Sunday, September 16, 2018

Forgery update

By Greg Wright
Certified Fraud Examiner
National Speaker

Yesterday, David met with the Indiana Securities Division and has an invitation to meet with the FBI.  


The last time I saw David, it was months ago. He was in the audience when I gave a presentation to his business group. 

Three weeks ago, David called and said, “What do you think about self-directed IRAs?”  I told him that it depends on the underlying investment and the honesty of those involved in the transactions.  I suggested that he read an article I wrote three years ago, “Self-directed IRA Fraudster.”

A few days later David asked to meet with me regarding a confidential matter.  He said that he would buy my lunch.

A self-directed IRAs is an individual retirement account that the investor controls with investments of his or her own choosing. These IRAs may invest in real estate, private mortgages, promissory notes, precious metals, cryptocurrencies, and private company stock. Last month, the SEC warned that assets in traditional IRAs — stocks, bonds, and mutual funds — generally fall under the agency's oversight, but that is not the case with self-directed IRAs, “which lack transparency.” 

David and I met at a Cracker Barrel restaurant.  He brought along his best friend.  I’ve known David (not his real name) for several years.  He has an easy laugh, is in his 40s, married with kids, and found him to be a straight-forward, church-going business person.

He said that, four years ago, he changed jobs and his insurance agent suggested that he use a self-directed IRA to improve his investment’s return.  At that time, you were lucky if a bank CD paid one-half percent.  His insurance agent said that he could get him seven percent.  The insurance agent set up the IRA and David wrote checks that totaled just under $50,000 to the IRA Trust company located in Ohio.  Next, he authorized the purchase of a promissory note that paid 7% and had a balloon payment to be made by the borrower that was due in three years – the payments were due a year ago. 

The promissory note was a year past-due!

After the balloon payment dates had not been not met, the insurance agent continued to stall and avoid David for several months.  When David contacted the trust company, he found that he had not received all the paperwork, and he did not recall seeing or signing some of the documents.  Another of David’s friends (a mortgage broker) said that the some of the signatures looked “exactly” the same and could be “traced forgery” signatures. 

A forgery expert taught a CE course I attended and suggested to the class that document signatures that appeared identical were often “forged.”  A “traced” signature is forged by tracing a genuine signature.  Often, the genuine signature is placed on a glass window and the target document is placed on top,  The fraudster then will trace the genuine signature producing a signature that is exactly like the original.   You probably couldn’t sign your name exactly the same two times in a row. Here is my past article on forgery

I told David that federal investigators have told me that forgery was a leading cause of insurance agents being convicted of fraud, going to prison, and losing their license.  In a complex investment crime, it was often the easiest part of the crime to prove.

David asked what I would do.  I suggested that he speak with his attorney, and I would be happy to help his attorney. 

It has been my observation that fraudsters use the same scheme several times.  If it worked on David, it probably would work on his other clients.  Someone might speak with the agent’s general agent.  Also, he might meet with the Indiana Department of Insurance or the Indiana Securities Division.

David called me a few days later to say that he found that a friend that had also invested in similar high return promissory notes and used the same Ohio trust company.  All of the promissory notes resulted in the money flowing directly into the insurance agent’s business account. 

Yesterday, David called to tell me that he was meeting with the Indiana Department of Insurance next week.

“I am more concerned with the return of my money than the return on my money.Will Rogers

Tuesday, September 4, 2018

Identity theft- the old fashion way

By Greg Wright
Certified Fraud Examiner
National Speaker

We read about the sophisticated hacking and ransomware attacks that damage entire networks, and the new ways to steal or fabricate someone’s identity.   However, it's easy to forget that some of the things that used to a problem in the past are still a problem.
Your credit card number plus the security code on the card is already in the hands of a fraudster or simply is being offered for sale on the dark web.  At the end of this article, I’ll tell you what I do to help protect my credit card from being used without my permission.  
In this past August, a data breach was discovered that affected restaurants throughout the Midwest. Investigators believe that the breach happened early in 2017 and continued through the end of that year. More than 500,000 credit cards were compromised in the breach.

The company has sent out notification letters to the victims and offered free identity monitoring for the affected customers. Maybe you got one. They also revamped the payment card system in April of this year, and they advised all of their customers to monitor their account information.
This incident shows that “old-fashioned” methods of stealing identifying information are still out there, even if they’re sometimes overshadowed by larger events.
To help minimize the risks associated with this kind of incident, there are steps that consumers can take:
1.     Ask your credit card to alert you about suspicious transactions – 
2.      Monitor your account statements

Greg’s tip: ask your credit card company for a new card number every year or when you see something suspicious or find out about a card data breach with a vendor that you have used.  

