In the wake of Covid-19, a parallel plague is spreading through the global economy like a wildfire in drought conditions:
The third week in November is International Fraud Awareness Week. This is also a moment when COVID-19 is surging anew throughout the United States. People are sick, small businesses are hurting, and fraud is spreading rapidly, depleting much-needed government and private resources, or diverting them from consumers who need them most.
A pandemic is defined as a disease “prevalent over a whole country or the world.” Per that definition, Covid-19 fraud, if you’ll allow me to consider it as a societal affliction, is itself a pandemic infecting the nation and the world in 2020 — and most likely, well beyond the year’s end.
Looking back at my last article introducing the fraud triangle, it’s clear that the global Covid-19 emergency has supplied all three elements of the triangle, to an unprecedented scale: First, the lack of internal controls provides the opportunity for fraud. Second, the pandemic has created the rationalization for fraud. Third, a desire for things of value in a time of need and shortages has created pressure to engage in fraud.
Having quickly covered the triangle, let’s discuss the frauds we’re seeing proliferate during the pandemic.
For ease of discussion, I’ve summarized them as one of five types (understanding that fraud is so diverse that it’s tough to fit its many iterations into a few narrow categories): consumer frauds; loan and federal program fraud; unemployment fraud; Medicaid, Medicare and health insurance fraud; and fraud squared. I’ll talk about each one in detail.
According to data from the Federal Trade Commission, Americans lost $160.75 million to COVID-19-related fraud in 2020 YTD. Check out the link; it puts the data in a great visualization software known as Tableau. The data is already one month old, so understand the losses are growing as I type.
Consumers have already reported over 119,000 fraud cases involving COVID-19 to the U.S. government. The losses were greatest for travel or vacation scams, amounting to $47.89 million. (I find this odd, as the last thing I want to do right now is travel. But apparently, there are lots of people trying to rent vacation home getaways.)
The second largest fraud represents something we’re all doing a lot these days: shopping online. OL scams have resulted in approximately $22.62 million in losses in 2020. Some scammers offer in-demand supplies like disinfectants or medical-grade masks, then take payment without ever completing the order.
Similarly, e-mail phishing scams netted $23.52 million from victims, many of which misled consumers into clicking links to apply for pandemic relief aid, to fill out bogus contact tracing forms, or to donate to nonexistent Covid relief charities.
Loan and Federal Program Fraud
This category of fraud, certainly the largest dollar amount of the pandemic, involves submitting false applications for loans or grants for emergency relief funds. The vast majority of those pandemic relief funds are being offered by commercial banks, acting on behalf of the U.S. Small Business Administration. Year to date, the SBA has funded over $1 trillion in emergency loans and grants in order to keep the lights on for many U.S.-based small businesses, whether for rent, health insurance costs, or payroll. The immediate need for these programs was obvious and stark: holding off an even deeper recession, as well as emergency pain relief for millions of workers and business owners facing job losses, business closures, and financial ruin. Unfortunately, that emergency-mode haste meant that the SBA failed to implement even the most basic internal controls over these emergency programs. With that failure, the federal government handed the opportunity side of the fraud triangle directly over to the fraudsters.
The SBA Office of Inspector General has now issued multiple reports, which you can read here, here, and here, in which Inspector General Hannibal “Mike” Ware identified serious concerns of potential and actual fraud, as well as substantial internal control deficiencies. Inspector General Ware was gracious enough to visit with us here at Pursuit Magazine to answer a Q&A, which you can read here. He also gave a guest virtual lecture to my students at Perdue School of Business on November 18, 2020.
Thus far, dozens of suspects have been charged with submitting hundreds of millions of dollars in fraudulent loan or grant applications. Funds received have been used for a variety of illegal purposes, including purchases of Lambos, Ferraris, Porsches, Benzes, yachts, mansions, diamond rings and bracelets, Rolexes, and the like.
Many of these suspects were easily identified by file review, or via their own ill-advised social media posts. Had appropriate internal controls existed, these types of fraud could have been prevented from the get-go. Luckily, the statute of limitations for bank fraud is 10 years, so these suspects have many years to look over their shoulders.
A recent U.S. Department of Labor Office of Inspector General audit report made clear that state unemployment agencies do not have sufficient internal controls to mitigate the deluge of fraudulent applications being received during the pandemic. Using stolen identities (see further below, fraud squared), cybercriminals have purloined approximately $8 billion that was earmarked for those who have lost their jobs during the pandemic. Labor-OIG estimates that as much as $26 billion could ultimately be lost to unemployment insurance fraud.
Medicaid, Medicare and Health Insurance Fraud
These types of health care fraud go from bad to worse, exploiting the twin plagues of anxiety and misinformation. In one variety of scam, unscrupulous health care providers take advantage of the unavailability of testing, or slow results, to offer testing to potential victims. The testing in this scam is real, but providers are requiring “assessments” or other workups that are not required, as part of the COVID-19 testing process. By up-selling unnecessary services, these providers have engaged in fraud against the entity ultimately paying for the unneeded tests, which is usually Medicare, state Medicaid, or health insurance companies, such as Blue Cross/Blue Shield.
Even worse, some providers are offering bogus tests, unproven treatments, or bogus preventative measures, in which victims are left not only defrauded, but incorrectly believing they are COVID-19 negative (or positive), or protected from illness, when they were in fact sold the equivalent of 2020 snake oil. Other scammers phish for data by promising compensation for participation in fake Covid-19 clinical trials. And the proliferation of telehealth during Covid-19 lockdowns has opened the door for this growing category of fraud as well.
Worst of all, some scammers offered people testing or treatment in a scheme to get the patient’s personal information for something else altogether — which leads to our discussion of Fraud Squared.
Fraud squared involves using one scam to commit another — in other words, lapping one fraud to the next. In my mind, these have been some of the most harmful frauds of the pandemic. The most prevalent is fraudulent health care providers obtaining private information from patients, ostensibly to submit billing for tests to insurance, Medicare or Medicaid. But the real purpose of the fraud is to commit identity theft.
We have all been to a new doctor or lab and willingly entrusted them with all manner of private information. By exploiting that trust, fraudsters obtain the keys to massive identity theft. Under this scheme, the real purpose has generally been to use the victims’ PII to then apply for fraudulent pandemic relief funds, credit cards, unemployment insurance, or other types of loans.
Several major news stories have revealed that employees at Wells Fargo and JP Morgan Chase may have fraudulently applyed for pandemic relief funds or loans. While the news stories report that the SBA-OIG and the banks have been tight-lipped, it is reasonable to expect that in some of these cases, the bank employees, who are regularly processing the pandemic relief funds for the SBA, may instead either re-direct the funds to themselves or use the PII they collect while processing applications to apply for different loans or programs using that customer’s PII. In any case, that’s what I expect to see as we learn more about these reports.
Fraud schemes are abundant during the pandemic. As professional investigators, in both the private and public sectors, we play a key role in responding to frauds on behalf of our clients — and in helping them assess the business risks of fraud and implement or improve internal controls.
For more information about Covid-19 fraud (and what to watch for), see:
About the author:
David P. Weber is a clinical assistant professor of accounting at the Perdue School of Business at Salisbury University. He is a certified fraud examiner, registered private investigator, and licensed attorney. He completed more than two decades of public service in 2013 as the Assistant Inspector General for Investigations at the U.S. Securities and Exchange Commission, the SEC’s Chief Investigator. He now teaches full time in Salisbury’s Fraud and Forensic Accounting Certificate Program, and leads a boutique law firm with an expertise in fraud examination and forensic consulting.