As joint operations center manager for the Pandemic Response Accountability Committee (PRAC), Chris Covington, CFE, learned tools and tricks for identifying fraudsters. Pulling from a large dataset generated during the pandemic, in his presentation at the 34th Annual ACFE Global Fraud Conference Covington outlined applicable examples of red flags to look for and fraud fighting strategies that Certified Fraud Examiners (CFEs) can implement in their industries today.

Digital Fingerprints

One type of red flag to look out for is those found in the digital fingerprints fraudsters leave behind. For example, investigators may notice questionable addresses. Covington advised CFEs to examine addresses that look suspicious. When businesses were applying for pandemic loans, larger companies tended to get more, said Covington. Check whether the location and size of the office or company applying for a loan matches the amount requested or number of purported employees. Reverse address lookups enable one to verify this information.

IP addresses “are an incredible source of information when it comes to fraud,” said Covington. Around $1.3 billion in pandemic loans intended for domestic applicants went to applicants with foreign addresses. While some of these were legitimate, many turned out to be fraudulent addresses. If you’re tracking IP addresses, said Covington, a red flag is a large number of applications coming from the same address. It could mean that a fraudster is repeatedly cranking out multiple applications. A large batch coming from the same IP address under different people’s names is very suspicious.

Email structures can also serve as red flags. Gmail dotting or the “floating dot problem” occurs when random dots are inserted in the middle of an email address. Scammers can fool application systems by creating variations of the same email with dots in different spots, so that a system recognizes different emails that actually all end up being sent to the same base email. Covington has also detected fraud by flagging multiple email addresses that use the same structure. He’s seen series of email addresses that all use the first initial of a first name and the first few characters of a last name followed by 4 numbers or a date of birth. Multiple emails following the same unique structure is a red flag. These are seemingly effortless ways to create fake emails, but as Covington said, “fraudsters will only work as hard as they have to to get your money.”

A notable “fingerprint of fraud” that Covington identified was rounded dollar amounts. Statistically speaking, that doesn’t happen, said Covington. Rounded dollar amounts may be legitimate, but they don’t occur frequently, especially when it comes to a business’s expenses. Businesses are messy, and according to Covington, “rounded dollar amounts should jump off the page.”

Analog Fraud Indicators

Driver’s licenses are often created overseas and purchased on the dark web. Red flags that indicate identity theft are a signature on a driver’s license that appears crystal clear or a picture that looks like a glamor shot. Everyone knows that signatures are messy and that photos taken at the DMV are not the highest quality. Electronically cutting a picture out and doing a simple Google search can quickly reveal whether a picture is fake.

Peer-to-peer (P2P) transactions are convenient and easy to use. It’s very easy for fraudsters to use these services to move money around, said Covington. Fraud rings operate by paying other coconspirators to submit loans with fake documents. Covington warns that if you see instances in bank records where a lot of money is flowing back to a person, this is a red flag. Cryptocurrency is also efficiently used by fraudsters to move money. While banks are often alerted to wire transfers and actively ask customers questions about these transactions, the same alerts do not occur when it comes to cryptocurrency. It’s also difficult for law enforcement to track because coconspirators are taking small amounts of money out in different countries and effectively using international borders as barriers, said Covington. It’s important to understand the vehicles that can be used for money laundering.

Enhanced Fraud Controls

Knowing these red flags will enable fraud investigators to develop risk modeling strategies and protect their organizations. Don’t look at red flags in isolation, but rather how they interrelate, said Covington. CFEs can triage potential cases by weighing risk indicators in IP addresses, email addresses and rounded dollar amounts. Plenty of tools are available for verifying addresses and social security numbers. You can flag foreign IP addresses and track and batch domestic IP addresses. Covington ended his presentation with the final suggestion to require in-person or live interviews when necessary to verify identities and information. “Fraudsters don’t want to talk to you,” said Covington, and so if someone refuses, this is another red flag.