CPA Partner National Firm – Embezzles $4 Million From… His Firm?

Former Grant Thornton Partner Arrested for Stealing $4 Million in Client Payments






A former Grant Thornton partner has been arrested for stealing nearly $4 million in client payments intended for the firm.

Craig B. Haber was arrested by postal inspectors Wednesday morning at his residence in New York City and appeared before a judge in Manhattan federal court that afternoon.

The 59-year-old accountant was a partner at Grant Thornton from 1993 until last July, working at the firm’s offices in Manhattan providing tax preparation and advisory services to investment partnerships and other clients. Grant Thornton’s bills ordinarily included payment instructions directing clients to pay the firm by wire transfer or by sending checks to GT’s headquarters in Chicago. However, on multiple occasions from 2004 through July 2012, Haber allegedly sent bills to clients containing payment instructions directing them to send checks to him at the firm’s New York office instead of the Chicago headquarters.

Upon receiving those checks, Haber allegedly deposited a number of them into a bank account that he had opened in the name of a sham business that was very similar to Grant Thornton’s name. He opened the bank account specifically to receive checks from clients that were intended for the firm, according to prosecutors. After depositing the clients’ checks into that account, he then allegedly transferred the money from that account to two personal bank accounts which he used to pay various personal expenses, including mortgage payments for his Manhattan residence. Haber allegedly stole a total of nearly $4 million in client payments.

“From his perch at a prestigious accounting firm, Craig Haber allegedly betrayed his partners, by deceiving the firm’s clients in order to rob the firm blind—diverting millions of dollars of client payments into his own pocket,” Manhattan U.S. Attorney Preet Bharara said in a statement. “Fraud is always serious, but it is especially alarming when, as alleged here, it is committed by professionals who are supposed to be gatekeepers responsible for ensuring financial rectitude.”

Haber has been charged with one count of mail fraud, and faces up to 20 years in prison and a maximum fine of $250,000, or twice the gross gain or gross loss from the offense.

Grant Thornton said it cooperated with the investigation. “A former partner of Grant Thornton was arrested today by law enforcement authorities in New York for allegedly stealing from Grant Thornton,” said spokesman Tim Blair. “Grant Thornton disclosed this former partner’s conduct to the authorities promptly after discovering possible financial improprieties, which resulted in his separation from the firm. The firm fully cooperated with law enforcement authorities in their investigation and will continue to cooperate in their prosecution of this matter.”


Another Blow To Credit Card Users. Did You Know That…?

I didn’t know anything about this issue.

Watching Jean Chatzky on television Friday, I learned that credit card users will suffer yet another financial blow starting as early as next week (February 2013).

Under new credit card regulations, merchants who take credit card payments will be able to charge credit card users more than what other customers will pay using cash or their debit card.  As Ms. Chatzky pointed out, merchants will be slow in adopting new policies and procedures as this comes into effect, but over time it is expected that merchants will add a fee or surcharge to the consumer’s total cost of their purchase, if the consumer uses a classic credit card for their payment.  Credit card users will pay more than other customers paying cash or using their debit card.  Gas stations have worked under this scenario for years.

The end result is that customers like myself who want to protect themselves from identity theft and other unlawful access to their finances, and minimize their exposure to global credit thieves by using a classic credit card (versus a debit card), will pay a premium for the luxury of using credit cards for their purchases.

It is widely known that criminals and identity thieves around the world target individuals and businesses to gain unlawful access to card information.  Much of this crime is targeted against Americans by individuals and groups outside the United States.  The primary target these days continues to be debit cards because they give the criminal instant access to funds within linked bank accounts.  Most often when there is a breech, the funds are gone from the linked bank account before the victim even realizes their account has been violated.  The victim then has to work with their bank to get their funds returned to their bank account.

Conversely, as I have been recommending for years, individuals can avoid the “debit card rush”, and continue to use their classic credit card - Mastercards, Visa, American Express, Discover…  These traditional credit cards are not linked to bank accounts, and do not allow instant access to funds.  Charges are added to the account as they are incurred, and once an unauthorized charge is identified by a cardholder, the charge can be disputed and new cards issued.  The cardholder is out no funds.

