How Companies Can Stop Thieves in the Race for Your Tax Return

GUEST BLOGGER

Sarah Hofmann
ACFE Public Information Officer

It's unfortunately common this time of year for individuals to file their taxes only to find out that someone has already claimed their return. This type of identity theft can be upsetting, but it may be even more upsetting if they found out their identity was stolen not through a fault of their own, but due to their employer falling victim to a scam.

Savvy cybercriminals are using business email compromise schemes, or "spear-phishing" tactics, to acquire personally identifiable information (PII) through employers. They spoof an email address or phone number to make it look like they are someone from the company's human resources management company or accounting firm — or even someone from within the company itself — and ask for employee W-2s. Once they have the W-2s, they are able to steal employees' identities.

This year, the IRS warned that cybercriminals are widening their target scope from just large corporations to smaller organizations, such as nonprofits and school districts. According to the ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse, small organizations often have fewer anti-fraud controls in place than larger organizations — a weakness that makes them easier targets for fraudsters.

Bruce Dorris, J.D., CFE, CPA, CVA, vice president and program director for the Texas-based Association of Certified Fraud Examiners (ACFE) said, "Fraudsters and cybercriminals are continuing to search for new victims with this unique phishing scam. Many of these organizations have smaller budgets and do not have personnel to defend against these attacks, so nonprofits and school districts must invest and raise awareness in the latest fraud detection and prevention techniques to protect themselves."

Employers can protect themselves and their employees by:

  • Educating employees on email best practices
  • Never sharing PII over the phone or via email
  • Reporting suspicious behavior

The IRS has asked employers who receive phishing emails to forward them to phishing@irs.gov. Employers must remember that as technology evolves, so do fraudsters. The best defense against fraud during tax season is to be wary of anyone asking for sensitive information and to report any suspicious behavior.

You’re a Victim of Tax Fraud — Now What?

GUEST BLOGGER

Sarah Hofmann
ACFE Public Relations Specialist

After finally buckling down and finishing your taxes, you may feel a sense of accomplishment and start thinking about how you will use your return. However, that feeling can turn into panic and confusion the minute you receive a notice from the Internal Revenue Service (IRS) that your filing has been rejected, as a return has already been filed using your social security number. You now realize that you’re a victim of tax fraud and identity theft.

Although the IRS has recently met with leaders of private sector firms, state auditors and major providers of electronic tax software in an effort to help prevent identity theft, they are fighting fraud of a formidable size. A report published in 2015 from the Government Accountability Office estimated that the IRS paid out $5.8 billion in 2013 for tax returns that were later determined to be fraudulent.

There are ways to prevent becoming a victim, such as filing your taxes as early as possible and using licensed software with strong anti-virus protection. If you are a victim, however, in spite of efforts to protect yourself, the biggest question is what to do next.

The IRS recommends that first and foremost, you immediately contact them by calling any number provided on the notice of rejection of your filing.  Next, you will need to complete IRS Form 14039, Identity Theft Affidavit. They will direct you to prove your identity, which you may do over the phone or by going to IDVerify.irs.gov. To make the process as smooth as possible, Turbo Tax suggests that you have your tax return from the prior year along with supporting documents such as W-2s or 1099s on hand. Once you've filed a complaint with the IRS, they warn that it usually takes an average of 180 days for the case to be resolved, however, most taxpayers should be able to receive their refund after that period of time.

You should receive a PIN from the IRS that can then be used for future reference to your case. As tax return fraud is also identity fraud, it is a good idea to also file a complaint with the Federal Trade Commission and to contact credit reporting agencies to place a freeze on your credit reports. It’s unfortunate, but now that you’re aware that someone has your personal identifiable information, you must be extra vigilant about your credit and accounts going forward. Identity thieves may choose to sit on your information before using it, or may sell it to a multitude of buyers who can continue to try and use it for years to come.

Although the IRS, private sector firms and U.S. Congress continue to try and develop tools and practices to thwart fraudsters, tax return fraud will likely remain a reality for millions of Americans each year and should be dealt with as swiftly as possible to prevent long-term damage to credit.

