Other Fraud Schemes Flashcards
DISPARATE PRICE SCHEME
Providers charge some patients a lower rate than the government
DOUBLE PLEDGING COLLATERAL SCHEME
Borrowers pledge the same collateral with different lenders BEFORE liens recorded and WITHOUT telling the lenders
Which business (small or large) are at greater risk of identity theft?
Smaller because they have lines of credit, capital, etc. desired by fraudsters and lack resources/tech to defend against identity theft
What is LOGICAL ACCESS?
users allowed to use computer systems and networks
What are LOGICAL ACCESS CONTROLS?
users identified and granted privileges to information, systems or resources. these controls are designed to protect confidentiality, integrity and availability of informational resources.
What are the types of reimbursements for providers?
(1) FEE FOR SERVICE; provider receives payment for each service rendered. CON: creates incentive to increase compensation by performing excess and unnecessary services. PRO: provides wide discretion in selecting services
(2) CAPITATION; provider receives one lump sum for each patient treated, regardless of amount of services. CON: focuses on quantity vs quality. PRO: avoids incentive to perform unnecessary services
(3) EPISODE OF CARE; provider receives one lump sum for all services related to a condition or disease (not per patient). PRO: more fair as it compensates more
(4) SALARY
What is TECHNICAL SECURITY?
use of safeguards incorporated in computer hardware, operations or applications software/related devices
What is ADMINISTRATIVE SECURITY?
use of tools to provide an acceptable level of protection for computing resources
COMMON TECHNICAL AND ADMINISTRATIVE CONTROLS?
- logical access controls
- network security
- operating systems security
- encryption
- application security
- separation of duties
What are BUFFER OVERFLOWS AND PRIVILEGE ESCALATION?
methods of exploiting design flaws in computer systems to obtain unauthorized access
What is the PAST POSTING scheme?
those involved in automobile accident but not insured. as such, they get insurance, wait, and then reporter vehicle having been damaged.
EFT SCHEME
electronic funds transfer scheme by misappropriating customer’s account and password information.
SCAVENGING
collecting information left around computer systems
DUMPSTER DIVING
obtaining sensitive information by looking through someone else’s trash
SHOULDER SURFING
observing an unsuspecting target from a nearby location while the target enters username/password etc.
SPOOFING
individual impersonates legitimate user to obtain access to target’s network
How can a manual file system be attacked?
- pilfer trash
- act as cleaning crew member
- commit theft of burglary
How to protect manual file systems?
- shredding sensitive documents
- sending/receiving mail at secure site
- employing perimeter security system
- place sensitive docs in high-grade locked filing cabinets
ILLEGAL PYRAMID SCHEME
promoted by encouraging victim investors to recruit new members. the more members recruited, the higher the investor is purported and the more they make
An effective system for safeguarding sensitive and proprietary information should include
- task force
- security risk assessments
- awareness training
- NDA
- data minimization
ROCK PHISHING
use botnets to send massive amounts of phishing emails to huge volumes of users.
emails contain message from financial institutions enticing users to click on fraudulent url
SMiSHING
hybrid of phishing and short message service . attacker uses text messages to dupe an individual or business into providing sensitive data
WHAT IS SOCIAL ENGINEERING
act of using deceptive techniques to manipulate people into taking certain actions or disclosing information.
WHAT TECHNIQUES DO SOCIAL ENGINEERS USE TO OBTAIN INFORMATION
various forms of trickery persuasion threats cajolery
Why does one engage in social engineering?
- to gain unauthorized access to systems
- obtain confidential communication so they can commit fraud, intrude into networks, gain access to buildings, steal another party’s secrets, commit identity theft, or engage in some other nefarious act.
- procure information that will give them a competitive advantage
- to find ways in which they can install malware.
What is a COMPUTER WORM?
malicious self-replicating computer program that penetrates operating systems to spread malicious code to other computers.
What is the TAKE-THE-MONEY-AND-RUN SCHEME?
variation of an advance-fee scheme that occurs when a fraudster creates a fake vacation rental listing or website
fraudster usually asks the victim to wire funds for the first and last night’s stay or even requires the victim to pay in full. After receiving the funds and passing off fake information about the short-term rental to the victim, the fraudster disappears and is no longer reachable
What are the safeguards to reduce unauthorized EFT?
- Confirm phone and mailing addresses on the application against info available from other sources
- area or city code in the applicant’s telephone number matches the geographical area
- Send a “welcome” letter to the address on the application with the bank’s return address
- Always mail PINs separately from other information
What steps can businesses take to protect personal information and prevent identity theft?
- Limit the personal information collected from customers.
- Restrict employees’ access to the information
- Use network-security tools to monitor who accesses personal information.
- Do not retain personal information for longer than necessary.
- Create a data breach response plan.
Why would an identity thief target a business rather than a person?
