Blog

FraudCast Blog

rss

Pondera FraudCast

Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.

Analytics are more than Numbers and Stats – It’s About People by Tammy Marple, VP - Special Investigations Unit

Analytics are more than Numbers and Stats – It’s About People by Tammy Marple, VP - Special Investigations Unit

During my time as a fraud analyst, I realized that my work was so much more than just numbers and statistics. I worked in State Government for many years and a few years ago, my manager asked me to conduct a study on Opioids. I lived that assignment for 18 months.

After the Opioid study was completed, I traveled the state and shared what I had learned with our regulatory and law enforcement partners. That assignment really stuck with me. The overall impact of the Opioid epidemic on healthcare costs, society, and the family unit is devastating. It is a sad truth when we can say “everyone knows someone addicted to these types of drugs,” regardless of how they got there. An even worse reality is the impact on the family as a whole: newborn babies born addicted to drugs, children being raised by their grandparents or in foster care because the parents are either dead or in jail as a result of their addiction and drug diversion activities, and families living with the daily possibility of overdose.

One of the most eye-opening documentaries regarding this epidemic was created by Vanguard and is titled “The OxyContin Express.” Although the video is many years old, the story it tells is still very real today and it is no longer just a Florida issue. I often suggest that our interns and new employees in Pondera’s Special Investigations Unit watch the video. It explains drug diversion schemes from drug seeking patients to the cash operations of those that prescribe the drugs, as well as the overall human element. It’s been years since I conducted the study on Opioids, and yet Opioid abuse is still on the rise and growing fast with the introduction of illicitly manufactured fentanyl.

An in-depth analysis conducted in 2016 by the Centers for Disease Control and Prevention (CDC), stated that drug overdose deaths were spreading not only geographically but also across demographic groups. Listed below are some of the stats from the CDC analysis:

• Drug overdoses killed 63,632 Americans in 2016.
• Nearly two-thirds of these deaths (66%) involved a prescription or illicit opioid.
• Overdose deaths increased in all categories of drugs examined for men and women, people ages 15 and older, all races and ethnicities, and across all levels of urbanization.
• CDC’s new analysis confirms that recent increases in drug overdose deaths are driven by continued sharp increases in deaths involving synthetic opioids other than methadone, such as illicitly manufactured fentanyl (IMF).

Pondera’s technology can identify these areas of risk in a variety of programs. This is the reason behind what we do to make a difference and potentially effect change for the better. Certainly, our goal is to detect fraud, waste, and abuse in government programs, but it really does come down to people. Sure, technology is always a cool thought when it comes to smart phones, cars that drive themselves, video games, and other advancements, but technology can also be used to detect certain behaviors within large data sets and identify highly suspect activities, patterns, or hot spots of concern. Pondera leverages technology to identify suspect activity and protect vulnerable populations within a program to make a significant difference, not only from a government budget point of view but also in the lives of our fellow citizens.

Cited Sources
Van Zeller, Mariana. “The OxyContin Express.” YouTube, Current TV - Vanguard, 19 October 2009, https://www.youtube.com/watch?v=wGZEvXNqzkM

Researchers for the Centers for Disease Control and Prevention (CDC). “U.S. Drug Overdose Deaths Continue to Rise; Increase Fueled by Synthetic Opioids.” www.cdc.gov, 29 March 2018, https://www.cdc.gov/media/releases/2018/p0329-drug-overdose-deaths.html
Cigarette Fraud

Cigarette Fraud

Last week we wrote about charges being brought against a group of alleged fraudsters in California that were trucking thousands of cans and bottles into California to collect the state’s recycling refunds. This week, just so no one feels left out, we’re bringing you a story from the East Coast that deals with cigarette fraud. That’s right… cigarette fraud.

As you probably already know, the price of cigarettes varies dramatically from state to state because of the taxes imposed by each state government. For example, in Virginia, where the state has an excise tax of only $0.17 per pack, the average price for a pack of cigarettes is $5.25. New York, on the other hand, adds taxes of $4.35 per pack helping to drive the average price per pack to $12.85. That’s a difference per pack of $7.60.

