Blog

FraudCast Blog

rss

Pondera FraudCast

Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.

Cigarette Fraud

Cigarette Fraud

Last week we wrote about charges being brought against a group of alleged fraudsters in California that were trucking thousands of cans and bottles into California to collect the state’s recycling refunds. This week, just so no one feels left out, we’re bringing you a story from the East Coast that deals with cigarette fraud. That’s right… cigarette fraud.

As you probably already know, the price of cigarettes varies dramatically from state to state because of the taxes imposed by each state government. For example, in Virginia, where the state has an excise tax of only $0.17 per pack, the average price for a pack of cigarettes is $5.25. New York, on the other hand, adds taxes of $4.35 per pack helping to drive the average price per pack to $12.85. That’s a difference per pack of $7.60.

So what does an enterprising fraudster do? Buy cigarettes in Virginia and sell them in New York of course. This is illegal but it apparently didn’t prevent a 26 year old man from driving through Pennsylvania with 7,750 packs of cigarettes purchased in Virginia. That’s over 150,000 individual cigarettes so likely not just for his personal use. That might explain why the Pennsylvania state trooper who pulled him over said the driver was “very nervous, shaking and avoiding eye contact with me at all cost.”

The man is now free on bail but facing felony charges. I guess you never know what’s in the truck you pass on the freeway. Last week it was aluminum cans and plastic bottles. This week it’s thousands of cartons of cigarettes. Next week?
How to Steal $80 million Five Cents at a Time

How to Steal $80 million Five Cents at a Time

Last week, in the realm of “are there any government programs fraudsters won’t steal from”, California officials announced charges against five people who were ripping off the state’s recycling program.

Four defendants are accused of accepting recyclable cans from other states, faking the paperwork, and then billing the state for refunds on the 5- or 10-cent “deposits” that Californians pay when they buy beverages in the state. Of course, Californians can redeem the cans themselves, but I’m just guessing that not many do.

Incredibly, the total amount of the containers added up to $80.3 million. And, even more incredibly, this is not an isolated case. In 2015, for example, a California jury indicted another group of fraudsters for trucking over 200 million bottles and cans into California to collect $14 million in refunds.

A quick check of the California Attorney General’s website reveals that the state does indeed have a Recycle Fraud Program with the objective to “detect and stop existing fraud by organized criminal groups against the recycling fund and to deter future fraud through the successful prosecution of criminal activity.”

In many ways, this simply serves as more proof that even the most well-intentioned programs are subject to fraud and criminal abuse. When even 10-cent transactions are targeted, it should concern everyone about what’s occurring in larger government programs.
How Fraudsters Stole Money from Venmo Users

How Fraudsters Stole Money from Venmo Users

In yet another example of the creativity of fraudsters exploiting security flaws in commonly used services, the Federal Trade Commission recently announced a settlement with Venmo, the popular money exchange service. The charges, filed in 2016, include some surprisingly basic security flaws in Venmo, which boasts of “bank-grade security”.

One major problem was found in Venmo’s cash reconciliation process. It would notify users that money had been deposited in their accounts when, in reality, many of the transactions were still under review. This allowed fraudsters to “purchase” and receive products before their payments were validated. Sellers, assuming that cash had been received, would ship the product and then find themselves without an actual payment. One scammer used this technique over several years to steal over $125,000 before being discovered.

In addition to this security flaw, federal regulators also noted that Venmo neglected to notify users of username and password changes or when new devices were added to their accounts. This allowed hackers to hijack accounts without any warnings to the actual account owners.

While the FTC’s settlement does not include any cash damages, it is likely that Venmo will face a slew of upcoming lawsuits. Beyond this, Venmo’s issues are particularly concerning to consumers. We often assume a certain level of security and common-sense practices when we use well-known applications and services. Clearly, we should all be concerned about trusting our money and identities with any company—regardless of how safe it appears to be.
City of Atlanta Victimized by Ransomware

City of Atlanta Victimized by Ransomware

Imagine walking in to work and being handed a printed out note instructing you to not turn on your computer because of a ransomware attack. Then imagine that you are instructed to monitor your personal bank accounts because your employer is unsure exactly what information has been compromised. For city employees in Atlanta, they don’t have to imagine. They are living this nightmare after the city was hit last week by SamSam Ransomware.

The city is working with federal law enforcement after the hackers demanded a $51,000 payment to turn control of the computers back to the city. And Hartsfield-Jackson Airport, one of the busiest airports in the world, turned off their WiFi out of “an abundance of caution”.

Ransomware, which is malicious computer code that often enters networks after users click on a link in a phishing email, is the most “popular” form of malware. In effect, it renders your data unusable until you pay a ransom to reclaim it. In 2017, a business was attacked every 40 seconds and individuals were attacked every 10 seconds by ransomware, according to Kapersky Security. A recent IBM study concluded that 70% of businesses have been hit by ransomware with half paying more than $10,000 to regain their data.