There is a cost difference for merchants.  Credit card companies typically charge from 3 to 6 percent on each purchase for processing a credit card charge, a cost paid by the merchant / retailer.  If, however, the customer uses a debit card, the charge for processing the transaction is a fraction of the fees, at times as little as $.25 per transaction.  Hence there is a financial incentive for merchants to encourage debit card use versus credit card use.

On the larger scale, new fees added to credit card users is directed to drive more consumers towards debit cards or paying in cash.  Both come with increased risks to consumers, and will likely drive an increase in crime.  For the debit card users, more debit card holders and users will mean more cards and accounts open for targeting worldwide.  I trust the thieves targeting these debit cards are smiling as this regulation goes into effect, as the universe of available cards and accounts to target will only increase for them.  As for encouraging more consumers to use “cash”, there will be an increased risk and occurrence of personal robberies for the cash they are carrying.

At some point the focus needs to be shifted away from how financial institutions (and now merchants) can save money and increase profits, to how laws, regulations and policies can be designed and implemented to truly protect the citizens without continually passing along fees and costs to the consumers (whose same funds are maintained within the very financial institutions imposing the costs).  Perhaps someday state and federal oversight bodies will consult qualified individuals, experienced in these areas, with no agendas or special interests, to help them look at situations as a whole, identify the risks and benefits objectively, and help ensure self-serving changes do not increase risk or cause harm to consumers in other areas.  Contrary to what typically happens every day within government, one can always hope….


Quarantines: A Cheap Price of Admission for Electronic Client Files

Does your practice or organization utilize a computer quarantine process? If not, after reading this, you will!

The day began in a typical manner, reviewing information recently received from a client to determine next steps.  These records included printed documents, two CDs, and a USB jump drive (also known as a “flash” or “thumb” drive).

So far, so good…

After sorting the printed documents, we inserted each CD into our Windows computer, located the files, and copied them onto a dedicated new folder on the internal hard drive.  We then removed and stored each CD as received for future access.

Next came the USB jump drive.  We inserted it into the computer’s USB port, just as we have with other jump drives countless times before.  Instantly a notification popped up on the screen, indicating the imminent launch of an unfamiliar and unexpected program.


Knowing we hadn’t launched any programs, but simply inserted the jump drive into the port, we canceled out of the notification.  The insistent message popped up several more times, and each time we selected “Cancel.”

Finally, things appeared normal once again.  We located the desired files on the jump drive, highlighted the list, and copied the files into the folder on our hard drive.

Going, going…gone.

The file-copying process began normally enough, but then it slowed to a halt.  Not knowing why it stopped, we watched to see if it would continue copying…

It didn’t.  The system simply froze.  Frantic, we abruptly removed the USB drive from the computer.  The screen immediately displayed a message indicating we should close the application running before the computer shut down.  My associate and I looked at each other, perplexed, as the computer did not indicate any applications running.  Within moments, before we could formulate a response to the message, the computer shut down on its own.

We pressed the “power” button to restart the computer, and the pilot light glowed once again.  The screen displayed the initial Dell insignia, and then the computer immediately froze, without ever making any of its familiar “start-up noise.”  Our hearts sank.

Over the next hour or so we frantically tried restarting the computer, to no avail.  We found our Windows 7 software CD, inserted it, and followed on-line instructions to restart our computer…

Nothing.  The blue Dell insignia again came up, but otherwise, no power, and absolutely zero functionality.

We called our computer support consultant, who cleared his schedule to come to our aid.  The hour-and-a-half between our call and his arrival seemed like an eternity.  Did our computer die, did that death affect our file server, and, if so, to what extent?

After some initial diagnostics, the consultant advised us the computer would no longer function, and that we would need to replace it.  Then he delivered the worst news: our back-up, which comprised a complete backup of the entire hard drive, would not likely work with a new replacement computer.

