Preparing for a post-pandemic fraud landscape

The COVID-19 pandemic has created a host of public health crises — and unearthed more opportunities for fraud. Scammers and fraudsters are waiting in the wings to capitalize on lax controls and vulnerable public assistance programs. Here the authors cover ways to enrich and strengthen your organization’s fraud risk management program to reduce threats from bad actors and to help spot the red flags of criminal activity.

Russian mobsters, Chinese hackers and Nigerian scammers have found a common victim: pandemic aid organizations. In June, the FBI obtained a warrant to hunt through the Google accounts of Abedemi Rufai, a Nigerian state government official. According to an affidavit, they found “ingredients” for a massive cyberfraud scheme targeting U.S. government benefits, which included stolen bank, credit card and tax information, as well as emails showing dozens of false unemployment claims in seven states. Rufai was arrested in May at John F. Kennedy International Airport in New York as he prepared to fly first class back to Nigeria. His case offers a small window into how foreign criminals have fleeced the country’s COVID relief packages. (See “‘Easy money’: How international scam artists pulled off an epic theft of Covid benefits,” by Ken Dilanian, Kit Ramgopal and Chloe Atkins, NBC News, Aug. 15, 2021.)

According to the NBC News article, foreign entities have used stolen identities to plunder tens of billions of dollars in COVID relief benefits, spiriting the money overseas in a massive transfer of wealth from U.S. taxpayers. Jobless programs have been among the ripest targets for cybertheft. It’s still unclear how much of the federal government’s more than $900 billion in pandemic-related unemployment relief fraudsters have robbed. The Pandemic Response Accountability Committee (PRAC), one of several independent bodies created in the U.S. to oversee the emergency spending bills, estimates about $87 billion in pandemic-related unemployment payments will be fraudulent or improper by the time the program expires this year. But that’s the lower end of the $87 billion to $400 billion range that the NBC News article cites, with at least half of that amount going to foreign criminals. (See “Lessons Learned in Oversight of Pandemic Relief Funds,” PRAC, Aug. 31, 2021.)

Cases like Rufai’s highlight how the COVID-19 pandemic has produced both health-related and fraud-related threats. Organizations have had to modify work procedures to accommodate remote work and introduce contactless payments and new forms of customer, vendor and contractor interactions. This new activity has increased fraud risks by broadening the attack surface and hampering traditional anti-fraud controls. Older technology systems — which are often difficult, costly and time-consuming to modify — can limit government agencies struggling to address pandemic-related risks.

At the same time, the urgency of transferring aid money to the general populace has opened opportunities for fraudsters. The pandemic stimulus program modified the eligibility criteria to make benefits more accessible to an American public suffering from the economic fallout brought on by the pandemic. But tight timelines established by relief legislation forced some states to dramatically curtail or entirely circumvent traditional controls to distribute pandemic assistance funds as quickly as possible. The combination of fewer guardrails and more cash simply made benefit programs soft targets for organized crime rings and would-be fraud actors.

The focus on the lucrative and easier-to-target pandemic stimulus programs might explain why fraudsters have been less active in some of their traditional stomping grounds. Some banks and financial services companies, for instance, have reported a decrease in fraud attempts over the last several months. However, fraud actors are likely to start stealing again from more traditional targets once the robbing of funds from the Payroll Protection Program, unemployment assistance and other stimulus programs runs its course. And they’re expected to bring a legion of newly minted fraudsters who’ve learned their trade on the easy-to-scam relief packages that Congress has recently approved.

Respondents to the ACFE and Grant Thornton benchmarking survey report on fraud post-COVID only confirm such concerns. The report shows that 71% of respondent organizations believe that fraud will increase over the next year. (See The Next Normal: Preparing for a Post-Pandemic Fraud Landscape.)

Whenever there’s a major shift in a business or operations, it’s advisable to reevaluate your organization’s fraud risk management (FRM) program. While it’s important to respond to tactical needs in real time, it’s also useful to take a step back and strategically plan for the future of your FRM program. The COVID-19 pandemic has created an onslaught of new fraud activity during a time of significant operational change, so now’s the time to revisit your organization’s strategy and determine the changes you need to make.