Fighting Fraud

Many Small Businesses Hazy on Red Flags for Fraud

According to a recent survey, a significant number of small employers don't feel confident in their ability to identify workers' comp fraud.
By: | August 17, 2015 • 2 min read
Accident at work

Nearly one-quarter of employers surveyed are unsure they can identify workers’ comp fraud. Even more say they have installed surveillance cameras to monitor employees on the job.

Those findings are included in a survey that showed more than 1 in 10 small business owners are concerned their employees would commit workers’ comp fraud by faking an injury or illness.

Employers Holdings, a holding company with subsidiaries that are specialty providers of workers’ compensation insurance and services, facilitated a telephone survey in May with a national representative sample of 501 small businesses that have fewer than 100 employees.

“There is no silver bullet when it comes to identifying claim-related workers’ compensation insurance fraud.” — Ranney Pageler, vice president of fraud investigations, Employers

“Workers’ compensation fraud is a serious crime that can strain business operations, lead to higher insurance costs for businesses, and even undermine honest workers who are legitimately injured on the job,” said Ranney Pageler, vice president of fraud investigations at Employers.

“When we look at fraud cases that result in criminal convictions, about half of them are caught within the claims process itself and the other half are tip-offs from the employee’s coworkers, friends, or family members, or from workplace surveillance video.”


Respondents to the survey cited various activities as potential indicators of workers’ comp fraud. More than half said “the employee has a history of claims,” “there were no witnesses to the incident,” “the employee did not report the injury or illness in a timely manner,” and “the reported incident coincides with a change in employment status.”

Pageler said within the claim examination process, common red flags include an employee using a false Social Security number, having previously undisclosed injuries or medical conditions, or having a permanent total disability claim with total medical costs of less than $500 over a 12-month period.

“There is no silver bullet when it comes to identifying claim-related workers’ compensation insurance fraud,” he said. “Instead, you’re looking for a pattern of events or multiple indicators that suggest something may be amiss.”

Additional warning signs may include:

  • The alleged injury occurs first thing on Monday morning or late on Friday afternoon but is not reported until Monday.
  • The reported accident occurs immediately before or after a strike, job termination, layoff, end of a big project, or the conclusion of seasonal work.
  • An employee’s medical providers or legal consultants have a history of handling suspicious claims, or the same doctors and lawyers are used by groups of claimants.
  • The employee’s description of the accident conflicts with the medical history or injury report.
  • The allegedly disabled claimant is hard to reach at home and does not respond promptly to messages.

“Employers who suspect an employee may be committing claim-related workers’ compensation insurance fraud should first alert the special investigations unit or fraud unit within their insurance company’s claims department,” the company advised. “The appropriate law enforcement authorities will likely be brought into the investigation, as well.”

Nancy Grover is the president of NMG Consulting and the Editor of Workers' Compensation Report, a publication of our parent company, LRP Publications. She can be reached at [email protected]
Share this article:

Cyber Fraud

The Weakest Link

The new wave of “social engineering” scams by cyber fraudsters is costing corporate America billions. The best defense is education and collaboration.
By: | June 1, 2015 • 10 min read
Mobile money transfer

It’s not easy being responsible for fraud prevention at a major corporation. The methods of attack are multiplying, the tactics ever more sophisticated and Machiavellian. It’s hard to keep up with all the new monikers for these techniques, let alone ensure your organization is impenetrable.


The infection of systems with malware through spam-like phishing attacks evolved some years back into “spear phishing” of specific individuals, using gathered personal information about them to make the attacks seem more believable. “Whale phishing” or “whaling” is spear phishing but for bigger fish — in other words, CEOs, CFOs and other senior executives with the power to authorize major money transfers or release sensitive data.

One recent scheme attacked the CEOs of 20,000 organizations and succeeded in implanting malware in the systems of 2,000 of them.

Most organizations have caught on to malware-based attacks, and have various layers of software protection in place to identify and block any suspicious activity. But wise to the fact that malware alone might not be good enough, fraudsters are increasingly using human interaction, simulating situations and impersonating individuals, organizations and authorities to get what they want.

IBM researchers have reportedly uncovered a new type of attack they are dubbing “dire wolf,” whereby malware from an attachment sits dormant within an organization’s network until it detects a user is navigating to a bank website. It then creates a fake pop-up frame telling the user the website is having problems and to call a number for help with their banking needs.

At the end of the phone is an English-speaking operator who asks for confidential login details — as soon as this information is given the fraudsters immediately access the user’s bank account and instruct a large wire transfer.

Scams involving thorough background research to inform the invention of false scenarios, websites and companies are known in some quarters as “pretexting.”