He advised us to buy a new computer, re-install all the software applications, and then recover the data files from the backup drive.  At that point we had already lost the better part of the day due to the vicious attack we unwittingly launched vis a vis the client USB jump drive.

The Resurrection

After more tinkering, removing various components, and disconnecting devices from the ill-fated computer, our consultant eventually got the computer machine up and running once again.  With no other components connected, the computer’s display screen appeared as it did at the beginning of our day.

Replacing one element at a time and rebooting to see what would happen, we narrowed down the issue to the USB hub attached to the computer.  The USB hub expanded the number of USB ports available, as often the two or three USB ports contained on the computer prove less than adequate for the number of USB devices we desired to connect.  The hub no longer functioned, although its green power light glowed innocently.

With the USB hub disconnected, the rest of the computer appeared restored.  We deleted every file associated with the project from the hard drive, and sealed the CDs and USB drive in an envelope, never to be used again.

Shortly thereafter our adrenalin rush finally hit, and panic squeezed with a tight-fisted grip.  We had received, copied, and utilized client files provided to us on CDs, DVDs and USB drives since the day we opened our doors for business, always without incident… until today.

What now?

We never considered that a client’s files or media, once introduced onto our systems, could take down our entire computer environment.  Based on the day’s events, we wondered, “How could we ever again accept files sent to us by clients, knowing that they might contain an element of serious risk to our systems?”   Had the time arrived to implement government-level pre-screening requirements on all files prior to allowing them onto our systems?

We quickly answered our own question: “Yes.”

The Answer: A Quarantine Station

Moving forward, we purchased an inexpensive desktop computer with Windows installed for dedicated use strictly as a quarantine computer station.  Connected to the internet only to maintain a current anti-virus and anti-threat scanning solution, the workstation is not, and never will be, connected to our network.  The unit maintains minimal software on its hard drive.

No data files reside on the computer hard drive.  The sole function of the workstation?  To receive client-provided files, screen them for potential threats, and, once processed and deemed safe for use on our systems, allow us to copy the files onto our internally controlled medium for copying and use on our systems.

Should the computer become infected or get destroyed by “malware” contained on client-provided files, we can simply reformat it, reinstall the operating system, and reestablish the protection software.  Thus no exposure exists to other systems or files within our firm’s environment, minimizing our downtime, should something similar to that dark day’s events occur again.  Worst case scenario, we replace the quarantine workstation with a new one.

Take it from us…

Learn from our experience.  If your firm or organization accepts electronic information from clients or any other parties outside of the organization for use within your systems, your procedures should incorporate a similar quarantine process.  Otherwise, you run the risk of feeling our pain.  Create, document, and distribute policy and procedures to ensure awareness among all staff of the expectations, risks, and consequences associated with circumventing the process.

For all employees and individuals within your organization, create, distribute and implement a similar policy and procedures that prevent users from bringing in files from home or other sources for introduction into your systems without such preemptive screening.

Many organizations already enforce policies preventing employees from installing unauthorized software onto their employer-provided computers.  However, the next question should present itself: “Do your policies also address employees accepting electronic files provided by clients’ systems?”

After a stiff drink and time to reflect on just what occurred, how it happened, and what measures could have prevented this unfortunate scenario in the first place, we felt extremely grateful, especially to our computer consultant, that the loss of our USB hub posed the sole physical loss.

Our technician theorized that our abrupt removal of the client USB jump drive thwarted the complete launch of whatever virus it contained.  Had we left it inserted and simply waited to see what happened, the outcome could have proven much different…and much worse.

Computer forensics can often make that determination after their analysis.  Replacing the computer would have carried a reasonable and fixed cost, but losing the systems and files on that computer and the backups we maintained would have created a far greater loss, and dictated far more time… at the bar.


Public Signs: The Start Of A Trend For Consequences?

Day after day, people choose to break the law, and there simply are not enough resources available to address the growing frequency of crimes.  Naturally the resources are directed towards the most serious offenses, such as homicides, assaults, sexual assaults and robberies.  Unfortunately, as more and more members of our society put their own needs and life before anything and anyone else, ignoring laws and the safety of everyone else around them, the risk of consequences no longer appears to be a deterrent.

