Category: Investigations

The Government Turns to Social Media for Social Security Fraud

Playing outside with your grandchildren, casting a fishing line or running a marathon can seem like harmless, healthy fun. But physical activity could lead to denial of Social Security disability benefits if your activity shows up on Facebook or Instagram. Is it fair for the government to go through your social media? On the other hand, is it fair for you to apply for benefits if you can do these activities?

These are all questions the Social Security Administration is weighing, as Acting Social Security Commissioner Nancy A. Berryhill has told Congress in written explanations over the last week. Facebook and other social media feeds are already being reviewed if agency investigators suspect someone is fraudulently collecting benefits and they are looking for corroboration, the agency said in the documents it gave to lawmakers. But now the agency is “evaluating how social media could be used by disability adjudicators in assessing the consistency and supportability of evidence in a claimant’s case file,” Berryhill said in the submission to Congress.

The idea has drawn praise as well as criticism — praise because more attention to people’s social media could cut down on fraud, some say. Fraud and abuse do exist in the program, and it should be weeded out to protect taxpayers and legitimate claimants. 

The Pros

Mark Hinkle, acting press officer for the SSA, notes that the agency uses data analytics and predictive modeling to detect fraud, and has created new groups dedicated to detection and prevention. Asked to comment on plans for expanded use of social media to detect fraud, he confirmed that SSA investigative units already use social media, and that the agency has “studied strategies of other agencies and private entities to determine how social media might be used to evaluate disability applications.”

The Social Security Administration said that in December, 8.5 million people of all ages received a total of $10.5 billion in disability benefits, with an average monthly sum of $1,234. It said 68 percent of the private-sector workforce has no long-term disability insurance.

The risk of disability rises with age, and people are twice as likely to collect disability benefits at age 50 as at age 40 — and twice as likely at age 60 compared to age 50, according to the Center on Budget and Policy Priorities, a liberal Washington think tank.

“Social media can provide valuable evidence to support or deny individuals’ disability claims,” Rachel Greszler, a research fellow at the Heritage Foundation, a conservative Washington think tank, wrote last year. “For example, a disability claimant may say that she is unable to leave her home, while her social media pictures show her out and about regularly.”

In one case, a 57-year-old Louisiana man pleaded guilty last month to theft of government funds. He had received $2,177 a month in benefits — a total of $242,000 — while employed by companies that did demolition work and job site cleaning. He also operated heavy construction equipment. He told federal investigators that the companies had been registered in the names of family members, rather than his own name, “so y’all wouldn’t find out about it,” according to court records.

In its latest financial report, Social Security estimated that it made $3.4 billion in overpayments to disability insurance beneficiaries in 2017, in part because of their failure to report work activities. The program has been “riddled with problems, including fraud and abuse,” said Greszler. When people who can work collect benefits, she said, “it drains the system for those who truly cannot work and support themselves.”

The Cons

Advocates for people with disabilities say the use of social media in this way would be dangerous because photos posted there do not always provide reliable evidence of a person’s current condition. Someone may not want to upload a picture or video that shares how he or she deals with a disability on a daily basis.

Social media reviews could also delay the time it takes for applicants who are already out of work to be approved. “This proposal starts with the discriminatory assumption that people with disabilities do nothing socially in the community, or have lives, so that anything the person does on social media can be classified as some form of fraud,” said Eric Buehlmann, deputy executive director of public policy at the National Disability Rights Network, a nonprofit membership advocacy group. He told AARP that methods to detect fraud already exist. If the Social Security Administration “is interested in rooting out fraud,” Beuhlmann said, “spying on people’s social media accounts is not the way to do it.”

“It may be difficult to tell when a photograph was taken,” said Lisa D. Ekman, a lawyer who is the chairwoman of the Consortium for Citizens with Disabilities, a coalition of advocacy groups. “Just because someone posted a photograph of them golfing or going fishing in February of 2019 does not mean that the activity occurred in 2019.”