Sunday, July 1, 2018

Cell phone financial fraud – often an inside job

By Greg Wright
Certified Fraud Examiner
National Speaker

Increasingly, financial fraud victims report a scam in which their cell phone number is transferred to a new carrier without their knowledge, and financial accounts were then looted.

Once the cellphone number has been “ported” (transferred) to another carrier, the fraudster can gain access to the victim's various financial accounts by claiming to have forgotten their password and requesting a password reset via text message. He doesn’t physically need your phone to do this.  Moreover, if it is at night, you’ll be asleep . . .

The fraudster then changes your password, gains access to your financial accounts, and begins transferring money out of your banking, retirement and securities accounts. The fraudster acts quickly before you notice.

Because of the increased frequency of this scam, it may not be that you lost your cell.  Often, an accomplice employed by the cellular network contractor may have been used.  Yes, often it is an inside job.

My advice is to avoid using portable devices to conduct financial advice.  Never, never use WIFI.  But, if you must, whenever using the internet to make financial transactions, always use two-factor authentication*. 

I use checks, stamps, and USPS big blue mailboxes.  Old fashion, yes.  However, much safer.

Two-factor authentication involves using your mobile phone to receive one time passwords from the financial institution.  Without these codes, which are usually comprised of four numerical digits, the fraudster cannot carry out any transactions on your account, and even if he tried, you would be alerted to the fact that someone is in your online banking account because you would receive real-time confirmations.

Thursday, February 1, 2018

Latest Data Breaches. Are you exposed?

By Greg Wright
Certified Fraud Examiner
Certified Financial Planner™

Three Indiana data breaches reported by the Identity Theft Resource Center includes Hallmark Home Mortgage, Lincoln National Life Insurance and the Pension Fund of the Christian Church.

The reporting of all data breaches, since they have become more common, appears to provide less and less information.  Also, it has been determined that many data breaches are never reported.  

The Hallmark Home Mortgage was discovered, according to publicly reported data, on Nov. 17, 2018, and published (drumroll) on January 12, 2018.  Apparently, a former employee may have accessed some customers' personal information.  the company motto is "Our only interest is you."

Lincoln National Life Insurance Company data breach was published on January 26, 2018.  We have been unable to learn any other facts about this data breach.  The company motto is "Its name indicates its character."  Maybe they notified its policy-holders.  We do not know.

Pension Fund of the Christian Church became of the data breach and notified its membership, according to its official letter.  The data breach was published on January 16, 2018.  The organization's motto is "Strong Smart Secure."

It is a dangerous world.  You trust those that take your money and give them the keys to your identity.  Be careful.  Your identity is probably already for sale on the dark web.  Also, someone is using your Social Security number without your permission. 

What is your plan? 

Monday, January 15, 2018

Black Swan Events

By Greg Wright
Certified Fraud Examiner
Certified Financial Planner™

A black swan event is a metaphor that describes an event that is unexpected and has a significant effect on your way of life.  It can impact politics, economics and science.  The concept was introduced by Nassim Taleb, who studied randomness, probability, and uncertainty.   

Black swan events can also refer to your personal life as well as national or international economic/political events.  As a Certified Financial Planner, I have advised folks about the need for contingency plans covering uncertainty. 

When the term “black swan” first came into use, black swans were presumed not to exist.  This phrase was a common expression in 16th century London as a statement of impossibility: "A rare bird in the lands and very much like a black swan."  However, in 1697, Dutch explorers became the first Europeans to see actual black swans in Australia.  The term subsequently became a metaphor to connote the idea that a perceived impossibility or unlikely event might later be disproven. 

I do not limit black swans to politics, economics, and science.  Here are a few personal black swan events that can be life-altering:
  • Home or business destroyed
  • Bankruptcy
  • Public accusations or arrest
  • Accidental death or suicide

Here are a few recent Black Swan economic/political events you may recall:
  • 9/11/2001
  • 2008 financial crisis
  • 2009 European debt crisis
  • 2011 Fukushima nuclear disaster
  • 2014 oversupply of oil
  • 2015 Brexit

Here are a few potential 2018 black swans for you to ponder:
  • EU break-up
  • China real estate bubble
  • Global internet shut down
  • Japan gains nuclear weapons
  • Saudi Arabia gains nuclear weapons  
  • Trump impeached
  • Supervolcano eruption
  • 2% US unemployment rate
  • Deadly pathogen ravages world

What is your plan B?

