swindles, cheats and scams - prosperident · the practice mrs. smiles ... 10. 987654321 11....
TRANSCRIPT
© Prosperident 2017
Swindles, Cheats and Scams
David Harr is MBA, CPA, CMA L i c en s ed Pr i v a t e I n v e s t i g a t o rCEO Pro sp e r i d en t I n c .
© Prosperident 2017
Swindles, Cheats and Scams
David Harr is MBA, CPA, CMA L i c en s ed Pr i v a t e I n v e s t i g a t o rCEO Pro sp e r i d en t I n c .
© Prosperident 2017
ABOUT TODAY
Questions
Handouts https://www.prosperident.com/handouts-from-scams-cheats-and-steals-presentation/
© Prosperident 2017
TOPICS
Identity theft and “free dentistry”
Confidence schemes and “supplier fraud”
Bulk theft of information
Internet fraud
Avoid the biggest hiring mistake.
© Prosperident 2017
DENTAL OFFICES ARE EASY TARGETSDentists and employees are “altruistic healers”
Criminals think differently
Allows them to take advantage.
© Prosperident 2017
PHYSICAL ASSETS THEFT
© Prosperident 2017
THE BURGLAR
Computers and other expensive equipment
Possibly cash (and even narcotics ?!)
Alarm system, “No Narcotics” sticker
Watch what happens in one dental office.
© Prosperident 2017
GONE IN 3 MINUTES
© Prosperident 2017
CREDIT CARD THEFT
Thief can process “refund”
Moves money to credit card
Default password, pass-card.
© Prosperident 2017
MEDICATION THEFT
© Prosperident 2017
© Prosperident 2017
EMPLOYEES
© Prosperident 2017
THE LOST PRESCRIPTION
Dental patient had major treatment yesterday – Rx Tylenol 3
Patient arrives today in discomfort
Wallet with prescription stolen
Copy of police report
Needs prescription replaced.
© Prosperident 2017
PROFESSIONAL COURTESY SCAMDentist visiting from the Western US
Wife dying of cancer –taking one last trip in their motor home
Medications ran out. Pharmacies wouldn’t honor script
Could my client, as a courtesy to another dentist, provide renewals?
© Prosperident 2017
THE DYING PERSON SCAM
Thieves scan obituaries
Show up at residence
Sent by the hospital to collect medications for disposal
Obituaries contain lots of details.
© Prosperident 2017
© Prosperident 2017
FREE TREATMENT / IDENTITY THEFT
© Prosperident 2017
WHAT WOULD YOU DO?
I managed a general dental office many years ago
Patient received $4,000 bridge, paid by cheque
I had a bad feeling
Tried to get certified.
© Prosperident 2017
WHAT WOULD YOU DO?
Here is what I did:
1. Found out when she got paid. Tried to certify the day after payday – no luck
2. Asked how much money in account – wouldn’t tell me.
© Prosperident 2017
INSPIRATION!
3. I asked whether, if I deposited $100 to the account, the cheque could be certified. No.
4. Would $300 deposit work? Yes.
5. I took $300 of my own money, deposited and certified
6. Phoned me -- was furious. I referred her to the Criminal Code provision concerning bad cheques.
© Prosperident 2017
GRAND THEFT DENTAL!
An existing patient, Mr. Smiles, brought his spouse to the practice
Mrs. Smiles needed major work, which was billed to her husband’s insurance
The office phoned the Insurance Company when the claim not paid; the response was: “there was no possible way the person treated in your office was Mrs. Smiles”.
© Prosperident 2017
GRAND THEFT DENTAL!
Office called Mr. Smiles, who showed up (immediately) with cash to pay the balance
What’s going on?
© Prosperident 2017
GRAND THEFT DENTAL!
The person appearing as Mrs. Smiles was actually having an extra-marital affair with Mr. Smiles, who apparently offered the use of his wife’s coverage as one of the benefits of the affair
No wonder he was “Mr. Smiles” .