Program statistics do not support the allegation that SSDI is riddled with fraud and abuse. In the government’s fiscal-year 2018, the SSA’s Office of the Inspector General (OIG) reported about $98 million in recoveries, fines, settlements/judgments, and restitution as a result of Social Security fraud investigations. The OIG states that most the recovered funds were from recipients of SSDI and Supplemental Security Income (SSI), a means-tested welfare program for low-income seniors, blind and disabled people.

That sounds like big money. But in fiscal 2018, the SSA paid out $197 billion to beneficiaries of SSDI and SSI. And keep in mind that the recovered $98 million was for benefits paid out over several years, not just in 2018. SSA data shows that the rate of overpayments for all its programs was well under 1% of benefit payouts in each of the last three fiscal years – and not all improper payments are fraud.

More often, overpayments occur due to administrative delays at the SSA in making adjustments to benefit amounts due to errors and paperwork snafus. A federal government list of programs at highest risk for making improper payments compiled by the Office of Management and Budget does not even mention Social Security.

Greszler has readily acknowledged that fraud rates are low. “Outright fraud is actually a pretty small component of the program’s problems,” she said. “Most people perceive fraud as a big issue but what they might consider fraud – people receiving benefits when they have the ability to work – is often just abuse of the system by taking advantage of certain rules and structures that allow people who can perform some work to nevertheless receive benefits.”

What constitutes abuse of the rules? An example, she said, would be claiming SSDI and receiving unemployment benefits at the same time, or claiming based on the argument that a disability prevents a worker from performing certain types of jobs, Greszler and other SSDI critics often point to the rise of SSDI applications and award grants coincident with the rise of unemployment during the Great Recession as evidence of abuse.

Open Source Network Tools for Investigations 

What is Open Source Intelligence (OSINT)?

Open Source Intelligence (OSINT) is defined as data and information that is collected legally from open and publicly available resources. Obtaining the information doesn’t require any type of secretive method and is retrieved in a manner that is legal and meets copyright requirements.

 The Internet has all the information readily available for anyone to access. Collection of information using these tools are referred to as open source intelligence. Information can be in various forms like audio, video, image, text, file etc. A few of the data categories available on the internet include:

  1. Social media websites like Twitter, Facebook, Instagram, etc.
  2. Public facing web servers: Websites that hold information about various users and organizations.
  3. Mass media (e.g. newspapers, TV, radio, magazines and websites)
  4. Code repositories: Software and code repositories like Codechef, Github hold a lot of information but we only see what we are searching for.
  5. Public records databases
  6. Government reports, documents and websites
  7. Maps and commercial imagery
  8. Photos and videos
  9. The dark web

Who Engages in Open Source Intelligence gathering and analysis?

Anyone who knows how to use the tools and techniques to access the information is said to have used the process. However, the majority is used formally by the United States intelligence community, the military, law enforcement, IT security professionals, private businesses and private investigators.

Gathering the information manually can eat up a lot of time, but now there are tools that can help collect the data from hundreds of sites in minutes, easing this phase. Let’s say, for example, you want to identify whether a username is present and if so, on which/all social media websites. One way is to log in to all the social media websites (and there are more than you know!) and test the username. Another way is to use an open source tool that is connected to various websites and check the usernames presence on all the websites at once. This is done just in seconds using OSINT.

List of Open Source Intelligence Tools

The tools and techniques used in Open Source Intelligence searching go much further than a simple Google search. Following is a list of helpful, time-saving open source intelligence tools. Note: most are free, although some have advanced features available for a fee.

Email Breach Lookup – Have I Been Pawned

This site allows you to find out if a particular email address was affected by one of the many data breaches that have occurred over the years

Fact Checking Websites – Hoaxy, Media Bugs, PolitiFact, SciCheck, Snopes, Verification Junkie

Hacking and Threat Assessment – Norse

OSINT Image Search – Current Location, Image Identification Project, TinEye

Public Records (Property) – Melissa Data Property Viewer, Emporis Building Search

Sites like Zillow, Trulia, Realtor.com, etc. are always useful and should be a part of your investigative toolbox. But the two mentioned above provide various twists on property records searching and are definitely worth checking out.

OSINT Search EnginesGoogle Correlate, Google Search Operator Guide, Million Short, Shodan, TalkWalkerAlerts

OSINT Social Media Search ToolsFacebook Search Tools, TweetBeaver

OSINT Tool WebsitesIntelTechniques

SoftwareHunchly, Maltego, SearchCode

Surveillance CamerasEarth Cam, Insecam

Username CheckCheckUserNames, Knowem.com, Namech_k

Virus ScannerVirusTotal

Website Analysis – BuiltWith.com

The main benefit of OSINT is how the technology can help us in our day to day tasks. With all that information freely available multiple actors can accomplish various tasks. A security professional can use the information for data protection, security testing, incident handling, threat detection, etc. A threat actor, on the other hand, can gain information to perform phishing attacks, targeted information gathering, DDOS attacks and much more. The key is to select the right tools and techniques. Since this is all free, users can make their decision regarding how best to access the information they need.

Craigs List Fraud & Scams

Unless you’ve been hiding under a rock you have heard of Craigslist.

Craigslist is a great resource for selling things, finding apartments and jobs, locating services and meeting people. Most of the time transactions go smoothly and both seller and buyer are satisfied with the Craigslist experience.

But lately more and more people are being scammed on Craigslist losing money and, in worst case scenarios, putting themselves in danger.

To help keep yourself safe from scams, Craigslist advises that any business dealings be done with people in your own local area. Don’t do business with folks who live far away. Also look for listings with poor grammar and misspelled words. Beware of anyone offering more than what you asked for. Why would someone do that? Especially since Craigslist is known as the place to go for good deals.

Below are some of the most common Craigslist scams and how can you avoid them.

1) Nigerian or Foreign Country Scams

If you receive an email with very specific criteria…it’s more than likely a scam. Most will offer more than your selling price if you accept their check or money order. And if the buyer or seller tries to pay you with a money order or wire transfer — take that as a big, waving red flag. 

Scammers over the years have developed pretty sophisticated-looking fake packing slips or even money orders claiming to be from trusted institutions like Western Union. Often, these scams are part of a Nigerian 419 scam, and could entice you to send the buyer your goods before the fake check or money order clears. To avoid getting duped, don’t accept money orders on Craigslist and, if you must use a check, make sure it clears before sending what was bought.

2) Fake or Cancelled Tickets

Ticket scams are among the more common scams on Craigslist. My husband was actually a victim of this. Savvy scammers have been able to make fake tickets that look real to big events like concerts or sports games. According to WiseBread.com, some scammers have even replicated holograms and watermarks on tickets for concerts or events — and these tickets are either fake or already cancelled – setting you up for a big disappointment. To avoid the headache, only go through reputable sites like Ticketmaster or the actual venue.

3) Non-Local Ads

In general, whenever an ad is not local, it’s generally not a good idea to pursue it. If someone posts a non-local ad they usually won’t be able to meet up with you and will often require transferring money through some online platform (which is a red flag!).

While there are certainly some precautions that should be taken when actually meeting and conducting a transaction in person (such as meeting in a public place or bringing a friend with you), some people that are unable to meet in person (or refuse to) could be scammers on the site. 

4) Fake Craigslist Site

Yes, you can accidentally land on a fake Craigslist site. Scammers often use similar domain names in hopes of snagging internet searches from the real Craigslist site and convincing users to trust the fake ones. Some of these sites look very realistic and could cost you a lot of money. Rule of thumb: if any Craigslist site does not have the address http://www.craigslist.org, it’s fake. 

5) Scam Email from PayPal

Some scammers may use PayPal (or the promise of PayPal) to send or receive money on Craigslist. PayPal actually warns people to be wary of ads that want to use the site for transactions because many of them may never follow through or send you a fake PayPal email confirmation of a payment. Warning signs include emails that don’t address you by your full name or a statement that money is being held until you perform some action (like sending money through another wire service or using links to tracking orders).

6) Lured to a Mugging

This is a really nasty scam, and we could all fall for it quite easily. It’s also known as “robbery by appointment.” As a Craigslist seller, you will know that cash reigns supreme. You don’t want to deal with bounced checks. Craigslist scammers will place an ad for something like a car, high-end electronics, or another product of significant value. So you arrange to meet the seller (with a large amount of cash), and that’s when you’ll be jumped and the money taken from you. This “lure” scenario has happened many times over the years, which is why Craigslist advises you to meet in a safe, secure location, go with a friend (or two), and if in doubt, back out.

If you happen to see something on Craigslist that looks fishy, send an email to abuse@craigslist.org and give them as much detail as you can about the listing. Make sure you include URL (or 8 digit post ID number) in your email. If you’re selling something and you think a con artist has expressed interest, forward it to abuse@craigslist.org. Be smart, be aware and if in doubt ask your friends or someone with internet savvy what they think if something just doesn’t seem right. If it sounds too good to be true, it usuall

Think Your Data Is Private Because You’re Not on Social Media? Think Again.

Just because you’re not on Facebook or Twitter doesn’t mean your data is safe from social media or their clever algorithms. In two different studies, researchers found evidence that your privacy is no longer in your hands, even if you abstain from social media.

The studies, conducted at the University of Vermont and the University of Adelaide, found that they could predict a person’s posts on social media with 95% accuracy, even if they never had an account to begin with. The scientists got all the information they needed from a person’s friends, using posts from fewer than 10 contacts to build a mirror image of a person not even on the social network.  

The study, published Monday in the journal Nature Human Behavior, looked at more than 30 million public posts on Twitter (excluding retweets) from a total of 13,905 English-language users (attempting to eliminate bots and non-personal accounts) to populate their model. By using data provided by just 8 or 9 of a user’s contacts, the researchers were able to show that the tweets of friends allowed them to predict quite a bit about the original user. The original user’s Tweets allowed them to predict future tweets with an accuracy rate of roughly 64% and the user’s contacts gave them enough data to predict behavior with an accuracy rate of 61%. So, go ahead and delete your account, but information about you is still going to be generated (and pretty accurately) if you have a close relationship with at least 8 people who use the platform.

This analysis showed that “information within the Twitter messages from 8 or 9 of a person’s contacts make it possible to predict that person’s later tweets as accurately as if they were looking directly at that person’s own Twitter feed.”

“You alone don’t control your privacy on social media platforms,” University of Vermont professor Jim Bagrow said in a statement. “Your friends have a say too.” And even when you delete your social media accounts, if your friends are still there, tech giants are able to build profiles on you. This is already a concern that privacy advocates have about Facebook, called “shadow profiles.”

Now, there is a mathematical upper limit on how much predictive information a social network can hold. They can’t know everything about you, but they can know some things.

privacy in social media

So why is this information important? Businesses who want to sell you things or government agencies who want information about you can use this information to their benefit. Companies or agencies may not be able to find out your darkest secrets, but they can figure out things like your political or religious affiliation and products you might be interested in. The same things platforms like Facebook and Twitter know (and sell) about their users.

The researchers went on to acknowledge that their research “raises profound questions about the fundamental nature of privacy—and how, in a highly networked society, a person’s choices and identity are embedded in that network.”

“There’s no place to hide in a social network,” said 
co-author Lewis Mitchell.

Professor James Bagrow, also an author of the paper, confirmed: You alone don’t control your privacy on social media platforms. Your friends have a say too.

In April, Facebook CEO Mark Zuckerberg told lawmakers that the social network collected data on nonusers for “security purposes.” That includes people’s contact list when they use Facebook’s mobile app, which the company uses to suggest friend recommendations, it explained.

In response to the study, a Facebook spokeswoman said the company doesn’t build profiles on nonusers, even if it’s collecting data on them. “If you aren’t a Facebook user, we can’t identify you based on this information, or use it to learn who you are,” the company said in a statement.

The study shows there’s only so much you can control in terms of your own privacy and security online. As careful as you are online, the study suggests that you’re only as private as your friends have been.

Social Media and its Impact on Divorce

Studies have shown a link between social media use and a decrease in people’s quality of marriage

Can you name one person in your family, or among your friends, or peers at work that does not have a Facebook account?  I seriously doubt it. Chances are much greater that they all have Twitter, Instagram, and a number of other social media accounts as well.

And in today’s social media savvy world, the courtroom is no different. When divorce is involved, the question of electronic evidence, and social media evidence, in particular, comes into play in various ways. Modern relationships fall hazard to the sometimes illicit goings-on of spouses that end up publicized for the entire world to see (and “like” or comment on) on the Internet.

According to one study, “Results show that using social networking services is negatively correlated with marriage quality and happiness, and positively correlated with experiencing a troubled relationship and thinking about divorce.” Another source adds that social media “evidence can also highlight character attributes in custody arrangements, hidden assets such as boats and cars in alimony settlements, contradict oral testimonies and more.”
In many situations, focusing more on a person’s social media friends and presence can detrimentally affect a person’s real-life relationship. Some studies have shown that social media activity played a part in one out of seven divorces. 

Evidence in Divorce Cases

Not only is social media a growing cause for divorce, now it is being used as evidence in divorce cases. It can be used to demonstrate infidelity, and in some states may impact the amount of alimony awarded. Social media use may also be admitted for other purposes including hiding assets. If there are pictures or statements on social media that refer to these assets, the evidence may be admitted for this purpose. Additionally, it can demonstrate that a person is unfit as a parent. It may show the parent smoking, doing drugs, or drinking alcohol around their children. It may also show the parent allowing their children to engage in risky behavior which indicates the children are not safe with the parent. 

Web Preserver aggregates some startling statistical figures to drive home this point:

  • 81% of attorneys discover social networking evidence worth presenting in court
  • 66% of cases involving divorce employ Facebook as one of their principal evidence sources
  • 1/3 of all legal action in divorces cases is precipitated by affairs conducted online

You can’t argue with facts. Social media is affecting relationships and being used in divorce litigation in serious and important ways.


What Evidence is Admissible?

According to one periodical, a spouse’s posts on social media platforms are admissible as evidence in the United States during divorce proceedings, given that they are not procured illegally. Also, an opposing attorney or the estranged husband or wife is not legally allowed to open false accounts with the purpose of “Friending” them in order to gain access to particular photos or posts that may be damning. Spouses are not legally permitted to come by those same posts via “hacking” or other equivalently malicious means.

So be careful what you share…posts and photos that are made public are able to be seen or inspected by anyone in the world. That material is fair game to be admitted as evidence for or against someone.


Guidelines for Social Media Usage during Divorce

Once a divorce is pending, spouses should expect that they will be under close personal scrutiny by their spouse and his or her lawyer. This is a common time for social media activity to be investigated. Individuals who are going through divorce should proceed with extra caution and assume that people who they do not actually intend to see their posts will see the posts and should proceed with this assumption. Additionally, their posts may be reposted to friends’ pages and then other people can view them. You can’t always rely on your privacy settings.

Divorcing spouses should be very mindful about what they post because anything can be taken out of context. Spouses should carefully censor what they post and avoid making any type of statement or posting any type of video or image that could be used against them. Additionally, they should ask friends and family not to post any embarrassing comments, photos or videos of them that may paint them in a negative light. 

Due to the public nature of social media, it should not be used as a support system. Many online friends may not actually be that trustworthy or even close to a person and may reveal shared information to the other spouse. Spouses should avoid talking about their legal case or complaining about their spouse in such a public forum. 

Conclusion

States will differ in how social media posts are admitted and employed during a divorce trial. But in most cases, posts on social networking platforms are admissible as evidence. They may prove that someone did not comply with a protective order, prove financial status through photographic evidence, affect cases involving custody of children, and much more. Being aware of how it may affect a divorce client is paramount to reaching a favorable result in the courtroom