The consulting firm noticed that catering services at a large vaccination event never took place on the dates and locations stated in the invoice, according to an article in The Oregonian. Before long, OHA realized that this was part of a bigger, more complex scam that Abedin had devised, involving stolen identities she used to open bank accounts and create a string of fake documents.
After launching an investigation in November last year, law enforcement uncovered a sham company called Leone Catering that Abedin had used to issue false invoices and garner payments that went to a fraudulent bank account. Over the course of last year, Abedin submitted 35 invoices for nonexistent events and ultimately deposited $1,492,846 into Leone Catering’s bank account, money that she then transferred to another account under the name of someone whose identity she stole, according to The Oregonian article.
Fortunately, the Oregon Department of Justice Criminal Division recovered a good chunk of the stolen funds — $1,485,899 — but by the time it had requested a warrant for Abedin’s arrest, she’d disappeared amid speculation that she’d left the country. (See “Former OHA Employee Indicted on 21 Criminal Counts for Embezzlement Scheme of COVID-19 Funds,” Oregon Department of Justice, April 20, 2022, and “She was supposed to help vaccinate Oregon; instead state worker embezzled $1.5 million in COVID funds, agents say,” by Ted Sickinger, The Oregonian/OregonLive, updated April 21, 2022.)
Abedin’s case is just one of many examples of billing fraud that has exploded in the wake of the COVID-19 pandemic, especially in the health care space. In April, the U.S. Department of Justice (DOJ) charged 21 people, including physicians and owners of medical businesses across the U.S., for their involvement in false-billing schemes connected to federally funded pandemic assistance programs that resulted in more than $149 million of losses. This came about a year after the DOJ charged 14 defendants for alleged false billing that took taxpayers for another $143 million.
In one such scheme, owners of a clinical laboratory in California were accused of falsely billing for more than $214 million in laboratory testing. They then laundered the money through shell companies in the U.S. and transferred the funds to foreign countries to carry out a buying spree of luxury goods and real estate. In two other cases, owners of medical clinics in New York and Maryland allegedly took personally identifiable information (PII) from patients who were tested for COVID at drive-through sites. They then used that PII to submit fraudulent claims for office visits that didn’t occur. (See “Justice Department Announces Nationwide Coordinated Law Enforcement Action to Combat Health Care-Related COVID-19 Fraud,” DOJ, April 20, 2022.)
Fraudsters have been quick to exploit the vulnerabilities brought about by the COVID-19 pandemic, especially the expanded use of remote technology to communicate with patients and laxer billing controls to ease access to health care. Regulators and government agencies are now scrutinizing the health care sector more closely and seeking ways to avoid what has been the egregious theft of taxpayer funds during this period. This includes a recommendation to proactively examine coding and billing practices. (See “COVID-19 Healthcare Enforcement Actions to Increase in 2022 and Beyond,” The National Law Review, April 15, 2022.)
Yet the health care sector is hardly unique in this sudden surge in billing fraud, which poses a threat to a whole range of industries in a variety of countries and for many of the same reasons. In April, for instance, Barclays warned that invoice scams were on the rise and now made up 55% of all money lost to fraud by small and medium-sized businesses in the U.K. Scams in this case involved fraudsters hacking real invoices or payment instructions sent by email from trusted vendors and then replicating them with the exception that payments went to their bank accounts. (See “Invoice fraud on the rise with average firm losing £2,100 as small businesses battle increasing costs,” by Samantha Downes, inews, April 6, 2022.)
Indeed, billing fraud comes under many guises. The FBI, for instance, cites a string of such scams that medical providers have perpetrated. These include submitting multiple bills for the same service (unbundling), billing for medical visits or supplies that never occurred (phantom billing) and billing for a more expensive service than the patient received (upcoding), to name a few. (See “Health Care Fraud,” FBI.) The false representation of an invoice may come in the form of a fictitious, duplicate, or inflated invoice or other obligation. And fraudsters wield a variety of tools to ensure their victims fall for all or parts of their invoicing schemes.
In its most basic form, billing fraud, which falls under the category of asset misappropriation, can be broadly defined as a fraudulent disbursement scheme in which a person causes their employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices or invoices for personal purchases, according to the ACFE’s Occupational Fraud 2022: Report to the Nations. (See ACFE.com/RTTN.)
Not only do these types of billing schemes pose significant risks as the most common type of asset misappropriation but they also cause the highest median loss — $100,000 — in this category, according to the report. Billing schemes are also some of the longest lasting in this category, typically taking place 18 months. And while median loss per month, or velocity, is comparatively low at $5,600 compared to $32,900 for financial statement fraud, these small amounts are often imperceptible. And that’s the scary part about billing fraud.
