Fraud rings exploit federal weaknesses as Washington falls behind

A new report from identity verification company Socure provides a grim but necessary wake-up call to the federal government: sophisticated fraud operations, both domestic and international, are increasingly exploiting systemic weaknesses in public-sector identity systems.

The study, Fraud in Focus: Exposing Organized Fraud Patterns in Government Programs, details how these vulnerabilities – especially in outdated digital identity verification processes – have enabled fraud rings to siphon off billions in public funds.

“This research confirms what many of us have known – government agencies are under coordinated attack from nation states hellbent on exploiting weaknesses in existing identity infrastructure,” said Jordan Burris, director of Socure’s public sector business. “This is a matter of national security. We need urgent investment in modern, accurate, and intelligence-led identity verification systems to defend against these threats. The time for half measures is over.”

A convergence of warnings

Corroborating the Socure report, the U.S. Government Accountability Office (GAO) identified similar systemic flaws in its 2025 Annual Report on Fragmentation, Overlap, and Duplication, underscoring a persistent failure to modernize critical digital infrastructure and adopt coherent, interagency fraud mitigation strategies.

Socure’s report details three suspected fraud rings that were uncovered by Socure researchers – two international and one domestic – which used “a variety of tactics detected by Socure’s AI-enabled verification platform. Common techniques included exploiting real Personally Identifiable Information (PII) using fabricated business domains, shifting IP addresses through VPN providers, and submitting suspicious or mismatched phone numbers and emails,” Socure explained.

Socure’s research documents how complex crime networks that are difficult to entirely track down and stop” target multiple government benefit programs by weaponizing stolen identities and synthetic personas. These operations range from one-off identity theft schemes to highly structured, repeatable attacks. And they are “attacking government programs with relentless speed … across state borders and within agencies,” Socure said.

In one instance, between October and November 2024, a fraud ring launched over 60 coordinated attacks using stolen PII coupled with fabricated emails, foreign IP addresses, and spoofed phone numbers. What made the operation effective was not just the access to PII, but the inability of government systems to detect the fraudulent use of real, yet contextually suspicious credentials.

Outdated identity systems fuel the crisis

GAO’s findings lend structural weight to Socure’s pattern-based analysis. In its report, GAO calls out the government’s continued failure to implement comprehensive fraud risk management strategies across federal agencies. While more than 70 percent of GAO’s prior anti-fraud recommendations have been implemented since 2011, 589 recommendations remain open. Many of these unresolved issues stem from fragmented IT portfolios, poor interagency collaboration, and inconsistent application of advanced analytics.

One particularly alarming GAO finding notes that the Department of Defense (DOD) – despite being one of the largest federal spenders – has not yet fully incorporated data analytics into its fraud risk strategy and thereby has missed an opportunity to detect and deter complex fraud patterns similar to those detailed by Socure. Both the Socure and GAO reports converge on the same diagnosis, which is the digital identity systems underpinning federal programs are outdated and ill-suited for the sophistication of today’s threat landscape.

During the COVID-19 pandemic, government agencies sought to disburse aid rapidly, relying heavily on static and insecure identity verification methods like credit-header data and knowledge-based authentication. These tools, which originally were designed for a different era, were easily bypassed by fraudsters armed with breached or bought identity datasets.

According to Socure, nearly 80 percent of the fraudulent attacks involved the use of real identities rather than synthetic ones, a clear indication that legacy systems cannot distinguish between genuine and fraudulent applicants when static PII alone is the gatekeeper.

A global assault on U.S. benefit systems

The scale of the problem is hard to overstate. Socure estimates that organized fraud rings originating in foreign countries were responsible for between two to 12 percent of all incoming applications to government benefit systems during peak attack periods.

“U.S. government programs are attacked by international fraud groups originating from China, Russia, Egypt, Poland and several other nations,” Socure said, noting that “international bad actors were responsible for up to 12 percent of all incoming applications for government services and/or loans.” These bad actors also “target multiple government agencies at once. At least one in four fraud attempts targeted more than one agency,” Socure found.

