Diary of a Bad, Bad Bookkeeper: Paypal

Betty Bookkeeper Headshot

Dear Diary,

Betty Bookkeeper HeadshotToday I got an intriguing email.  The email was a confirmation from PayPal.  It said that we had spent $150 on an online order.  Since the company does not have a PayPal account, I knew it was a scam – a Phishing Scam, where some con artist is trying to get access to our account.  When you click on the links in the email, you are taken to a fake PayPal page where you are encouraged to log in and verify the purchase (or deny it), and then the fake website captures your real log in details and the con artist can then empty out your PayPal account.  Any good back office person knows – you never click on links in emails from financial websites (because it’s easy to “cloak” the website links).  You always go directly to the original website and log in there. 

Obviously the PayPal notice was a con…but it got me thinking.  Our company does not have a PayPal account…but we could.  It only takes a few minutes to set up, and then you can make payments from any checking account or credit card account that you link to it. 

So I opened one. 

Then, I went online and made a purchase to Office Depot. 

When I checked the bank balance online, I saw that the payment was debited as a PayPal account to Office Depot.  As far as I’m concerned, the explanation from the bank is simple enough to satisfy the boss.  Now, I don’t need to forge checks unless I really want to. 

Now the only question is…what should I buy

*******************************************************************************

In this mini story, there are actually two cons I’ve brought up:  The Phishing Scam and The PayPal Weak Link. 

The Phishing Scam is an actual scam where a thief sends a fake email encouraging you to click on the link in the email.  By doing so, they can capture your login information and then clean out your bank accounts.  PayPal Emails are the most common financial cons.  After PayPal, sending emails from banks would be the second most common way con artists get information from their victims.

There are three easy ways to spot these scams: 

  1. Banks and financial institutions have standard, precise emails already created that always use the same verbiage.  Phishing emails, on the other hand, often have misspellings and/or sentences that don’t make sense.  If anything doesn’t seem right with any financial institution’s email, it probably isn’t from your financial institution.   
  2. When you open the email, you will see the “From” address is not necessarily from the financial institution it claims to be from.  Whatever is after the “@” sign is the website address.  Anything in addition to the normal address probably means the email is a scam.  (For example:  …@paypal.fakesite.com or …@fakesite.paypal.alerts.com.)  Both the paypal.fakesite.com and the fakesite.paypal.alerts.com are completely fake because whatever comes before the .com is the site.  That means, these sites would be fakesite.com and alerts.com…not PayPal.com.   
  3. And finally, banks and financial institutions openly encourage customers to NOT click on links from their emails because Phishing Scams are so common.  Instead, they will tell you to go directly to their actual website to log in so that you can verify if the email is from the bank or not (and thus the alert is fake or not). 

Also, it’s common to get emails from banks you don’t even have an account with.  If that happens, obviously you can ignore those…but if you are concerned that an embezzler has opened an account in your name, just print out that email and go down to the bank to see if you have an account or not. 

AND when in doubt – go directly to the source…never click on the links in an email from a Financial Institution. 

As for the second con – The PayPal Weak Link: 

It is very, very easy to open a PayPal account and link it to a checking account…any checking account.  PayPal has a very simple verification process, which means that creating a PayPal account is easy for anyone with access to your checking account information, including your bookkeeper.  From there, it is very easy to steal money because PayPal and the bank account link together in order to create instant money transfers.  Plus, money can be sent to anyone with another PayPal account, and everyone takes PayPal these days (including airlines and other travel agencies), so stealing becomes very easy.

Therefore, to protect yourself from someone linking a PayPal account to YOUR checking account, you need to link it first.  In other words, you need to be the one to create a PayPal account with your checking account.  PayPal only allows a checking account to be linked ONCE, which means no one else can use the checking account information.  Once you have linked it, keep that information to yourself.  There’s no need to share it with your bookkeeper or anyone else because business’s should stick to using Bank Bill Pay and writing checks…Period.  PayPal should only be used by one person…the creator of that account.