'Invoice and payment fraud attacks continue to leverage uncertainty during the pandemic to incite ‘audits’ and urging recipients to change banking details,' the report warned.
Those smaller concealable losses — combined with the trust businesses often place in their employees and the confidence they have in their internal controls — suggests a lot of billing fraud may be going under the radar. Indeed, organizations are arguably overly optimistic about how well their internal controls prevent fraud. According to a 2018 survey by insurance provider Hiscox, 97% of respondents expressed confidence that the anti-fraud controls they had in place would prevent future embezzlement. That’s concerning and suggests a lack of proper vigilance. (See “2018 Hiscox Embezzlement Study™: An Insider’s View of Employee Theft,” Hiscox.)
That confidence in controls has been shattered somewhat during the pandemic as illustrated by the most recent Report to the Nations, which found that the most common factor underlying occupational frauds was an absence of sufficient internal controls. Nearly 29% of victim organizations lacked adequate controls to prevent fraud from occurring, while another 20% of cases involved an override of existing internal controls.
Yet it isn’t just employees who commit billing fraud. The “who” behind the fraudulent sale of goods or services may be one person, a local organization, a criminal gang or a company. It pains many when they learn it’s a known supplier, vendor or contractor. If that isn’t enough, technology now helps fraudsters hide behind a virtual veil to disguise their identities.
Catching and preventing billing fraud is tough, but let’s take a step back and identify five reasons why such fraud occurs.
As illustrated by the cases presented at the beginning of this article, a rise in fraudulent activity during economic downturns and crisis is all too common. It happened during the 2007-2009 recession in the wake of the global financial crisis, and it happened again when the COVID-19 pandemic hit between 2020 and 2021. Both times fraudsters were quick to prey on people’s financial fears and changing circumstances to scam their victims. (See “Coronavirus scams, feeding off investor fears, mimic fraud from the 2008 financial crisis,” by Greg Iacurci, CNBC, March 21, 2020.)
And billing fraud was no exception. During the third quarter of 2020 near the height of the pandemic, business email compromise (BEC) attacks involving fraudsters trying to get paid through false invoices rose a whopping 155%, according to a report from email security company Abnormal Security. “Invoice and payment fraud attacks continue to leverage uncertainty during the pandemic to incite ‘audits’ and urging recipients to change banking details,” the report warned. “ … Invoice and payment fraud, both impersonating 3rd party supply chain vendors and internal employees will continue to be the biggest BEC threat to businesses.” (See “Quarterly BEC Report,” Abnormal Security, Q3 2020.)
Worries about another recession — and potentially another bout of fraudulent activity — are starting to loom again as the U.S. economy feels the fallout from Russia’s invasion of Ukraine and the Federal Reserve tightens monetary policy in response to inflation levels not seen since the early 1980s. And as the ACFE has shown, employees often pose the greatest threat to organizational resources during economic downturns. Its 2009 survey documented a 48.3% jump in employee embezzlement in 2008 — the same year the collapses of Bear Stearns and Lehman Brothers sparked the global financial crisis. (See Occupational Fraud: A Study of the Impact of an Economic Recession, ACFE, 2009.)
Experts give a variety of reasons for this uptick in fraud during economic hardship. Nils Preshaw, a litigator at law firm Kornfeld LLP, writes that one of the reasons for this phenomenon is “that middle management, often the first line of defense for detecting fraud, are quite often the first to be laid off during an economic slowdown.” (See “Why Fraud Increases During an Economic Recession,” by Nils Preshaw, AllyLaw, April 23, 2020.)
This is a plausible reason, but there are other related factors too. As companies downsize during a recession, employees become disgruntled because they must work more, leading to low morale and in turn creating possible rationalizations to defraud the company. (See “Understanding Fraud in Economic Downturns and Recessions,” by Lisa Majeau Gordon, CFE, MNP, May 13, 2020.)
There’s no new recipe to explain why this happens. But it may help to turn to Donald Cressey’s Fraud Triangle, or the Fraud Diamond, a concept developed by David T. Wolfe, the founder of Glasgow Forensic Group and Dana R. Hermanson, an accounting professor at Kennesaw State University. (See ACFE.com/fraud-triangle and “The Fraud Diamond: Considering the Four Elements of Fraud,” by David T. Wolfe and Dana R. Hermanson, Kennesaw State University, The CPA Journal, December 2004.)
Take Cressey’s first three elements, perceived unshareable financial need (often expanded to mean “pressure”), perceived opportunity and rationalization, but then add capability. Capability, according to Wolfe and Hermanson, refers to six traits: one’s role and position, the intelligence to exploit control gaps, an ego and confidence, the ability to coerce others to commit or cover up a fraud, a compelling liar and an ability to handle stressful situations. Take the disgruntled employee mentioned above and put them in middle management, and you have an individual who’s motivated and armed with the requisite knowledge of how to defraud the understaffed accounts payable department.
