Blog

FraudCast Blog

rss

Pondera FraudCast

Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.

Analytics are more than Numbers and Stats – It’s About People by Tammy Marple, VP - Special Investigations Unit

Analytics are more than Numbers and Stats – It’s About People by Tammy Marple, VP - Special Investigations Unit

During my time as a fraud analyst, I realized that my work was so much more than just numbers and statistics. I worked in State Government for many years and a few years ago, my manager asked me to conduct a study on Opioids. I lived that assignment for 18 months.

After the Opioid study was completed, I traveled the state and shared what I had learned with our regulatory and law enforcement partners. That assignment really stuck with me. The overall impact of the Opioid epidemic on healthcare costs, society, and the family unit is devastating. It is a sad truth when we can say “everyone knows someone addicted to these types of drugs,” regardless of how they got there. An even worse reality is the impact on the family as a whole: newborn babies born addicted to drugs, children being raised by their grandparents or in foster care because the parents are either dead or in jail as a result of their addiction and drug diversion activities, and families living with the daily possibility of overdose.

One of the most eye-opening documentaries regarding this epidemic was created by Vanguard and is titled “The OxyContin Express.” Although the video is many years old, the story it tells is still very real today and it is no longer just a Florida issue. I often suggest that our interns and new employees in Pondera’s Special Investigations Unit watch the video. It explains drug diversion schemes from drug seeking patients to the cash operations of those that prescribe the drugs, as well as the overall human element. It’s been years since I conducted the study on Opioids, and yet Opioid abuse is still on the rise and growing fast with the introduction of illicitly manufactured fentanyl.

An in-depth analysis conducted in 2016 by the Centers for Disease Control and Prevention (CDC), stated that drug overdose deaths were spreading not only geographically but also across demographic groups. Listed below are some of the stats from the CDC analysis:

• Drug overdoses killed 63,632 Americans in 2016.
• Nearly two-thirds of these deaths (66%) involved a prescription or illicit opioid.
• Overdose deaths increased in all categories of drugs examined for men and women, people ages 15 and older, all races and ethnicities, and across all levels of urbanization.
• CDC’s new analysis confirms that recent increases in drug overdose deaths are driven by continued sharp increases in deaths involving synthetic opioids other than methadone, such as illicitly manufactured fentanyl (IMF).

Pondera’s technology can identify these areas of risk in a variety of programs. This is the reason behind what we do to make a difference and potentially effect change for the better. Certainly, our goal is to detect fraud, waste, and abuse in government programs, but it really does come down to people. Sure, technology is always a cool thought when it comes to smart phones, cars that drive themselves, video games, and other advancements, but technology can also be used to detect certain behaviors within large data sets and identify highly suspect activities, patterns, or hot spots of concern. Pondera leverages technology to identify suspect activity and protect vulnerable populations within a program to make a significant difference, not only from a government budget point of view but also in the lives of our fellow citizens.

Cited Sources
Van Zeller, Mariana. “The OxyContin Express.” YouTube, Current TV - Vanguard, 19 October 2009, https://www.youtube.com/watch?v=wGZEvXNqzkM

Researchers for the Centers for Disease Control and Prevention (CDC). “U.S. Drug Overdose Deaths Continue to Rise; Increase Fueled by Synthetic Opioids.” www.cdc.gov, 29 March 2018, https://www.cdc.gov/media/releases/2018/p0329-drug-overdose-deaths.html
Cigarette Fraud

Cigarette Fraud

Last week we wrote about charges being brought against a group of alleged fraudsters in California that were trucking thousands of cans and bottles into California to collect the state’s recycling refunds. This week, just so no one feels left out, we’re bringing you a story from the East Coast that deals with cigarette fraud. That’s right… cigarette fraud.

As you probably already know, the price of cigarettes varies dramatically from state to state because of the taxes imposed by each state government. For example, in Virginia, where the state has an excise tax of only $0.17 per pack, the average price for a pack of cigarettes is $5.25. New York, on the other hand, adds taxes of $4.35 per pack helping to drive the average price per pack to $12.85. That’s a difference per pack of $7.60.

So what does an enterprising fraudster do? Buy cigarettes in Virginia and sell them in New York of course. This is illegal but it apparently didn’t prevent a 26 year old man from driving through Pennsylvania with 7,750 packs of cigarettes purchased in Virginia. That’s over 150,000 individual cigarettes so likely not just for his personal use. That might explain why the Pennsylvania state trooper who pulled him over said the driver was “very nervous, shaking and avoiding eye contact with me at all cost.”

The man is now free on bail but facing felony charges. I guess you never know what’s in the truck you pass on the freeway. Last week it was aluminum cans and plastic bottles. This week it’s thousands of cartons of cigarettes. Next week?
How to Steal $80 million Five Cents at a Time

How to Steal $80 million Five Cents at a Time

Last week, in the realm of “are there any government programs fraudsters won’t steal from”, California officials announced charges against five people who were ripping off the state’s recycling program.

Four defendants are accused of accepting recyclable cans from other states, faking the paperwork, and then billing the state for refunds on the 5- or 10-cent “deposits” that Californians pay when they buy beverages in the state. Of course, Californians can redeem the cans themselves, but I’m just guessing that not many do.

Incredibly, the total amount of the containers added up to $80.3 million. And, even more incredibly, this is not an isolated case. In 2015, for example, a California jury indicted another group of fraudsters for trucking over 200 million bottles and cans into California to collect $14 million in refunds.

A quick check of the California Attorney General’s website reveals that the state does indeed have a Recycle Fraud Program with the objective to “detect and stop existing fraud by organized criminal groups against the recycling fund and to deter future fraud through the successful prosecution of criminal activity.”

In many ways, this simply serves as more proof that even the most well-intentioned programs are subject to fraud and criminal abuse. When even 10-cent transactions are targeted, it should concern everyone about what’s occurring in larger government programs.
How Fraudsters Stole Money from Venmo Users

How Fraudsters Stole Money from Venmo Users

In yet another example of the creativity of fraudsters exploiting security flaws in commonly used services, the Federal Trade Commission recently announced a settlement with Venmo, the popular money exchange service. The charges, filed in 2016, include some surprisingly basic security flaws in Venmo, which boasts of “bank-grade security”.

One major problem was found in Venmo’s cash reconciliation process. It would notify users that money had been deposited in their accounts when, in reality, many of the transactions were still under review. This allowed fraudsters to “purchase” and receive products before their payments were validated. Sellers, assuming that cash had been received, would ship the product and then find themselves without an actual payment. One scammer used this technique over several years to steal over $125,000 before being discovered.

In addition to this security flaw, federal regulators also noted that Venmo neglected to notify users of username and password changes or when new devices were added to their accounts. This allowed hackers to hijack accounts without any warnings to the actual account owners.

While the FTC’s settlement does not include any cash damages, it is likely that Venmo will face a slew of upcoming lawsuits. Beyond this, Venmo’s issues are particularly concerning to consumers. We often assume a certain level of security and common-sense practices when we use well-known applications and services. Clearly, we should all be concerned about trusting our money and identities with any company—regardless of how safe it appears to be.
City of Atlanta Victimized by Ransomware

City of Atlanta Victimized by Ransomware

Imagine walking in to work and being handed a printed out note instructing you to not turn on your computer because of a ransomware attack. Then imagine that you are instructed to monitor your personal bank accounts because your employer is unsure exactly what information has been compromised. For city employees in Atlanta, they don’t have to imagine. They are living this nightmare after the city was hit last week by SamSam Ransomware.

The city is working with federal law enforcement after the hackers demanded a $51,000 payment to turn control of the computers back to the city. And Hartsfield-Jackson Airport, one of the busiest airports in the world, turned off their WiFi out of “an abundance of caution”.

Ransomware, which is malicious computer code that often enters networks after users click on a link in a phishing email, is the most “popular” form of malware. In effect, it renders your data unusable until you pay a ransom to reclaim it. In 2017, a business was attacked every 40 seconds and individuals were attacked every 10 seconds by ransomware, according to Kapersky Security. A recent IBM study concluded that 70% of businesses have been hit by ransomware with half paying more than $10,000 to regain their data.

Despite recent prosecutions (for example, a Russian judge sentenced the criminals behind the Blackhole malware to up to eight years in prison), it is still extremely difficult to locate and prosecute the hackers because many of them operate from overseas. And now, even novice computer users can get in on the scam via Ransomware as a Service sites on the dark web. These sites allow you to configure and run your own ransomware campaigns without having to be an expert coder.

This combination of high success rates, easy access to ransomware code, and difficulty with prosecutions means that ransomware attacks are only going to increase. As employers and as individuals, it’s critical that we remain vigilant or we’re all going to end up victims.
Ambulette Fraud

Ambulette Fraud

“Ambulette” is a term to describe the vans and cars that transport Medicaid patients to non-emergency appointments. Despite the presence of ambulettes, millions of Americans continue to miss medical appointments each year because of transportation problems. One possible answer to this problem? Rideshare companies like Uber and Lyft who sign agreements with hospitals and medical groups.

In my opinion, however, rideshare companies should proceed with caution. Fraud is rampant in Non-Emergency Medical Transportation (NEMT) and the under-the-table cash temptations may prove too strong for some drivers to ignore. Kickback schemes, billing for rides never actually given, illegal referrals, and providing rides to deceased patients are common NEMT fraud schemes.

The Centers for Medicare and Medicaid Services (CMS) recently gave a presentation on NEMT compliance and reporting requirements (which are the responsibility of the rideshare companies) and common fraud schemes. In one, a Medicare beneficiary drove patients to dialysis appointments but also provided the medical IDs to an ambulance company so they could bill as well. In another, a parent was jailed 30 days for billing Medicaid for trips for her child’s treatments. Although the parent was authorized to transport her child, the trips never actually took place.

It’s not easy for ridesharing companies to monitor their drivers’ behaviors, especially because of the flexible driver contracts and work hours. Combine this with NEMT fraud fines that often run into the hundreds of thousands of dollars and it is clear that rideshare companies may be opening themselves up to some serious problems.
An “Amazing” Contributor to the Nation’s Opioid Crisis

An “Amazing” Contributor to the Nation’s Opioid Crisis

The Sacramento Bee, my local newspaper, reported this week on an area doctor, a seemingly successful cardiologist and graduate of Northwestern’s medical school, who plead guilty and was sentenced to 52 months for illegally prescribing opioids.

After reading about Doctor Capos’s crimes, 52 months seems grossly inadequate. The sentencing judge agreed, despite acknowledging the doctor’s cooperation, stating that "It's probably giving you a break more than you deserve at this time."

The sheer volume of Capos’s crimes are alarming. In one case, he prescribed 2,640 hydrocodone pills to a single patient in 28 days. This would have required the patient to take 98 doses per day. Of course, what likely happened is that the pills were sold on the street to addicts and future addicts—some undoubtedly to our young people.

The judge called his actions an “amazing” contribution to the opioid crisis. Yet a quick look at average sentences for drug dealers reveals that convicted methamphetamine dealers average 87 months in prison. Heroin dealers average 63 months. While this “amazing” opioid dealer only received 52 months.

It seems to me that the time for talking about the opioid crisis has passed. It’s time for action and one place to start would be tougher sentencing laws on the greedy fraudsters who push these drugs into our neighborhoods.
How Startups Benefit Government

How Startups Benefit Government

What a delight it was to read a commentary in Government Technology magazine by Rebecca Woodbury, a Senior Management Analyst with the city of San Rafael, California. In the article, Rebecca recounts her experiences working with technology startups and the benefits to the city of moving beyond a small set of traditional providers.

Rebecca argues that startups offer “simple and intuitive interfaces, don’t require costly implementation fees or long-term contracts, embody the spirit of continuous improvement, and have their eyes keenly on the future.” She goes on to state that these benefits are far more important than “the number of years a company has existed or the number of clients they have.” And she even provides ways to mitigate the risks associated with startups such as avoiding long term contracts.

Right on Rebecca! While Pondera is no longer considered a startup and we can meet the stringent financial and customer qualification requirements in public sector bids, we work hard to hold on to the EXACT list of benefits Rebecca articulated. And when Pondera was a startup, we counted on people recognizing those benefits. That’s why we would get so frustrated when we would read RFPs that asked for “innovative solutions” but required that they be implemented for at least five years! In the age of cloud computing and Agile development, the gap between business needs and archaic procurement policies has grown into a gaping canyon.

So, at the risk of inviting competitors into our market, I applaud Rebecca’s efforts and those of similar public servants who recognize that nimble, innovative startups offer compelling alternatives to large, established IT companies. I also know that competition makes all companies better. In the end, isn’t that what government wants in its partners?
Nigerian Email Fraud

Nigerian Email Fraud

In December, a 67-year-old Louisiana man was charged with 269 counts of money laundering for serving as a middle man in a Nigerian Internet scam. These scams, which everyone with an email account has encountered, promise large sums of money from inheritance or from a “prince” trying to leave the country in exchange for your financial information. Typically, they then require you to send money to release the funds and the operation continues to run into obstacles for which more money is required.

When I receive these emails, I’m always struck by just how ridiculous the stories are. They are so obviously fake that only the most naïve would lend them any credence. Given the sophistication of some of the fraudsters we combat at Pondera, I’ve always wondered why these clearly unsophisticated scammers can’t put out more believable emails.

After a bit of research on the subject, it turns out I’m the unsophisticated one. In fact, Microsoft Researcher Cormac Herley wrote a thought-provoking paper on the Nigerian Scams that concludes in part “By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.” So, like any good salesperson would do, the scammers are essentially feeding only the best leads into their pipeline and eliminating the poor leads early in the process so they don’t waste time pursuing them.

Pretty brilliant actually, if you’re in to despicable crimes. And the results show it. The FBI’s Crime Complaint Center says that over the past five years it has received an average of 280,000 complaints and, more importantly, it estimates that victims have lost over $4.6 billion in that time. In the most extreme cases, victims were lured to Nigeria, held against their will, and extorted for additional money.

If you’re interested in reading more about this, check out Mr. Herley’s paper at the link below:

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf
Skimmer Fraud

Skimmer Fraud

I read with great interest a recent article about card skimmers that were found at “The Stop and Shop” gas station where I often fill up my tank. While they were discovered relatively quickly, more than a dozen customers were scammed. Several of them had their entire bank accounts wiped out.

Skimmers, for those of you that are not aware, are malicious card readers that take data from your credit or debit card’s magnetic stripe. The data is stored on a drive where it is stolen, requiring the fraudsters to return to pick up the data files. They can then clone your card or just steal directly from your accounts. What makes them so effective is that the skimmers don’t interfere in the actual transaction, making you think that you’re just filling up your tank like you have hundreds of times before.

Turns out that skimmers are growing both in popularity and sophistication. Through the first half of last year alone, skimmer use grew 21% which was on top of high growth rates the year before. In Florida, authorities found 315 skimmers during this time period, triple the number found in the same period the previous year. Considering that 29 million people use credit or debit cards to pay for gas every day, this is certainly a rich target market for fraudsters.

To take advantage of this opportunity, fraudsters continue to improve the skimming devices. They are now almost undetectable by the average citizen. So what do we do to keep our information safe? Authorities suggest visually scanning the card readers for anything unusual, tugging on the reader to see if it is loose, and checking for forced entry into the pump itself. There are even smartphone applications that use Bluetooth to help discover skimmers. Of course, you can also simply pay the attendant for your gas.

This is just one more case of honest people being inconvenienced, at best, or ripped off, at worst, by tech-savvy fraudsters. And because the use of skimmers is sure to increase over the next several years, we all may want to think twice about “paying at the pump”.

Newsletter

Interested in viewing a live demonstration? Enter your email below and a member of our Sales Team will contact you to schedule a demo.

Email:

About Our Company

Pondera leverages advanced prediction algorithms and the power of cloud computing to combat fraud, waste, and abuse in government programs.



Get in touch

  • Sacramento Address: 80 Blue Ravine Road, Suite 250, Folsom, CA 95630

  • Phone: (916) 389-7800

  • Email: info@ponderasolutions.com