Fraud Prevention

Your Airline Miles Are Worth $74 Billion and Hackers Know It

Earmark Team · November 17, 2025 ·

Ever check your airline miles balance and think, “I should probably use those someday”? Well, fraudsters aren’t waiting. While you casually ignore those reward points, criminals are actively hunting for these digital treasures that have somehow become worth more than the companies that create them.

In this episode of Oh My Fraud, host Caleb Newquist explores the surprisingly vulnerable world of loyalty and rewards programs, revealing how the points flooding your inbox have become prime targets for fraud schemes that affect everyone from frequent fliers to wholesale club members.

The Accidental Billion-Dollar Asset Class

When United Airlines started tracking customers in the 1950s, it gave out plaques and promotional materials—basically corporate swag. Fast-forward to today, and rewards programs look entirely different. American Airlines generated $6.5 billion from its AAdvantage program in 2023 alone—not from selling tickets, but from selling miles.

The economics are almost absurd. As Newquist points out in the episode, airlines create miles for about half a cent each. They’re database entries. Then they turn around and sell these digital tokens to credit card partners for two to three cents per mile. That’s a 400% to 600% markup on something that costs virtually nothing.

“The hilarious thing is that these aren’t tangible,” Newquist observes. “They’re just made up. They’re just digital assets created out of thin air.”

The combined loyalty programs of United, American, and Delta are worth $73.8 billion. Think about that: these made-up points are sometimes worth more than the airlines themselves. And McKinsey estimates 30 trillion unredeemed miles sit in passenger accounts globally. That’s enough for every airline passenger on Earth to take a free one-way flight.

But here’s where things get dicey. Despite sitting on this massive pile of value, major airlines, including Southwest, American, Frontier, and Alaska, don’t offer two-factor authentication for account access. These companies spend millions on aircraft safety but can’t implement basic security that’s been standard in banking for over a decade.

When Your Miles Take an Unexpected Trip

The human cost of this security gap becomes painfully clear through recent victims’ stories. In July 2024, multiple Alaska Airlines customers woke up to drained accounts. One victim lost 150,000 miles, worth about $1,900. Another reported on Reddit that hackers stole over 200,000 miles. The points were being used to book luxury hotels in Abu Dhabi.

Gabrielle Bernardini, a writer for The Points Guy, discovered her Southwest account had been hacked when she received an email confirming a Hampton Inn reservation in Kalamazoo, Michigan—a booking she never made. The fraudster burned through 17,100 points, worth about $240.

Through persistence, Bernardini got her points back. But Southwest made it clear they were only doing it as a “gesture of goodwill” and a “one-time exception.” Their actual policy? “Southwest is not responsible for unauthorized access to a member’s account and will not replace stolen points.” Newquist confirmed that’s still the policy today.

Clint Henderson’s American Airlines nightmare went even further. Fraudsters drained hundreds of thousands of his AAdvantage miles for car rentals. Recovery meant jumping through incredible hoops. American required a new email address for his new account and demanded a PDF or screenshot of his police report. When Henderson went to file the police report, the NYPD’s online system was down. He had to visit a precinct physically, then was told that he couldn’t have a copy of his report until a detective intervened the next day.

Even with proof of fraud, the car rental company that accepted the stolen points simply refused to refund them. Henderson eventually got his miles back from American, but the whole ordeal revealed just how messy these situations can become.

From Sam’s Club to the Gas Pump

The problem isn’t limited to airlines. In May 2024, Sacramento County authorities arrested 38-year-old Inam Rasool after discovering he’d been systematically draining other customers’ Sam’s Club accounts. What started as an attempt to leave with $1,000 in unpaid merchandise turned into something bigger.

Store personnel began monitoring his return visits and uncovered a sophisticated operation. Rasool used stolen Sam’s Cash rewards to buy merchandise, resell it online. When police searched his home, they found over $25,000 worth of electronics, medications, pet food, hygiene products, supplements, and snacks. They also found shipping supplies, a computer, and a label printer for his online sales operation.