Now consider times of strong economic growth. During such periods, billing fraud can flourish too as invoice approvers tend to take their eyes off controls to stay focused on revenue and growth. Boom times often mean companies hire more contractors and vendors, and the sheer number of invoices may inundate the approvers, who often feel they only have time to give them a cursory glance. Fraudsters know this and are quick to take advantage of their victims’ inattentiveness.
Take the fraudster Evaldas Rimasauskas, a Lithuanian citizen who’s serving a five-year sentence for wire fraud. Between 2013 and 2015, a time of economic growth, Rimasauskas created a Latvian company called Quanta, the same name used by an Asian computer hardware company, which regularly conducted business with some well-known and sophisticated global firms. He then sent invoices with lookalike email addresses to employees, requesting wire payments for computer hardware and in turn siphoning millions of dollars into his own bank accounts. The victims were Facebook and Google, which were scammed for more than $120 million in the process. (See “Lithuanian Man Sentenced To 5 Years In Prison For Theft Of Over $120 Million In Fraudulent Business Email Compromise Scheme,” DOJ, Dec. 19, 2019, and “A Lithuanian man scammed Facebook and Google out of more than $120 million by sending them fake bills,” by Kelly McLaughlin, Insider, March 26, 2019.)
Every day we jump in and splash around the internet. We wade deeper to access the vast amounts of information and data through our phones, tablets and laptops to perform research, speak with peers, pay bills, download files and read articles for our fraud and forensic work. And we have increasingly done so since the pandemic has forced us to interact more and more online. World Bank data shows that in 2020, 60% of the world’s population were active internet users, up from 43% in 2016, and those numbers were much higher in advanced economies, such as the U.S and the U.K. where 91% and 95% of the population, respectively, used the internet. Social distancing and work-from-home policies have only accelerated the trend. According to the United Nation’s International Telecommunication Union (ITU), the number of people using the internet worldwide grew to 4.9 billion from 4.1 billion between 2021 and 2019 when COVID-19 sent everyone scurrying online. [See “Individuals using the Internet (% of population),” The World Bank, and “Facts and Figures 2021: 2.9 billion people still offline,” ITU, Nov. 29, 2021.]
While the internet is a wonderful tool and has become an essential part of our everyday lives, it’s also left companies and individuals vulnerable to a wide variety of scams. Everything from BEC attacks and phishing schemes associated with billing — like the ones mentioned above — to ransomware have increasingly been part of fraudsters’ toolkits. And crime, including fraud, on the internet is steadily rising. Last year, the FBI’s Internet Crime Complaint Center (IC3) received about 850,000 complaints from Americans, a record number and an increase of 7% from the prior year. (See “Internet Crime Report 2021,” IC3, and “Internet Fraud – Statistics and Facts for 2022,” InternetAdvisor.)
There’s a wealth of useful online information for CFEs — and fraudsters. Take, for instance, a June 2021 blog post from Centreviews.com, by Liang McIntosh-Yee, “The Ultimate Guide to Preventing Invoice Fraud.” It breaks down the who, what, when, where and how into a useful guide for fraud examiners. But just imagine how much the fraudsters are learning, too. (See “The Ultimate Guide to Preventing Invoice Fraud,” centreviews.)
Perpetrators can easily gain some familiarity with organizations’ internal controls by accessing online publications and guidelines designed to prevent the scams they’re preparing to pull. (See “Eye on Fraud – Vendor Fraud,” by Amy Yurish, AICPA FLS Fraud Task Force, Spring 2017.) So, do we take the drastic steps of limiting publications, guidelines and professional education to those with the CFE credential? That may not be realistic. But proprietary tools, solutions or procedures your organization is using to prevent invoice fraud should be kept in-house. Employees should remember to hold their cards close to their chests when it comes to this type of information.
Fraudsters use technology just like fraud fighters do, and sometimes in some very sophisticated ways. Remember the capability element of Wolfe’s and Hermanson’s Fraud Diamond? Fraudsters are smart.
Consider Artificial Intelligence (AI), which many experts herald as a crucial tool in the fight against fraudulent billing. (See “How AI Can Battle A Beast—Medical Insurance Fraud,” Forbes, Feb. 11, 2019.) These tools purport to analyze vast numbers of invoice transactions, group the findings in a meaningful way (to humans), and detect anomalies, all in real time. And not only that, but the tool also learns from its mistakes. So, as it encounters more data, the smarter it becomes. Unfortunately, the same AI technologies exist for the fraudsters, and they can use it to great effect.