Martin Kenney on the Panama Papers

AUTHOR'S POST

Mandy Moody, CFE
ACFE Media Manager

Since the International Consortium of Investigative Journalists published the Panama Papers on Monday, the term "shell company" has taken on a life of its own. These entities have been around for years, but with the news of the data surrounding their use, it is almost assumed that where secrecy hides, fraud will also. 

The Associated of Certified Fraud Examiners' Fraud Examiner Manual states that "shell companies have become common tools for money laundering primarily because they have the ability to hide ownership and mask financial details, and because money launderers can create them with minimal public disclosure of personal information regarding controlling interests and ownership.” But, shell companies do have legitimate uses. The manual goes on to explain that shell companies can be used for "holding the stock or intellectual property rights of another business, facilitating domestic and cross-border currency and asset transfers, and fostering domestic or cross-border currency corporate mergers.” Just like with many other instances of fraud, the real trouble begins when a tool, a program, a database or an account is abused and used for an illegal or deceptive purpose.  

I thought we would share a recent op/ed from one of our guest bloggers and former keynote speakers about the data release in hopes of further explaining much of what you have been and will be hearing about for weeks to come.

From The Globe and Mail:
Martin Kenney, Managing Partner of Martin Kenney & Co., Solicitors of the British Virgin Islands, a specialist investigative and asset recovery practice focused on multi–jurisdictional fraud and grand corruption cases
The Panama Papers leak has been described as the biggest dump of confidential offshore company ownership data ever: 2.6 terabytes of electronic data; 11.5 million documents; 200,000-plus offshore companies. That’s 10 per cent of the world’s population of two million active offshore companies.
The offshore industry is complex in nature. Most commentators struggle to understand and accurately describe its purpose. As a result, many observers latch onto the word “secrecy” and spin that to mean something suspicious and corrupt. This is not the case. Only a small proportion of offshore entities are vehicles used for money laundering, fraudulent asset concealment or tax evasion.
Yes, there will always be skulduggery. Criminals will seek to manipulate the system to gain advantage. And I understand those who express moral outrage against large corporations or wealthy individuals who use offshore companies to avoid tax. But tax avoidance is entirely legal.
Of course, there is an ethical consideration when a multinational company appears to have paid less tax than the average person on the street. But it’s a public-policy issue, not a legal one, unless aggressive tax planning crosses the line from avoidance to evasion.
These so-called fat cats (as the media loves to call them) employ vast numbers of the working population. Without them, their countries’ unemployment figures would be depressing and their economies would suffer. Mudslinging at successful entrepreneurs will only drive them away into the waiting arms of another country.
The tax systems of developed countries have their derivation in the 1970s. The issue now is that we now have a global economy and our tax laws need to reflect this scenario more accurately. This is why large coffee-shop chains, for example, have been able to avoid taxation – legally.
Still, the aforementioned skulduggery is manifest across the globe. It includes the rapidly growing offshore services provided by Scotland. Added to this list are jurisdictions that fraud investigators see as black holes – the U.S. states of Nevada and Delaware. No investigative material is collected regarding the ownership or control of Nevada or Delaware companies, unlike offshore jurisdictions, where regulations require this material to be collected and housed. It can very quickly be seen that dodgy dealing is a worldwide problem, not limited to, say, the British Overseas Territories.

Continue reading Martin's full op/ed in The Globe and Mail.

Character and Behavior: The Other Red Flags of Fraud

GUEST BLOGGER

Mary Breslin, CFE, CIA
President, Empower Audit

I sat in front of my boss, the general counsel for the organization I worked for, waiting for our meeting to begin. I was still searching for the right words to explain to him why I wanted to widen the scope of an audit in Zambia and conduct some specific fraud auditing techniques. I wasn’t sure whether or not I should admit that while my team had found some exceptions on day one of the audit, my real suspicions had arisen from the Zambia general manager’s personal behavior.

