SOCIAL DISTANCING:
With the COVID-19 outbreak, social distancing is becoming the norm.  Let’s try to prevent/slow the spread of the virus by keeping six feet between me and you.

CYBER DISTANCING:
How about keeping “6 feet” from cyber activities that can harm you and your computer.

SITUATION: Natural disasters are a great time for cyber criminals to strike.
How are they striking?

1. Sending Malware – software to hurt or destroy your computer/cyber ability.
2. Phishing – sending emails trying to get you to give out personal information*
3. SMiShing – Phishing in the SMS format, i.e. texting you for your personal information*
(hence: SMiShing)
4. Spoofing – Disguising themselves as a legitimate source trying to get information, i.e. pretending to be a federal agency

*Personal Information:
financial data, SS#, address, telephone, bank account, passwords, etc.

What to do?
1. Unsolicited emails: Delete rather than open.
2. Don’t click links:     From unknown or unverified email addresses.
3. Up to date?            Verify Anti-Malware & Anti-Virus software are up to date.

More to come!
Info taken from an excellent Association of Certified Fraud Examiners provided by Jason Zirkle, CFE on 3/26/20.

Cyber criminals messed up your files?  Please feel free to email me (info@rmohc.com) to schedule a free initial consultation (in person or Zoom).

R. M. O’Hanlan Consulting (RMOHC) is an accounting consulting firm based in the Washington, DC area.  Michael O’Hanlan is a Certified Fraud Examiner and an Operational Accountant.  RMOHC specializes in accounting cleanup for commercial and government contract clients, fraud prevention, and training services. RMOHC keeps clients profitable, legal, and compliant.

Here is a fun start to 2020!  Happy New Year to everyone!

Warning:  Be very careful with calls from “[COMPANY] Support.”  They will tell you about a virus they need to fix.  They only want to break into your computer. 

I was driving when phone rang, and I couldn’t research the caller.  Here are two solutions to consider (which you probably know already!):

Solution if at computer:
Do not give any information.  Ask them for the [COMPANY] Support URL.  Hold them to it if they don’t hang up.  They will try to avoid the question.  Put only the name in, not the “.com”. and see what comes up.  Check their telephone #.  If you see “scam” anywhere, end the call.

Solution while driving:
Engage the person and ask all sorts of palsy questions, “Where are you from?”, “How long are you with Apple?”, “Where are you based?”

Listen to the tone, you will hear if they are there to serve or scam.  You can have fun at their expense.  Then hang up.

Best Solution:  DON’T ANSWER!

Here is my story about holding a scammer verbally hostage while I drove home:

“I had a ‘[COMPANY] Service’ call come in while driving home a few days ago.  I took the call.  He warned me about a virus that he had to check or something.  Asked me how many computers and other devices I had, and I started chatting with him telling him saying I had to finish driving home before I could tell him anything.  

“[Poor scammer, stuck talking to me as I drive through neighborhoods…]
His reluctance to engage me started sending up red flags.  He tried to tell me that he was from the Netherlands and I said, ‘so when did you move there from Pakistan, because that’s your accent, right?’ [BTW, I am a linguist…] […truly!]

 “[Poor, poor scammer…still driving]
“So my chatting began in earnest.  I tried to find out where he lived in the Netherlands, did he like Speculoos cookies (serious yumm!), how long he had been there, why he chose the Netherlands, just being 100% typical ME(!!).  So, I get home, and I tell him I am excited and ask him for the website so I could verify where he was calling from.  

 “[Poor, poor, poor scammer.]
“‘SCAM!!’ came up all across the computer when I entered in his telephone number, and when I entered typed in the name of the [COMPANY] service he “represented”, it said ‘SCAM!!’ too.  Then I asked him whom did he really work for because everything turned up ‘SCAM!!’, and whooda thunk, he hung up on me!

