Growing evidence suggests that the self-certification vetting process created an opportunity for people to take advantage of the program’s open-door design, the report says.

The SBA’s inspector general found “tens of thousands” of companies that received PPP loans when they were ineligible, the report says. This could include corporations created after the pandemic arrived, businesses that had more than 500 employees and companies that owe the federal government money, hence are named in a do-not-pay database.

Some eligible companies may have received more than they should have.

The FBI has opened several hundred PPP-related investigations that involve almost 500 suspects and hundreds of millions of dollars, the report says. The U.S. Justice Department already has charged 73 defendants in fraud cases related to PPP.

The Treasury Department in September received 2,495 suspicious-activity reports involving business loans from banks and other depository institutions, more than the total for any year dating back to 2014, according to public data.

Many other PPP loans are falling into a gray area in which businesses received one despite seeing revenue increase during the pandemic. Prosecutors are probing some of those cases but finding it difficult to bring charges, in part because Congress set a low bar for obtaining the funds, according to law enforcement officials familiar with the matter.

Prosecutors face hurdles in proving business owners lied when they said they needed money in the pandemic’s chaotic early days—even if profits kept coming in later, officials said.

Today’s scams, however, are sophisticated frauds that cost American businesses and individuals billions of dollars a year, federal investigators say.

Estimated losses have soared in recent years from scams known as business-email compromises, in which swindlers con victims into directing money into accounts controlled by criminals. In 2019, the Federal Bureau of Investigation received 23,775 complaints of business-email and email-account compromises, up from 20,373 the prior year.

Annual estimated losses increased too, rising from $1.2 billion in 2018 to more than $1.7 billion in 2019, the FBI said.

“Now the actors involved are a lot more sophisticated, and share intelligence and organized networks,” said Michael Driscoll, special agent in charge of the cyber-and-counterintelligence division of the FBI’s New York office.

Business-email scams first appeared on the bureau’s radar about a decade ago. Back then, the scams tended to be relatively simple, designed to imitate an email from a chief executive asking an employee to transfer money.
Over the years, the scams shifted.

Perpetrators targeted personal email addresses in 2014, pretended to be lawyers in 2015, then moved on to requests for tax information and targeting real-estate transactions.

One new iteration, federal officials said, involves fake requests to divert payroll funds. In this scam, someone in a business’s payroll or human-resources department receives an email purporting to be from an employee. The email asks to update direct-deposit information for that pay period, which then goes into an account controlled by a swindler.

The scams also have shifted from using spoofed emails, often sent from an address similar to one within the company, to the actual hacking of accounts, said an attorney who represents victims of the scheme.

“The email gets hacked, and the bad guys can step into the email threads,” said the attorney and former cybercrime prosecutor. “This is no longer a situation where some person who wasn’t paying close attention got duped.”

Source: Wall Street Journal