Featured article

5 most scandalous fraud cases of 2021

Each year always brings a fresh array of fraud-related scandals, and 2021 was no different. The massive theft of COVID-relief funds continued to play out, but other notable schemes hit the headlines. Here we list the most scandalous of the lot.



Enron. Bernie Madoff. 1MDB. Some frauds are so notorious they only need to be mentioned by name. Since 2018, the ACFE, along with the invaluable input of our Advisory Council, has selected the five most scandalous fraud stories of the year based on money lost, lives impacted and relevance to the anti-fraud profession. “Sadly, there are so many to choose from, it’s challenging to limit it just to five,” says ACFE President and CEO Bruce Dorris, J.D., CFE, CPA.

In 2021, a possible end to the COVID-19 pandemic was on the horizon with the introduction of the vaccine, but fraudsters weren’t quite finished bilking it for billions. For the second year in a row, our most scandalous fraud was connected to the pandemic, but there were other fraud stories this year that we believe will live on in infamy and serve as valuable case studies to fraud fighters for years to come. (See “5 most scandalous frauds of 2020,” by Hallie Ayres and Mason Wilder, CFE, Fraud Magazine, January/February 2021.)


01/COVID-19 unemployment insurance fraud is an international affair

They used bots or teams of low-wage workers to complete online forms and file phony unemployment claims in all 50 U.S. states. An international collection of fraudsters raked in billions in pandemic unemployment relief funds to commit what U.S. prosecutors say could be the biggest wave of fraud in U.S. history. The Office of Inspector General for the U.S. Department of Labor (DOL) estimates about $87 billion in fraudulent claims; some experts think losses could be in the hundreds of billions. (See “How Unemployment Insurance Fraud Exploded During the Pandemic,” by Cezary Podkul, ProPublica, July 26, 2021, and “ ‘Easy Money’: How international scam artists pulled off an epic theft of Covid benefits,” by Ken Dilanian, Kit Ramgopal and Chloe Atkins, NBC News, Aug. 15, 2021.)

In July, ProPublica published a staggering report revealing that organized crime in the U.S. and abroad was responsible for most U.S. COVID-19 unemployment insurance fraud. Fraudsters filed high volumes of online unemployment applications and obtained payments from multiple states, utilizing bots to automatically populate forms with stolen identities. Chinese and West African crime syndicates hired low-wage workers in various countries to input stolen data into unemployment portals. One U.S. state received claims from IP addresses in nearly 170 countries, according to the report.

Criminals on messaging apps such as Telegram shared tips on gaming online unemployment systems. They also exchanged stolen personally identifiable information (PII) and provided step-by-step instructions for filling out online applications without triggering anti-fraud software.

Many people only realized they were victimized after their payments ceased and their state’s labor department informed them a claim with their PII had been filed in another state. Tens of thousands of people experienced delays in receiving unemployment relief, and some were even victimized more than once, as multiple fraudsters used stolen PII many times.

Because of the urgency to get money to people, many states weren’t verifying information thoroughly. They relaxed rules for obtaining unemployment funds and expanded aid to contractors and gig workers who couldn’t readily confirm employer or income information. Further complicating the verification process was that fraudsters were using real PII from real people. Much of the PII fraudsters used in unemployment frauds came from past cyberattacks against corporations such as Experian, Yahoo, LinkedIn and Facebook.

Out-of-date online unemployment systems also heightened the most scandalous fraud of 2021. Many states were running their systems with obsolete software unable to withstand the surge of claims. Databases often froze or slowed, impeding unemployment departments’ abilities to cross-check information. According to NBC News, the DOL’s inspector general said that states failed to take basic measures to improve identity verification and that state workforce agencies weren’t sharing fraud data as required by federal regulators. (See “ ‘Easy Money’: How international scam artists pulled off an epic theft of Covid benefits.”) 

A hiring sign is displayed in a store window in Manhattan on Aug. 19, 2021, in New York City. (Photo by Spencer Platt/Getty Images)


02/U.S. DOJ targets massive telemedicine fraud

In September, the U.S. Department of Justice (DOJ) announced a six-week-long national health care enforcement action in which it arrested 138 people — including 42 doctors, nurses and other licensed health care professionals — for their alleged participation in schemes involving telemedicine, COVID-19-related health care fraud, illegal opioid distribution and substance-use treatment facilities. In total, the schemes resulted in more than $1.4 billion in losses. (See “Feds charge 138, including doctors, with $1.4 billion in health-care fraud involving telemedicine, Covid, opioids,” by Dan Mangan, CNBC, Sept. 17, 2021.)

Telemedicine schemes commanded significant attention because they involved the largest share of alleged losses — $1.1 billion — after 43 people were arrested for such offenses. Telemedicine, which is the use of communications technology for remote medical care, has grown in popularity in the last couple of years, especially as the pandemic spurred the U.S. government to relax Medicare requirements for its use.

But the convenience of telemedicine coupled with Medicare’s relaxed requirements have been a boon to unscrupulous health care providers, and the DOJ has increased its enforcement efforts in this area. (See “In Recent National Health Care Fraud Enforcement Action, Telemedicine Fraud Takes the Gold,” by Eva Gunaeskera and Renée Brooker, The National Law Review, Sept. 23, 2021.)

“Telehealth has significantly exacerbated the types of health care fraud we’ve seen over the past few decades. Headlines that shocked us 10 years ago are nothing compared to the losses we’re dealing with today. We simply haven’t been able to stay ahead of it,” says Jala Attia, CFE, president and founder of Integrity Advantage, a health care fraud, waste and abuse detection firm.

“Telehealth is here to stay. As health care anti-fraud professionals, we must focus efforts on collaboration and communication so that we can try and prevent billions more of fraudulent losses.”

In the 2021 telemedicine schemes, defendants allegedly got doctors and nurse practitioners to order unnecessary durable medical equipment (DME), diagnostic tests and pain medications with little to no patient interaction. In turn, DME companies, labs and pharmacies got illegal kickbacks and submitted false and fraudulent claims to Medicare. According to the DOJ, some health care professionals billed Medicare for telehealth consultations that didn’t occur as described, and proceeds of their schemes went to purchases of luxury cars, yachts and real estate. (See “National Health Care Enforcement Action Results in Charges Involving over $1.4 Billion in Alleged Losses,” DOJ, Sept. 17, 2021.)


03/ Colonial Pipeline and the year of ransomware

In the early morning hours of May 7, 2021, an employee in Colonial Pipeline’s control room discovered a ransom note from hackers demanding cryptocurrency in exchange for the decryption of the oil and gas firm’s data. The company quickly shut down its 5,500 miles of pipeline that transports 2.5 million barrels of fuel daily from Texas to New Jersey to contain the threat. Colonial Pipeline eventually paid the hackers nearly $5 million in bitcoin and resumed its operations five days later — but not before there were long lines at gas stations, higher fuel prices, and panic buying and hoarding of gasoline. (See “Hackers Breached Colonial Pipeline Using Compromised Password,” by William Turton and Kartikay Mehrota, Bloomberg, June 4, 2021.)

Wired described Colonial Pipeline’s ransomware attack as “one of the largest disruptions of American critical infrastructure by hackers in history.” (See “The Colonial Pipeline Hack Is a New Extreme for Ransomware,” by Andy Greenberg, Wired, May 8, 2021.)

The CEO of Colonial Pipeline, Joseph Blount, later testified before the U.S. Senate that hackers were able to get into his company’s system by logging into its VPN with a former employee’s password. (See “One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators,” by Stephanie Kelly and Jessica Resnick-Ault, Reuters, June 8, 2021.)

