Crooks in Lamborghinis: how cybercriminals continue to exploit US coronavirus relief loans
A 20-year-old American scammer brags about having made almost a million dollars by stealing from the US funds directed to help small businesses that suffered from COVID-19. “It’s an easy option to earn money,” he said to CyberNews. Scammers like him continue to exploit business relief funds. Business owners do that as well. They steal enough to buy Lamborghinis.
At the onset of the coronavirus pandemic, the US government initiated a multibillion-dollar program to help small enterprises keep their employees and customers, as well as keep doing business despite the gloomy economic outlook. Business emergency relief resources contain forgivable loans.
In some cases, scammers applied for loans faster than companies in need. As CyberNews has learned, criminals continue stealing from business relief funds.
Moreover, funds have been exploited by business owners themselves. For example, a man from Florida took almost $4 million in loans and bought a $320,000 Lamborghini.
So far, approx. $250 million in loans have been issued to ineligible recipients. Almost $46 million approved for nearly 300 businesses were potentially duplicates.
A young American scammer (let’s call him Greg) spoke to CyberNews under a condition of anonymity. We actually don’t know who he is, as Greg is using multiple stolen identities. But the screenshots, obtained by CyberNews, show at least 9 approved loans for Greg, with a combined worth of around $900,000.
He’s been exploiting American business relief funds, introduced in the wake of coronavirus, along with who knows how many other cybercriminals.
Greg calls himself a hacker. However, for a scam like this, he doesn’t need any specific technical knowledge. He’s been taking out loans on behalf of small enterprises.
Greg has been applying for disaster loans with stolen data: names and surnames of business owners, addresses, dates of birth, and social security numbers. He also has to provide email addresses and phone numbers.
Greg has been buying leaked personal data on the dark web for $10-30. “It's pretty easy to find sellers for these,” said Greg. He always buys a couple of data packages and uses the one with the best credit score as it is a major requirement to receive a loan.
“Execution is pretty quick and easy, but you have to wait a couple of days for it to arrive,” said Greg. Asked how many loans he has already taken, and whether he is planning to stop anytime soon, he replied: “Too many. Why would I stop when it makes so much money?”
“Execution is pretty quick and easy, but you have to wait a couple of days for it to arrive,”said scammer Greg.
The system, Greg said, gives an easy option to earn money: “Why would I skip that?” He cashes out money through various prepaid bank services.
How deep is the money well?
The US government is going to spend more than $3 trillion to help businesses cope with the consequences of coronavirus. Unsurprisingly, scammers are trying to tap this well, too.
In the wake of the current crisis, the US Small business administration (SBA) has launched a few business relief programs, with the largest being the Paycheck Protection Program (PPP) and Economic Injury Disaster Loans (EIDL). These programs are widely exploited by criminals.
The SBA Inspector General Hannibal “Mike” Ware found "strong indicators of widespread fraud." Here are some of the numbers.
- 5,000 complaints of suspected frauds from financial institutions receiving economic injury loan deposits.
- Nine financial institutions have reported a combined total of $187 million in suspected fraudulent transactions.
- $46 million approved for nearly 300 businesses were potential duplicates
- $250 million in SBA EIDL and EIDL Advance Grants were given to potentially ineligible recipients
How business is stealing money
There have been many reports on how borrowers have been stealing millions of dollars from business relief funds.
As reported by Forbes, a Los Angeles man raised $8.5 million in loans through fraudulent applications on behalf of a number of companies. He spent hundreds of thousands of dollars in a Las Vegas casino.
A Florida man has bought a Lamborghini for more than $300,000 after receiving nearly $4,000,000 in loans from the PPP program, reported The Guardian.
What if your identity was stolen?
Businesspeople can apply for the EIDL loan until December 31. What is being done to prevent fraud?
“At the onset of this crisis, SBA proactively initiated stringent fraud-prevention safeguards that have so far prevented the processing of thousands of invalid applications, balancing the Agency’s fiduciary responsibilities against the urgent need to provide the small business sector with more than $184 billion it needed to weather the precipitous challenges created by this pandemic,” Carol Chastang, public affairs specialist at SBA, told CyberNews.
Controls included an end-to-end infrastructure of internal controls comprising automated tools, scores of system rules to validate borrower identity and business eligibility, and an application review process consisting of multiple checks.
Read more: What’s your identity worth on the dark web?
“Furthermore, the SBA is referring to suspected cases of fraud to the Office of the Inspector General for investigation. The SBA also is coordinating with financial institutions to leverage their internal controls to address potential cases of fraud,” said Carol Chastang.
What if someone has already taken a loan on behalf of your company?
“For the EIDL program, the business owner can re-apply. SBA’s internal controls system will likely flag the application as a duplicate. The applicant will need to contact the SBA and provide additional information so we can override the duplication, reactivate the file and move it into loan processing,” explained Carol Chastang.