© Prosperident 2017
STEPS TO TAKE
Positively identify new patients / responsible parties
Copy their driver’s license or other photo identification
Your software may support web-cam or image capture
Verify identification at visit by asking “open ended” questions
Secure computer screens
Turn off when not in use
Screen savers with password protection
Lock Screen (a feature in some software).
© Prosperident 2017
© Prosperident 2017
CONFIDENCE SCHEMES
© Prosperident 2017
THE PHONY SUPPLIER SCAM
A person comes in when the staff member who normally orders supplies is away
He drops off goods ordered by (name of ordering person)
Needs signature
Goods were not really ordered, document signed was an order form
Goods are quite overpriced and have a 30% “restocking fee”.
© Prosperident 2017
INVOICES / STATEMENTS
Mail that looks like a supplier’s invoice (used to be non-standard telephone directories, now domain renewal)
Some of these false invoices get paid.
© Prosperident 2017
BULK INFORMATION
THEFT
© Prosperident 2017
PRIVACY PROBLEM
Dental office loses backup USB drive
Someone finds it and uploads to a file sharing site.
© Prosperident 2017
© Prosperident 2017
LOTS OF MISTAKES HERE
1. Backup not encrypted
2. Both program and data backed up
3. Flash drive used as backup medium
4. Loss of medium not identified.
© Prosperident 2017
HUMAN ERROR
“This is Mark Stevens calling from Claims Processing at Manulife.”
“I have some bad news for you -- one of our new staff miscoded your provider number on all of your transactions last week. It is going to take us a few weeks to fix, and we won’t be able to process any payments for your office until this is corrected”.
© Prosperident 2017
HUMAN ERROR
“However, we can fix this a lot faster if you can reprint all the claim forms you submitted to us from April 1 to last Friday”
“Great. Thanks very much for this. Can I send a courier to your office at 2:00 pm?”.
© Prosperident 2017
APPLE GIFT CARDS?
A receptionist at a Manhattan dental office stole confidential information from hundreds of patients, opened fraudulent credit lines and bought hundreds of thousands in Apple gift cards, authorities saidAnnie Vuong, 27, allegedly copied the confidential records of over 250 patients, including their dates of birth, addresses and Social Security numbers and emailed the pilfered data to her cohort, former Apple salesman Devin Bazile, 30, court records showVuong, her attorney said in court, is currently working for American Express.
© Prosperident 2017
CAN YOU BELIEVE IT?
Patients attempting to access accounts and write off the balance.
© Prosperident 2017
WIRELESS INTERNET ACCESS
Convenient, but a really bad idea
Staff at medical office using Wi-Fi of the dentist next door.
© Prosperident 2017
INTERNET SCAMS
© Prosperident 2017
VULNERABILITIES?
Phishing
Cons
Malware
Social networking scams.
PHISHING FOR INFORMATION
© Prosperident 2017
Our Valued Customer,
For your security, Wells Fargo Bank has safeguard your account when there is a
possibility that someone other than you is attempting to sign on. You now need to verify
your Identity.
To verify your identity, kindly follow reference below and take the directions to instant
activation.
http://online.wellsfargo.com/verification/
Thank you for helping us to protect you.
Security Advisor
Wells Fargo Bank, N.A., Member FDIC
Subject: Wells Fargo Bank Security Alert
From: Wells Fargo Online Banking <[email protected]>
© Prosperident 2017
HOW TO DEAL WITH PHISHING
Type web site yourself instead of using link
Enter an incorrect password.
“HTTPS:” in the address bar
Change password frequently (more on passwords later)
Don’t show email addresses on office web site.
INTERNET TRICKS
© Prosperident 2017
© Prosperident 2017
THE REAL EMAIL ADDRESS !!
© Prosperident 2017
© Prosperident 2017
VIRUSES
Have current protection software installed
Viruses often disable automatic updates of anti-virus software
Manually scanning computers monthly
Use spam filter to move high-risk attachments to spam folder
Generic wording in an email that has an attachment
Caution in opening ANY email attachment. Danger normally from “executable” attachments (.com, .exe, .bat, .vbs). Watch for sneaky “double named” attachments (family newsletter.doc.vbs)
Potential for “macro virus” in .doc, .ppt, .xls files
“.zip” files are containers for other files that may contain viruses.