So what does an enterprising fraudster do? Buy cigarettes in Virginia and sell them in New York of course. This is illegal but it apparently didn’t prevent a 26 year old man from driving through Pennsylvania with 7,750 packs of cigarettes purchased in Virginia. That’s over 150,000 individual cigarettes so likely not just for his personal use. That might explain why the Pennsylvania state trooper who pulled him over said the driver was “very nervous, shaking and avoiding eye contact with me at all cost.”

The man is now free on bail but facing felony charges. I guess you never know what’s in the truck you pass on the freeway. Last week it was aluminum cans and plastic bottles. This week it’s thousands of cartons of cigarettes. Next week?
How to Steal $80 million Five Cents at a Time

How to Steal $80 million Five Cents at a Time

Last week, in the realm of “are there any government programs fraudsters won’t steal from”, California officials announced charges against five people who were ripping off the state’s recycling program.

Four defendants are accused of accepting recyclable cans from other states, faking the paperwork, and then billing the state for refunds on the 5- or 10-cent “deposits” that Californians pay when they buy beverages in the state. Of course, Californians can redeem the cans themselves, but I’m just guessing that not many do.

Incredibly, the total amount of the containers added up to $80.3 million. And, even more incredibly, this is not an isolated case. In 2015, for example, a California jury indicted another group of fraudsters for trucking over 200 million bottles and cans into California to collect $14 million in refunds.

A quick check of the California Attorney General’s website reveals that the state does indeed have a Recycle Fraud Program with the objective to “detect and stop existing fraud by organized criminal groups against the recycling fund and to deter future fraud through the successful prosecution of criminal activity.”

In many ways, this simply serves as more proof that even the most well-intentioned programs are subject to fraud and criminal abuse. When even 10-cent transactions are targeted, it should concern everyone about what’s occurring in larger government programs.
How Fraudsters Stole Money from Venmo Users

How Fraudsters Stole Money from Venmo Users

In yet another example of the creativity of fraudsters exploiting security flaws in commonly used services, the Federal Trade Commission recently announced a settlement with Venmo, the popular money exchange service. The charges, filed in 2016, include some surprisingly basic security flaws in Venmo, which boasts of “bank-grade security”.

One major problem was found in Venmo’s cash reconciliation process. It would notify users that money had been deposited in their accounts when, in reality, many of the transactions were still under review. This allowed fraudsters to “purchase” and receive products before their payments were validated. Sellers, assuming that cash had been received, would ship the product and then find themselves without an actual payment. One scammer used this technique over several years to steal over $125,000 before being discovered.

In addition to this security flaw, federal regulators also noted that Venmo neglected to notify users of username and password changes or when new devices were added to their accounts. This allowed hackers to hijack accounts without any warnings to the actual account owners.

While the FTC’s settlement does not include any cash damages, it is likely that Venmo will face a slew of upcoming lawsuits. Beyond this, Venmo’s issues are particularly concerning to consumers. We often assume a certain level of security and common-sense practices when we use well-known applications and services. Clearly, we should all be concerned about trusting our money and identities with any company—regardless of how safe it appears to be.
City of Atlanta Victimized by Ransomware

City of Atlanta Victimized by Ransomware

Imagine walking in to work and being handed a printed out note instructing you to not turn on your computer because of a ransomware attack. Then imagine that you are instructed to monitor your personal bank accounts because your employer is unsure exactly what information has been compromised. For city employees in Atlanta, they don’t have to imagine. They are living this nightmare after the city was hit last week by SamSam Ransomware.

The city is working with federal law enforcement after the hackers demanded a $51,000 payment to turn control of the computers back to the city. And Hartsfield-Jackson Airport, one of the busiest airports in the world, turned off their WiFi out of “an abundance of caution”.

Ransomware, which is malicious computer code that often enters networks after users click on a link in a phishing email, is the most “popular” form of malware. In effect, it renders your data unusable until you pay a ransom to reclaim it. In 2017, a business was attacked every 40 seconds and individuals were attacked every 10 seconds by ransomware, according to Kapersky Security. A recent IBM study concluded that 70% of businesses have been hit by ransomware with half paying more than $10,000 to regain their data.