Meanwhile, in Peters Township, Pennsylvania, 18-year-old Paul Kostanich was hitting Giant Eagle fuel perks accounts. Video showed him visiting gas stations almost daily, holding his phone to barcode scanners to activate stolen points from different accounts. He admitted to hacking about 20 accounts and faced 58 charges, including identity theft.

One victim’s reaction captured the general disbelief, “I could never imagine someone hacking a Giant Eagle Perks card. I mean, really?”

Why This Keeps Happening

The problem is, rewards programs were never designed as financial assets—they’re marketing tools that accidentally became valuable. As Newquist explains, “They’re just a marketing gimmick developed by corporations that they hope will get us to spend more money with them. And it just so happens that they’re very, very good at doing that.”

From a corporate perspective, the math works out. If rewards fraud costs the industry $1 to $3 billion annually, but these programs generate over $70 billion for just the top airlines, that’s less than 5% lost to fraud. For many companies, it’s just a cost of doing business, especially when they can push losses onto consumers through terms of service that disclaim responsibility.

This creates what Newquist calls a perfect storm for fraudsters. You’ve got valuable assets with minimal protection, companies that won’t pursue prosecution, and victims left holding an empty bag while corporations point to fine print.

Protecting Your Points (Since No One Else Will)

So what can you do? Newquist offers practical advice with characteristic honesty.

First, change your passwords for rewards accounts. “I know you’d have to be a cerebral freak to generate a different password for virtually every account.” But at least make them different from your banking passwords.

Second, use two-factor authentication wherever it’s available. “Is it tedious? Yes. Does it save your bacon 99.9% of the time? Also, yes.”

Third, consider a password manager. Yes, the big ones have been hacked, but the benefits of managing unique passwords outweigh the risks.

Finally, actually check your accounts occasionally. Don’t be obsessive, but treat them with the same attention you’d give a bank balance.

The Bottom Line

Those rewards points you’ve accumulated aren’t just marketing fluff; they’re real value with real vulnerabilities. Companies have created a $74 billion economy from thin air, then washed their hands of responsibility when that value gets stolen.

For accounting professionals, this is a masterclass in risk transfer. For everyone else, it’s a wake-up call. In a world where teenagers systematically drain fuel perks and hackers book Abu Dhabi hotels with your miles, ignorance is an invitation.
Listen to the full episode above for Newquist’s complete investigation, including more cases and why he thinks these programs are essentially “legal money laundering” schemes. And maybe check your rewards balances while you’re at it. Just in case someone in Abu Dhabi isn’t already enjoying them.

When Hackers Come Knocking: Protecting Your QuickBooks Practice from Modern Security Threats

Earmark Team · November 16, 2025 ·

Here’s something that might keep you up at night: A hacker breaks into a Comcast email account and immediately creates a new Outlook.com account with an almost identical username. When they send emails through the compromised account, they set the reply-to address to redirect responses to their fake Outlook account. Most people never notice the domain switch. They see a familiar name, hit reply, and hand over sensitive information directly to the fraudster.

This real-world example comes from security expert Jamie Pollock, who joined his wife and business partner, Alicia Katz Pollock, and co-host Dan DeLong for episode 104 of The Unofficial QuickBooks Accountants Podcast. The episode, titled “Insecurity about Security,” couldn’t be more timely. As Dan noted, accountants and ProAdvisors across various Facebook groups report compromised logins with increasing frequency, raising urgent questions about the security of the QuickBooks ecosystem.

“We as accountants are the gateway to security for our clients because we have our hands in our clients’ sensitive data,” Alicia explained. With real money movement now possible through QuickBooks Bill Pay, payments, and payroll, a single compromised accountant login can expose dozens or even hundreds of client accounts. That’s why Dan suggested bringing in Jamie, who teaches internet security courses. As Dan put it, “we need someone smarter than both of us combined.”