 “Poor scammer.  I had fun.  He’s not in the Netherlands (Toronto, actually, researched the number!) (…Toronto’s not in the Netherlands, is it?) (It isn’t Toronto, Ontario, Netherlands???).  Doesn’t speak Dutch.  Doesn’t know what Speculoos cookies are and had to talk to me all the way home.  Not knowing Speculoos was truly the saddest thing!

Poor, poor scammer.  He called the absolute wrong American! “ 

1. Keep your information to yourself.
2. If driving, keep a shallow newsy conversation going if you are up to it
3. Eat Speculoos cookies (I get nothing out of this, I just love them!)
4. Watch this to see what you can do with scammers:

https://www.youtube.com/watch?v=_QdPW8JrYzQ

Been scammed and need to rebuild your files?  Please feel free to email me (info@rmohc.com) to schedule a free initial consultation (remote is not a problem).

Michael O’Hanlan Consulting (RMOHC) is an accounting consulting firm based in the Washington, DC area.  Michael O’Hanlan is a Certified Fraud Examiner and an Operational Accountant.  RMOHC specializes in accounting cleanup and organization for commercial and government contract clients, fraud prevention, and training services and to keep clients profitable, legal, and compliant.

Hi LinkedIn readers! Let’s talk about a Fraud affecting Main Street Businesses. Are you a small business that is not publicly traded and you have a staff of 1-20? Then you are a Main Street Business.

Main Street Business Fraud stems from the Opportunity side of the Fraud Triangle. Opportunity means what aspects in the corporate culture helped create the possibility for fraud to happen, and/or in what aspects of the corporate culture did the Fraudster find Opportunity to commit fraud?
Defrauded business owners are indeed victims, but it takes to defraud, uh, I mean, tango. Let’s look at how business owners almost beg to be defrauded. Fill in your answers to each of these questions:

1. Doesn’t know anything about running a business or accounting…AND DOES NOT WANT TO LEARN.
Fill in what opportunity the Fraudster sees: _________________________________________________

2. S/He has 3 PhD’s, a JD, an MD, DDS or some other degree of higher learning and it is BELOW them to look at something as mundane as accounting, or god forbid, bookkeeping!
Fill in what opportunity the Fraudster sees: _________________________________________________

3. I don’t have time to spend on all this accounting and finance stuff, that is why I hire others to do it. I have more important things to do! Let them handle it.
Fill in what opportunity the Fraudster sees: _________________________________________________

4. My mom, my son, my husband, my best friend, my lover, etc. does my books, and I trust them implicitly! They would never steal from me!
Fill in what opportunity the Fraudster sees: _________________________________________________

5. I inherited the company. It really is not my job, even if I am the owner now. So leave me alone!
Fill in what opportunity the Fraudster sees: _________________________________________________

Here is the $65,000 question for you, Mr./Ms. Mainstreet Business Owner:

1. Whose business is this really, yours or someone else’s?

2. Who is ultimately responsible for the entire business?

3. Who signs the tax returns?

4. If you were not a Main Street Business and sold stock, who is subject to Sarbanes Oxley requirements?

Email me if you don’t know the answers!

Reflections:
1. John runs a plumbing company. Until he caught onto my beloved Fraudster/Felon Diana, he could not be bothered with accounting or running the company. And she ran away with the $263,000.

2. Jane, an Oral Surgeon never wanted to look at her books. That was her Administrative Assistant’s job and below the lofty activities of this this DDS. Well this Admin needed to get a broken heater in her home fixed but had to be at work. The Admin used the DDS’s account to cover the HVAC. Then she used it again, and again, until the DDS paid for her new roof, and ultimately, a new BMW. Jane is out of business. Admin has a spiffy car….

3. Ezra had a very busy law practice and almost always in court litigating all the time. The clerk who entered retainer fees into his IOLTA account began to “tithing to herself 10%” these retainer deposits. A client filed a complaint with the VA Bar about missing funds. Ezra no longer practices law.

