Be alert to Medicare hospice fraud and new mobile job-offer cons, plus spot phishing scams

Creative scammers offer Medicare hospice services (to those who aren’t terminally ill). Beware of sophisticated job-offer frauds on mobile devices. And here’s how to spot pesky phishing scams.

A U.S. Medicare agent contacted Frank Johnson to verify his participation in the agency’s hospice service program. Frank said he hadn’t signed up for the program. The agent said someone had been charging his account for hospice services for more than six months. Frank recalled that he’d responded to a text message, ostensibly from Medicare, saying that he could receive free cooking, cleaning and home health care. He provided his Medicare number, but he never received the services. Frank and Medicare were victims of hospice fraud.

Frank’s fictitious story is representative of a real scam, according to the U.S. Federal Trade Commission (FTC). Fraudsters are committing identity theft and hospice fraud by stealing Medicare numbers of individuals to bill the Medicare hospice program for services that the agency never provided.

Scammers collect Medicare numbers via phone calls, texts, fake ads and even door-to-door visits, and then enroll victims in Medicare hospice programs. According to the FTC, only physicians can register their patients for hospice when their life expectancy is six months or less. The scam could affect victims’ Medicare coverage in the future and siphon hospice-care money from the agency.

According to Hospice News, fraudsters visit bingo game events, casinos and assisted- and independent-living facilities to obtain Medicare numbers. The scammers lure older adults with free services and goods (including gift baskets, lawn care, TVs and recliner chairs) or up to $2,000 per month in hospice services. They also allegedly target homeless populations and methadone patients, promising opioids in exchange for hospice enrollment. 

The FTC provides this advice for older adults:

• Don’t provide your Medicare number to someone supposedly offering free services like housekeeping or cooking. 
• Don’t sign up for hospice care in exchange for money or any commodity.
• Medicare will never come to your home to sign you up for services. 

If you think you’ve found or experienced hospice fraud, report it as soon as possible. Call 1 (800) MEDICARE or reach out to your local Senior Medicare Patrol (smpresource.org) for help. [Senior Medicare Patrols (SMPs) empower and assist Medicare beneficiaries, their families, and caregivers to prevent, detect and report health care fraud, errors and abuse through outreach, counseling and education. SMPs are grant-funded projects of the federal U.S. Department of Health and Human Service, U.S. Administration for Community Living.]

New job-offer scam that targets mobile devices

Fraudsters are taking job-offer scams, delivered through mobile devices, to a new level.

SC Media reports that fraudsters are masquerading as job recruiters in sophisticated mobile-device phishing campaigns to access, steal and compromise job seekers’ sensitive financial and personal information.

The attackers trick Android mobile users into downloading a malicious “dropper” that installs an updated variant of the Antidot banking Trojan, “AppLite Banker.” According to the cybersecurity firm, Perception Point, “Dropper malware … acts as a container or carrier that encapsulates … malware components, such as Trojans, ransomware, or keyloggers, and ensures their installation on the compromised system.” 

According to the SC Media article, fraudulent job recruiters use phishing email messages on mobile devices to offer fake positions. The fraudsters persuade job seekers to click on links that take them to fake job applications where they unknowingly download malicious malware droppers that bypasses their devices’ security systems.

In the SC Media article, Stephen Kowski, field CTO at SlashNext Email Security, says “The threat actors have refined their social-engineering tactics, moving beyond simple document-based malware to deploy sophisticated mobile banking Trojans that can steal credentials and compromise personal data, demonstrating how these campaigns continue to evolve and adapt to exploit new attack surfaces.”

Jason Soroko, senior fellow at Sectigo, said in the SC Media article that this new wave of cyber scams underscores the evolving tactics used by cyber criminals to exploit job seekers who are motivated to make prospective employers happy. He said they capitalize on victims’ trust in legitimate-looking job offers. “The use of Android devices highlights the growing trend of mobile-specific phishing campaigns,” said Soroko. “The AppLite banking Trojan’s ability to steal credentials from critical applications like banking and cryptocurrency makes this scam highly dangerous. As mobile phishing continues to rise, it’s crucial for individuals to remain vigilant about unsolicited job offers and always verify the legitimacy of links before clicking.”

(A Google spokesperson, according to the SC Media article, said that “Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”)

Spotting phishing scams

Fraudsters use many tricks to rob victims of their personally identifiable information (PII), but one of their old favorites is this style of phishing — masquerading as employees from commonly known organizations. For example, you might receive a text or email message purportedly from an employee of the U.S. Social Security Administration or the U.S. Internal Revenue Service asking you to verify your Social Security number or from an employee of your bank asking you to confirm your bank account number. Or you might receive a message supposedly from Federal Express or UPS saying that you missed a delivery. 

Fraudsters will try to trick you into opening attachments or clicking on links where you’ll be asked to provide PII, including those valuable numbers associated with your name. Don’t do it, unless you want to become an identity theft victim and possibly download malware onto your device.

The FTC alert says that you should ask yourself, “Do I have an account with the company or know the person who contacted me?”

• If the answer is “no,” it’s likely a phishing scam. Real companies might communicate with you by email; legitimate companies won’t unexpectedly email or text with links to update your payment or account information.
• If the answer is “yes,” contact the company using a phone number or website you know is real — not the information in the email.

I’m here to help

Please use this information in your outreach programs and among your family members, friends and co-workers. 

As part of my outreach program, please contact me if you have any questions on identity theft or cyber-related issues that you need help with or if you’d like me to research a scam and possibly include details in future columns or as feature articles.

I don’t have all the answers, but I’ll do my best to help. I might not get back to you immediately, but I’ll reply. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, is a distinguished professor of accounting and research at Central Washington University. He serves on the ACFE Advisory Council, the ACFE Editorial Advisory Committee and the ACFE’s inaugural CFE Exam Content Development Committee. In 2005 he received the ACFE’s Outstanding Achievement in Accounting award and the ACFE’s Educator of the Year award in 2006. Holtfreter was the recipient of the Hubbard Award for the best Fraud Magazine feature article in 2016. Contact him at doctorh007@gmail.com.