Passkeys: Your New Best Friend (Once You Understand Them)

Remember when accountants and clients just shared login credentials? Dan does. Back in 2013, when he worked at Intuit, this practice was so common that the company built the QuickBooks Online Accountant portal specifically to stop it. “People would get into their clients’ QuickBooks Online with their clients’ login,” Dan recalled. “And Intuit was like, that can’t be a best practice.”

Fast forward to today, and we’re on the verge of an even bigger change: replacing passwords entirely with something called passkeys.

Jamie explained this complex technology in simple terms. “A passkey is an encryption key. It’s a physical token,” he explained. “You go to the server—Intuit or Google or whoever—and say I’d like a passkey. It generates this passkey and downloads it onto your device.”

Think of it like those old war movies Dan referenced, where two people need to turn keys simultaneously to launch missiles. Your device has one key, the server has the other. When you log in, they work together to verify your identity without transmitting anything that could be stolen.

To help explain how this works, Jamie offered a comparison everyone already knows: secure websites. “If a website doesn’t have security, it’s HTTP, and if it has an SSL certificate, it’s HTTPS,” he said. When you visit a secure site, it downloads an encryption key to your browser. Any information you submit gets encrypted with that key, and only the server can unlock it. Passkeys work the same way, but for your identity instead of your data.

The technology depends on two things: password vaults that sync your passkeys across devices, and biometric authentication like fingerprints or facial recognition. “Nobody has my face or my finger,” Jamie pointed out, explaining why passkeys are so secure.

But here’s the catch: we’re in an awkward transition period. “Passkeys are meant to replace passwords,” Jamie explained. “But every company, every app, every website implements it differently.” Not everyone has biometric devices or password vaults yet, so companies like Intuit keep both systems running in parallel. Alicia estimates we’re “five or maybe ten years away” from passwords disappearing completely, since everyone needs biometric-capable devices first.

The Fraud Tactics Hitting QuickBooks Users Right Now

Integrating payment features into QuickBooks has transformed accountant credentials into what Dan calls “one point of access” for bad actors. With bill pay, QuickBooks payments, and payroll all accessible through a single login, fraudsters have shifted their focus from individual businesses to the accountants who hold the master keys.

Alicia shared a disturbing story that shows just how sophisticated these attacks have become. Someone contacted her through Facebook, asking for help with a locked QuickBooks account. She emailed the person to verify their identity, and they confirmed it was really them. But Alicia had a bad feeling, and her instincts were right. “I realized it was actually the hacker inside the email account.” The fraudster had compromised both the QuickBooks account and the email, turning normal verification into a trap.

Jamie explained how these email compromises typically work. Hackers break in and immediately create a new free account on Outlook or Gmail with a similar username. They set up forwarding rules and reply-to addresses that redirect responses to their controlled accounts. “Most people don’t notice and they answer the message,” Jamie said. “Next thing you know, they’re in the hands of the hacker.”

The recovery process itself has become a vulnerability. Dan highlighted a concerning issue: if you can’t access your phone or email, Intuit offers a third option involving photo ID submission. “It doesn’t take a whole lot. It’s not that far of a stretch to say that these bad actors can forge your documents,” Dan warned. Unlike banks that require account numbers or debit card information, Intuit’s recovery relies primarily on information that’s often publicly available.

Not all fraud stories end badly, though. Alicia shared how Intuit called one of her clients after detecting multiple unauthorized login attempts from Georgia and Florida. The investigation revealed fake invoices for $900 and $24,000 in the client’s system. While Alicia joked that creating invoices instead of expenses showed “the hacker used the software wrong,” it demonstrated both the scale of potential fraud and Intuit’s active monitoring.

A newer concern involves QuickBooks’ invoice forwarding system. The system now uses a standardized email format (companyname+expenses@assist.intuit.com) that vendors can use to submit invoices directly. “If that email address gets out, people can send you bills,” Alicia warned. “If you’re not paying attention, you might pay somebody that isn’t actually a supplier.”

Your Security Toolkit: Practical Steps You Can Take Today

The good news? You don’t need a computer science degree to protect yourself and your clients. The hosts shared several strategies any accountant can implement immediately.