4. Christof’s long-time friend worked for him in his repair business. Christof loved and trusted all his workers. The entire company used one username+password to access QuickBooks. His friend printed out $200 invoices for customers paying cash, reprinted the same invoice for $100, and pocketed the difference. His friend’s theft cannot be traced because using only one password prevented tracing.

5. Jacquie, inherited the company, and still says “I don’t want to do it!” But the company is hers. Most businesses owners don’t want to do the finances, but finances are your business’s “spinach.” Learn to eat it, learn to like it, and your business can grow strong like Popeye! Hate it and risk losing everything.

RED FLAGS:

• Is the marriage on the skids, and both still involved in the business?
• Do you have shady siblings?
• Did Dad get diagnosed with cancer and didn’t tell you; he only took $$ to pay for chemo?

RMOHC and the business owners:
Do you resemble any of these 5 characters? If so, we need to talk soon.
RMOHC Clients: 1. John, 3. Ezra, and 4. Christof.
John got Diana convicted. He is still in business and expanding.
Ezra did not want to put the time into the IOLTA account, and I lost track of him (tends bar?).
Christof enacted a new internal controls system RMOHC developed and is thriving.

Do you resemble John, Jane, Bob, Christof, or Jacquie?
    -Definitely contact me.

Are your finances funky from “those you trust” helping you? Contact me immediately!

Michael O’Hanlan Consulting (RMOHC) is an accounting consulting firm based in the Washington, DC area.  Michael O’Hanlan is a Certified Fraud Examiner and an Operational Accountant.  RMOHC specializes in accounting cleanup and organization for commercial and government contract clients, fraud prevention, and training services and to keep clients profitable, legal, and compliant.

Hi LinkedIn readers!  Let’s first talk about the concept of Main Street Fraud. 

When you study accounting, your examples present large corporations that have limitless staff to divide up accounting processes (i.e. segregation of duties), and limitless funds for the costs to use these systems.  They have fully staffed Accounting and Human Resources Departments so that the class can focus ONLY on the accounting issues.  The companies are large, perpetually profitable, publicly traded companies.

In real life, the fraud I deal with involves companies that are small, no, tiny: 1-15 people.  There is rarely any Accounting Department for keeping the books, and usually no Human Resources Department for on-boarding.  And they use QuickBooks, if any software at all.

A respected Fraud Examiner and Presenter, Kelly Paxton (of “Pink Collar Crime” fame), taught me a great term:  Main Street Fraud.  It refers to the fraud issues that affect smaller companies we find on Main Street, in Downtown, USA.  Main Street Fraud happens way more often, it doesn’t make the headlines.  It is not glamorous.  Main Street Fraud should be a regular article appearing in the ACFE journal “FRAUD” and feature Main Street Fraud Examiners in action!   [hey ACFE:  HINT!]

My beloved fraudster, Diana, worked for a small plumbing company.  She defrauded her employer out of $263,000.  They had an employee handbook, but no internal controls.  Her employer did prosecute, and she was found guilty of one felony count.

Prosecution is often costly, professionally embarrassing, time consuming, and frequently not worth it to the victimized companies.  But this is where the fraud seems to happen most often.  The focus of my writing is aimed at Main Street Businesses.  My goal is to give them ways to prevent other Diana’s from harming you and your businesses.  The victim of this article, a Main Street Business is really challenged if he wants to prosecute his fraudster, and you will see why very quickly.
So, I am starting with basics: usernames and password.

The Case of the Single Username & Password:

I had a recent client that brought me in for an embezzlement engagement.  As I interviewed him, it turns out that an employee/friend of his (of 15-20 years!) had been embezzling funds for almost as many years as they had been friends.  Embezzler earned the owner’s trust and took advantage of him.  When the owner discovered the embezzlement, he fired the thief.
How did the embezzler do it, and how did he get away with it?  Here was his process:
1. He went into QuickBooks
2. Printed out an invoice for a customer for $200
3. Then reprinted that same invoice for $100
4, Gave the customer the $200 invoice which s/he paid in cash
5. Turned in the $100 invoice to the company cashier with $100 in cash
6. And pocketed the $100 difference.

