States and foreign countries. These organized crime groups are responsible for well-known identity theft, lottery, romance, work at home, grandparent, tax payment, fraudulent IRS returns, business email compromise (BEC) scams. Ponzi schemes and other fraudulent investment schemes also cause large losses to thousands of victims.

Successful criminal groups need to move and hide enormous sums of stolen money. To answer the challenge, complex money laundering networks are formed for the placement of money into the banking system, the layering of the proceeds through multiple accounts, and reintegrating money back into the financial system. They can then use the “clean” money to purchase assets, pay co-conspirators, or finance other fraud schemes.

Many victims are directed to send money to overseas locations. However, since many victims are reluctant to send money overseas, criminal organizations have formed networks of money laundering “mules” to receive the initial fraud dollars, deposit the dollars in U.S. based banks, transfer the money into other accounts, and then forward the money to the criminals. Many of the money laundering mules are willing participants in the schemes and are compensated from the fraud dollars. It is also now known that criminals are adept at convincing victims to become unwitting money laundering mules and instruct the victims to use their own bank accounts to deposit and transfer stolen proceeds, or to deposit fraudulent checks and forward the proceeds. These unwitting money laundering mules are found in romance scams, work at home scams, and other internet based scams.

Of course, most fraud victims do not set out to become money laundering mules. However, many feel trapped by the circumstances and will follow corrupt instructions to open new bank accounts, deposit checks from other persons, and forward money to others using money orders, cashiers checks, or wires. Many victims are encouraged to use variations of their actual names like nick names, middle names, or maiden names to purchase money orders or send wires. The fraudsters know that many of the victims are reluctant to lie about their personal names but may be convinced that using a variation of their actual name is not really lying. The criminals know that varying names on transactions make the tracing process more difficult for investigating officials. Other victims may be convinced to use criminal proceeds to purchase gift cards and other stored-value cards and forward the serial numbers to the perpetrators. The victims are often instructed to keep quiet about sending the money because other people may want to interfere or restrict their freedom.
Protecting Vulnerable Victims
No one organization or government can prevent swindlers from attacking victims. Recognizing the early warning signs of fraud schemes is a key factor in protecting people from determined criminals. Currently, a wide variety of government and private organizations offer resources to describe current fraud schemes and recommended protective measures. Reading about the schemes is not enough. Some of our loved ones will appreciate efforts to protect them and some will resist interference. These crimes are seriously underreported because many victims feel ashamed about being defrauded. They often want to keep it quiet fearing that their families will want to take over their lives and finances. If the perpetrator(s) are other family members, the discord within the family can be very contentious.  Regardless of the individual circumstances of each case, documenting the victim’s loss of money and other wealth is necessary to tell the story.
I will be preparing additional blogs and podcasts to continue the discussions about protecting vulnerable victims from determined fraudsters.

Forensic Accounting Issues

Attention all Embezzlers, this is a Must Read!


For those of you who have chosen to steal from your company, welcome to a world where you may be in over your head.  You’re on a path promising rewards and  lifestyle improvements that you really, really deserve. Why cook at home when you can eat out whenever you like? How about expensive vacations? Maybe a second home, new cars, or a new boat? Want to gamble? Go for it!  Your company has insurance and have already paid taxes on the money, so no one gets hurt, right?  Besides, you tell yourself that you’re just re-distributing the profits of the company a little bit.

Many of you will start with pilfering small amounts of cash.  We get it. Stealing cash can be easy pickings in a careless business environment, especially in a business with drippy controls.  Who’s going to miss a little cash you might ask yourself. Well, nobody you say, business is good and nobody really cares.  You tell yourself that you need it more than them, anyway.  Your internal voice is offering encouragement.  You might be saying, well cash is everywhere, I know where the real and fake cameras are, but I can still do itYou plan on paying it back, you tell yourself.  You just need to plug some numbers in the cash counts and no one will know. You will start with small amounts and if no one finds out, you’ll just keep going.

Some of you will have access to the company checkbook and figure that you will write checks to pay the regular bills, but will write a check to yourself for your hard work. When the checks come back from the bank, you will just throw away the copy, or phony up a new check to place in the files.  Maybe you just bang the company credit card with your personal expenses.  Better yet, you get new credit cards in your name (parasite cards) from the same business credit card company, live large, and pay the bills through the company. Sure you know it’s wrong, but you always intended to pay it back, right?

If you can’t take more cash out, will that stop you?  Not a chance.   You learn how to form a phony company, enter your company as an authorized vendor and write-up fictitious invoices.  Your bank will not open a business account without incorporation paperwork so you feed the bank whatever paperwork they need to open accounts.  So you try a phony invoice or two and ask that the payments be made to your company.   Maybe you may want to think about billing for something that nobody can see, you tell yourself.  Hey, how about consulting or something like that?  Sounds terrific so let’s try it!

To stay out of sight of any pesky auditors,  you learn when the auditors arrive, the preliminary audit scope, the number of auditors, the experience level of the auditors, the audit budget, threshold limits, and deadlines. You will want to monitor the questions they ask and the documents they want to see during the audit. You will lay low for a time being just to be safe, and you will plug up any accounting gaps to cover your tracks. After the auditors leave and you haven’t been caught, you will steal even more.

Most of you know the point in time when you steal more than you can repay.  So you make a decision to either play it safe and stop, or soldier-on with your schemes.  Of course you continue because you deserved that raise given to some undeserving person who is not as smart as you.  Besides, it’s fun, a challenge, you still want the money, and will probably hit the jackpot at the boats someday.

Some of you don’t care how much you steal and don’t care if you get caught.  You will steal from Day 1 to Day End by whatever means necessary. After being fired, you will steal from the next employer.  Maybe you will alter your name, use a middle name, a married name, or change a number in your birthdate or Social Security Number to pass a background check. .

If anyone starts to question your actions, you will confidently explain things away.  You will have practiced your stories in advance.  You will offer to resign and walk away if they agree not to prosecute you and even offer to throw some dollars at them to settle up.  Of course, this is money you have already stolen.

Well, my friends, you may be one of the lucky ones who don’t get caught. But if you do get caught, you will look at the mountain of evidence against you and entertain the idea of a plea bargain, just like on TV, right?

If you do get prosecuted, how bad can it be? Surely a sympathetic Judge will see you as a really a good person who just made mistakes. You will have a very expensive lawyer to convince everyone that you are remorseful and it will never happen again. This always works, right? Surely financial crimes are not worthy of prison.  Besides, you will educate the Judge about how you cannot repay the loss if you’re in jail.

If you decide to plead out to reduced charges, go ahead and Google the word “allocution”.  You will learn that this is the point in time where you stand before a Judge and admit you committed a crime, and you intended to commit a crime.  You will have a chance to plead for mercy, cry a little if you feel the need (and you will), and repeatedly say that you are sorry and this will never happen again.  Hint: To prepare for this, you might want to identify the person or persons in your life whom you love the most, and practice your allocution in front of them.  You may want to try this as you are stealing to see how it works.

Just so you know, there are hundreds, if not thousands, of people out there who have dedicated their professional lives to learn about people like you to hold you accountable for your thefts.  They are smart, dedicated, and will likely listen to your excuses as they build cases against you.  They will silently thank you for the financial and digital trail you left behind to conceal your cleverness.  They will pity your families while they clean out your bank accounts, seize your investment accounts, retirement funds, hidden cash, houses, boats, cars, toys and anything else you bought with stolen money.

When you first meet one or more of these people, you will tell yourself that this is the worst day of your life, and you will be wrong.  You will be having many more terrible  days.