Thus, if you don’t have a PayPal account, start one immediately in order to protect your checking account.  If PayPal does NOT let you create a PayPal account, then an embezzler has already linked to your checking account, and you need to consider closing it.  This is one of those huge companies that you just can’t avoid, and you really shouldn’t avoid. 

Diary of a Bad, Bad Bookkeeper: Why the Accountant Did NOT Catch Me

Dear Diary,

Let me just say – WhewWhat a relief.  Tax time is over and I got off scott-free.

You see, I was very concerned that when I handed over the business books to the accountant this year, I would be busted – caught – nailed to the wall.  I was sure I’d be in Shawshank before long, and I was almost tempted to clean up my act – almost.  I was sure I was cooked when the accountant called me a couple days ago and asked for the bookkeeping program’s “Accountant backup.”  How could the accountant NOT see at an instant that I’ve been embezzling from the company for months now, especially when they have completely access to everything I’ve done?

But I got lucky.

Turns out, the accountant only wanted the backup of the program so that he could enter the usual accountant adjustments like depreciating the assets, updating interest balances, and adjusting the Cost of Goods Sold account.  And thankfully, most of that information was updated from the reports that I created for the accountant’s perusal.

Still, it was a long couple of days as I waited for the Accountant’s copy to be returned.

And then the wait was over.  The accountant copy was back and the accountant had praised me to the boss.  He went so far as to say that I “kept a clean set of books.”

The boss was so happy, he gave me a raise.

I never thought I’d say it – but I’m glad the accountant looked at the books.  I can’t wait until next year.  I’m thinking, maybe I’ll create a second set of books… just in case the accountant ever decides to look closer.

******************************************************************************************

Why the Accountant Did NOT Catch the Embezzlement

E.T. Barton

This is a concern I hear from a lot of business owners that were embezzled from.  Even more often, I hear business owners that have NOT been embezzled from telling me that they are NOT worried about embezzlement because “they have an accountant.”  Both types of business owners usually believe that when they hand over their books at the end of the year, the accountant is automatically going to look deeply between the lines and spot anything suspicious.

FINDING EMBEZZLEMENT IS NOT THE ACCOUNTANT’S JOB… not unless they’re asked.

During tax time, accountant’s are bombarded with books from various businesses.  They have a very limited amount of time to do everything from sending out tax forms to making adjustments to various accounts.  In other words – tax time is an accountant’s “busy season.”  They often have a preset list of actions to do with any business’s books.

Another Example of Missed Embezzlement

Let me state this another way.  Recently, I have been working with a non-profit branch of a company that reports their profits and losses to their “parent” company.  Since the company is a non-profit branch (or chapter) and NOT a business that is run in the usual ways, this branch reports does NOT report directly to the IRS or an accountant.  Instead, they are sent a questionnaire from the parent company that they have to fill out and send back to the parent company.  They are not asked for any backup, which makes it even easier to steal from the branch.

Recently, when I reported to the parent company that I saw signs of embezzlement in this particular branch, the parent company said they would look into the financials.  When they looked over the reports that the embezzler made up for the chapter, they reported no signs of embezzlement.  They openly admitted that they had to have a closer look at the records and the bank statements in order to verify if their was embezzlement or not.  And since the branch (chapter) is not required in the non-profit policies and procedures, the branch could very well go under if a closer look at the books is not performed immediately.

How to Catch this Kind of Embezzlement

The only way for an accountant to catch this type of embezzlement is to have the business owner actually ASK the accountant to look for embezzlement.  If the accountant is not asked, they will not look closer.  They will go through their preset list of actions and look no further.  The other way is to have someone else – preferably another bookkeeper – look more closely at the reports and compare them to the bank statements.