Attacks spanned multiple states and programs, often using consistent but subtle tactics to avoid detection such as registering U.S. phone numbers to unrelated geographies or using international dynamic DNS providers to spoof IP addresses. In one fraud ring, over 95 percent of traced IP addresses originated from Latvia, even as attackers mimicked American identities and addresses to gain access to U.S. programs.

“IP addresses, email addresses and domains linked to an identity were shifted several times within a given day, severely limiting a rules-based or black-list approach to detection,” Socure reported, adding that “fraudsters were about four times more likely to use stolen identities instead of synthetic identities.”

GAO calls for systemic reform and strategic IT oversight

GAO said these failures stem not only from inadequate verification tools, but also from a lack of interagency standards and oversight. It cited the need for the Office of Management and Budget (OMB) and 24 other federal agencies to fully implement annual IT portfolio reviews and improve high-risk investment oversight.

“OMB and General Services Administration (GSA) should join Congress in taking steps to help ensure the Federal Audit Clearinghouse contains quality single audit information, which could reduce risk and resolve deficiencies in federal award spending by hundreds of millions of dollars per year,” GAO said.

GAO said better coordination could eliminate duplicative or ineffective fraud prevention systems and enable government entities to adopt modern, AI-powered verification tools. GAO estimates that resolving these inefficiencies could save taxpayers more than $100 billion annually.

Similarly, GAO said “the Department of Defense should take steps to incorporate data analytics into its fraud risk management strategy and improve the usability of fraud investigative information to support fraud risk management and potentially save one hundred million dollars or more.”

GAO emphasized that “the scope and scale of DOD’s contracting activity – which includes contracts on major weapon systems, support for military bases, information technology, and consulting services – makes DOD procurement inherently susceptible to fraud … In December 2024, DOD reported about $2.4 billion in confirmed fraud in fiscal year 2024 via paymentaccuracy.gov.

Confirmed fraud, GAO said, “reflects only a small fraction of DOD’s potential fraud exposure.”

GAO said the Pentagon “does not fully leverage data analytics as a method for preventing, detecting, and responding to fraud in accordance with leading practices in GAO’s Fraud Risk Framework.

Modernization stalled by shadow influence

Despite some government-wide progress, such as efforts by GSA to improve audit transparency or the Department of Homeland Security’s (DHS) modernization plans, many fraud prevention systems remain siloed and key agencies lack a shared framework for identity assurance.

Socure emphasizes that even simple technological upgrades like consortium-based identity verification that shares fraud intelligence across commercial and government lines can significantly reduce the time between attack detection and response. However, such interoperability remains elusive under the current system.

Structural flaws are compounded by a culture of resignation. Socure criticized the entrenched belief that fraud is simply “the cost of doing business” in government. This mindset, the company’s report argues, has enabled complacency and delayed modernization efforts that would otherwise reduce fraud and improve public trust.

GAO echoes this concern, highlighting long-standing legislative and administrative inertia in addressing known fraud vulnerabilities. The Social Security Administration (SSA), for example, has not fully acted on recommendations to reconcile disability and unemployment insurance payments, a gap GAO estimates could save $2.2 billion over the next decade if addressed.

The consequences extend far beyond financial loss, though. Fraudulent applications often displace real ones, with legitimate beneficiaries blocked from access while criminals collect payments. Socure recounted cases in which valid claimants were denied assistance due to discrepancies in outdated identity verification systems while those using stolen PII sailed through unchallenged.

In some fraud rings, the identities of Americans across multiple states were reused in rapid succession, often within hours of a successful application. These high-frequency, high-impact attacks mirror GAO’s warning that reactive fraud investigations are no substitute for proactive, analytics-driven prevention strategies.

Together, the Socure and GAO reports point to an urgent need for digital identity reform. Strengthening identity infrastructure must move from pilot projects to national standards, with a federal strategy that leverages AI, consortium-based analytics, and real-time fraud intelligence. Interagency data sharing, OMB-mandated IT harmonization, and Congressional oversight will be critical to countering the scale and speed of modern fraud threats.

