Fighting back against fraud — a dark and shifting landscape
by David J. Bilinsky, Practice Management Advisor
If there is a dark underside to technology, it is that it provides new opportunities for fraudsters to ply their craft.
Everyone now hears more about online fraud, but consider the wide range of fraudulent schemes, some old and some new, that are perpetrated in Canada today. The few minutes you invest reading this overview could help save you or your firm from falling victim.
The April-May “Practice Tips” introduced the most common mortgage and real estate frauds, and a recent Insurance Issues further probed these issues. This column looks at more general types of fraud that can be directed at law firms and lawyers. For the purpose of simplicity, each type of fraud has been stripped down to its basic elements. Keep in mind that the perpetrators often embellish their schemes with realistic documentation, polished scripts and impressive presentations — and these are not always as easy to spot as you might think.
Some schemes take advantage of new technologies and the internet, and all take advantage of human decency. Fraudsters rely on the fact that most people treat other people as honest and trustworthy. They also rely on the fact that we all lead busy lives and may not report losses to the police (and that the police may not have the resources to investigate each report).
Phishing, pharming and spoofing fraud
Phishing and pharming are attempts to have you release account information to apparently legitimate account representatives via email and internet websites. Spoofing is much the same, but takes place via the telephone. There are various explanations put forward to encourage you or your staff to cooperate. These fraud artists are seeking account numbers, PINs and passwords that allow them access to your financial accounts. Quite often the email and websites they use are very sophisticated and mimic the look and feel of your bank or other financial institution. The fraudsters rely on both psychology and technology to wrongfully obtain your account numbers, PINs and passwords.
Tips to avoid this fraud are as follows:
- Do not respond to email that appears to be from your bank or other entity with which you have an account. Legitimate businesses would not use email as a form of communication regarding your account, PIN, password or other confidential information. If in doubt, call the entity involved (but don’t use the telephone number or contact info in the email or website to which you have been directed). If you are responding to a telephone call, ask for the person’s name, hang up and then call back at the number that you have in your system for this entity (not the one that the caller may have given you).
- Banks and other entities rarely, if ever, need to call you to verify your account information, PIN or password. In virtually all cases, it is customers who call their banks if they have forgotten passwords. Accordingly, treat all of these calls and emails with a very high degree of scepticism.
Advance fee fraud
Otherwise known as the Nigerian business scam, this particular fraud has been around for a long while and has attracted a fair bit of media focus. Nevertheless, the RCMP estimates that Canadians have lost $30 million to this scam over the last 10 years.
Typically this fraud contains the following elements:
- You receive an email purportedly from a Nigerian civil servant or businessman.
- The sender says he has access to a large amount of currency in Nigeria (various explanations are put forward as to how the funds came into his hands).
- The sender seeks your cooperation in using your law firm bank account (often your trust account) as the vehicle to receive the money in order to transfer it out of Nigeria.
- For your part, it is stated that you will receive a large percentage of the funds (often 15-30%).
- The sender requests information on your bank and bank account and asks for you to forward an amount in order to meet expenses involved in transferring the money “out of Nigeria” and into your bank account.
- After sending the information and advance fee to the bank, you are either requested to send in further fees or you never hear from the sender again.
- These scams do not necessarily target lawyers but, when they do, there is often little legal service to be performed other than the stated requirement for your trust account to be the recipient of the funds.
Employee fraud is estimated to account for 60-70% of business losses due to fraud. Technology may or may not be involved. When it is, it can be used to either implement the fraud or to conceal it. Unfortunately, this fraud is carried out by those that you trust most. Types of fraud that fall into this area are:
- Embezzlement, where funds are stolen from the law firm and accounting entries are created in the financial system to cover up the theft
- Expense report fraud
- Ghost employees, where payments are made or continued to people who are not on the firm’s payroll
- Kickbacks, where gifts or payments are made to employees in return for directing the firm’s purchasing to a particular vendor or supplier
- Pilfering or stealing the firm’s property.
Since there are so many different types of employee fraud, here is a list of warning signs:
- Anonymous letters: In many cases, letters advising you of fraud inside your organization may be simply unwarranted and prompted by motives that have nothing to do with an actual fraud; however, a law firm ignores these letters at its peril.
- Lifestyle: A discrepancy between an employee’s lifestyle and his or her apparent income is cause for concern, particularly where a change has occurred suddenly without any obvious reason.
- Absenteeism: Paradoxically, the employee who never takes time off may not be a model employee at all, but may instead have a full- time job covering up an ongoing fraud and not wish to risk its discovery by someone else.