Despite recent prosecutions (for example, a Russian judge sentenced the criminals behind the Blackhole malware to up to eight years in prison), it is still extremely difficult to locate and prosecute the hackers because many of them operate from overseas. And now, even novice computer users can get in on the scam via Ransomware as a Service sites on the dark web. These sites allow you to configure and run your own ransomware campaigns without having to be an expert coder.

This combination of high success rates, easy access to ransomware code, and difficulty with prosecutions means that ransomware attacks are only going to increase. As employers and as individuals, it’s critical that we remain vigilant or we’re all going to end up victims.
Ambulette Fraud

Ambulette Fraud

“Ambulette” is a term to describe the vans and cars that transport Medicaid patients to non-emergency appointments. Despite the presence of ambulettes, millions of Americans continue to miss medical appointments each year because of transportation problems. One possible answer to this problem? Rideshare companies like Uber and Lyft who sign agreements with hospitals and medical groups.

In my opinion, however, rideshare companies should proceed with caution. Fraud is rampant in Non-Emergency Medical Transportation (NEMT) and the under-the-table cash temptations may prove too strong for some drivers to ignore. Kickback schemes, billing for rides never actually given, illegal referrals, and providing rides to deceased patients are common NEMT fraud schemes.

The Centers for Medicare and Medicaid Services (CMS) recently gave a presentation on NEMT compliance and reporting requirements (which are the responsibility of the rideshare companies) and common fraud schemes. In one, a Medicare beneficiary drove patients to dialysis appointments but also provided the medical IDs to an ambulance company so they could bill as well. In another, a parent was jailed 30 days for billing Medicaid for trips for her child’s treatments. Although the parent was authorized to transport her child, the trips never actually took place.

It’s not easy for ridesharing companies to monitor their drivers’ behaviors, especially because of the flexible driver contracts and work hours. Combine this with NEMT fraud fines that often run into the hundreds of thousands of dollars and it is clear that rideshare companies may be opening themselves up to some serious problems.
A New Way to Rip Off the Taxpayer

A New Way to Rip Off the Taxpayer

I often mention how “impressed” I am by the ingenuity of fraudsters and their ability to find new and creative ways to steal money. And now, with the country starting to pay attention to the opioid crisis, comes word of one of these fraud innovations. This time, fraud (and to be fair, often just massive waste) is found in the escalating number of urine tests being performed to detect opioids and other drugs in patients.

Kaiser Health News, with help from the Mayo Clinic, found billing for urine screens and related tests quadrupled from 2011 to 2014 to $8.5 billion a year. The federal government paid providers more for drug urine screens than they paid for the four most common types of cancer screens combined. $8.5 billion is more than the annual budget of the Environmental Protection Agency!

It’s easy to see how this could happen. In the cases of 50 less-than-scrupulous doctors who operate their own labs, Medicare paid over $1 million for drug tests at their pain management practices. 31 of these received over 80 percent of their Medicare payments from urine tests—in other words, less than 20 percent was for patient care!

Other labs have hired sales team that employ high-pressure tactics, telling doctors to order more tests to lower patients’ risks and to protect their practices against law enforcement or medical licensing board investigations. One labs sales manager earned $700,000 in salary and commissions, and the company later had to pay $256 million to settle claims with the justice department.

While some of the data in this blog post is over two years old, opioid prescriptions (and deaths) continue to climb—the latter at about 20 percent per year. Despite the government’s enforcement efforts, I assume that the urine test cash grab is also accelerating. It’s also safe to assume that when this scheme is shut down, the fraudsters will find another way to rip us off.
Jackpotting Comes to the U.S.

Jackpotting Comes to the U.S.

We’ve written several times about skimmers, devices that thieves place into gas pumps, ATMs, and other machines to steal personal and financial information from unsuspecting patrons. Now, it seems that a form of skimming, called “jackpotting” is making its way from Europe and Asia to the states.