Richard Thomas, principal of Ernst & Young’s fraud investigation and dispute services practice refers to the tailoring of these attacks to individual targets as “speartexting.” Don’t be surprised if that term is the next to enter the lexicon.

Greg Bangs, chief underwriting officer of global crime, XL Catlin

Greg Bangs, chief underwriting officer of global crime, XL Catlin

One of the most prevalent “speartexting” scams (see — it’s catching on) is for an individual in the finance department of a company to be sent an email purportedly from the CEO, CFO or senior executive informing them the company is involved in a highly confidential acquisition and the individual will shortly receive communication from a major law firm sending wire transfer instructions — and due to the sensitive nature of the deal, this must be kept secret.

Thanks to the mining of information from personal emails, private servers and publicly available sources, the hackers are able to convincingly portray the executive’s tone and may, for example, know he or she is on first name terms with the finance person — who is likely flattered the CEO has chosen them for this task. The target then receives a call or email from a fake lawyer, providing wire instructions and reiterating the importance of confidentiality. You know the rest.

“These fraudsters prey on human nature — the desire to help clients, solve problems right away and frankly to protect their own jobs. That’s a very effective play,” said Greg Bangs, chief underwriting officer of global crime at XL Catlin.

Industry Impact

The scale of this kind of crime, and its cost to corporate America is unfathomable — literally. There is no reliable data on the monetary value of losses associated with this new wave of sophisticated spearing scams but it undoubtedly runs into billions of dollars. According to sources, individual losses so far have ranged from tens of thousands to, staggeringly, tens of millions.


It’s safe to assume the gangs perpetrating these crimes — believed primarily to operate in Eastern Europe, Russia, China and other parts of Asia — are now extremely wealthy.

“It’s incredibly lucrative for the fraudsters,” said EY’s Thomas. “The more clients I speak to about this issue, the more I hear of it being successful. And it’s costing companies more than just the loss — there is then the cost associated with investigating the issue and increasing controls to prevent it happening again. Billions of dollars are being spent annually on protecting companies in the U.S.”

The cost of these so-called “socially engineered” schemes is particularly difficult to gauge, not only because the practice is relatively new but also because so many instances go unreported.

“These fraudsters prey on human nature — the desire to help clients, solve problems right away and frankly to protect their own jobs.” — Greg Bangs, chief underwriting officer of global crime, XL Catlin

“Many organizations don’t want their customers thinking there is a failure in their systems or a weakness in their controls so they brush it under the carpet,” said XL Catlin’s Bangs.

“We strongly recommend all attacks be reported to the police. The only way we are going to stop these people is by providing law enforcement with enough information about ongoing scams to help them prevent them before they get worse.”

“Companies need to decide whether they want to stop the fraud and keep it internal or try to control the fraud, get law enforcement involved and hope they’ll be able to one day catch the criminals and possibly recover their money or other people’s lost money,” said Chris Giovino, director of forensic investigation, crime and cyber evaluation risk quantification at Aon Global Risk Consulting, adding, “If you’ve already sent a wire transfer within the last 24 hours the bank has a strong chance of freezing the account and having the money returned before it washes out to another account.”

The latest scams have primarily been aimed at large organizations due to their attractive bounties and array of executives to target. However, anyone can become a victim and the attackers are moving down the food chain.

“Perhaps not ‘mom and pop shops,’ but smaller private companies and nonprofits will be as vulnerable to this as larger organizations going forward,” said Bangs.

Michael Peters, himself a certified hacker (one of the good ones), computer forensic examiner, and IT director for the Risk and Insurance Management Society (RIMS), believes Wi-Fi is the weak spot most likely to be exploited in the next generation of scams.

“The more our world advances towards wireless technology, the more people trust entering their private details over wireless connections. Cars and planes now offer wireless technology, which is going to open up a plethora of vulnerability for hackers to target,” he said.

This is bad news considering the chances of recouping money or catching the criminals in the wake of a successful scam are low, and most traditional insurance policies still don’t cover this kind of loss as they fall in the gap between conventional crime and cyber policies.

“We are not having a lot of success in recovery through crime policies when it comes to social engineering losses,” Giovino said. “It’s a very gray area, but I do know that brokers, on behalf of policyholders, are working with carriers to address this and some carriers are rewriting policies to be more inclusive and bring them up to date.”

Response and Prevention

EY’s Thomas said it is vital companies put response plans in place so they can react quickly if they fall victim to an attack.

“The first priority for businesses is to recover lost data or money — call the bank; stop the payment,” he said, noting that it is not uncommon for companies to get so caught up in establishing how they were duped that they neglect to take this fundamental step.

Companies should immediately change their banking passwords, obtain a list of pending transactions and recent wire transfers, and inform law enforcement, he added.