First up is what Dan and Alicia call the “backdoor login” strategy. “You add yourself as a team member in your QBO using a different email address,” Alicia explained. Create a completely separate Gmail account just for this purpose, add yourself with full access to QuickBooks and all clients, and store those credentials securely. If your primary login gets compromised, you can still access everything while resolving the breach.

Password management is crucial, and Alicia shared how her firm uses 1Password. “Every employee has their own personal private vault,” she explained. “But then we have group vaults that are only by permission.” Administrative passwords stay separate from general team access, bookkeeping credentials remain isolated from other systems, and everything requires biometric authentication. “I can sit down at any of my computers and have instant access to the things that I need,” she said. “But nobody else can get in because it’s either under my personal password or literally my fingerprint.”

Jamie shared his rules of internet security. Rule one: “Know your source.” Click on the sender’s name in any email to reveal the actual address. “They can fake the name, but they can’t fake the email address,” Jamie emphasized. If something claims to be from Intuit but shows @gmail.com, you’ve spotted a fake.

Another powerful rule: “Don’t do anything. Don’t react, don’t click the link, don’t call the number, don’t reply to the text.” Most scams create artificial urgency to provoke immediate action. “If there’s urgency on their part, you should just stop,” Jamie advised. His reassuring logic? “If you owe somebody $500 through PayPal, they’ll get back to you. I guarantee it.”

Additional quick tips from the episode:

Hover over links before clicking to see the actual destination
Forward suspicious emails to fraud@intuit.com
Check security.intuit.com for current security alerts
Watch for deceptive URLs using dashes (like intuit-quickbooks-dash-fake.com)
Enable two-factor authentication despite the inconvenience

Speaking of two-factor authentication, Jamie reframed the hassle as a feature. “It’s a little bit of a hassle for you. But getting hacked and having $24,000 move around that you didn’t see? That’s a little bit more of a hassle.” Plus, unexpected authentication requests alert you to breach attempts, letting you change passwords before damage occurs.

The Road Ahead: Staying Secure in an Evolving Landscape

The transition to better security won’t happen overnight. Alicia compares computer aging to “double dog years.” By the time a computer is five years old, it’s like a 70-year-old person, and at seven years, it’s 94. Until everyone upgrades to biometric-capable devices, we’ll be managing both old and new security methods.

Security in QuickBooks is only as strong as its weakest link, which is often the recovery process. “The passkey or the way to sign in can only be as secure as the recovery process,” Dan observed. Unlike banks that require separate credentials like account numbers, Intuit’s recovery relies primarily on email and phone verification—both potentially vulnerable to compromise.

This vulnerability matters because of scale. One compromised accountant login doesn’t just expose one business; it potentially unlocks financial data for tens or hundreds of client accounts. As Dan put it, accountants have become “one point of access that a bad actor could access.”

The profession must also stay informed about evolving threats. Many accountants don’t know about resources like security.intuit.com for current alerts or that forwarding suspicious emails to fraud@intuit.com helps track fraudulent campaigns. As Alicia noted near the episode’s end, “They’re always finding new backdoors. I’m sure a year from now we’re going to have this conversation again.”

Jamie also mentioned his own services, including email cleanup and password management training. “My favorite is unread messages that are more than two years old,” he said. “You never read them two years ago, you’re not going to read them now.”

The episode ended with exciting news about Intuit actively seeking feedback. They’ve launched a new board specifically for ProAdvisors to provide actionable suggestions about banking feeds. “The developers are reading it,” Alicia emphasized. “You can have conversations with other people, we can upvote suggestions, and the developers actually join the conversation.”

Take Action: Your Security Starts Now

Security in the QuickBooks ecosystem isn’t just about protecting passwords; it’s about protecting livelihoods. Every compromised login is a potential breach of trust with clients who depend on you to safeguard their financial data.