DOGE’s involvement raises new alarm bells

Potentially making matters worse is Elon Musk’s Department of Government Efficiency’s (DOGE) involvement in OMB and other federal agencies’ IT systems – especially under the current administration’s approach to executive power and digital infrastructure. Insiders say this has the potential to severely compound the very problems GAO is urging agencies to fix.

GAO’s recommendation that OMB and other federal agencies fully implement statutory IT portfolio reviews and high-risk investment oversight is premised on structured, transparent, and collaborative governance. But DOGE’s interventions have so far appeared to do the opposite: they have disrupted oversight structures, circumvented traditional accountability mechanisms, and introduced a parallel chain of influence in federal IT modernization efforts.

DOGE’s lack of institutional transparency and formal rulemaking may be undermining the integrity of IT portfolio reviews. In its report, GAO explicitly identifies the need for better data analytics, improved review protocols, and cross-agency collaboration to eliminate redundant IT systems and prevent high-risk investments from spiraling into financial black holes.

If DOGE – operating without clear statutory oversight – is inserting itself into those IT systems with unclear purpose or authorization, it not only distorts the investment review process, but could also introduce new layers of opacity and duplication which GAO is trying to eliminate.

DOGE’s access to federal IT infrastructure may also compromise fraud detection and risk management efforts. Socure’s analysis of organized fraud rings shows that modern digital identity fraud evolves rapidly and evades traditional detection. GAO highlights the importance of incorporating robust data analytics into fraud risk strategies.

If DOGE is manipulating or redirecting data pipelines within OMB or agencies like the SSA, DHS, or GSA, it risks introducing blind spots or silos into systems that require interoperability and transparency to detect fraud effectively. Furthermore, if DOGE personnel are not vetted through standard channels, as whistleblower reports from DHS’s Office of Biometric Identity Management suggest, this could present insider threat risks to sensitive identity systems.

DOGE’s influence also could distort agency IT priorities. GAO emphasized the importance of aligning investments with mission outcomes and avoiding the creation of redundant systems. If DOGE exerts pressure to fast-track certain AI projects, streamline government functions based on unclear criteria, or favor private-sector contractors with ties to executive allies, it could lead agencies to abandon well-scoped IT reviews in favor of politically motivated expedience. That could increase exposure to waste, fraud, and abuse, the very outcomes GAO seeks to prevent.

There is also the issue of fragmentation of IT governance, which is at the heart of GAO’s report. DOGE’s involvement risks further fragmenting of IT authority, inserting itself into roles traditionally held by OMB’s Office of E-Government and Information Technology, the Federal CIO Council, and agency-specific Chief Information Officers.

If DOGE’s actions bypass or override these structures, agencies may no longer have coherent control over their own digital modernization roadmaps. This erodes not only operational efficiency but also institutional resilience in the face of sophisticated cyber threats.

In the most optimistic scenario, if DOGE were operating under strict transparency requirements, adhering to proper authority, and coordinating directly with OMB and agency CIOs, it could potentially streamline and unify IT modernization across agencies. But current evidence suggests DOGE’s role is poorly defined, non-transparent, and politically entangled, which makes it more likely to exacerbate fragmentation, increase duplication, and hinder the oversight necessary to protect taxpayer dollars.

DOGE’s activity appears fundamentally misaligned with GAO’s call for structured IT governance, improved analytics-based oversight, and interagency coordination. Unless DOGE’s access and influence are brought under public, statutory, and interagency review – preferably by congressional oversight and through formal OMB controls – its role will likely undermine federal efforts to modernize identity systems, reduce fraud, and regain control over spiraling IT investments.

What the Socure and GAO reports make clear is that fraud is no longer an anomaly. It is systemic, transnational, and evolving. As the federal government grapples with its digital transformation, these reports underscore that identity infrastructure is no longer a back-office function, but rather it is part of the national digital infrastructure. And like any neglected system, its failure threatens the integrity of everything it supports.

But without a coordinated and well-funded shift in how the federal government validates and protects identities, the current crisis will only deepen, and with it, public trust and taxpayer resources will continue to erode.

Article Topics

digital identity  |  DOGE  |  fraud prevention  |  GAO (Government Accountability Office)  |  identity verification  |  Socure  |  synthetic identity fraud  |  U.S. Government