THE MARCONIAN | Volume IV, Issue 5
Quote of the Week: "Unless commitment is made, there are only promises and hopes; but no plans."
-- Peter F. Drucker
February 5, 2016 - In This Issue:
Weekend Weather
Partly Sunny
Fri., Feb 5
Mostly Cloudy
High 33 Low 28
Partly Sunny
Sat., Feb 6
Partly Cloudy
High 39 Low 41
Cloudy
Sun., Feb 7
Cloudy
High 44 Low 29
Chicago Sports 
 Sunday, Feb 7
 Panthers vs. Broncos
 5:30 PM, CBS
 Saturday, Feb 6
 Blackhawks @ Stars
 7:00 PM, WGN
 Friday, Feb 5
 Bulls @ Nuggets
 8:00 PM, CSNC

 Saturday, Feb 6
 Bulls @  Timberwolves
 7:00 PM, CSNC
FEI Chicago Chapter Events
Professional Development Meeting

Thursday, Feb. 18 at 3:00 PM

The Metropolitan Club
233 S Wacker Dr.

1st session (3:30pm - 4:30pm)

Building Life Relationships by Being "All In"

Attendees will learn how to go beyond networking and into building life- long relationships that are critical not only when 'in transition' but mainly while employed. It will highlight key ways in which FEI membership can be leveraged and fully utilized beyond the dinner meetings and structured gatherings. It places emphasis on being "all in" in building relationships while employed. Aaron will provide practical tips, tools, and ideas on how to accomplish this through both FEI and other sources. This will be an interactive session with audience engagement. 

2nd session (4:30pm-5:30pm)

Social Media - Employer Actions and Employee Protections

The production manager wants the quality inspector terminated for what she wrote on her Facebook page. She accused the company of sending out the damaged parts to customers and complained about that the production manager failed to investigate her harassment complaint. Another employee "liked" the posting. What should the company do? What are the implications of the company's actions? Should the company have a policy? What about the right of privacy? The company's reputation? Learn what steps to take to protect the company and reduce the risks of suit.

Click HERE to learn more!

Weekend Events
Where to Watch Super Bowl 50 in Chicago

by Chicago Eater

Sunday, Feb 7
Approx. 3:00 PM

Various Locations

Whether you have rooting interests or are just watching for the commercials, chances are you'll be tuning into the Super Bowl on Sunday, Feb. 7. If you're headed out to enjoy the big game, check out the following spots for food and drink specials. Chili cookoffs, all-you-can-eat wings and whole smoked pigs are just a few of the reasons you should be excited, even if football's not your thing. Listed in alphabetical order.

Click HERE for the full list!

Fraudsters Undeterred by IRS's New Security Measures
by Michael Cohn|Accounting Today