The tools and threats will continue evolving, but your responsibility to protect client data remains constant. As Jamie’s simple rules demonstrate, effective security requires consistency and awareness. Know your source. Don’t react to urgency. Use the backdoor login strategy. Enable two-factor authentication even though it’s annoying.

Listen to the full episode for additional examples, detailed technical explanations, and Jamie’s complete security framework. The conversation includes specific guidance that could save your practice from becoming the next cautionary tale. Because in today’s digital accounting landscape, vigilance isn’t paranoia; it’s professionalism.

Alicia Katz Pollock’s Royalwise OWLS (On-Demand Web-based Learning Solutions) is the industry’s premier portal for top-notch QuickBooks Online training with CPE for accounting firms, bookkeepers, and small business owners. Visit Royalwise OWLS, where learning QBO is a HOOT!

When Auditors Become Robots: The Hidden Cost of Mechanical Box-Checking

Earmark Team · November 3, 2025 ·

For four to five straight years, an audit team meticulously completed their control testing checklists, dutifully checking every box and signing off on every procedure. Their work papers looked pristine. Their compliance documentation was flawless. And all the while, an employee was systematically committing fraud right under their noses.

When questioned about the controls they’d supposedly tested year after year, these auditors couldn’t explain how a single one actually worked. They had fallen into what CPA Sam Mansour calls “the checklist trap”—a dangerous mindset where the very tools designed to ensure audit quality become the biggest threats to it.

This eye-opening example comes from a recent Audit Smarter podcast episode where host Sam Mansour digs into the mechanical box-checking that passes for diligent auditing in too many firms today. While audit checklists are useful tools for quality control, they become dangerous crutches when auditors stop thinking beyond the boxes they’re checking.

When Good Tools Become Dangerous Crutches

Checklists start life as helpful guides. They’re designed by experienced professionals who’ve seen common audit problems and want to prevent them. They’re meant to be guardrails, keeping auditors on track while still allowing room for professional judgment and client-specific thinking. But somewhere along the way, these helpful tools can become dangerous.

The transformation happens gradually. As Mansour explains, “If the checklists say to go look at an area, you go look at that area. If they’re silent on a specific area, then you just don’t even consider going in there. So basically, instead of it being a helpful guide, it becomes a literal crutch.”

What starts as a helpful framework eventually limits an auditor’s perspective to what’s written on forms.

The checklist mentality is particularly dangerous because it feels so professional. Auditors complete every step, sign off on every procedure, and produce work papers that look thorough. The documentation appears complete and compliant. But underneath the surface, there’s no critical thinking.

Consider the real-world example from the podcast: auditors who marked controls as “tested” year after year, checking all the right boxes and completing all the required procedures. Their checklists were perfect. Their sign-offs were current. But when questioned about how these controls actually worked, they couldn’t provide a single coherent explanation.

“There were severe control issues at the client which allowed for fraud to occur,” Mansour explains. “And it just wasn’t discovered by the audit team. The person committed fraud for four or five years. And I think the auditors just kept coming in and checking that box.”

The consequences were predictable and severe. The fraud continued undetected, not because the checklists were inadequate, but because no one was thinking beyond them.

This creates blind spots where fraud and errors can flourish. As Mansour notes, “Checklists are designed kind of as a textbook solution. The checklists don’t necessarily catch everything..”

The Hidden Forces That Kill Critical Thinking

The checklist trap isn’t the result of lazy auditors or character flaws; it’s the predictable outcome of systemic problems that even dedicated professionals can’t overcome through willpower alone. When we look beneath the surface of mechanical box-checking, we discover forces that make thoughtful auditing nearly impossible.

The most damaging culprit is budget pressure created by systematic underbidding. As Mansour explains: “Some firms tend to price engagements very low. And so let’s say, for example, your budget is $5,000 for an engagement, when really it should be $15,000.”

The math is brutal. If your firm targets $150 per hour but you’re forced to complete work in one-third the appropriate time, you’re effectively working for $50 per hour while still being held to $150-per-hour quality standards. This creates an impossible situation where taking time to truly understand complex checklists is financially unsustainable.

The cultural reinforcement runs deep. In many firms, the message from leadership focuses on completion rather than understanding: “Make sure you fill out these checklists, make sure they’re done correctly, make sure every box is checked.” This message, coupled with crushing deadlines and impossible budgets, transforms checklists from investigative tools into speed tests.

“A lot of times, unfortunately, in public accounting, that kind of curiosity, that dialog is seen as a waste of time because it takes up billable hours,” Mansour observes. The system rewards speed over understanding and punishes the curiosity that leads to quality work.

The training gap makes things worse, particularly for new auditors who find themselves drowning in technical terms they never learned in school. Mansour recalls his own experience: “I actually remember sitting there, looking at my computer, looking at my screen, and thinking, oh my gosh, I had no freaking clue what I’m doing.”

When new auditors are handed complex checklists filled with unfamiliar concepts but given no time to learn, mechanical completion becomes their only survival strategy. The system even punishes the behaviors it claims to want. Mansour describes being criticized early in his career: “The criticism that I used to get is look at this person next to you, how quick they are.”

While his colleague was flying through checklists, Mansour was taking time to understand the work and feeling “so far behind” and “so dumb” as a result. The irony? Years later, Mansour had surpassed his speedy colleague in seniority, proving that thoroughness ultimately beats speed. But how many talented auditors give up or develop bad habits before they can prove this point?

This creates a cycle where underbidding forces rushed work, rushed work requires increased checklist dependency, and checklist dependency reduces the quality that justifies higher fees. Breaking free requires systematic change.

Breaking Free: The Strategic Approach to Better Auditing

The path out of the checklist trap isn’t about abandoning structure or telling auditors to simply “think more.” It requires systematic changes that address the root causes we’ve identified. Forward-thinking firms are implementing coordinated solutions that transform their economic models, training approaches, and cultural expectations.

The foundation starts with honest pricing. Firms must have the courage to move their fees to industry-standard levels, even if it means difficult conversations with clients. As Mansour explains, when firms properly price their engagements and explain the increases, the client, a lot of times, will stay. Because if they ask around, they’ll find those fees are industry standard, and what they were getting with you was really an unreasonable deal.

Adequate pricing creates the breathing room necessary for thoughtful analysis rather than mechanical box-checking. With realistic budgets in place, firms can modernize their training by focusing on the “why” behind procedures rather than just the “what.”

Effective training requires creating psychological safety for new auditors to admit knowledge gaps. Mansour offers this advice to entry-level staff: “Look, if you don’t know it, you’re better asking the questions now. Because if I hear you asking in 12 months or 24 months those questions you should have asked in the first two, three, four months, I’m going to be very concerned.”

The shift requires moving beyond speed-focused metrics to value-based evaluation. Instead of comparing new auditors to experienced colleagues on time alone, managers should emphasize quality development first. As Mansour learned through experience, “You’re better off going slow and then picking up the speed later. Whereas if you start out with the speed to impress people, it’s difficult, I found, to pick up the quality.”

Practical implementation involves several concrete tools. Firms should customize audit programs for each engagement rather than using generic templates. Modern audit software can generate tailored checklists based on client-specific risk assessments. Adding professional judgment prompts throughout checklists helps auditors think beyond simple completion.

Mansour suggests incorporating “memory joggers,” brief explanations of how conclusions were reached. For example, when testing missing check numbers in a sequence, document not just what was done, but why. “We decided to test missing check numbers because we noticed irregularities in the sequence that could indicate control weaknesses or potential fraud.”

Successful firms also restructure their wrap-up meetings to discuss what was done and why it mattered. “We could say that we audited a specific area. But why did we choose to audit that area, especially if it’s not something we typically do?” Mansour asks.

The red flags that indicate continued checklist dependency are easy to spot. Work papers that remain essentially identical year over year signal mechanical copying rather than thoughtful analysis. Missing documentation of key discussions suggests auditors are focused on completion rather than understanding. Outdated information, like wrong contact names scattered throughout documents, reveals the copy-paste mentality that characterizes checklist traps.

