Raise your hand if you thought the forestry sector, including forestry consultants, would ever be the target of cyber-criminals. I know a few years ago I would have thought small fish like foresters wouldn’t be on the radar for cyberattacks and financial extortion attempts, but today I can name several forestry companies that have been a target, including F&W. In fact, recent studies indicate small businesses are increasingly the target of these attacks. Late in 2020 our accounting department received an “Invoice” in the accounts payable email box. Like other companies, we receive many invoices from various company activities and the user may not recognize the email sender. Although it appeared valid, when the document was opened it released a trickbot that started an attack on the network. Even with up-to-date security software, the attack was sophisticated enough to quickly morph and spread through the system. The anti-virus even caught the initial malware, but at that point, it had already spread. Thankfully we had cyber-insurance which allowed us to have immediate access to a company specializing in cyber-attack negotiations, forensics, and recovery. Even with the help of this specialist and a team of knowledgeable internal IT staff, many 100+ hour workweeks were spent on the recovery effort and restoring full functionality of IT services. Our dependance on emails and computers have never been clearer than during this time. Through this difficult situation, we learned much on how cyber-attacks happen and what can be done to reduce the risk of another. Cyber-security must take a layered approach and balance risk with costs and user convenience. Every company must decide where that balance is for their own situation. With that stated, below are some recommendations that will help reduce your risk of attack. Employee Training – whether you are a one-person shop or 100, training is extremely important. Learning the sign of phishing emails, social engineering, and safe computer use are the first step in preventing a cyber-attack. There are both free and paid options available that can educate users on what to look for. Multi-Factor Authentication (MFA) – you have probably heard this and are likely using it in some capacity. Most major technology providers have MFA built into their products now and it is highly recommended you take advantage of it. This way, even if your credentials are stolen, you should notice someone is trying to access your account. Backing up your data – We all know this is a good practice, but many let this slide. With client communications, financial records, and ongoing work products, losing data can be a critical hit to your business. Also keep in mind that cloud backups can be compromised if your credentials are stolen, so having a periodic offline backup is always a good idea. Keep software and operating systems up to date – Regularly update your computer and software so security patches are installed. Cyber-attackers often utilize these security vulnerabilities to access your system, and updates are an easy way to lower this risk. Take advantage of built-in security – Both Microsoft and Apple provide a suite of security measures built in. Take advantage and make sure items such as firewalls, anti-virus and controlled access folders are turned on and utilized. Advanced anti-virus software – Consider looking at some of the newer advanced anti-virus software that uses artificial intelligence to detect threats. These offerings go beyond the traditional methods of being able to catch known viruses based on updated definitions; they can analyze files and look for potential irregularities that may be an indication of a problem. Invest in cyber-insurance – Talk to your agent about cyber-insurance coverage. It was extremely helpful in a stressful situation to have someone assisting you through the recovery. They may also help pay for security upgrades and income loss.  Employing the recommendations above will go a long way in protecting your business against cyber-attacks. You should also consider having a security consultant review your system and provide recommendations based on your actual situation. This will be money well spent to reduce the chance of going through what we did.

CORONAVIRUS RELIEF FRAUD: The beginnings

The massive ongoing federal government effort to get COVID-19 pandemic relief to struggling American families and businesses has unfortunately attracted new and well-practiced criminals. They are taking advantage of the situation to get their hands on government money (our tax dollars). With the government’s focus on the urgency to work quickly, there were inevitable opportunities for fraud. It’s only after the fact that government fraud units are able to sift through the transactions and identify the fraudsters.

One case particularly alerted me to the problem since it was in my own backyard.

Read below about how someone here in South Carolina tried to fraud the US government over stimulus money designed to help individuals and businesses that were negatively impacted by the Coronavirus.
The huge amounts of relief money that have been made available over the past two years provided a tempting target for fraud, money laundering, and identity theft.
This month we take a look at what we know so far about the extent of the fraud. I suspect the numbers will become larger since the speed with which the stimulus packages were launched provided opportunities for theft. Now, various government agencies are able to take the time to look more carefully at how the money was actually spent and pursue prosecution where necessary.

The DOJ, IRS and Bridgett Dorsey fo Blythewood, SC

The Department of Justice sentenced 39-year-old Bridgett Dorsey of Blythewood, SC, to two years in federal prison for fraud relating to $1.2 million in Coronavirus relief funds. In the period from April to August 2020, Dorsey fraudulently applied for and received the money through seven Economic Injury Disaster loans (EIDL) and two Paycheck Protection Program (PPP) loans, along with two EIDL cash advances for seven businesses for which she was the alleged owner. 

Her application contained materially false information, including inflated business revenues and employee numbers as well as addresses where business did not exist. In some cases, she submitted false documentation or created businesses for the sole purpose of obtaining the loans.During the investigation, the IRS and the Treasury Inspector General for Tax Administration also discovered that Dorsey committed tax fraud through her businesses, Virtual Financial Services. Dorsey prepared multiple tax returns on behalf of others and claimed deductions she knew were false.

Between the DOJ and the IRS, the government seized more than $500,000 of stolen funds in bank accounts controlled by Dorsey and another account with approximately $130,000 was frozen. These funds will be applied toward the restitution owed by Dorsey, who paid approximately $184,000 in restitution before sentencing.

In the end, Dorsey was sentenced to 24 months in federal prison, to be followed by a three-year term of court-ordered supervision. There is no parole in the federal system. She is also ordered to pay more than $1 million in restitution stemming from coronavirus relief-related fraud in addition to $13,865 in restitution to the IRS for tax fraud.

Extent and Variety of Fraud Schemes

The CORONA-VIRUS government loans were offered as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to help small businesses financially manage the economic toll of the pandemic.Small businesses received more than $640 billion in forgivable PPP loans to apply to expenses including payroll, mortgage interest, rent, and utilities. The EIDL program provided low-interest loans for items such as accounts payable and other bills.

To date, nearly $100 billion has been stolen from government COVID-19 relief programs, according to the US Secret Service. The estimate is based on Secret Service cases and data from the Labor Department and the Small Business Administration shared with CBS news by Roy Dotson, the national fraud recovery coordinator for the organization.

Most of that figure comes from unemployment fraud. The Agency says it has more than 900 active criminal investigations into pandemic fraud, with cases in every state and 100 people have been arrested so far. People thought they got away with it because they received the money and no one came after them, even after a couple of months.

The $100 billion does not include cases being prosecuted by the Justice Department. In late December 2021, the Justice Department had prosecuted over 150 defendants in more than 95 criminal cases and had seized over $75 million in cash proceeds derived from fraudulently obtained Paycheck Protection Program ({PPP) funds, as well as numerous real estate properties and luxury items purchased with the proceeds.

Each application contained false information including overstating the businesses’ revenues, inflating the number of employees or providing addresses to businesses that did not exist.

The losses will undoubtedly get larger as time goes on. The reality is that the most egregious cases were handled first and those will take longer in the court systems.
 
In another more complicated example from Grand Rapids, MI, and Atlanta, GA, in April 2021 five men were indicted by a grand jury on multiple federal charges for fraudulently obtaining and misappropriating PPP loan funds. The indictment alleges that the five men received approximately $1.495 million through the Small Business Administration and the PPP for two shell companies. It is further alleged that the defendants attempted to transfer the money to cover up the fact that it was fraudulently obtained. Although the case is not concluded, these charges are part of an Organized Crime and Drug Enforcement Task Force (OCDETF) investigation by law enforcement officers in Michigan and Georgia, including the IRS Criminal Investigation, the Drug Enforcement Administration, the FBI, the US Secret Service and other drug and narcotics departments. 

So, what does that have to do with me?

In addition, there are other ways individuals can be personally frauded. The majority of CORONAVIRUS fraud that has been reported falls into two main categories – unemployment benefits and stimulus-check fraud.

1. Typically, the way these criminals are able to attempt to fraud the government is to obtain an individual’s personal information and use it to file a fraudulent unemployment claim. They then begin collecting benefits, while the person may have no idea what’s going on, especially if the person is not filing for unemployment. Those people will discover the fraud only when they file 2020 taxes returns and get a notice from the IRS that they failed to declare unemployment benefits as income.
2.  A small percentage of Americans have reported stolen stimulus checks. In some cases, the criminals have hacked an individual’s account and had the deposit diverted to another account.
3. Beware of fake scams and promises of protection against the virus with no basis in medical research.
4. Identify theft continues to be a problem, and those who are retired and receiving a Social Security check are especially a target. That has not changed with the CORONAVIRUS.

Finally, most thefts are found by early reporting of concerned citizens. If you learn of COVID fraud, contact the FBI at tips.fbi.gov. If you have been a victim of fraud regarding unemployment benefits, contact your state employment office Immediately.

TIMBER SECURITY 101

In October I was part of a timber security webinar sponsored by the Forest Resources Association. I summarized the history of the Forest Products Security Group and the fraud cases the forest industry has dealt with in that time. I also shared some prevention measures that could help curb theft and fraud. I thought I would review some of that same information here as a foundation for the work we in timber security live and breathe every day. Think of this as Timber Security 101, an introduction for those new to the industry and an update for those who have been in this business a long time.

Brief History of the Forest Products Security Group

In the 1970’s and 1980’s, most large forest industry corporations employed full-time Security Managers. Many were ex-FBI agents or law enforcement. They were tasked with addressing issues such as loss prevention, asset protection, intruder prevention, staff and client safety, access control, property damage prevention and more recently cybersecurity/data security . Their responsibilities included theft but also included people, property and data safety and security as well.

Then, in the early 1980’s Security Managers from six companies formed an ad-hoc security group to join forces to combat their common security challenges. Gene Mertz, Weyerhaeuser’s Security Manager was the driver in bringing together Boise Cascade, Champion Paper, Mead Paper, International Paper, Georgia Pacific, and Weyerhaeuser to spearhead this joint effort. Their premise – it’s quicker, cheaper, and more effective to learn from someone’s else’s experience. So, they met with the goal of comparing notes and best practices in combating theft and fraud.

By 1989, the ad-hoc group joined the American Pulpwood Association (now the Forest Resource Association, FRA). Both groups had essentially the same goals. During the 1990’s the Forest Products Security Group expanded into the FRA’s 6 regions in the US.

However, as the 2000’s began companies began downsizing security personnel, to the point that now there are only a few forest industry companies that have full-time internal security staff. Today, the Southern Forest Products Security Group comprising the South-Central and Southeastern Regions of the FRA still meets with the same goals of reviewing cases, sharing best practices, and networking. The group currently meets once a year and all are welcome. Please contact the FRA to make sure you’re on their mailing list!

The Magnitude of Timber Fraud

Timber security has come to mean the practice of preventing and detecting fraud within the forest industry. This includes issues in outright theft as well as theft schemes, but also abusive contracts, cybersecurity, trespass issues, stolen equipment and fuel, billing and accounting schemes and wire transfer fraud.

Not only are there a wide variety of issues to consider, but also, the number of players in the supply chain contributes to the complexity of preventing, detecting, and stopping criminal fraud. In general, the challenges are in the hand-offs.

That is where fraudsters see an opportunity to take advantage of the processes in place to find a crack where they can profit. By colluding with a colleague on the other side of the supply chain (for instance a trucker and a scale house worker), efforts can temporarily support personal gain.

The issues are exacerbated when staffing is low, economic conditions are tightening and organizations are too busy to spot red flags in their processes and systems. Compounding these issues prosecution and recovery of financial losses can be disappointing.

Depending on your role in the industry, the issues may change. For instance, landowners who own the land and the timber are concerned with trespass on the land, stolen timber, fake invoices, fraudulent contracts, timber merchandizing, and straw bids.

Mill owners are concerned with fake scale tickets, wood inventory schemes, wire transfer fraud, collusion, zone jumping schemes and scale manipulation.

And procurement staff are concerned with fake purchase documents, kiting timber, collusion, kickback schemes, bribery, zone jumping schemes, influence peddling and straw bids.

Is Timber Fraud a Problem?

We cannot answer the question about the extent of the problem exactly since many fraud cases are not discovered, reported, or prosecuted. However, we can look at data that is available through the Association of Certified Fraud Examiners (ACFE). The ACFE is the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. They have 90,000 members worldwide.

Each year the ACFE conducts and publishes their annual “Report to the Nations” which, in 2020, examined 2504 total fraud cases (895 in the US alone) reported by Certified Fraud Examiners and investigated between January 2018 and September 2019.

During that two-year time-period companies lost $3.6 billion dollars as represented in the report. Since 1996, based on actual cases, ACFE estimates average losses to be 5% of annual revenues. That means some had little or no losses and others had substantial losses. In either case, what kind of an impact would a loss of 5% of your annual revenue have on your business? To provide a sense of the scale of the US forest industries challenges, consider that the industry generates over $200 billion in annual revenues.

The ACFE reports a median loss per case of $125,000. To put that in perspective, the highest median loss in the report was the mining industry at $475,000, second highest was the energy industry at $275,000. Education had the least losses at $65,000. Organizations with less than 100 employees suffered a higher median loss than larger organizations.

Although 52% of companies run background checks to prevent hiring “bad” employees, in only 13% of the cases did a background check provide a clue to the fraudster. Internal control weaknesses are responsible for nearly 50% of all fraud cases and 33% are due to the lack of any internal controls whatsoever.

Some other interesting facts to consider:

→Typical fraud cases last 14 months.

→Corruption was the most common scheme and asset misappropriation is the least costly but represents the largest number of cases reported (86%).

→The top three departments where frauds are occurring are: operations, accounting, and executive management.

The Forest Products Security Group Cases

The Forest Products Security Group has been involved in cases for the past 32 years, covering all regions of the US. Here are a few samples:

1. $10 Million (an analyst diverts company funds to his personal accounts, Embezzlement).
2. $10 Million (Logger diverts company stumpage for his own benefit).
3. $7.2 Million scale house fraud.
4. $6.7 Million scale house fraud.
5. $4.5 Million fake timber advances into an employee’s accounts
6. $4 Million fake vendor/billing scheme into a husband’s company
7. $2.5 Million illegal sale of timber
8. $2.5 Million scale fraud (Log scaler out West)
9. $2 Million scale house fraud
10. $1.2 Million scale house fraud
11. $1.6 Million “cut and cover case” Keadle Lumber case (THE CASE 1989)
12. $1.2 Million scale house fraud
13. $1 Million scale house fraud
14. $1 Million logger diverts wood for his own benefit
15. $750,000 scale house fraud
16. $600,000 – wood dealer shorts landowner
17. $400,000 scale house fraud
18. $300,000 scale house fraud
19. $300,000 – Landowner discovers 125 acres cut without his permission
20. $100,000 – scale house fraud
21. $50,000 – scale house fraud

It is worth noting that only 20% of cases are actual theft of wood. More noteworthy, 75% of cases are creating or altering documents, primarily scale house fraud but also including embezzlement, billing schemes, etc.

Response of the Industry? Mitigation Efforts are Increasing

The use of targeted anti-fraud controls has increased over the last decade. These controls include formal anti-fraud policies, fraud training for employees and managers/executives and hotlines. These anti-fraud controls have resulted in lower fraud losses and early detection.

Preventive efforts remain the best place to put efforts and dollars.

Once a case is identified, the investigation and prosecution become very expensive. This has led many companies to forgo pursuing prosecutions and settling for terminating employment or contracts to stop the losses without attempting to recover them. This may be a contributing factor in the failure of background checks picking up fraudsters. There simply is no record.