Internal Attacks: Watch Your Back!

internal-attacks-watch-your-back

Assaults by way of scams and cyber attacks don’t just come from outside your business!

Today’s cautionary tale is brought to us from the East Coast, where the office operations manager at a big law firm pled guilty to embezzling $425,000 from the firm.

A corrupt manager

The manager apparently used a fake social security number and false paperwork to apply for the job because at the time he started to work at the law firm, he was still on parole from a previous conviction for embezzling $700,000 from his prior employer (the confidence is endearing).  According to the affidavit prepared by the Secret Service in support of his arrest, the manager used his corporate credit card to make thousands of unauthorized purchases.  Examples include almost $90,000 worth of purchases from Amazon, over $12,000 in home décor from Crate & Barrel, over $45,000 on personal storage units, and over $6,000 in groceries.  In addition, the manager transferred almost $275,000 to his own personal PayPal account.  

To hide his actions, the manager then created and submitted fraudulent invoices and accounting classifications to the billing department to make it seem that the purchases were for a legitimate law firm purchase (because every client needs a Cartier watch).  At times he would create fake receipts which listed the office, as opposed to his personal address, and modified the descriptions to make it appear as though he was purchasing office supplies.  To cover up the PayPal transfers, he generated false invoices to suggest the transfers were for catering expenses and he changed the account information on his PayPal to mimic that of the catering company. 

How’d he get caught?

The fraudulent conduct was finally discovered during an internal audit.  The manager was placed on administrative leave and ultimately terminated.  The firm then reported the matter to law enforcement, and he was sentenced to 41 months in prison, and ordered to repay the $425,000 to the firm.

What we can learn It is scary to see how much damage could go undetected, particularly at a large law firm with significant resources.  As professionals, we see more and more businesses falling victim to scams and cyber attacks.  But it is important to keep in place appropriate “checks and balances” on all governance matters and to monitor for internal attacks as well as external.  While we all like to think that “it could never happen to me,” this case is a great reminder to reflect on the internal security measures we have in place.  Law firms are just like every other business.  They too are susceptible to attacks and should protect themselves accordingly.   

Share This Post
Written by Madison Oberg
Madison’s practice is focused primarily on commercial transactional matters and insolvency. <a href="https://oberglawapc.com">Oberg Law Group</a>.