© Prosperident 2017
SPYWARE
Sometimes accepted by people in exchange for free software or site access
Can change computer settings (e.g. default search engine)
Can gather information used to target ads to you
In extreme form, can log keystrokes to send login IDs and passwords to a hacker.
© Prosperident 2017
“RANSOMWARE”
Locks up your computer until you pay someone to unlock it
Often starts by sending you a “your computer is infected” message. Clicking on the “clean” button installs the hostageware
Has now caught many dental offices
Often corrupts files.
© Prosperident 2017
WHAT TO DO
Install, run and update anti-spyware software
Don’t click on a “pop-up” that doesn’t look like your installed virus software
“User access control” (Windows Vista, 7 and up)
Hardware and software firewalls
Avoid “port mapping” or “DMZ” settings
Consult network security expert.
SOCIAL NETWORK SCAMS
"Scams related to social networks are one of the fastest growing methods used by thieves to steal consumers' valuable personal identification information and money,“
Scott Mitic, CEO of TrustedID.
© Prosperident 2017
© Prosperident 2017
SOCIAL NETWORKING EXAMPLE 2In a recent survey, 40% posted travel / holiday plans
University of British Columbia researchers created 102 fake Facebook profiles – 60% accepted random friend requests.
Information useful to a thief.
© Prosperident 2017
STARBUCKS APPLICATION FOR IPHONE“Our easy-to-navigate store locator points you to the closest store. And if you feel like being social, you can share your location through Facebook and Twitter”
“Come rob my house!”.
© Prosperident 2017
WHAT TO DO
Privacy settings
Very public place.
“Innovative” uses (divorce?).
Applications are “open” and can permit other programs to link, cross post etc.
PASSWORDS
© Prosperident 2017
MOST COMMON PASSWORDS IN 2017
1. 123456 2. 123456789 3. qwerty
4. 12345678 5. 111111 6. 1234567890
7. 1234567 8. password 9. 123123
10. 987654321 11. qwertyuiop 12. mynoob
13. 123321 14. 666666 15. 18atcskd2w
16. 7777777 17. 1q2w3e4r 18. 654321
19. 555555 20. 3rjs1la7qe 21. google
22. 1q2w3e4r5t 23. 123qwe 24. zxcvbnm
25. 1q2w3e
© Prosperident 2017
WHAT MAKES A GOOD PASSWORDNot related to personal data (birthdate, son’s middle name etc.)
Not a full word or phrase
Contains small and capital letters, numbers and symbols
Why?
© Prosperident 2017
HOW LONG TO CRACK?
“password” – instantly
“hipasugu” – 52 seconds
“hipAsuGu” – 3 hours
“h1pAsuGu” – 15 hours
“h1p@SuGu” – 3 days
“H1p@SuGu9” – 275 days
“H1p@SuGu9%” – 58 years
Source – howsecureismypassword.net
© Prosperident 2017
SUMMARY
Dental offices present attractive targets
In addition to traditional attacks like theft of physical assets and medication scams, thieves are now targeting the information offices possess
Awareness and vigilance on the part of all staff members is required if thieves are to be defeated.
AVOID HIRING MISTAKES!
© Prosperident 2017
QUOTES FROM VICTIMS
“She was the last person you would think would be an embezzler”
“My embezzler was a Sunday School teacher”.
MEET THE CHAMPION…
IRINA FOOKS (CHERNYAKHOVSKY)
© Prosperident 2017
APRIL 2009
© Prosperident 2017
JANUARY 2016
© Prosperident 2017
© Prosperident 2017
APRIL 2016
Listen to her talk about former employer
© Prosperident 2017
DID YOU KNOW?
Number of Canadians with criminal records – 2.9 million (1 in 10 adults)
Percent of resumes that are misleading --78%
Resumes that: State fraudulent degrees -- 21%
Show changed employment dates -- 29%
Have inflated salary claims -- 40%
Have inaccurate job descriptions -- 33%
Give falsified references -- 27%.
© Prosperident 2017
OBJECTIVES
Some simple tips to help weed out the dangerous when hiring
Background checking – what you need to know
How to find out what an applicant is hiding from you.