RMOHC: “Did you look into QuickBooks to trace what happened.”

Client: “You won’t find anything.”

RMOHC: “Why not?  Who has access to QuickBooks?”

Client: “Everyone, we all share the same username and password.”

RMOHC: “THE SAME?  Doesn’t everyone have their own username and password?”

Client: “No.  Only one came with QuickBooks, so we were stuck with using what they provided.  Besides, we only use QuickBooks track the invoices.  The CPA does all the rest, so we don’t need more, do we?”  [go ahead and gasp!]

Simple story short.  The Client got ripped off for who knows how many years, because the fraudster used the company-wide username and password to get into QuickBooks.  There was no way to identify the embezzler’s access vs. the owner’s access, nor was there any trail to follow.    

My Asset Misappropriation Engagement suddenly became an Internal Controls System Setup & Implementation Engagement.  You know what usernames & passwords are but consider these points:

USERNAMES are:
1. …key to keeping your financial data safe (and reduces “Opportunity” in the Fraud Triangle).
2. …means to limit who can get access to what in QuickBooks and more.
3. …great deterrents to fraud, because an audit trail is created based on the username.
4. …wonderful tools to help the segregate financial duties.
5. …NOT HARD to set up.  If you need help with them, I can help you!! [note the blatant self-promotion!]

PASSWORDS are:
1. Easy to set up for each user, and then the user can change it to something personal
2. Best if you avoid the common mistake of using: “password” or “123456”, or some other common pattern.  These are easily hacked.

TAKE AWAY:  NEVER SHARE A USERNAME AND NEVER SHARE A PASSWORD!

Contact RMOHC to help you work with usernames and passwords across your entire company!  Click here: (info@rmohc.com) to schedule a free initial consultation.

Michael O’Hanlan Consulting (RMOHC) is an accounting consulting firm based in the Washington, DC area.  Michael O’Hanlan is a Certified Fraud Examiner and an Operational Accountant.  RMOHC specializes in accounting cleanup and organization for commercial and government contract clients, fraud prevention, and training services and to keep clients profitable, legal, and compliant.

I want to spend some time discussing checks and electronic payments and how fraudsters use them to steal money from you and your business.  I will risk saying that in our personal lives, checks are quickly disappearing.  In business, however, they are still an integral part of conducting business.

I know you are wondering, what is a check?

Basically:  A check is a piece of paper that you give to someone, on which you have written an amount of money that you authorize the bank to pay that person.  It is as simple as that.

Let’s dive into it more! 
Checks defined:  Checks are spelled out in Article 3 of the Uniform Commercial Code (UCC) which was published in 1952 (https://www.law.cornell.edu/ucc/3).  Checks are one of 4 types of what they call commercial paper.

Boring stuff:
Commercial paper is an…:
1. …unsecured promissory note…:  you don’t have to secure it, i.e. you need not attach anything of value to it to back it up, like your bass oboe, or your Heckelphone, “Back up” means that you give the piece of paper something of value to show the amount is worth something

In comparison, the loan for your villa by the Seed Vault in Svalbard, Norway had to be secured so that if you became a deadbeat and didn’t pay your mortgage, they would take your fleet of 1962 Citroën DS cars and the 47 M26 Pershing tanks for payment which you used as collateral on the property.  It secured payment to your lender.  A check doesn’t need to do that.

2. …having a fixed maturity of not more than 270 days. (read: you can’t cash them after that time) Now, if you didn’t realize it, you have 270 days to cash all your checks, as per the UCC!
Then again, if you are holding checks longer than that…why???

Uniform Commercial Code (UCC)(https://www.law.cornell.edu/ucc)
The UCC was first published in 1952 to harmonize laws of sales and commercial transactions across all 50 states, the District of Columbia and the US Territories.  This begs musical analogies, so I will….  Before 1952, the laws were different, and if you tried to pay for something across state borders, you could run into trouble because everyone had different laws.  Different laws = not in harmony.