Teams that successfully break free demonstrate clear evolution in their work. Their audit programs adapt as clients change and grow. They identify new risks and modify procedures accordingly. Most importantly, they can articulate the reasoning behind their decisions.

As Mansour’s technical reviewer wisely noted: “When the peer reviewers come in, they have a checklist, and their checklist is checking in on your checklist.” Understanding that audits exist within layers of professional oversight reinforces why thoughtful checklist use serves everyone’s interests better.

The Choice Between Clerks and Professionals

When auditors become mechanical box-checkers rather than analytical investigators, the tools that promise consistency and quality destroy the very thinking that makes work professional in the first place. Clients deserve better.

This isn’t about individual auditors lacking motivation or intelligence. It’s about good professionals working within systems that punish the curiosity and analytical rigor their profession demands. When firms underbid engagements, create crushing time pressures, and reward speed over understanding, they train their staff to stop thinking.

On the other hand, firms that properly price their services, invest in real training, and create cultures that reward analytical thinking avoid the checklist trap and position themselves as the strategic partners their clients need.

The goal is to use checklists as launching points for professional judgment rather than substitutes for it. The firms that learn to balance structure with thinking will build stronger relationships, deliver higher value, and attract the talent that drives long-term success.

The complete roadmap for avoiding checklist dependency is available in the full Audit Smarter podcast episode, where Mansour provides detailed implementation strategies, specific examples of cultural transformation, and the exact frameworks successful firms use to turn checklist-dependent teams into strategic thinking powerhouses.

Because in the end, the choice is simple: Continue training clerks who check boxes, or develop professionals who think, analyze, and protect the interests they’re hired to serve.

When Trust Turns Toxic: Inside the World of Pink Collar Crime

Earmark Team · February 2, 2025 ·

Could your most trusted employee be secretly siphoning company funds?

In a recent episode of the Oh My Fraud podcast, fraud investigator Kelly Paxton shares how seemingly reliable staff—often overlooked for potential misconduct—can exploit organizational blind spots.

According to the Bureau of Labor Statistics, nearly 90% of bookkeepers in the United States are women. While many people assume women are less likely to commit fraud, Paxton warns that it’s not gender but position and access that matter most. By trusting certain employees implicitly and failing to establish strong controls, businesses inadvertently cause serious financial losses.

As Paxton’s cases illustrate, ignoring stereotypes and adopting “trust but verify” strategies are crucial steps toward preventing fraud.

Kelly Paxton’s Path to Fraud Investigation

Kelly Paxton did not start out in law enforcement. She began her career in financial services as a commodities and bond trader. One day, a U.S. Customs agent called her brokerage firm asking about a suspicious client. Kelly alerted the agents, which led to a deeper conversation—and ultimately, a job offer. She joined U.S. Customs and conducted investigations into money laundering, narcotics, and other major crimes before moving into background checks for federal agencies.

Her investigative focus shifted when she joined a local sheriff’s office and noticed that nearly all the embezzlement suspects she encountered were women. Wanting to understand why, she discovered criminologist Kathleen Daly’s 1989 work referencing “pink collar crime,” a term describing embezzlement often perpetrated by those in bookkeeping or finance positions. Paxton’s takeaway: Access plus trust is the real key—90% of bookkeepers may be women, but it’s the opportunity that matters most.

Understanding Pink Collar Crime

Pink collar crime typically involves smaller amounts stolen over extended periods—fraudsters who make subtle “lifestyle” upgrades rather than lavish purchases. This can happen when the organization deeply trusts an employee. In many cases, they’re seen as family, invited into the home, and never suspected of wrongdoing. Victims are often embarrassed when they discover the truth and hesitate to report it—what Paxton calls “no victim shaming”: the more we shame victims, the less they come forward.