The Colonial Pipeline hack, which the FBI attributed to the Russia-linked cybercriminal group, DarkSide, was emblematic of a series of high-profile cyberattacks in 2021 that have drawn sharp warnings from experts on the vulnerability of industrial control systems and critical infrastructure. In May, the largest meat processor in the world, Brazil-based JBS, shut down operations of its U.S. and Australian plants for a day and paid an $11 million ransom to the Russian hacking group, REvil, to get its files decrypted. And in July, REvil struck again with a ransomware attack against Florida-based software firm, Kaseya, infecting as many as 1,500 small- to mid-sized businesses that used the company’s IT products. (See “No truce in cyberwars,” by Paul Kilby, Fraud Magazine, September/October 2021.)

Cyberattacks have increased in intensity, especially in the last year. SonicWall, a cyberthreat intelligence firm, reported a 148% increase in global ransomware attacks between July and September 2021 and recorded 495 million ransomware attacks, making 2021 the costliest year on record. According to SonicWall, there were 190.4 million ransomware attempts in the third quarter of 2021 alone in contrast to the 197.5 million total attempts in the first three quarters of 2020. (See “SonicWall: ‘The Year of Ransomware,’ Continues with Unprecedented Late-Summer Surge,” DARKReading, Nov. 1, 2021.)

The U.S. Treasury Department reported in October 2021 that American banks and financial institutions recorded almost $600 million in suspected ransomware payments during the first half of 2021 — more than the total for all of 2020. The department, along with the Office of Foreign Assets Control have guidance for organizations, requiring them to take more responsibility in preventing cyberattacks and avoid paying ransoms. (See “Treasury Reports $590M in Suspected Ransomware Payments,” PYMNTS, Oct. 15, 2021.)

“Attacks on industrial controls, infrastructure and global supply-chain firms combined with enforcement of civil penalties for ransomware payments clearly illustrate that organizations can no longer consider cybersecurity measures only ‘nice to have,’ ” says Ryan Duquette, CFE, a partner at security and risk consulting firm, RSM Canada.

Fuel holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021, in Woodbridge, New Jersey. (Photo by Michael M. Santiago/Getty Images)


04/The Vatican’s biggest trial

A failed real estate deal to turn a London Harrods department store warehouse into luxury apartments was the catalyst for what many are calling a landmark fraud case and the largest criminal trial to ever take place within the Vatican. Defendants include Italian financiers all the way up to a once-powerful cardinal in the Roman Catholic Church. (See “A Landmark Fraud And Corruption Trial Opens At The Vatican,” by Sylvia Poggioli, NPR, July 28, 2021.)

In July, the Vatican indicted 10 individuals and four companies on charges of embezzlement, money laundering, fraud and abuse of office for their involvement in the botched London investment, which cost the Vatican 350 million euros. Much of that money came from the pope’s charity funds known as Peter’s Pence. The indictments came after a two-year investigation by Vatican prosecutors. (See “Vatican Indicts Cardinal and 9 Others on Money Laundering and Fraud Charges,” by Elisabetta Povoledo, The New York Times, July 3, 2021.)

The trial opened the end of July in a hall in the Vatican Museums, which had been modified as a courtroom. The presiding judge is a former prosecutor who has dealt with the Mafia in Sicily. The case even prompted Pope Francis to change Vatican law so that cardinals and bishops in Rome can be tried by the Vatican’s lay criminal tribunal instead of only by their peers. (See “Cardinal denies financial crimes in biggest ever Vatican trial,” by Harriet Sherwood, The Guardian, July 27, 2021.)