Diary of a Bad, Bad Bookkeeper (Day 127) – The Payroll Tax Scam

Dear Diary,

Today, I was bored at work.  Really bored.  I mean – surf-the-internet-looking-for-designer-handbags bored.  (And I don’t even like designer handbags…although I wouldn’t mind a Brighton.)

Anyway…it was Payroll Day, which usually I’m happy about.  When payroll comes around, I take my sweet time entering all the timecards and wages.  I tell the boss it’s an all-day project, but in actuality, I’m done before lunchtime.  I usually bring the checks into his office around 4PM, thus I get the rest of the afternoon to screw around online.

So there I was, surfing Bag, Borrow or Steal, when the receptionist walked in.  I quickly switched the windows on my computer to show the payroll.  Ironically, it was my own check.

“When do you think the payroll checks will be ready?” the receptionist asked me.

“Why do you wanna know?” I asked in my most annoyed voice.

She inched toward the door, clearly uncomfortable by my unwelcoming persona.  “It’s just, I have to leave at lunchtime, and I’m going on vacation for the weekend.  I was kinda hoping to get that check before I left.”

“Oh.  Well then, I’ll put a rush on your paycheck,” I told her.

Her little ears actually turned pink with pleasure as she thanked me effusively and scooched out of my office.

That was when I turned my attention back to the monitor and realized something.  I had inadvertently changed my Federal tax deduction amount from $200 to $0.  I don’t think I’d ever realized before that it was so easy to change the payroll taxes before cutting a check.

It was my Ah-Ha moment – like Oprah always talks about.  I realized in that moment, I could zero out my taxes to get more money with every paycheck, but then still pay the regular tax amount to the IRS each and every payday.  Then, at the end of the year, I could file my taxes and get a BIG-FAT refund.  Even better, I could make my boss overpay the taxes on everyone every week and file the paperwork at the end of the year declaring that all of those excessive taxes were deducted from my paychecks alone, and then get an even larger refund.  If I could manage to make the weekly payroll amounts the same every payday, the boss wouldn’t think to look twice at the money being deducted from the account.

The question now is:  how much can I get away with paying before the boss notices a difference?
__________________________________________________________________________________
To Stop this Kind of Embezzlement:

This is one of the sneakiest types of embezzlement, especially because it’s common for an employer to pay a lot of money in payroll taxes.  Also, it’s common for bookkeepers to adjust individual government taxes for each pay period because usually, it’s only the individual employee who would have to face the consequences – that of dealing with the IRS at the end of the year and trying to get a refund or make up the difference.  The biggest embezzlement possibility happens when the final paperwork is filed at the end of the year – the paperwork that details out who paid what in employee/employer taxes.  It is on that paperwork where an embezzler can declare that they overpaid in their taxes and thus deserved to get ALL of that money back.

Therefore, to catch and prevent this kind of embezzlement, you need to:

1)      Look closely at the individual taxes of the person who creates the paychecks.  (This should be on an attached paystub.)  Compare it to someone who makes approximately the same amount during that period.  Look to see if the tax amounts are very different or only slightly skewed.  A big difference will either mean that the two individuals claim different deductions during the year, or that the tax numbers were overridden.

2)      Periodically, add up the individual taxes for all of the employees being paid.  Once you have a total tally, compare it to the payment that was made to the government.  (You should see this on the bank statement or credit card statement that was used to make the taxes.)  If the totals are not the same, then you definitely have a problem.  That problem could be embezzlement, or it could just be that your bookkeeper is dyslexic.

3)      Finally, have someone other than the person entering the payroll fill out the final payroll tax paperwork at the end of the year.  Even though it will cost you more to pay an accountant to do this, it could potentially save you thousands in overpaid taxes that an embezzler will claim as a refund.  All you have to do is send a copy of your bookkeeping file to your accountant, and then your accountant can take a closer look at anything that doesn’t look right.

If you have any other suggestions on how to stop this type of embezzlement, please share it.  The only way to stop embezzlers from destroying the companies they work with, is through educating each other about how they’re getting away with it.