Despite recent prosecutions (for example, a Russian judge sentenced the criminals behind the Blackhole malware to up to eight years in prison), it is still extremely difficult to locate and prosecute the hackers because many of them operate from overseas. And now, even novice computer users can get in on the scam via Ransomware as a Service sites on the dark web. These sites allow you to configure and run your own ransomware campaigns without having to be an expert coder.

This combination of high success rates, easy access to ransomware code, and difficulty with prosecutions means that ransomware attacks are only going to increase. As employers and as individuals, it’s critical that we remain vigilant or we’re all going to end up victims.
Ambulette Fraud

Ambulette Fraud

“Ambulette” is a term to describe the vans and cars that transport Medicaid patients to non-emergency appointments. Despite the presence of ambulettes, millions of Americans continue to miss medical appointments each year because of transportation problems. One possible answer to this problem? Rideshare companies like Uber and Lyft who sign agreements with hospitals and medical groups.

In my opinion, however, rideshare companies should proceed with caution. Fraud is rampant in Non-Emergency Medical Transportation (NEMT) and the under-the-table cash temptations may prove too strong for some drivers to ignore. Kickback schemes, billing for rides never actually given, illegal referrals, and providing rides to deceased patients are common NEMT fraud schemes.

The Centers for Medicare and Medicaid Services (CMS) recently gave a presentation on NEMT compliance and reporting requirements (which are the responsibility of the rideshare companies) and common fraud schemes. In one, a Medicare beneficiary drove patients to dialysis appointments but also provided the medical IDs to an ambulance company so they could bill as well. In another, a parent was jailed 30 days for billing Medicaid for trips for her child’s treatments. Although the parent was authorized to transport her child, the trips never actually took place.

It’s not easy for ridesharing companies to monitor their drivers’ behaviors, especially because of the flexible driver contracts and work hours. Combine this with NEMT fraud fines that often run into the hundreds of thousands of dollars and it is clear that rideshare companies may be opening themselves up to some serious problems.
An “Amazing” Contributor to the Nation’s Opioid Crisis

An “Amazing” Contributor to the Nation’s Opioid Crisis

The Sacramento Bee, my local newspaper, reported this week on an area doctor, a seemingly successful cardiologist and graduate of Northwestern’s medical school, who plead guilty and was sentenced to 52 months for illegally prescribing opioids.

After reading about Doctor Capos’s crimes, 52 months seems grossly inadequate. The sentencing judge agreed, despite acknowledging the doctor’s cooperation, stating that "It's probably giving you a break more than you deserve at this time."

The sheer volume of Capos’s crimes are alarming. In one case, he prescribed 2,640 hydrocodone pills to a single patient in 28 days. This would have required the patient to take 98 doses per day. Of course, what likely happened is that the pills were sold on the street to addicts and future addicts—some undoubtedly to our young people.

The judge called his actions an “amazing” contribution to the opioid crisis. Yet a quick look at average sentences for drug dealers reveals that convicted methamphetamine dealers average 87 months in prison. Heroin dealers average 63 months. While this “amazing” opioid dealer only received 52 months.

It seems to me that the time for talking about the opioid crisis has passed. It’s time for action and one place to start would be tougher sentencing laws on the greedy fraudsters who push these drugs into our neighborhoods.
A New Way to Rip Off the Taxpayer

A New Way to Rip Off the Taxpayer

I often mention how “impressed” I am by the ingenuity of fraudsters and their ability to find new and creative ways to steal money. And now, with the country starting to pay attention to the opioid crisis, comes word of one of these fraud innovations. This time, fraud (and to be fair, often just massive waste) is found in the escalating number of urine tests being performed to detect opioids and other drugs in patients.

Kaiser Health News, with help from the Mayo Clinic, found billing for urine screens and related tests quadrupled from 2011 to 2014 to $8.5 billion a year. The federal government paid providers more for drug urine screens than they paid for the four most common types of cancer screens combined. $8.5 billion is more than the annual budget of the Environmental Protection Agency!

It’s easy to see how this could happen. In the cases of 50 less-than-scrupulous doctors who operate their own labs, Medicare paid over $1 million for drug tests at their pain management practices. 31 of these received over 80 percent of their Medicare payments from urine tests—in other words, less than 20 percent was for patient care!

Other labs have hired sales team that employ high-pressure tactics, telling doctors to order more tests to lower patients’ risks and to protect their practices against law enforcement or medical licensing board investigations. One labs sales manager earned $700,000 in salary and commissions, and the company later had to pay $256 million to settle claims with the justice department.

While some of the data in this blog post is over two years old, opioid prescriptions (and deaths) continue to climb—the latter at about 20 percent per year. Despite the government’s enforcement efforts, I assume that the urine test cash grab is also accelerating. It’s also safe to assume that when this scheme is shut down, the fraudsters will find another way to rip us off.
Jackpotting Comes to the U.S.