Just this morning coming home from an 18 hour shift, I only had to stop for two red lights.  In both cases (100%), when my light turned green, a vehicle from my left ran their red light, crossing at a high rate of speed across my green light.  Two for two.  Even with me waiting and my having a green light, they ran the light without any concerns for my safety.  These people have become a menace on the roadways.

Two years ago a judge in Texas ordered a couple to wear a sign on a public street for several months.  The sign stated they were caught steaming $250,000 from a victim’s fund.  See link below.  Just recently there were two more sign sentences.  The first involved a woman who stole from Walmart, and the second was a woman who, each day, drove around traffic, over grass and sidewalks, to go around a school bus with its red lights flashing.  See pictures and links below.

Unfortunately for the woman who passes the bus each morning, when news crews came out to talk with her during her punishment, she expressed no remorse and refused to comment.  Lesson learned – at least everyone now knows these individuals for what they did.

Perhaps each town should work with the courts, and dedicate an area within their town where more convicted sign bearers could march in public – they could call it the walk of shame.  Maybe the risk of being publicly humiliated would act as a deterrent, and start to reverse the sad trends we have been experiencing.

Kudos again to the judges handing out these sentences.






Cloud Computing, Cyber Crime, and Continued Increased Exposure

Here we go again.  Another massive cyber crime exposing millions of Americans to global identify theft, at a cost to taxpayers to now provide fraud monitoring to those victims.

This week’s target – South Carolina’s Department of Revenue database.  The breach, reportedly perpetrated by an individual operating out of the Soviet Union, exposed the personal information, including names, addresses, social security numbers, debit card and credit card numbers, and earnings information, of over 3.5 million taxpayers.  Anyone who has filed a tax return in South Carolina since 1998 purportedly has been exposed.

I was under the belief that taxing authorities maintained seven years of taxpayer information, which would have only exposed South Carolina filers from 2005 forward.  That appears not to be the case.  One could wonder why any taxing authority needs to maintain detailed data going back 15 years, especially since the IRS record retention schedule only requires taxpayers to maintain copies of filed tax returns for the prior 3 – 7 years.

Per Publication 552:

How Long To Keep Records

 You must keep your records as long as they may be needed for the administration of any provision of the Internal Revenue Code. Generally, this means you must keep records that support items shown on your return until the period of limitations for that return runs out.

The period of limitations is the period of time in which you can amend your return to claim a credit or refund or the IRS can assess additional tax. Table 3 contains the periods of limitations that apply to income tax returns. Unless otherwise stated, the years refer to the period beginning after the return was filed. Returns filed before the due date are treated as being filed on the due date.

 Table 3. Period of Limitations

IF you… THEN the
period is…
1 Owe additional tax and  (2), (3), and (4) do not  apply to you 3 years
2 Do not report income that  you should and it is more  than 25% of the gross  income shown on your  


6 years
3 File a fraudulent return No limit
4 Do not file a return No limit
5 File a claim for credit or  refund after you filed  your return The later of 3 years or 2 years after tax was paid.
6 File a claim for a loss from  worthless securities 7 years


“Going Green”, “Cloud” computing, paperless, cellular banking, picture depositing checks… the latest trends in conducting business and banking.  Each of these developments and  “improvements” under today’s societal pressures of instant and constant access, convenience and connectivity are creating more and more exposure to global threats.  It remains unclear whether any internal controls can be implemented to truly prevent breaches similar to South Carolina’s from occurring through these “improved” means of conducting business.

The question I ponder is this – wasn’t there less risk and fewer crimes of this nature when these “improved” systems were not available.  Have we really gained anything through implementing these “improvements” in our daily lives?   Cost savings are typically behind implementing these “improvements,” but is the true cost savings really known when daily global threats are hacking away to gain access.

Sadly I predict that these events will only continue and become even more commonplace as more and more “improvements” are developed, exposing information that historically was maintained within secured means to world-wide access.

Here are two links to the South Carolina breaches: