Using Past Fraud Schemes to Catch Future Fraudsters
/In December 2025, the Austin, Texas, City Auditor’s Office issued a report detailing a city employee’s fraud scheme, which involved the creation of several fake vendors and the misappropriation of nearly $1 million in city funds. Supervising senior investigators for the City of Austin, Maxx Eckert, CFE, and Tope Eletu-Odibo, CFE, MBA, presented this case study during the 37th Annual ACFE Global Fraud Conference. The case highlights the work of the city auditor’s Integrity Unit, which investigates allegations of fraud, waste and abuse involving city employees and contractors. The unit handles more than 300 allegations annually and conducts administrative investigations that often result in publicly released reports.
Uncovering a Bigger Scheme
Mark Ybarra, a facility service specialist at Austin Energy, was responsible for hiring contractors, verifying completed work, approving invoices, and purchasing services with a city-issued credit card. The investigation began after supervisors noticed Ybarra had made approximately $80,000 in questionable purchases between April and July 2023. According to the presenters, the invoices attached to the transactions “were missing basic information,” such as vendor addresses and phone numbers. When supervisors asked Ybarra to explain the discrepancies, “He just resigned on the spot,” Eckert said. Investigators quickly concluded that the suspicious spending “was probably just the beginning and not the whole story.”
The presenters explained that Ybarra’s role gave him unusual control over the procurement process. “He got to choose the vendor. He documented the work. He approved his own invoices, and then he paid for it,” Eckert said. “That’s a lot of authority concentrated in one set of hands.” As suspected, investigators found that $80,000 represented the tip of the iceberg. Ybarra spent nearly $980,000 on fictitious vendors between 2018 and 2023. Investigators referred their findings to the Austin Police Department, ultimately resulting in Ybarra’s criminal indictment.
Many of the purported contractors in the scheme left no operational footprint. Investigators reviewed facility access records, security logs and sign-in sheets but found no evidence that many of the vendors had ever entered Austin Energy facilities to perform the work described on the invoices. “We weren’t able to see any evidence that these vendors actually showed up to do any of the work that he [Ybarra] alleged they did,” Eletu-Odibo said.
The investigation identified multiple warning signs, including vendors sharing the same address, the use of Ybarra’s personal email address on vendor records, nonexistent vendor locations, weak supervisory oversight and a lack of separation of duties. In addition, supervisors repeatedly told investigators they performed little oversight because they trusted Ybarra’s judgment. Eletu-Odibo said that trust “was ultimately betrayed over several years because they weren't really looking through some of what he [Ybarra] was submitting.” Many transactions received only a cursory review, and supervisors approved them in bulk.
Taking a Proactive Approach
Investigators discovered that Ybarra routinely structured transactions to avoid enhanced scrutiny. The City of Austin’s purchasing card policy required additional approvals and competitive quotations for purchases exceeding $3,000, so Ybarra submitted many of the suspect invoices for amounts just below that threshold. According to Eletu-Odibo, Ybarra bypassed the competitive procurement process by “consistently staying below that $3,000 threshold in order to avoid having to get approval from his supervisor.”
Several fraudulent invoices were also created through third-party payment platforms, such as Square. Although many legitimate small businesses commonly use such platforms, investigators warned they can help fraudsters create convincing invoices with limited transparency. Eletu-Odibo described these services as “a dream come true” for fraudsters because they can generate invoices that look authentic while concealing funds’ destination.
The Auditor’s Office was proactive following the Ybarra investigation and developed the “Other Integrity Project,” designed to search citywide purchasing data for anomalies. Using data analytics and investigator judgment, the Other Integrity Project reviewed transactions over $2,500, vendors used by only one cardholder and records containing suspicious vendor details. The review identified additional questionable transactions involving two city cardholders. Although one case remained inconclusive, another revealed policy violations, including split payments, noncompetitive procurement practices and payments to a vendor who was the employee’s neighbor.
The presenters emphasized that fraud prevention shouldn’t rely solely on complaints or whistleblower reports. Many of the city’s most significant fraud discoveries stemmed from proactively analyzing past cases for recurring vulnerabilities. As Eckert explained, investigators sought to identify “where the fraud could be happening that no one’s even noticed yet.” By studying prior schemes and searching for similar patterns across the organization, fraud examiners can strengthen internal controls, educate departments about emerging risks and detect misconduct before a $1,000 fraud grows into a million-dollar fraud.