The Internal Revenue Service's new security measures this tax season to counter identity theft and tax fraud appear to be having little impact so far on criminals, according to a security expert who monitors the online chat rooms where fraudsters swap taxpayers' sensitive personal and financial information.
SecurityScorecard, a computer security service based in New York City, has detected a significant spike in chatter relating to IRS tax fraud this tax season, as in past years.
"Since it's tax season again, we're noticing again that they are focusing on defrauding the IRS and more specifically defrauding U.S. taxpayers and the services that they use to process their tax returns in order to basically fill prepaid cards and cash them out with the returns before the actual person is able to," said SecurityScorecard chief research officer Alex Heid. "They do that using a series of prepaid cards that are set up with fake identities. They use the same information from the fake identities to file a tax return before the actual person does, and it usually requires the coordination of several individuals."
Last year, the IRS teamed up with state tax authorities, tax software developers, and major tax preparation chains on a security initiative in which they share information to deter identity thieves (see IRS, States and Tax Industry Adding New Safeguards to Curb Identity Theft). As part of the initiative, the IRS, states and tax industry are sharing more than 20 new data elements on tax return submissions this tax season to help detect identity-theft related filings. In addition, the software industry is putting in place enhanced identity requirements and validation procedures for their customers to protect accounts from identity thieves.
Despite these steps, some major tax software vendors such as TaxAct and TaxSlayer have needed to send out warnings to thousands of customers this tax season letting them know their information may have been compromised (see TaxAct Detects Data Breach and Suspends Customer Accounts and TaxSlayer Experiences Identity Theft Attack). Nearly two dozen Liberty Tax Service franchises have also been caught sending high volumes of suspicious tax returns in the state of Maryland (see Maryland Suspends Liberty Tax Service Franchises).
SecurityScorecard found that criminals, mostly from overseas, are still finding ways around whatever new security measures are put in place and openly talking about their successes. Heid is seeing such discussions on underground forums on both the so-called "Darknet," such as private invitation-only peer-to-peer networks, and the "Clearnet," where information is unencrypted and more accessible.
"A lot of the forums are invite only and closed to the public, so they're not being indexed on Google," said Heid. "They like to keep a lot of their stuff closed and invite only where they'll have multiple people vouch to even allow you access to the forum. We were able to gain visibility into these underground regions where we normally wouldn't have access because, just as hackers are constantly attacking corporate targets, they're also attacking each other. They brag about it. There are inter-crew rivalries constantly, and we just keep our ear to the ground for when they release the databases of certain forums. Once that happens, you've essentially got visibility into everything up to the administrator level for that forum. When people are members of one, they are usually members of multiple. We're monitoring how they're warring with each other and leveraging that to gain access."
The extra security measures instituted by the IRS and the tax industry are ones that many identity thieves are already accustomed to skirting.
"A lot of banks and credit card companies and merchant processors use similar techniques, and fraudsters- essentially with just a little bit of persistence-are able to bypass them, usually by pulling combinations of credit reports, background reports and social media profiles on their targets," said Heid. "By compiling all that information, they usually have enough info that they need to be able to answer the majority of the questions to gain access. So if that's been implemented by tax return season, it doesn't seem to be stopping them. It's probably just another hurdle that they're used to from the fraud that they've been doing."
Scammers arm themselves with what they call "fullz," anonymized debit cards, and a list of tax-filing websites. They then quickly file as many tax returns as possible before the legitimate tax returns are filed by the actual taxpayers so they can receive the cash refund on their debit cards, which can be cashed out anonymously. There is a time delay between the time the IRS processes a tax return and the time when the information is validated. Scammers take advantage of this time delay in order to steal millions of taxpayer dollars.
The IRS's new security measures aren't so new to the scammers, according to Heid. "It seems like they're just late to the game in adopting these standard practices, but the underground has already had evasion methodologies and practice for years where it's just considered part of the hack to pull a background report and profile, what they call 'doxxing,'" he said. "In the underground the slang term for a record of information-name, date of birth, Social Security Number, mother's maiden name, address-that's called 'fullz.' In order to fully utilize the fullz, they need to doxx their fullz, and once they doxx the fullz, then they have a profile that they can use to be able to answer any verification questions."
The IRS did not immediately respond to a request for comment.
The fraudsters don't need to be sophisticated hackers to access the tax information. "They're not even so much penetrating them, as they're just using the service as intended and they're masquerading as a legitimate user," Heid explained. "So they're filing the tax return as a normal person would file a tax return. It's just not their information that they're using, and it's not the person's bank account that it's being paid out to. The fraud measures of certain tax places are easier to bypass than others. We'll see some discussions on 'cash out methodologies' using certain vendors. That's what they'll call it. They'll call it a cash out method. 'I need a cash out method for H&R Block. I need a cash out method for TurboTax,' etc."
Heid doesn't believe the hackers he is monitoring on the underground forums are the same scammers who are calling taxpayers pretending to be from the IRS and harassing them into making payments.
"It's a little out of their modus operandi, and sometimes you can even find discussions where they're talking about receiving those calls and how they messed with the scammer," he said. "The guys on the hacking forums, their modus operandi is more along the lines of phishing, exploit kits, botnets and credit card fraud. The call center stuff is usually a different type of criminal mind."
The New York State Department of Taxation and Finance warned Wednesday that the phone scammers are also targeting tax preparers this season, saying, "Recent scams are targeting the preparers via phone calls demanding client information. In these cases, scammers pretend to be from the IRS in hopes of gaining usernames and passwords to taxpayer accounts."
The new security measures put in place by the IRS, the states and tax industry are still lagging behind the methods used by the criminals. "Think about it along the lines of credit card fraud," said Heid. "For almost 25 or 30 years, credit cards didn't have the little three-digit code on the back, but in the mid-2000s they put the three-digit codes on the back and thought that would eliminate credit card fraud. Now they're putting chips in the credit cards. Well, it's still going on. It's all reactionary instead of analyzing the root cause."

Available Talent Spotlight
Is your team looking for someone with this skill set? 

Accounting Consultant, MBA, CPA
 
Accomplished accounting and finance professional with particular expertise in manufacturing and distribution. Specialized in cash management, budgeting, month and year end close, managing external audits, forecasting, financial analysis, costing and operational/financial reporting. 
  • Experienced in implementation initiatives including process improvement, performance evaluation, training and development, documentation of policies and desktop procedures, streamlining budgeting processes and SOX compliance.
  • Extensive systems knowledge including SAP, SAGE 500, Great Plains, Excel, Blackline, Sharepoint, Assurenet and QAD.
If this person would be a good fit for your team, please contact Jonathan Moe at 312.546.9800 or at JMoe@marcofinancial.com
Potential Opportunity
Looking for a new opportunity? 

Senior Manager Internal Audit

Ensure the Company is adhering to prudent financial and operational controls and managing its resources efficiently and effectively.

Scope of Work:
  • Assist in the annual Internal Audit risk assessment
  • Assist in the preparation of quarterly Audit Committee Decks
  • Conduct or Lead Mergers and Acquisitions due diligence reviews
  • Conduct and/or lead reviews to assess compliance with SOX (302 and 404) and established corporate policies
  • Assist in the application of the updated COSO Framework related to external financial reporting.
  • Plan, conduct, and possibly lead business process reviews to evaluate the design and operating effectiveness of internal controls over the business operations
  • Conduct and/or lead business process reviews to assess the efficiency and effectiveness of operations 
  • Conduct and/or lead reviews to assess the integrity of the financial statements and to evaluate the adequacy/efficiency of accounting, financial and operating procedures established for business control purposes 
  • Assist in the preparation of audit reports with appropriate action plans that will aid management
  • Effectively communicate audit findings with management personnel
  • BA in Finance/Business Administration, Accounting, or relevant required 
  • 8 to 12 years' experience with a public accounting firm and/or a large corporation's internal audit department, preferably with financial process and operational experience
Interested parties are encouraged to contact David Tuminello at 312.546.9800 or at dtuminello@marcofinancial.com