Jackpotting Comes to the U.S.

We’ve written several times about skimmers, devices that thieves place into gas pumps, ATMs, and other machines to steal personal and financial information from unsuspecting patrons. Now, it seems that a form of skimming, called “jackpotting” is making its way from Europe and Asia to the states.

The aptly named jackpotting, like skimming, uses a device inserted into ATM machines to take control of the CPU and dispense large amounts of cash to the fraudsters. The thieves often dress as ATM technicians and use an endoscope to view the inside of the machine and attach their system to the ATM. They can then control the system remotely and dispense as many as 120 bills per minute to “jackpotting mules” who collect the money.

The Secret Service is now issuing warnings about the spread of jackpotting, and organized criminal gangs are targeting stand-alone ATMs in pharmacies, big box retailers and drive-thru ATMs. And, of course, thanks to the anonymity of the dark web, criminals can easily purchase the software and equipment necessary to pull off the schemes.

While still in its infancy here in the states-- in a recent week there were six attacks that stole just over $1 million-- jackpotting is quickly establishing itself as one more fraud tactic that businesses and citizens will have to watch out for. The good news in this case is that the ATMs, when hacked, appear as out-of-order to consumers. At least we won’t insert our cards and we won’t lose our data. The bad news is that institutional losses often get passed to us in the form of higher fees and more complex processes. As usual, we all pay in the end.
How Startups Benefit Government

How Startups Benefit Government

What a delight it was to read a commentary in Government Technology magazine by Rebecca Woodbury, a Senior Management Analyst with the city of San Rafael, California. In the article, Rebecca recounts her experiences working with technology startups and the benefits to the city of moving beyond a small set of traditional providers.

Rebecca argues that startups offer “simple and intuitive interfaces, don’t require costly implementation fees or long-term contracts, embody the spirit of continuous improvement, and have their eyes keenly on the future.” She goes on to state that these benefits are far more important than “the number of years a company has existed or the number of clients they have.” And she even provides ways to mitigate the risks associated with startups such as avoiding long term contracts.

Right on Rebecca! While Pondera is no longer considered a startup and we can meet the stringent financial and customer qualification requirements in public sector bids, we work hard to hold on to the EXACT list of benefits Rebecca articulated. And when Pondera was a startup, we counted on people recognizing those benefits. That’s why we would get so frustrated when we would read RFPs that asked for “innovative solutions” but required that they be implemented for at least five years! In the age of cloud computing and Agile development, the gap between business needs and archaic procurement policies has grown into a gaping canyon.

So, at the risk of inviting competitors into our market, I applaud Rebecca’s efforts and those of similar public servants who recognize that nimble, innovative startups offer compelling alternatives to large, established IT companies. I also know that competition makes all companies better. In the end, isn’t that what government wants in its partners?
Nigerian Email Fraud

Nigerian Email Fraud

In December, a 67-year-old Louisiana man was charged with 269 counts of money laundering for serving as a middle man in a Nigerian Internet scam. These scams, which everyone with an email account has encountered, promise large sums of money from inheritance or from a “prince” trying to leave the country in exchange for your financial information. Typically, they then require you to send money to release the funds and the operation continues to run into obstacles for which more money is required.

When I receive these emails, I’m always struck by just how ridiculous the stories are. They are so obviously fake that only the most naïve would lend them any credence. Given the sophistication of some of the fraudsters we combat at Pondera, I’ve always wondered why these clearly unsophisticated scammers can’t put out more believable emails.

After a bit of research on the subject, it turns out I’m the unsophisticated one. In fact, Microsoft Researcher Cormac Herley wrote a thought-provoking paper on the Nigerian Scams that concludes in part “By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.” So, like any good salesperson would do, the scammers are essentially feeding only the best leads into their pipeline and eliminating the poor leads early in the process so they don’t waste time pursuing them.

Pretty brilliant actually, if you’re in to despicable crimes. And the results show it. The FBI’s Crime Complaint Center says that over the past five years it has received an average of 280,000 complaints and, more importantly, it estimates that victims have lost over $4.6 billion in that time. In the most extreme cases, victims were lured to Nigeria, held against their will, and extorted for additional money.

If you’re interested in reading more about this, check out Mr. Herley’s paper at the link below:

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WhyFromNigeria.pdf

Newsletter

Keep up on our always evolving product features and technology. Enter your e-mail and subscribe to our newsletter.

Email:

About Our Company

Pondera leverages advanced prediction algorithms and the power of cloud computing to combat fraud, waste, and abuse in government programs.



Get in touch

  • Sacramento Address: 80 Blue Ravine Road, Suite 250, Folsom, CA 95630

  • Phone: (916) 389-7800

  • Email: info@ponderasolutions.com