The defendants, who have all denied the allegations against them, include:

  • Giovanni Angelo Becciu, a cardinal and former chief of staff of the Vatican’s Secretariat of State, which oversaw the real estate investment. Becciu was charged with embezzlement and abuse of office. He has also been accused of funneling money to businesses run by his brothers. The pope fired Becciu and stripped him of his responsibilities as cardinal in 2020 when reports of the financial mishaps surfaced. He can no longer vote in papal enclaves or run the saint-making office.
  • Two former top officials in the Vatican’s financial oversight unit.
  • Cardinal Becciu’s private secretary.
  • Italian brokers and bankers involved in the London deal and other transactions.
  • Two Swiss companies, one Slovenian company and a U.S. company.
  • Cecilia Marogna, who was hired by Becciu as a security consultant, is accused of embezzling 575,000 euros in Vatican funds meant to free Catholic hostages abroad. She allegedly used the money to buy designer handbags and clothing.

According to NPR, the trial is part of an effort by Pope Francis to increase transparency in the Vatican’s financial affairs after “decades of secrecy and scandals.” (See “A Landmark Fraud And Corruption Trial Opens At The Vatican.”)

In 2014, the Vatican’s Secretariat of State, which at the time was under Becciu’s watch, decided to invest an initial minority stake of 200 million euros in the London property operated by Italian businessman Raffaele Mincione. Becciu allegedly convinced his boss, Pietro Parolin, one of the pope’s top officials, to authorize the deal. Pope Francis was reportedly aware of the deal.

By 2018, the Vatican had lost money on the investment and wanted to get out of it. Gianluigi Torzi, a broker, helped arrange a payout to Mincione. However, prosecutors say that Torzi defrauded the Vatican by secretly restructuring 1,000 shares in the property’s holding company for full voting rights. Prosecutors accuse Torzi of extorting the Vatican for 15 million euros to get control of the building. (See “Get ready for biggest criminal trial in Vatican’s modern history,” Al Jazeera, July 26, 2021.)

Since the start of the trial, the judge has ordered prosecutors to give the defense more access to evidence and to question defendants who didn’t speak earlier in the trial. The judge adjourned the trial until Nov. 17, 2021. (See “Judge in Vatican corruption trial orders prosecution to share more evidence,” by Philip Pullella, Reuters, Oct. 6, 2021.)


05/Facebook faces allegations of securities fraud

Facebook Inc., now rebranded as Meta Platforms Inc., has courted its fair share of controversy of late, including allegations that it misled investors about the role its products play in a multitude of societal ills. And some experts think that brewing accusations of securities fraud could soon spell trouble for the company whose onetime motto was “Move fast and break things."

Before she left her job as a product manager at Facebook, Frances Haugen copied thousands of pages of internal research documents allegedly showing the behemoth social media company’s role in promoting hate speech and political violence and harming the mental health of teenagers. Haugen claimed that Facebook knows discord gets more engagement from users and thus chose profits over the safety of its roughly 2.9 billion active users. (See “Number of monthly active users worldwide as of 3rd quarter of 2021,” statista, October 2021.)

Haugen shared the documents with the U.S. Securities and Exchange Commission (SEC) and sought whistleblower protection from her former employer. Experts say the public attention combined with SEC Chair Gary Gensler’s priority to improve corporate disclosures could spur the regulator to act against Facebook. (See “Facebook is drawing a bipartisan backlash from Congress, but the SEC could deliver a tougher blow,” by Tory Newmeyer, The Washington Post, Oct. 8, 2021.)

In late October 2021, shareholders filed a lawsuit based on Haugen’s revelations, claiming Facebook and its senior executives misrepresented the company’s decisions to investors and made false statements that artificially inflated the market price of the company’s securities. (See “Shareholders sue Facebook following whistleblower revelations,” by Erika Williams, Courthouse News, Oct. 27, 2021.)

In November, Ohio’s Attorney General Dave Yost along with the state’s largest pension fund also sued the company, following the same line of reasoning. “Facebook in its own internal review said we’re not doing the things that we’re saying we’re doing publicly,” Yost was quoted saying. “And that is the ultimate definition I think of fraud: saying one thing and doing another.” (See “Facebook’s own words are the ‘ultimate definition of fraud,’ says Ohio attorney general,” by Alexis Keenan, yahoo!finance, Nov. 16, 2021.)