© Prosperident 2017
DANGER!
Hiding previous negative employment.
Fraudulently claiming credentials / qualifications
“Overselling” capabilities / qualifications
© Prosperident 2017
BEFORE YOU START SEARCHINGFirst tip – define the job requirements BEFORE you start looking at applicants. This prevents getting influenced by an applicant who is appealing, but doesn’t have the right skills
Second tip – proactively collect job candidates to reduce “panic hiring”.
© Prosperident 2017
WEEDING OUT
In today’s economy it’s common to get 100 or more resumes for a posted job
Some simple (and fairly arbitrary) rules can reduce the pile to a manageable one.
© Prosperident 2017
CAN THEY FOLLOW RULES?
Applicants should be required to submit resumes by email (may set up a single-purpose Gmail or Yahoo account if discretion needed)
Provide a random “reference number” when posting the job and ask applicants to quote it in their cover letter.
© Prosperident 2017
LITERACY
Discard any resume with even one typo or grammar mistake, or a poor visual appearance
Discard any resume with a generic (i.e. non-personalized) cover letter.
© Prosperident 2017
HOW TO AVOID “COACHED CANDIDATES”Avoid questions with obvious answers
Watch questions that are coachable
Use “role-play” questions.
© Prosperident 2017
THERE’S EVEN A HOW-TO WEB SITE – WWW.FAKERESUME.COM
© Prosperident 2017
BACKGROUND CHECKING
“References” are useless. I want to speak with former employers
Check photo identification for applicants
Criminal record check
Credit report (if job-relevant)
Credential verification (if required for job)
Social networking check – look for criticism of employer, high-risk behavior etc. Also, see if anyone in the office is a social media “friend”. If undisclosed, means trouble
Drug test.
© Prosperident 2017
COMMENT FROM ONE CONVICTED FELON“dental game is great no back round checks unless u work with kids great money easy hrs and its the same thing over and over”
© Prosperident 2017
BIG MISTAKE
Avoid using any phone number given to you by an applicant
Find phone numbers independently.
© Prosperident 2017
Office Mgr’s name
DisposableCellPhone
© Prosperident 2017
BACKGROUND CHECKING CONSIDERATIONSApplicant’s consent needed
Limitations of online searches
Limitations of criminal records checks“Charged but not convicted”
Negative information not always relevant.
© Prosperident 2017
HOW TO DO A REFERENCE CHECK“Open-ended” questions are your friend
“Please confirm job title and provide EXACT dates of employment”
“Who were immediately previous and subsequent employers?”
Try to verify salary
Ask reason for leaving, and who initiated
My favorite question – “Would you re-hire?”
© Prosperident 2017
EMPLOYMENT GAPS
Danger sign – may mean that applicant was terminated from previous job without warning, or used to hide a job they don’t want you to know about
Need to be thoroughly investigated – “travelling through Europe”, “home with children” etc
How can “out of work force” claims be substantiated?
© Prosperident 2017
ONLINE SEARCHING OPPORTUNITIESLinkedIn (often has resume – can be compared with one given to you)
Online white pages – correlate address / phone number given to you with information given by applicant
Social networking / Google searching
© Prosperident 2017
HOW TO GIVE A NEGATIVE JOB REFERENCE“I will confirm employments dates and will only answer one other question”
“That question is ‘would you rehire this person?’”
© Prosperident 2017
“PLEASE DON’T CONTACT MY CURRENT EMPLOYER”
Complete all other background checking and make conditional employment offer to applicant
If offer is accepted, check with current employer.
© Prosperident 2017
SUMMARY
Dental offices are attractive targets
Focus on healing and helping people makes you vulnerable
Constant vigilance and awareness is required
MEET A TEAM PLAYER
© Prosperident 2017
© Prosperident 2017
WE ARE HERE TO HELP
Phone – 888-398-2327 from 8:00 am – 4:00 pm Eastern Time
Email (checked after hours by on-duty examiner) [email protected]
Web – www.dentalembezzlement.com
Personal email address–[email protected]