“You then need to understand what has happened — the goal of the perpetrator; whether there is an insider threat, either deliberately or inadvertently, from someone in the organization; and whether there are any ‘sleeper mechanisms’ within the network that could be deployed against you at a later date,” Thomas explained. This, of course, requires the expertise of internal or third party IT experts.

Next, companies need to establish how they can control their environment to ensure they don’t become victims again.

“Companies can fight back from a pre-loss position, as this is preventable,” said Giovino, placing the risk manager at the heart of the process.

“The risk manager is pivotal. Although this sounds like a security or finance problem, the risk manager is the person in the company who owns the problem because the loss is potentially insurable and restitution or recovery can only come from insurance.”

The first line of defense is the best and latest software to filter out as much suspicious activity as possible. RIMS’ Peters is responsible for protecting not only his organization but the data of 11,000 member companies, and employs four layers — or “sentries” — of protection and redundancies, from anti-spam and anti-malware programs to desktop client protection.

But the biggest challenge with social engineering is that it preys more on human behavior than system flaws.

“You are only as strong as your weakest link, which is your end user,” admitted Peters. That’s why organizations must implement written protocols and procedures, backed up with staff training to instill awareness — as well giving staff the confidence to question their superiors if they smell a rat.

Indeed, Bangs added, that training must include senior executives too as they are primary targets.

06012015_07_fraud_theft_chart“The protocols in most companies are now adequate — it’s the training portion that can make a big difference,” said Giovino.

“If a company [mandates that] anyone initiating a wire transfer must have secondary approval, it must be inculcated into the mindset of everybody that this policy cannot be overridden — even by the CEO or president.”

“I do believe that with a combination of training and a hard look at technology and processes, companies can mitigate most of this risk,” added Thomas.

Once software, protocols and training have been implemented, the system should then be tested with fake scams to root out potential weaknesses.

The final defense against social engineering is insurance — although not everyone can access it yet.

“The insurance industry has not kept up with the exposure or developed response policies,” said Peters. And that, broadly speaking, is true — traditional commercial crime, funds transfer fraud or computer fraud policies are unlikely to provide cover because these crimes involve individuals or organizations being coerced to act of their own accord; the criminal does not actually steal the property themselves, nor do they use the target company’s computers to do it.

AXIS is one of only a handful of insurers to have already developed a social engineering fraud coverage endorsement as part of its commercial crime insurance product, addressing the risks organizations face when cyber criminals pose as senior executives to manipulate employees into transferring funds.

“Our decision was to be more proactive rather than reactive to this evolving need for coverage,” said Lisa Block, vice president and commercial crime product manager at AXIS. “Social engineering is a hot topic of discussion in the crime insurance sector right now. Instead of remaining silent on this issue as some carriers have, we decided to offer an affirmative statement of coverage for this specific type of loss.”


And it appears the tide is turning. “The insurance industry is very focused on this,” Thomas said. “Companies are concerned. As dialogue continues, we continue to see changes in the way companies address this risk through insurance and how insurers address this risk in their policies.”

“We feel that crimes of this nature that result in a financial loss for insureds should be legitimately covered going forward,” added Bangs, revealing that XL Catlin will also roll out a product extension later this year covering social engineering fraud, also known as fraudulent impersonation.

But carriers won’t issue coverage without carefully assessing an insured’s ability to protect itself.

Yet more reason to ensure the culture of caution and awareness seeps through every pore of every organization. The cyber criminals are, as ever, one step ahead of corporate America.

Only education, and a willingness by victim organizations to come forward when attacked, can erode their advantage.

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]
Share this article:

Sponsored Content by CorVel

Telehealth: The Wait is Over

Telehealth delivers access to the work comp industry.
By: | November 2, 2015 • 5 min read


From Early Intervention To Immediate Intervention

Reducing medical lag times and initiating early intervention are some of the cornerstones to a successful claims management program. A key element in refining those metrics is improving access to appropriate care.

Telehealth is the use of electronic communications to facilitate interaction between a patient and a physician. With today’s technology and mass presence of mobile devices, injured workers can be connected to providers instantaneously via virtual visits. Early intervention offers time and cost saving benefits, and emerging technology presents the capability for immediate intervention.

Telehealth creates an opportunity to reduce overall claim duration by putting an injured worker in touch with a doctor including a prescription or referral to physical therapy when needed. On demand, secure and cost efficient, telehealth offers significant benefits to both payors and patients.

The Doctor Will See You Now

Major healthcare players like Aetna and Blue Cross Blue Shield are adding telehealth as part of their program standards. This comes as no surprise as multiple studies have found a correlation between improved outcomes and patients taking responsibility for their treatment with communications outside of the doctor’s office. CorVel has launched the new technology within the workers’ compensation industry as part of their service offering.

