This post is going to be a little different than what I usually talk about. It’s something I would not usually share publicly because well, it’s embarrassing.
My team, my company, and I were taken advantage of by someone we trusted.
An ex-team member embezzled over $230,000 from us over nearly 2 years.
In this post, I’m going to break down how it happened, how it was uncovered, and the guardrails we’ve put in place since. If you’re more of a video person, check out the video version of this story:
Before we get started, just know that I was advised by a team member not to speak publicly about this because they feared it would make us look stupid and incompetent.
Well yeah… this shouldn’t have been able to happen.
But guess what you may not know? It happens A LOT, especially to small businesses for reasons I’ll get into. I want to create transparency by sharing this fraud, what led to it, and how it was uncovered.
Fraud and other forms of white-collar crime cost US organizations more than $400 billion every year. The most costly abuses tend to occur not in large organizations but in companies with less than 100 employees.
I read this tweet thread about fraud recently:
And rather than sweep it under the rug, I’m going to talk about it.
For some background, my company BestSelf.Co creates tools to help you think bigger, achieve more, and develop a meaningful life. The products we sell help people become their best self through goal setting, successful habits, and intentional relationships.
We launched in August 2015 on Kickstarter and used that to launch the business. We’ve never taken on outside money or investors. Every dollar has been through customer sales or our pocket when needed.
We sell through our Shopify store and also on Amazon.
Now let’s cut to November 2019 when things started to not add up.
First Suspicion
We noticed something weird going on with our Amazon listings with other people selling our product. For background, when you sell a product on Amazon you do not own the listing — even if you’re the owner of the product.
That means anyone else that has that product can also sell on your listing and the best price wins the buy box.
This was happening to us, someone was beating us on Amazon selling our product.
How was this possible?
When we sell wholesale or bulk orders, we have customers sign some basic terms and conditions. One of which is that they will not sell the product against us on Amazon.
In this case, we saw that this person has at least 75 units of our product to sell. So I went to our Logistics Manager to see if he made any bulk orders of this specific product and maybe that is the person who is selling them.
This was a relatively new product at the time so he said he had made no bulk or wholesale orders.
Given that we design and produce our products, there are only 3 ways someone can sell against our listing on Amazon:
- They are not our products and are counterfeit
- Our factory is selling them on the side
- Someone is stealing inventory
I ordered some to see if they were counterfeit. They seemed exactly like ours. So either they were good counterfeiters or they were from our US factory.
We have a great long-standing relationship with our factory, so I didn’t believe they would risk that for this random new product.
So the only thing remaining was that someone was stealing inventory.
With that being the only thing I could control and investigate, I started looking into it.
Internal Audit
I started having our Logistics and Inventory Manager do an audit of our inventory to see if anything was missing. This meant reviewing our inventory logs. Reviewing what we ordered from the factory, what arrived, and finding any deficits between what we sold vs what we have in stock.
While that was happening, I got a personal name attached to the LLC that was selling on Amazon. (don’t ask me how)
Now I’m going to get into the weeds here of how I figured out who it was so if you don’t want to know the gory details, skip to the next part. However, the State District Attorney did say I had missed my calling in life because of the detective work and evidence I collected.
Just putting it out there.
Once I had a name, I searched on our Shopify store to see if this person had ever bought from us. They had. One time they bought 2 products — it was a regular-looking order, so I didn’t think that could be it.
Next, I went into our 3PL system. This is the system that controls our warehouses and if we shipped any orders out from there, it would be in here.
This time when I input the name of the person from the Amazon LLC I could see two orders in there, for 200 of one product and 100 units of another.
Hmmm
My initial thought on this was that there had been a mistake with someone buying from us.
It said they were Shopify orders, so I clicked on the order name to see.
The order it went to within our system was completely different from what they shipped out.
What I realized had happened was that this order had once been legitimate and had been duplicated and edited inside the shipping system so that they changed every piece of information. This way they could hide it.
So I knew the key to this was finding out who edited this order.
Everyone on the team has their logins so as long as the software stored edit logs I’d be able to find out who it was.
I called my 3PL to speak with someone in the tech department to find out if they kept records of who edited orders, and if so, who edited these orders and changed all the information?
They told me who made the edits.
—
Our Logistics and Inventory Manager.
This person, I’ll call him Alejandro.
(No really, this is his name)
We hired Alejandro in February 2018 as our Inventory & Wholesale Manager. He was to make sure our products got from our factories to our warehouse and onto our customers as fast yet efficiently as possible.
Between handling the logistics with the factories, freight forwarders & our 3PL, he would also handle any wholesale or bulk orders.
Now at BestSelf we’re mainly a Direct-To-Consumer company. Wholesale has not been a big part of our business, so his handling was pretty minimal work. Just handling inbound inquiries and getting them shipped out.
However, despite being a small piece, it was an area we intended to grow.
We worked together for almost 2 years. He attended team retreats a few times per year and given he also lived in New York, I would invite him out for social events like comedy or drinks with friends.
He even came to my going away party in October 2018 before I moved to Austin and soon after he moved to Portland and then Denver.
Now one thing I will say about this guy is that he was always mysterious.
Looking back, I should have been more suspicious because he was like a black hole. As in you barely knew anything about him. It was easier to get blood out of a stone than to get a personal story out of him.
You know the type when you would tell a story, he would listen but never give any personal details or opinions on anything. He would move from one city to another without mentioning it. One day a dog was barking while we were on a call and that’s how we learned he got a dog.
You could have told me he was in the CIA and I would have been like yeah that makes a lot of sense.
So cut to me learning that he edited the order.
