Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
It’s April, which every year brings more news about tax fraud scandals. The news this year, however, is even more disturbing than expected. IBM’s X-Force threat intelligence group released a report last week that showed a 6,000% increase in spam emails designed to steal information from W-2s and other tax documents. Last year, these criminals “earned” over $3 billion through similar scams. And if you were one of the victims, then you are already familiar with the hassles of having your return stolen or a completely false one filed using your identity.
The continuing use of the Dark Web is a major factor behind the acceleration in this form of cybercrime. Stolen identities that include tax information are currently fetching around $40 on illicit marketplaces. While this may not seem like much, it is extremely lucrative when a fishing scam succeeds at stealing thousands of identities. So lucrative, in fact, that would-be scammers can even visit the Dark Web to buy online tutorials on how to perpetrate tax fraud.
Popular scams this year include sending emails that appear to be sent from TurboTax and other tax preparation companies. The hope is that you respond because you use that tax service. So-called spearfishing scams are also targeting corporate human resource departments. They will often send an email to an HR manager, seemingly from a member of the company’s executive staff, requesting W-2 and other tax information on the company’s employees.
Cybercriminals will continue to hone their skills resulting in more convincing emails and websites. They will continue to take advantage of technologies that allow them to increase the number of outbound messages. And they will continue to learn and share new techniques on the Dark Web. This means that all of us, as businesses and as private citizens, need to step up our efforts to protect data. These days, it’s no longer just “a fool and his money” who are soon parted.
A recent arrest in New York City illustrates a common fraud method that Pondera has been talking about for years: falsifying an identity (of an individual or business) and using it across multiple states, or in this particular case, across multiple subsidy programs within a state.
In February of this year, the New York State Attorney announced the arrest of several individuals allegedly involved with a fraudulent medical supply company. The company’s owner operated under a false social security number and billed the State Medicaid system for an expensive nutritional formula required by patients with feeding tubes. In actuality, when they delivered the service at all, they dispensed lower-priced Pediasure to dramatically increase their profits—apparently ignoring the health consequences to the patient.
But, as is often the case with bad actors, they didn’t stop there. In addition to their fraudulently obtained Medicaid profits, the fraudsters also used their fake socials and claimed income of less than $800 per month in order to qualify for Welfare payments. This despite the fact their medical “business” incomes were over $180,000 per year. It would not surprise me to learn that these same people were operating in other subsidy programs or in neighboring states.
This is a disturbing, but somewhat logical, pattern that we see again and again. When someone goes to the trouble of creating a fake identity or business, they use it to generate as much income as possible. They “fly below the radar” of each individual program (or state) to avoid detection, but the fraud can be very lucrative in aggregate.
The obvious solution to this is increased cooperation and data sharing across programs within a state and across states. The federal government has made significant efforts to support data sharing including the List of Excluded Individuals and Entities (LEIE), the Death Master File, and the Prisoner Update Processing System (PUPS) which can help identify claims that are fraudulently made by ineligible, deceased, or incarcerated identities.
Our hope is that these efforts expand, including at the state level, where multiple agencies cooperate to identify cross-program fraud schemes. It is not enough to detect and then stop individual incidents of fraud. Many of these incidents are too small, when viewed as discrete occurrences, to warrant prosecution. Knowing this, enterprising fraudsters “sprinkle” their claims across multiple jurisdictions to avoid attention.
Unfortunately, as was the case in New York, even these smaller, distributed fraud efforts can have an impact on patient health. The good news is that New York detected and put an end to this incident. But we all know there are thousands of similar cases each year.
Remember back to last year when the IRS announced that cyber thieves stole personal data from 100,000 taxpayers? This sophisticated scheme accumulated personal data from other sites and used it to answer identity validation questions on the IRS web site to gain access to taxpayer accounts.
The 100,000 taxpayers affected? The IRS revised that number later in the year to 334,000 Last week they raised the number again to more than 700,000! Combine this with the high-profile hacks at Sony, Target, Anthem, and other organizations and one thing becomes very clear: bad actors are rapidly improving their identity theft methods.
In response, government agencies need to prepare for an onslaught of fraudulent tax returns, unemployment claims, Medicaid treatments, and other services. In 2015, the IRS paid out $5.8 billion in fraudulent returns. Several of Pondera’s clients also saw dramatic increases in “ghost” beneficiaries, often paired with fictitious businesses, set up solely to defraud government programs. 2016 promises to be even more problematic.
As program integrity experts, we have to recognize that we are moving into a new age of identity theft problems. We can log on to YouTube and watch a music video about Unemployment Insurance Fraud. CNN has run stories on street gangs trading liquor store holdups for benefits fraud. The barbarians are at the gate and it’s our responsibility to strengthen the defenses.