This is like Florence Foster Jenkins in a church choir trying to out sing the rest of the choir (check out https://en.wikipedia.org/wiki/Florence_Foster_Jenkins).  The UCC is the choir director that established rules for blending in and held Florence to them (watch the movie “Florence Foster Jenkins” and you will understand).

Basically, it is a payment backed by nothing that will be worthless in 270 days!  Go figure….

Now you are wondering, what gives it value?
Originally, there were only three parts of a check that made them legally binding (~a contract):
1. “Pay to the Order of”: This tells the bank to whom to pay the funds.
2. Amount (written out, i.e. “Fifteen,” not “15”):  It tells the bank how much to pay out.
Writing out the numbers reduces fraud risk because written out numbers are not easily altered.
3. Signature:  This is your authorization giving the bank permission to give out the money.  Fact is, a check is a type of a contract, and your signature executes that contract!

Did you know that…:
1. …the DATE is not legally binding?  If you post-date a check, that check can be cashed before the date and you cannot stop it from happening!
[yikes, don’t try post-dating!  Date people, they’re more fun!]

2. …the amount, written in numbers, is not legally binding?  Numbers can be altered very easily and so are not considered legally binding, only the numbers written in words.  The written word supersedes digits.  They are not trying to see if you can spell numbers in English….

3. Memo – It just provides fun information. [i.e. “memo: _prot. shakes for pet aardvarks_”].

So where can fraud come into play with checks??

Everywhere!  Here are fraud issues I want you to consider:
1. Who stores the blank checks?
Q: Who has custody [who holds] of the check stock?
A: The fewer the better.  In a “Main Street Business” it should be 1 person, max 2.

2. Who has access to the checks?
Q: Can anyone get a blank check if they want one?
A: Again, the fewer the better.  In a “Main Street Business” it should be 1 person, max 2.

3. Who can write checks?
Q: Can anyone get a blank check and fill it out?
A: Again, the fewer the better.  In a “Main Street Business” it should be 1 person, max 2.

4. Where are all the checks?  Those used, not used, voided, stolen, forged, manipulated, etc.?
Q: How do you account for the checks you used?  Does the bank return them?
A1: If the bank returns them, all used checks should be locked away and a register of each one and how it was used (cleared, voided, stolen, forged, manipulated, etc.)
A2. If the bank does not return them, you should have a register of each one and how it was used (cleared, voided, stolen, forged, manipulated, etc.).

5. Who can sign checks?
Q: Who in the company has the right, power, ability, etc. to sign a check and spend the company’s money?
A: Again, the fewer the better.  In a “Main Street Business” it should be 1 person, max 2.

6. Is the check altered in any way?
Q: In the returned copy of the check, or the copy of the check on the statement, did you look to see if it was altered in any way?
A: If yes, contact the bank immediately;  if no, not to worry!

IMPORTANT NOTE:  This is why you should look at your bank statement and reconcile your accounts each month.

7. What did my favorite gal felon Diana do with checks???
a. She was the only one who had access to the checks (“…she had sole custody of them.”) – could do what she wanted with them
b. She (and the owner) could sign them and make electronic payments too – her company’s money was in her hands
c. She received the bank statements and could both hide returned checks that were returned, and hide statements, where the checks were copied on them
d. She had sole access to QuickBooks and was the only one who could and the only one who knew how to reconcile statements… but never did.
e. She kept the owner as much in the dark as possible so she could get away with all her embezzling
f. She did much more too!

Do you need help accounting for all your corporate checks?  Click here: (info@rmohc.com) to schedule a free initial consultation.

R. M. O’Hanlan Consulting (RMOHC) is an accounting consulting firm based in the Washington, DC area.  Michael O’Hanlan is a Certified Fraud Examiner and an Operational Accountant.  RMOHC specializes in accounting cleanup and organization for commercial and government contract clients, fraud prevention, and training services and to keep clients profitable, legal, and compliant.