Assuming positive intent is one of our core values at BestSelf. So I’m thinking “How could this be ok?”. I thought maybe he sold to this person and didn’t have them sign the right terms so they didn’t realize they couldn’t sell on Amazon.
But if this was the case, where was the money for these orders?
And why edit an order to disguise it?
At that point, there’s assuming positive intent or just being naive AF.
I scheduled a Zoom meeting to see what he had to say about it — but knew whether it was negligence or malice, I would fire him either way.
At the same time, I was to be speaking with him, I had asked one of my team members to go into his work email and see what she could find.
It was empty. He had deleted everything in his inbox before our meeting.
That’s not suspicious at all.
I asked him why his work email was empty, he told me he was just trying to save space…
I fired him on the spot.
Then I restored all the emails so I could understand the full extent of what was going on.
Initially, he was fired because he was negligent in several areas. It was only after he was gone that I understood that what I initially believed to be negligence turned out to be malicious and intentional theft of a staggering amount.
This was not 2 orders that he sold on the side and pocketed the money for. This was thousands and thousands of dollars he had stolen from us.
It took us weeks to understand the full scope of the fraud.
As I and a few team members audited the books further, I discovered the scheme he had implemented.
Alejandro used his access to intercept legitimate customer requests for the product. He inserted a link to his payment account within the invoices he created to have customers fraudulently pay him personally instead of my company.
He then disguised the orders inside my company’s warehouse management system to provide the goods to the customer. By disguised I mean this is where he would duplicate and edit old orders so they didn’t show as new.
In a nutshell, we recognized none of the revenue from these orders. Yet had to pay for all the costs of the product and shipping.
Alejandro stole $180,077.65 of revenue from the company directly with his fraudulent activity intercepting funds into his personal bank account.
On top of this stolen money, he cost us over $88,000 in lost product and shipping costs.
This is what we’ve been able to uncover in the 12 months since firing him in January.
Now at this point, I’m sure you’re wondering how the hell did we not notice.
Trust me, I did too.
But if you understand the context of what was going on at the time, there were systemic issues within the company. Several big ones created a perfect environment to enable this fraud.
I think Alejandro preyed on this.
Guardrails
Ultimately, it was my responsibility, but here are the guardrails we should have put in place so this wouldn’t have happened.
Robust inventory management
We controlled our inventory on spreadsheets and numbers were easily fudgeable.
We’re a small company. I don’t like to micromanage so I trusted what I was seeing because at the time I had no reason not to.
Lack of oversight on credit card charges
The frayed relationship with my ex-business partner was another big issue. There was a credit card he had set up and had access to that was not being reviewed to ensure all the charges made sense.
Once the fraud was discovered, he admitted that he had gone to Alejandro about a bunch of Fedex charges he was seeing — but Alejandro had lied and said these were legitimate business expenses.
Financial Watchmen
We had a bookkeeper and an executive hire who were not doing their job of being watchmen over our finances and inventory levels. Because of this, we didn’t have a good grasp of our financials as far as inventory and shipping costs at a granular level.
A few weeks before this fraud was uncovered, we had hired an external CFO company to help us get a handle on this.
I am confident it would have been uncovered very quickly had we hired them sooner.
So what happened to Alejandro?
Everyone I spoke to from an ex-detective to the head of police said that white-collar crime was rarely prosecuted if they steal less than 500k-1M. This seems insane to me given if someone robs a liquor store or has some weed on them, they would go to prison.
Regardless, I gathered the evidence as I wanted him charged with this crime.
I knew if he wasn’t stopped it may embolden him to do something bigger to another small business in the future.
Now here’s a funny tidbit of information for any criminals out there.
If you’re stealing from a company, do not use your work email for your personal Uber account. And if you do, and you’re fired — change your email address.
That’s right. Alejandro has had his Uber account still connected to his work email since before he was fired.
In fact, it’s still connected.
This means every Uber he ordered and every Uber Eats meal he got delivered, we knew about it.
After months of back and forth with the Denver DA, the detective had enough evidence to put a warrant out for the arrest. And because I could see his Uber activity, I knew exactly where he was.
The benefit of hindsight made me realize that Alejandro has likely done something like this before. In the time I’ve known him, he lived in New York, then Portland, and then he moved to Denver seemingly overnight with no warning. If he knew he had a warrant out, there was a good chance he would run somewhere else.
Before the arrest, the detective told me he would be placing a call to him to let him know about the charges being filed against him.
Can you imagine? He’s been living his life for the past 6 months thinking he got away with this crime scot-free, only to get a call from the DA telling him of the charges.
So what did he have to say for himself?
Of course, he initially denied it. Then when the detective said he had his bank records and could see the transfers, he blamed identity theft.
I’ve yet to hear about a case of identity theft where they put money into your bank account.
Sign me up for that one!
As of January 11th, 2020, he pleaded guilty to theft and digital cybercrime. He got 3 years probation given that it was the first thing on his record.
I appeared live in a virtual court. The judge commented, “You’re not going to jail because this is your first offense, but boy you started big”.
And that’s the story of how we discovered the embezzlement and held the criminal responsible.
However like I said before, there were many ways that we slipped up internally that allowed this theft to happen — the important thing is that we learn these lessons so it doesn’t happen again.
Since this has happened to me I’ve heard from quite a few business owners who have faced similar situations.
Hit me up on Twitter ! I’d love to know your thoughts on whether I should’ve publicly talked about this or not. Also, I’d like to know if you’ve heard of similar stories or have experienced this yourself.
Become a subscriber receive the latest updates in your inbox.