The aptly named jackpotting, like skimming, uses a device inserted into ATM machines to take control of the CPU and dispense large amounts of cash to the fraudsters. The thieves often dress as ATM technicians and use an endoscope to view the inside of the machine and attach their system to the ATM. They can then control the system remotely and dispense as many as 120 bills per minute to “jackpotting mules” who collect the money.

The Secret Service is now issuing warnings about the spread of jackpotting, and organized criminal gangs are targeting stand-alone ATMs in pharmacies, big box retailers and drive-thru ATMs. And, of course, thanks to the anonymity of the dark web, criminals can easily purchase the software and equipment necessary to pull off the schemes.

While still in its infancy here in the states-- in a recent week there were six attacks that stole just over $1 million-- jackpotting is quickly establishing itself as one more fraud tactic that businesses and citizens will have to watch out for. The good news in this case is that the ATMs, when hacked, appear as out-of-order to consumers. At least we won’t insert our cards and we won’t lose our data. The bad news is that institutional losses often get passed to us in the form of higher fees and more complex processes. As usual, we all pay in the end.
Skimmer Fraud

Skimmer Fraud

I read with great interest a recent article about card skimmers that were found at “The Stop and Shop” gas station where I often fill up my tank. While they were discovered relatively quickly, more than a dozen customers were scammed. Several of them had their entire bank accounts wiped out.

Skimmers, for those of you that are not aware, are malicious card readers that take data from your credit or debit card’s magnetic stripe. The data is stored on a drive where it is stolen, requiring the fraudsters to return to pick up the data files. They can then clone your card or just steal directly from your accounts. What makes them so effective is that the skimmers don’t interfere in the actual transaction, making you think that you’re just filling up your tank like you have hundreds of times before.

Turns out that skimmers are growing both in popularity and sophistication. Through the first half of last year alone, skimmer use grew 21% which was on top of high growth rates the year before. In Florida, authorities found 315 skimmers during this time period, triple the number found in the same period the previous year. Considering that 29 million people use credit or debit cards to pay for gas every day, this is certainly a rich target market for fraudsters.

To take advantage of this opportunity, fraudsters continue to improve the skimming devices. They are now almost undetectable by the average citizen. So what do we do to keep our information safe? Authorities suggest visually scanning the card readers for anything unusual, tugging on the reader to see if it is loose, and checking for forced entry into the pump itself. There are even smartphone applications that use Bluetooth to help discover skimmers. Of course, you can also simply pay the attendant for your gas.

This is just one more case of honest people being inconvenienced, at best, or ripped off, at worst, by tech-savvy fraudsters. And because the use of skimmers is sure to increase over the next several years, we all may want to think twice about “paying at the pump”.
Social Security Fraudster Captured in Honduras

Social Security Fraudster Captured in Honduras

Several months ago, we wrote a post about the self-proclaimed “Mr. Social Security”, Kentucky attorney Eric Conn, who fled prosecutors in the face of a 12-year prison sentence. Conn had concocted a scheme where he bribed a judge and a psychologist to defraud the Social Security Administration out of $550 million. The colorful Mr. Conn made flamboyant claims on television ads and attended events with “Conn’s Hotties” (his words, not mine) to drum up business.

After cutting off his electronic monitoring ankle device in June, Mr. Conn had been spotted in various locations around the western United States. Now, it appears his days on the lam have come to an end as Honduran authorities arrested him outside a Pizza Hut restaurant. U.S. authorities are now working to extradite him back to this country.

While Mr. Conn’s experience certainly contains elements of humor, Social Security Fraud is a serious subject. Recent estimates peg the annual amount at around $10 billion per year. About half of this is in Mr. Conn’s “specialty” area of retirement, survivors’ benefits, and disability insurance.

Newsletter

Interested in viewing a live demonstration? Enter your email below and a member of our Sales Team will contact you to schedule a demo.

Email:

About Our Company

Pondera leverages advanced prediction algorithms and the power of cloud computing to combat fraud, waste, and abuse in government programs.



Get in touch

  • Sacramento Address: 80 Blue Ravine Road, Suite 250, Folsom, CA 95630

  • Phone: (916) 389-7800

  • Email: info@ponderasolutions.com