- Low morale: Unhappy staff are less likely to maintain your anti- fraud systems and procedures. Low morale may also lead to fraudsters rationalizing their activities and justifying in their own minds their fraud against you.
- High staff turnover: This could be a sign of low staff morale (see above) or could be a sign that honest employees do not agree with what they see happening in your organization and leave.
Systems that can be put in place to prevent employee fraud are:
- Control systems: Ensure that you have put into place systems that separate three key functions:
- authorizing transactions
- collecting or paying money
- maintaining the financial records of the firm.
- Separation of duties: One employee should not have responsibility for both sides of an office function, such as preparing cheques for payment and reconciliation of that bank account, or preparing payroll cheques and maintaining the payroll/employee record system.
- Original documents: Insist on having the original invoice available to the cheque signor at the same time he or she signs the cheque to pay that invoice. Have the cheque signor note in ink on the invoice his or her name and the date/time/cheque number used to pay that invoice or group of invoices. You can use a rubber stamp for this purpose that requires the signor to complete the information stamped on the original invoice before signing the payment cheque.
- Budgeting: If you prepare a detailed budget that forecasts both income and expenses, you can periodically compare your actual expenses to your budgeted items line by line and investigate any discrepancies.
- Cash deposits: Deposit all cash into the firm’s bank accounts promptly and enter all cash transactions into a cash receipt book forthwith (note all requirements of the Law Society Rules).
- Outside accounting: Consider using a payroll service to look after your payroll accounting.
- Outside reconciliations: Periodically have someone different reconcile your bank statements (such as someone sent over by your accountants). Have a partner periodically pick up cancelled cheques from your bank and review them before handing them to your bookkeeper.
- Outside reviews: Consider having an annual “spot audit” by your accountants that occurs without any notice to the firm.
- Supplies control: Keep tabs on your office stock, such as photocopy paper.
Prime bank fraud
This fraud goes by many names, such as prime rate guarantees, prime world bank debentures, prime bank letters of credit, secured trading programs or loan roll programs, but the central theme is the purchase of investment paper issued by prime banks that offer both low-risk and high rates of return to the purchaser. The investments can take the form of debentures, promissory notes, letters of credit, certificates or guarantees. The RCMP estimate that this type of fraud takes in tens of millions of dollars each year.
A fraudster may approach a lawyer, not necessarily to invest, but to accept funds for deposit from investors and to add an air of legitimacy to the transaction.
Typically, these frauds have these characteristics:
- There is an air of secrecy surrounding the transaction, combined with the threat of an investor being expelled or excluded from the transaction if he or she takes steps that would threaten this secrecy — such as independently investigating the bona fides of the deal. Confidentiality agreements may be requested.
- The documents themselves appear to be official and have wording typically found in legitimate financial instruments, which may or may not be consistent with the type of financial instrument being promoted. However, the vendors state that the documents are very complex and perhaps too technical for many investors to understand.
- There is often very little detail provided about the person(s) involved or the purposes for which the money is being raised, other than it is to be used for beneficial purposes.
- Relative to the risk, often stated to be near zero, excessive rates of return are offered (150% is not uncommon).
- There are typically no up-front fees to these transactions.
- The fraudsters target unsophisticated individuals seeking investments with above-average returns.
For more on prime bank schemes, see “When scamsters target lawyers” in the May-June 2003 Benchers’ Bulletin.
Pyramid or ponzi schemes
A ponzi scheme is an investment that offers two things to an investor. The first is the promise of a high-rate of return in a short time period and the second is the opportunity to bring others into the scheme. In effect, investors build a pyramid where the new investors start at the bottom and receive returns after moving upwards.
An unsophisticated example of a ponzi scheme is email or chain letters involving the payment of money to the names at the top of the list in the communication, plus the requirement to add your name to the bottom of the list and then send the letter to X number of new people. Ponzi schemes eventually collapse as the recruitment of new investors diminishes.
A sophisticated ponzi scheme can be hidden behind an investment that is meant to disguise the pyramid nature of the investment.
Tips to avoid these schemes:
- Ponzi schemes may be dressed up within a product or service sales concept. Be sceptical if you are asked to purchase products or services at prices that do not reflect the value of the product or service in the marketplace, on the expectation of a financial return down the line for participating and recruiting new members and thereby moving up the pyramid. (To be fair, there are legitimate product marketing businesses that resemble pyramid schemes.)
- These schemes are characterized by the fact that the majority of income generated by the scheme arises from the recruitment of people into the scheme and not from the sale of products or services.