Remember the 2019 cybercrime case in which fraudsters used AI to mimic the voice of a CEO to make a fraudulent transfer? The AI worked so well that the executive believed he was on the phone with his boss in Germany and was simply following directions to pay a supplier. He wasn’t, and the fraudsters managed to rob $243,000 through the scam. And fraudsters continue to use the technology to devastating effect. Most recently in 2020, a banker in Hong Kong was persuaded to transfer millions of dollars to a fraudster pretending to be the director of a company he knew. (See “A Voice Deepfake Was Used To Scam A CEO Out Of $243,000,” by Jesse Damiani, Forbes, Sept. 3, 2019, and “Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find,” by Thomas Brewster, Forbes, Oct. 14, 2021.)
Experts say that AI is starting to be used to “supercharge” spear-phishing attacks, including those involving fake invoices. It does this by going beyond the amateurish emails often sent by fraudsters to create true-to-life messages from what appear to be trusted contacts. This will require an equally sophisticated response and preventive measures from organizations that can no longer rely on standard email controls to prevent fraud. (See “How AI Will Supercharge Spear-Phishing,” The Edge, DarkReading, Oct. 21, 2020.)
In one case, an academic institution reverted to AI after a fraudster created a fake invoice from trusted supplier Siemens to rob it of $60,000 despite it having the standard protections required for emails. Once the organization adopted an AI system it was better able to track suspicious email activity and prevent invoice fraud. (“Darktrace email finds: Siemens impersonation costs an academic institution $60,000,” by Dan Fein, Darktrace Blog.)
This brings us to the fifth reason why billing fraud occurs: poor controls and a lack of proper oversight, especially when it comes to vendors. And it’s worth reminding ourselves of those 97% who expressed confidence that their anti-fraud controls would prevent future embezzlement. It’s important to have a vendor oversight program that prioritizes the risk of billing schemes among vendors, contractors, third parties and employees. Think of the vendor oversight program as a second set of eyes, and it begins with the request to onboard a vendor. This process typically involves background checks and providing a justification for using the vendor. Next, supply chain, legal, or vendor management will provide information to establish a contractual relationship. But something is missing.
Vendor vetting should be nestled in between the time an onboarding request is submitted and the contract is signed. Due diligence is an important part of this process as it determines — through a comprehensive, objective assessment — that the vendor exists, is financially stable, operates ethically and possesses a risk level in line with your organization’s policy. Imagine, for example, how many shell companies could be identified through due diligence.
Vendor oversight also includes audits and continuous monitoring. Designed to identify risk before signing a contract, due diligence provides a great deal of assurance, but audits and continuous monitoring provide additional risk assurance during the contractual relationship.
Vendor monitoring is an important but often overlooked part of the oversight process. It involves making sure contractual terms are met, but also requires keeping a watchful eye on a variety of potential risks whether it’s poor financial management or change of leadership at the vendor. (See “What is Vendor Monitoring?” Venminder, Aug. 24, 2021.)
Audits, however, go one step further in evaluating and strengthening the vendor relationship. “Entities often implicitly trust vendors. But just as good fences make good neighbors, vendor audits produce good relationships,” Craig L. Greene, CFE, founding partner of Greene Accounting Solutions LLP, wrote close to 20 years ago. (See “Audit Those Vendors,” by Craig L. Greene, CFE, Fraud Magazine, May/June 2003.)
The building of that trust may have resulted from a clean due diligence report. For others, trust is engendered naturally through aligned core values and the daily interactions between a company and its vendors. Regardless of how the trust is established and how deep it’s rooted, Greene’s advice regarding audits still applies.
“[R]outine vendor audits send the message that the entity is always monitoring the vendor to ensure that it is complying with ethics or business standards and contractual agreements,” he writes.
Billing fraud may not capture all the big headlines but given its pervasiveness, fraud examiners should pay close attention to it. And it needs to play prominent roles in textbooks and journals. While there’s value in audits, CFEs should also take a bird’s-eye view of the recent drivers and bigger themes behind billing fraud and the technological challenges organizations face in preventing and detecting it. I’ve only identified five but there are many more. Like the mentors before me who’ve shared their knowledge of vendor audits and billing fraud, I now pass you the baton. What themes will you identify?
Rick Roybal, CFE, is senior vendor auditor at Matador Resources, where he ensures compliance with the company’s accounting policies and procedures, as well as the accuracy and validity of its billing process. Contact him at Rick.tamu@gmail.com.
Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.
Read Time: 6 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 6 mins
Written By:
Felicia Riney, D.B.A.
Read Time: 7 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 6 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
Read Time: 6 mins
Written By:
Felicia Riney, D.B.A.
Read Time: 7 mins
Written By:
Patricia A. Johnson, MBA, CFE, CPA