Saturday, December 30, 2017

Is your financial adviser protecting your data?

By Greg Wright
Certified Fraud Examiner
Certified Financial Planner™

Small financial planning and investment advisory firms are cyberattack targets.  Many have been a data breach victim and do not know it.  Some know that they have been a victim and did not report it as required by law.  They did not tell you either. 

All of your financial and personal data – investments, tax returns, loved ones, business interests – may already be in the hands of a cyber-thief.  You may not find out until your assets have been compromised. 

Ask your financial planner, insurance agent and investment advisor a few basic questions;

  • How often do they conduct a cybersecurity audit?
  • Who conducts that audit?
  • The name of their cybersecurity third-party consultant.
  • Request a copy of the most recent audit.
  • Request a copy of their data breach response plan.
  • Where is your data stored?  Is the data stored in the U.S.?
  •  Is it encrypted?
  • The name of the software

Be prepared for a request for time to respond.  You may need a plan “B” 

Tuesday, September 5, 2017

Has the Indiana Dept of Education neglected our children’s safety?

By Greg Wright
Certified Fraud Examiner
Certified Financial Planner™

Last year USA TODAY graded Indiana an “F” on teacher background checks. 

The DOE has had an opportunity to improve that grade; but, appears to have done llittle or nothing since that article was published. 

While the Indiana DOE is responsible for verifying teacher’s degrees and licensing them, they do not check their background for felony convictions, sex crimes, inappropriate contact with students, etc.   

The DOE maintains that background checks are the responsibility of the school districts.  Not their responsibility!  No sir.  School district responsibility.  Thank you very much.

I asked a large school district if the DOE is helpful providing guidance, a “best practices” model, suggested background verification vendors, etc.

What does the DOE do to help your school district avoid hiring pedophiles or felons? She said:


An Indiana DOE staff attorney said her main responsibility is to work on teacher license, suspensions, and revocations.  Since 2013, the DOE revoked 48 teacher’s licenses for sexual misconduct with a minor and child molestation. 

I asked if any of the 48 had a prior criminal history.  The DOE did not know.

I asked if the 48 had undergone a background check before being hired.  The DOE did not know.

Did the DOE analyze these teachers -  these child sex offenders – to find out about their background?  That information could be helpful in knowing if the current background checking process and teacher licensing process might need to be adjusted.  Apparently, the DOE has no interest in learning how to keep child sex offenders out of our classrooms. 

I was quickly diverted to their media relations department.  They do not want to discuss this issue.  It is the school district problem.  Not the DOE’s problem.

Meanwhile, we continue to read about cases involving teachers and school coaches:
  • A basketball coach from private school pled guilty to coercing a 15-year old into exchanging sexually explicit messages.
  • Last summer a high school teacher faced charges of felony child seduction involving two female students.
  • A few months ago police arrested a High School teacher on two counts of child seduction.
·       Meanwhile, our state legislature has drafted a series of bills to – hopefully – lock this barn door.  However, each suggested change keeps the responsibility at the school district level.  The Indiana DOE is off the hook.  However, are Indiana's school districts equipped to conduct a background investigation of teachers, coaches, and volunteers?  Probably not.

It is easy to mess up a background check.  For example, a few years ago an Ohio State University employee killed a co-worker and shot two others.  Ohio State had conducted a background check on Mr. Nathaniel Brown that did not reveal that he had been in prison and had been charged with assaulting his girlfriend’s child. 

According to prison and court documents, Mr. Brown’s birthday was June 5, 1959.  However, Ohio State’s records listed it as June 4, 1959 – Only one single day difference!  The Ohio State background check showed Mr. Brown had a clean record.  One day made a big difference.  One person died and two were wounded.

School Districts do little to verify full legal name, maiden name, date of birth, etc.  They simply do not know how.  Most checks of parents and volunteer coaches are done over the internet.  The school volunteer can use any sort of name combination and date of birth to shield his or her past conviction of criminal assault, felony child seduction or rape.

How does your school district check out teachers, coaches, and volunteers?  Is the Indiana DOE doing its job to protect your kid?  How safe is your child while at school?