Be cautious of calls requesting donations to charities and social organizations. Ways to prevent being taken in by frauds (and to ensure that your donations only go to legitimate organizations) are:
- Request information from the person making the pitch and state that you will call back after verifying the information.
- Be wary of those who appear in person at your organization seeking donations. Take down relevant details and state that you will call them back if you are inclined to make a donation.
- Verify the charity’s tax exempt status and business licence.
- Call the stated charity directly and inquire if it has a promotion underway and, if so, obtain the details.
- Be suspicious of any stated urgency for the donation — legitimate organizations do not engage in pressure tactics.
- If possible, decide on your firm’s charity program and contact your target charities directly and inquire how best to support their activities.
Telephone charge fraud
This fraud involves having to accept a collect call, which is typically (but not exclusively) stated to be an emergency or police emergency. This is not a collect call at all, but rather triggers a large charge to your phone bill, such as being billed for a call that takes place from a pay phone to another country.
The police do not ask you to accept collect calls for emergencies. A way to prevent this is to ask the operator to provide the name of the caller and the caller’s number, stating that you will call back instead. Often that will cause the caller to simply hang up.
Other telephone frauds involve a fraudster (usually through an email or website) having someone in your firm call or fax an off-shore number, typically in the Caribbean. In this way a large per-minute charge is levied against your telephone account. These numbers can be (but may not be restricted to) 809 or 900 telephone numbers. It is difficult to have these charges reversed once they are on your telephone bill.
Tips to avoid this fraud:
- Enticements to call the 809 or 900 numbers include having won a prize, product promotions, litigation, a death or injury or a vacation offer. If you do not recognize the company or the person(s) involved, check it out (with the Better Business Bureau, for example) prior to making the call. Simpler still, don’t call back.
- The longer you are on the call, the higher the charges to your phone bill. If you find yourself on one of these calls, hang up once you realize the nature of the scheme to limit your exposure.
- Have an office policy not to place any 809 or 900 calls.
- Check out the area code on any unfamiliar number prior to placing the call. If it is to the Caribbean (and there are many new area codes for this area), do some further due diligence before returning the call. Area codes for North America can be found at: www. bennetyee.org/ucsd-pages/area.html.
If you make any bank deposits or withdrawals at ATM machines, you could fall victim to this fraud. At its simplest, the perpetrator inserts a loop of VCR (magnetic) tape into the card slot on an ATM machine. When someone seeking to use the ATM inserts a bank card, the loop of magnetic tape prevents the machine from reading the bank card and it simply remains in the slot. At this point, the fraudster comes up and states that he or she has seen this before and you simply have to key in your PIN three times to get the machine to react. The fraudster then memorizes your PIN by watching over your shoulder.
When your bank card is not returned by the ATM, you eventually leave, and the fraudster pulls out the loop of tape and obtains your bank card. The fraudster then takes the bank card to another an ATM location that does not have security cameras, inserts the bank card, enters the PIN and withdraws money from your account.
Variations on this scenario now involve loop devices that are installed by the fraudster at the ATM locations that can read the magnetic strip and PIN, allowing the fraudster to duplicate your bank card and make a withdrawal from your bank account without your knowledge.
Ways to prevent this fraud:
- Exercise caution when using your bank card, particularly when there are strangers in close proximity.
- Talk to your bank about allowing only deposits by ATM to your firm general account (of course, your trust account must never be authorized for ATM withdrawals).
- Before using an ATM, look for signs of tampering. In particular, do not use ATMs that do not have security camera surveillance.
- Hide your PIN from view by covering the keyboard with your other hand when you are keying in your PIN.
“Telemarketing fraud” can equally take place via the web, email or fax. The common element is to entice you to pay for goods and/or services that will never materialize. Examples are offers to receive photocopy or other office supplies on the cheap, services (such as to continue your domain name registration with a new registration service for an extended period) and the like.
Ways to prevent this fraud:
- Establish business relationships with proven business suppliers and resist unsolicited offers of cheap supplies from unknown companies.
- Ask for documentation from unknown vendors as well as references.
- Do not hesitate to call references prior to using a new supplier. Legitimate suppliers will not hesitate to provide valid references.
- Check with the BBB prior to using any new supplier.
- Resist any time pressure tactics in order to receive a discount.
- Recall that sophisticated fraudsters will have brochures and other documentation printed for distribution. Ensure that the business entity on the printed copy can be found listed with legitimate organizations (such as the Chamber of Commerce or City Hall business licence department).
By taking steps to protect ourselves against fraud, we can escape the bad behaviour of those who exist for darkside pleasures.