Tech-savvy fraudsters stealing from the government’s Covid pandemic relief programs to help businesses have found a convenient way to launder the money: they’re opening accounts with at least four online investment platforms, law enforcement officials said.
The digital platforms, investigators said, are easy to dump the money into by setting up accounts with stolen identities. More than $100 million in fraudulent funds passed through investment accounts since Congress passed the CARES Act last March, according to authorities.
Thieves have used Robinhood, TD Ameritrade, E-Trade and Fidelity to launder the money, a law enforcement source said.
The government quickly rolled out the Paycheck Protection Program and the Economic Injury Disaster Loan, or EIDL, program last year to help small businesses. Both programs have been plagued with problems. An inspector general’s report issued last October blamed inadequate controls for billions of dollars in potential fraud.
“The thieves are loving this stuff. This has been the financial crime bonanza act of 2021,” said Charles Intriago, a money laundering expert and former federal prosecutor.
Due to the size of the potential fraud, he said, law enforcement is facing “a behemoth situation where the money is so massive, and the criminals are looking at it as a great opportunity. They’re salivating at the chance to rip it off.”
Numerous investigations into the money laundering are underway, according to Roy Dotson, Secret Service assistant special agent in charge, who specializes in financial crimes.
“It’s definitely something that is visible to us. There’s all types of investment platforms being utilized doing this,” said Dotson.
Criminals are taking advantage of how easy it is to sign up for accounts, as well as the relative anonymity compared with opening a bank account, he said.
“It’s just another layer to make it harder for law enforcement to understand where the funds came from,” he said.
Dotson would not discuss the names or number of companies targeted. He would only say that it’s “multiple investment platforms.”
He estimated that “more than $100 million has gone through these platforms” in this manner.
How the fraud works
The fraud typically works like this: The criminal steals a business owner’s identity and applies for a loan. Once they get the funds, the money needs to be deposited somewhere that makes it arduous for investigators to trace. So, fraudsters routinely use the stolen identity, which typically is someone’s date of birth, Social Security number and other personal information, to open an investment account such as at Robinhood.
In other cases, law enforcement officials said, the criminals use what’s called a “synthetic identity,” which is a fictitious Social Security number tied to a real person, or “mules” who are in on the scheme.
Robinhood, which has been in the news recently because of a wave of retail investor interest generated by so-called meme stocks such as GameStop, has been targeted in several fraud cases under investigation.
Ricardo Pena, a fraud detective with the Coral Springs Police Department in Florida who is part of a federal anti-fraud task force, said he is investigating several cases where Robinhood was used by criminals to launder PPP funds and EIDL funds.
In one case, Pena said the fraudster stole the identity of a local resident named Marc Heiberg and was able to receive $28,000 in EIDL funds, which were obtained using fraudulent information for a nonexistent business with 60 employees. The fraudster then opened a Robinhood account and attempted to transfer most of the money from a bank account using the victim’s identity.
Records show an “ACH reversal” three days after the account was opened, Pena said. That means the transfer was reversed.
Heiberg, a corporate merchandising manager, said Robinhood told him that it was looking into the fraudulent account. The criminals opened an account with Chase, as well, he said.
“It becomes just totally outrageous that they can just take any person out there like myself, take your Social Security number and open up accounts through a bank, open up accounts through the government and have that money deposited and then start money laundering, laundering it into other companies,” Heiberg said.
He said he is worried that other accounts might have been opened in his name.
“My name means everything to me. You know, I’ve got, I’ve got boys, I’ve got a family. And, you know, I want their names to be intact as well,” Heiberg said.
The Small Business Administration, which oversees the loan programs, told CNBC that “new, enhanced measures” to detect fraud have been put in place since the first round of loans were rolled out last year.
In a statement, Chase Chief Communications Officer Amy Bonitatibus said: “We actively monitor for signs of fraud and quickly take action to protect our customers. In this case, we immediately identified suspicious activity on the account, which helped prevent money from being withdrawn or transferred.”