Haugen’s lawyers claim the documents show Facebook wasn’t honest with investors about its fear of losing younger users and its concerns about duplicate accounts created by individual users. For example, one Facebook study showed more accounts for young adults in the U.S. than actual people. (See “Facebook Faces a Public Relations Crisis. What About a Legal One?” by Cecilia Kang, The New York Times, Oct. 29, 2021.)

Laws have also been introduced in Congress that could weaken the company’s legal protections, and shareholders have filed a resolution to dilute CEO Mark Zuckerberg’s power. More trouble could be ahead. (See “Facebook to Meta: A new name but the same old problems,” by Queenie Wong, c/net, Oct. 30, 2021.)

Facebook whistleblower Frances Haugen testifies before lawmakers at the Russell Senate Office Building on Oct. 5, 2021, in Washington, DC. (Photo by Matt McClain/Getty Images)


Dishonorable mentions

There were many eye-popping fraud stories in 2021, but not all of them could make it into the top five. While these frauds weren’t selected as most scandalous, they’re still audacious enough for a mention.

Stung where it hurts

In June of 2021, U.S. law enforcement showed it too could dupe fraudsters and other criminals in a massive sting operation, dubbed Trojan Shield, which led to the arrest of more than 800 people associated with organized crime groups. Sixteen countries participated in the operation, which involved the FBI running a company that sold encrypted smartphones to criminals who used them to openly discuss specific details of criminal enterprises. Thus, law enforcement agencies across various countries intercepted more than 27 million communications, gaining valuable insight into criminal networks and how they launder illicit proceeds.

Along with the arrests, the investigation yielded seizures of illegal drugs, firearms and almost $50 million in cash.

Along with the arrests, the investigation yielded seizures of illegal drugs, firearms and almost $50 million in cash. Those arrested face charges related to drug trafficking, organized crime, money laundering and human trafficking. (See “The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I.,” by Yan Zhuang, Elian Peltier and Alan Feuer, The New York Times, June 8, 2021.)

A gut feeling

U.S. prosecutors deemed gut-testing startup uBiome full of it when they charged the company’s co-founders Jessica Richman and Zachary Apte with securities and health care fraud worth $60 million in March 2021. The now-bankrupt company, which offered DNA analysis of consumers’ stool samples for a better understanding of their digestive systems, also marketed its tests to private insurers providing employer-sponsored and Medicare coverage.

The former execs are accused of telling investors their company could perform reliable medical tests when it couldn’t, prompting comparisons to Theranos. In the alleged scheme, uBiome submitted fraudulent reimbursement claims for retests of samples, gave partial and misleading information to health care providers and manipulated dates of services to conceal uBiome’s testing and marketing practices. (See “Startup Sold DNA Kits to Test Poop. Prosecutors Say It’s a Fraud,” by Joel Rosenblatt, Bloomberg, March 18, 2021.)

Amateur hour for fraudsters

In July, a federal grand jury in New York indicted Trevor Milton, the billionaire founder of electric-and-hydrogen-powered truck company, Nikola, with securities and wire fraud. Milton, who often used his social media accounts to hype his product, allegedly sold investors on a fully functioning electric-powered truck that was anything but functional. A promotional video for a “prototype” featured a truck with a taped-on door that had been towed up and rolled down a hill to simulate a working vehicle. According to prosecutors, many of Nikola’s investors were novices who began trading on the stock market to supplement their income during the COVID-19 pandemic. Nikola was at one time valued at more than $12 billion. (See “Trevor Milton, founder of electric truck startup, Nikola, hit with securities fraud charges,” by Aaron Katersky and Catherine Thorbecke, ABC News, July 29, 2021.)

Jennifer Liebman is assistant editor of Fraud Magazine. Contact her at jliebman@ACFE.com.