Key characteristics include:

Position-based access: Bookkeepers and finance staff control incoming or outgoing funds.
Incremental theft: A pattern of small transactions that grow larger over time.
Rationalization: Fraudsters may plan to “pay it back” but rarely do.
Deep trust: Employers assume loyal staff, especially women, “would never steal.”

When Pink Collar Crime Turns Deadly: “Red Collar” Cases

Most pink-collar crimes involve embezzlement without violence. However, some cases escalate to “red collar crime,” where financial fraud intersects with homicide. As Paxton explains, desperate fraudsters may resort to extreme measures when they fear exposure.

The Lori Isenberg Case

One chilling example is Lori Isenberg, a nonprofit executive director in Coeur d’Alene, Idaho. Her organization provided housing for low-income individuals—hardly the type of place where you’d suspect significant embezzlement. Yet over three years, Lori allegedly stole between $500,000 and $2.5 million by creating fake accounts, forging checks, and misusing her daughters’ and husband’s names.

When investigations closed in on her scheme, Lori took drastic action. In February 2018, on the same day local news broke a story about her suspected fraud, she took her husband out on a boat trip in the freezing Idaho winter. He mysteriously fell overboard and drowned. An autopsy revealed a lethal dose of Benadryl in his system. Lori claimed it was a suicide attempt gone wrong—an explanation contradicted by digital evidence showing she researched how to drug someone with Benadryl.

After disappearing for four months, Lori was eventually caught and accepted an Alford plea, which essentially concedes that a jury would likely find her guilty without formally admitting guilt. She received 30 years for second-degree murder, with an additional 5 years for her financial crimes, making it highly unlikely she will ever be released. The Lori Isenberg case underscores how far a fraudster might go to avoid being exposed—a stark reminder that misplaced trust and weak internal controls can have devastating consequences.

The Role of Trust, Bias, and Access

Society is conditioned to trust women—parents instruct children to seek a “nice lady” for help if they’re lost, for instance. This assumption carries over into workplaces, where female employees handling finances often face less scrutiny.

Paxton recalls her own days in U.S. Customs: “You put two women in a Honda Accord, and no one thinks anything is unusual. You put two men in a Ford Focus, and they’re pegged as cops.” Similarly, a “helpful bookkeeper” can escape suspicion for years.

What About Sentencing?

Sentencing for embezzlement and related fraud varies widely:

Federal Cases: They follow sentencing guidelines based on dollar amounts and other factors.
Local Cases: Judges can have broad discretion. Some jurisdictions impose tough sentences, while others might view fraud as a “civil matter,” limiting law enforcement intervention unless there are other serious elements (e.g., homicide).

This inconsistent approach can embolden perpetrators who believe they can dodge severe penalties—until a high-profile case, a dogged investigator, or a high-stakes victim (like a large corporation) brings full prosecution.

Avoiding Blind Spots: Trust but Verify

Rather than assuming anyone is “too nice” or “not smart enough” to steal, Kelly Paxton encourages businesses and nonprofits to focus on position-based controls:

Segregate Duties: Ensure no single person handles every financial task.
Surprise Audits: Don’t just check large transactions; occasionally review smaller ones.
Vendor Verification: Confirm that vendors and accounts are legitimate, especially if newly created.
Encourage Transparency: Cultivate a culture where employees and clients can report suspicious activity without fear.
No Victim Shaming: Publicizing embezzlement—when safe to do so—helps others learn and prevents repeat offenders from quietly moving on to the next company.

Learn More from Kelly Paxton

Kelly Paxton now hosts the Fraudish Podcast (formerly Great Women in Fraud), interviewing fraud investigators, victims, and even fraudsters themselves. She also covers topics like red-collar crime, employee embezzlement, and how biases impact investigations. Her new book, Embezzlement: How to Detect, Prevent, and Investigate Pink Collar Crime, is available on Amazon.

For a deeper look at Lori Isenberg’s story—and other fraud sagas—listen to the full episode of Oh My Fraud. You can also earn CPE credit by downloading the Earmark app and completing a short quiz related to the episode.