Pena, the Coral Springs detective, said he has not identified who set up the fraudulent accounts, but screenshots of security video shows a suspect trying to take money out of an ATM at the bank.
He said Robinhood is often targeted because of its appeal among younger people – and many of the criminals are in their 20s.
“You hear about it; everybody goes to it. Even the criminals know about it,” Pena said. “A lot of people that are doing these frauds are younger. They understand electronic banking. Platforms like Robinhood are just easier to get these accounts in order to push money in and out. And they know there’s not that much oversight.”
Rick McDonell, executive director of the Association of Certified Anti-Money Laundering Specialists, said he is not surprised by this form of fraud.
“If I were a good criminal, I would avoid banks like the plague,” said McDonell, one of the world’s leading experts in money laundering.
Fraudsters are also attracted to the ease of using Robinhood and other such platforms, according to Etay Maor, senior director of security strategy at Cato Networks.
“It’s not like you have to walk into a bank and show yourself,” Maor said. “The criminals do their homework and find the best way for high-reward and low-risk situations like that. By the time you find out the information, the money is way gone.”
The platforms respond
Three of the investment platforms that responded to a request for comment told CNBC they have strong anti-fraud protocols in place to verify account information, and have been working with law enforcement on this issue.
A Robinhood spokesperson said: “We are laser focused on preventing fraud before it happens and our fraud and security teams have been working with law enforcement to mitigate and address this industry-wide problem. Like other brokerages and financial institutions, Robinhood verifies new customer information across various data sources, and requires government-issued IDs as appropriate.”
A spokesperson for TD Ameritrade said the company “made efforts from the beginning of the CARES Act to be at the forefront of identifying and mitigating this type of fraudulent activity, including engaging with Law Enforcement, Peer Firms and Government agencies.”
It added that “there will always be bad actors who will try to take advantage of vulnerable investors/people at every opportunity they can – it’s exactly why we have processes and controls in place in an attempt to identify and escalate this behavior.”
Fidelity said in a statement that it has “detected accounts with suspicious deposits associated with this industry-wide issue related to COVID-19 relief funds. We are engaged in ongoing coordination with law enforcement and their efforts in this regard.”
In addition, the company said it has a “range of safeguards and multiple layers of security in place for detecting fraudulent accounts and subsequent transactions. By design, some of our protections are visible and some are not. To help ensure the integrity of our security practices, it’s not appropriate for us to comment further on those specific safeguards.”
E-Trade did not respond to multiple emails and calls.
Some fraudsters who use online investment platforms don’t even bother to steal an identity.
In a recent case in Seattle, prosecutors charged tech executive Mukund Mohan with receiving a total of $5.5 million in PPP funds by submitting fraudulent loan applications. Court filings show $231,471 was deposited in Mohan’s Robinhood account with the remainder in various banks.
Mohan, whose LinkedIn account lists him as a former director of engineering at Microsoft and product management director at Amazon, has apologized for the fraud.
In a blog post from last August after he was charged in the case, Mohan wrote: “I did screw up. Can’t say no. I hurt people who trusted me, believed in me, and now are besides themselves. Unfortunately, I cannot talk about the details given the legal circumstances, but I truly apologize.”
Mohan pleaded guilty to wire fraud and money laundering, with sentencing scheduled for July. He declined CNBC’s request for comment.
The Secret Service’s Dotson said the size of the overall fraud is staggering, an assertion backed up by other federal agencies and departments.
The Department of Justice has seized or forfeited $626 million in funds as a result of criminal and civil investigations connected to the PPP and EIDL programs, less than 1% of the nearly $84 billion in fraud identified in the programs, according to the House Select Subcommittee on the Coronavirus Crisis.
“Because of the sheer volume of the stimulus package and the amount of money and the opportunities, that just led to individuals using all the different platforms,” Dotson said.