Two issues had been identified: First, a cash advance had been taken out by an employee on behalf of the general manager and given to an individual who was not an employee. After some careful questioning, it was revealed that the individual was the general manager’s mistress, who needed money to pay her rent while he was out of the country on a business trip. The advance had been repaid by the general manager immediately upon his return. As a part of that conversation, it was also revealed that he requested the cash advance because he didn’t want his wife to see a large cash withdrawal from his bank account. Okay, not a great guy, but nothing I hadn’t seen before. It was a clear policy violation for use of the funds, but it had been repaid.

The second issue came later that day during a payroll and benefits review. Apparently the general manager had added a new dependent that year to his benefits, and we assumed he and his wife had adopted a child while living in Africa. When I asked accounting, they introduced me to this “dependent” who happened to be in the office  his wife. And I mean his “other” wife. In many parts of Africa polygamy is still practiced, however this gentleman was from England and I knew he had a wife and two children — also his dependents — still in England. Add the mistress to this cozy arrangement and I was starting to get pretty concerned. Wouldn’t you?

After having dinner with the general manager and, I admit, a few beers later, he confessed his love for women, pretty much all women, and admitted there might be other wives. Wait, what?

I explained my concerns regarding the general manager’s character to my boss, and we dug a little deeper and crossed over into a true fraud audit. Based on what we found, that quickly turned into a fraud investigation.  

So what did we find? To start, we found four wives in four countries… and a couple of mistresses. We also found a company he owned with a wife in South Africa that was established strictly as a pass-through scheme for supplies. We found $18 million worth of tax payments that were misappropriated — not used to pay taxes. The tax authorities had actually been getting ready to take action against us. And there was more.  In addition to the obvious issues — all of the women — and the financial pressure those issues caused him, there were other red flags. The general manager was a micromanager and a control freak. He required his staff to bring him every file and document we requested for his review before they would give it to my team. I generally call that a “clue.” Luckily for the organization, this was a profitable location. By bringing in a skilled executive to control the money, the company was quickly able to get the location back on track. So what happened to the general manager? I’m not sure, maybe I could ask one of his wives. Actually, because he was such a profitable general manager, he was “counseled” and he kept his job. It happens.

 

A Few Halloween Treats to Enjoy

GUEST BLOGGER

Cora Bullock
Asst. Editor, Fraud Magazine

Halloween may come once a year, but the tricks of fraudsters unfortunately happen year-round. I am happy, however, to report that there are some treats to be celebrated this year.

Trick: Countrywide, later bought by Bank of America, used a program called "The Hustle" to fast track mortgage loans without checking for fraud, then sold the loans to Freddie Mac and Fannie Mae, where they often defaulted, to the tune of a cool $1 billion. Countrywide did this while at the same time telling officials that they had tightened their standards.

Treat: A jury voted unanimously that Bank of America was guilty of fraud because of that program.

Trick: Abbott Laboratories actively marketed their drug Depakote, used for bipolar disorder, migraines, and epileptic seizures, for uses other than those the FDA approved. It claimed that doctors could prescribe the drug for schizophrenia and for the aggression that stems from the beginning stages of dementia. This wasn't the case that it had good evidence backing up their claims — it had conducted no studies or trials testing Depakote for these other uses. It "had in fact halted clinical trials that had been undertaken to determine if Depakote was useful in treating other issues because it found that the drug caused some concerning side effects."

Treat: The Justice Department ordered the company to pay more than $1.5 billion.

Trick: Tax return fraud is rampant - someone here at the ACFE discovered that he had been a victim when he tried to file his tax return and was told that a tax return with his Social Security number had already been filed. The Wall Street Journal reported in January that, "The Treasury Inspector General for Tax Administration last summer reported discovering an additional 1.5 million potentially fraudulent 2011 tax refunds totaling in excess of $5.2 billion."

Treat: Recently, a sting in Miami nabbed 45 people accused of running a huge tax fraud scheme in which the group stole at least 22,000 identities to attempt to receive $38 million in tax refunds (around $11 million was paid).

So as you continue to fight fraud tricksters, remember that there are always treats in the form of prosecutions, arrests and restitution.