- potential rewards are greater (larger bank balances)
- businesses are less likely to notice new or unusual financial transactions
- information necessary to commit business identity theft (e.g., business or tax identification numbers) is often publicly available online
What are/is COIN MINERS / CRYPTOJACKING MALWARE?
type of MALWARE
programs that, upon infecting a computer, use that computer’s processing power to mine for cryptocurrencies without owner’s knowledge or consent
USED to generate illicit income in the form of cyrptocurrency
causes victims to incur costs related to power usage or cloud storage
What is BUSINESS EMAIL COMPROMISE (BEC)?
form of spear phishing attack that directly targets executives or other high-ranking corporate employees who have the ability to make large payments.
involve fraudulent emails that appear to be from the company’s own CEO or from the head of a foreign suppliers instructing mployee to perform a time-sensitive wire transfer to ensure that the supply chain is not disturbed
more often now, these emails are paired with an insistent phone call from someone posing as the email sender or as the sender’s attorney
What are the 5 common BEC SCHMES
(1) BUISINESS WORKING WITH FOREIGN SUPPLIER: posing as a company’s foreign supplier and send an email to the company requesting funds be transferred to an alternate account controlled by the fraudsters.
(2) BUSINESS EXECUTIVE REQUESTING WIRE TRANSFER: using compromised email account of a high-level executive to pose as the executive and ask an employee to transfer funds
(3) VENDORS RECEIVING FRADULENT REQUESTS FOR PAYMENT: using an employee’s compromised email account to identify company’s vendors and ask them to transfer funds
(4) ATTORNEY IMPERSONATION: posing as the company’s attorney and, contacting an employee to request transfer of funds
(5) DATA THEFT: using compromised email account of executive to request employees’ tax information or other PII from the person responsible for maintaining such information (e.g., human resources personnel)
What are REAL ESTATE FRAUD schemes?
Real estate transactions assume a willing buyer and seller
Fraud can occur when the transaction breaks down or the expert assistance is not at arm’s length
Many real estate fraud schemes have a false appraisal report as a condition precedent.
Easily recognizable as always an element of time pressure - convincing victims its once in a lifetime deal or now or never
TYPES OF MEDICAL PROVIDER FRAUD
(1) FICTITIOUS SERVICES SCHEME: legitimate health care providers charge or bill a health care program for services not rendered
(2) FICTITIOUS PROVIDER SCHEME: Occurs in two ways
1- fraudulently obtain and use another provider’s identification information and steal or purchase lists of patient information.
2 - perpetrator submits bills using the fictitious provider’s information to the insurance provider or government health care program for medical services, although no services are performed.
(3) CLINICAL LAB SCHEMES - provider advises a patient that additional medical testing is needed to diagnose a problem when it is not
how is the bidding process manipulated?
- opening bids prematurely
- Altering bids
- Extending bid opening dates without justification
What is VISHING?
aka voice fishing
- act of leveraging Voice over Internet Protocol (VoIP) falsely claiming to be a legitimate enterprise in an attempt to scam users into disclosing personal information
- generally transmitted as an incoming recorded telephone message that uses a spoofed (fraudulent) caller ID matching the identity of a misrepresented organization
- criminals capture the key tones and convert them back to numerical format
what is UPCODING?
occurs when a provider bills for a higher level of service than actually rendered
One common form of upcoding involves generic substitution—filling a prescription with a less expensive drug, while billing for the more expensive form of the drug.
What are SMART CARDS?
Plastic card, the size of a credit card, embedded with a microchip
CANNOT be easily replicated or counterfeited
include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts
not immune to attacks
What are the FOUR MAIN ATTACKS on SMART CARDS?
(1) physical
(2) side-channel
(3) software
(5) environmental
What are draw requests?
documentation substantiating that a developer has incurred the appropriate construction expenses and is now seeking reimbursement or direct payment
request should be accompanied by the following documents:
- Paid invoices for raw materials
- Lien releases from each subcontractor
- Inspection reports
- Canceled checks from previous draw requests
- Bank reconciliation for construction draw account for previous month
- Loan balancing form demonstrating that the loan remains in balance
- Change orders, if applicable
- Wiring instructions, if applicable
- Proof of developer contribution, if applicable
what is a NONCONFORMING GOODS/SERVICES FRAUD?
- aka product substitution or failure to meet contract specifications
- attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications
potential red flags for nonconforming schemes:
- High percentage of returns
- missing compliance certificates
- evidence of falsified test inspection
what is TECHNICAL SURVEILLANCE?
practice of covertly acquiring audio, visual, or other types of data from targets through the use of technical devices, procedures, and techniques
usually to gather nondocumentary evidence or information that cannot be found through open sources
What are the (4) WORKERS’ COMPENSATION SCHEMES?
(1) PREMIUM FRAUD: misrepresentation of information to the insurer by employers to lower the cost of premiums
(2) AGENT FRAUD: pilfering premiums and conspiring to reduce premiums.
(3) CLAIMANT FRAUD: misrepresenting the circumstances of any injury or fabricating that an injury occurred
(4) ORGANIZED FRAUD: composed of the united efforts of a lawyer, a capper, a doctor, and the claimant.