“Telehealth is an exciting enhancement for the Workers’ Compensation industry and our program. By piloting this new technology with CorVel, we hope to impact our program by streamlining communication and facilitating injured worker care more efficiently,” said one of CorVel’s clients.

SponsoredContent_Corvel“We expect to add convenience for the injured worker while significantly reducing lag times from the injury to initiating treatment. The goal is to continue to merge the ecosystems of providers, injured workers and payors.”

— David Lupinsky, Vice President, Medical Review Services, CorVel Corporation

As with all new solutions, there are some questions about telehealth. Regarding privacy concerns, telehealth is held to the same standards of HIPAA and all similar rules and regulations regarding health information technology and patients’ personal information. Telehealth offers secure, one on one interactions between the doctor and the injured worker, maintaining patient confidentiality.

The integrity of the patient-physician relationship often fuels debates against technology in healthcare. Conversely, telehealth may facilitate the undivided attention patients seek. In office physicians’ actual facetime with patients is continually decreasing, citing an average of eight minutes per patient, according to a 2013 New York Times article. Telehealth may offer an alternative.

Virtual visits last about 10 to 15 minutes, offering more one on one time with physicians than a standard visit. Patients also can physically participate in the physician examination. When consulting with a telehealth physician, the patient can enter their vital signs like heart rate, blood pressure, and temperature and follow physical cues from the doctor to help determine the diagnosis. This gives patients an active role in their treatment.

Additionally, a 2010 BioMed Central Health Services Research Report is helping to dispel any questions regarding telehealth quality of care, stating “91% of health outcomes were as good or better via telehealth.”

Care: On Demand

By leveraging technology, claims professionals can enhance an already proactive claims model. Mobile phones and tablets provide access anywhere an injured worker may be and break previous barriers set by after hours injuries, incidents occurring in rural areas, or being out of a familiar place (i.e. employees in the transportation industry).

With telehealth, CorVel eliminates travel and wait times. The injured worker meets virtually with an in-network physician via his or her computer, smart phone or tablet device.

As most injuries reported in workers’ compensation are musculoskeletal injuries – soft tissue injuries that may not need escalation – the industry can benefit from telehealth since many times the initial physician visit ends with either a pharmacy or physical therapy script.

In CorVel’s model, because all communication is conducted electronically, the physician receives the patient’s information transmitted from the triage nurse via email and/or electronic data feeds. This saves time and eliminates the patient having to sit in a crowded waiting room trying to fill out a form with information they may not know.

Through electronic correspondence, the physician will also be alerted that the injured worker is a workers’ compensation patient with the goal of returning to work, helping to dictate treatment just as it would for an in office doctor.

In the scope of workers’ compensation, active participation in telehealth examinations, accompanied by convenience, is beneficial for payors. As the physician understands return to work goals, they can ensure follow up care like physical therapy is channeled within the network and can also help determine modified duty and other means to assist the patient to return to work quickly.


Convenience Costs Less

Today, convenience can often be synonymous with costly. While it may be believed that an on demand, physician’s visit would cost more than seeing your regular physician; perceptions can be deceiving. One of the goals of telehealth is to provide quality care with convenience and a fair cost.

Telehealth virtual visits cost on average 30% less than brick and mortar doctor’s office visits, according to California state fee schedule. In addition, “health plans and employers see telehealth as a significant cost savings since as many as 10% of virtual visits replace emergency room visits which cost hundreds, if not thousands, of dollars for relatively minor complaints” according to a study by American Well.

“Telehealth is an exciting enhancement for the Workers’ Compensation industry and our program. By piloting this new technology with CorVel, we hope to impact our program by streamlining communication and facilitating injured worker care more efficiently,” said one of CorVel’s clients.

Benefits For All

Substantial evidence supports that better outcomes are produced the sooner an injured worker seeks care. Layered into CorVel’s proactive claims and medical management model, telehealth can upgrade early intervention to immediate intervention and is crucial for program success.

“We expect to add convenience for the injured worker while significantly reducing lag times from the injury to initiating treatment,” said David Lupinsky, Vice President, Medical Review Services.

“The goal is to continue to merge the ecosystems of providers, injured workers and payors.”

With a people first philosophy and an emphasis on immediacy, CorVel’s telehealth services reduce lag time and connect patients to convenient, quality care. It’s a win-win.

This article was produced by CorVel Corporation and not the Risk & Insurance® editorial team.

CorVel is a national provider of risk management solutions for employers, third party administrators, insurance companies and government agencies seeking to control costs and promote positive outcomes.
Share this article: