Facing the Facade: When Traditional Due Diligence Misses the Mark in Factoring Fraud
Written by: Cynthia Hetherington, OSC, CFE, CII, Founder and President of Hetherington Group
Fraud doesn’t always come in loud. It often slips in quietly, wrapped in perfectly folded paperwork, dressed in borrowed credibility, and backed by someone who sounds just right on the phone. In the factoring world, where relationships are formed quickly and money moves even faster, it’s not always the outright liars that get through, it’s the ones who seem credible, who pass just enough of the vetting, who check the boxes.
As someone who’s spent decades in the investigative and intelligence space, I can tell you this: traditional due diligence, while necessary, is no longer sufficient. Not in today’s digital-first, deception-rich environment. If you’re only checking names, credit scores, and tax ID numbers, you’re just playing defense. Fraudsters are playing offense.
Let’s talk about why.
The Illusion of Transparency
We’ve all seen what a “clean” background report looks like. No criminal history, tax filings are in order, or articles of incorporation appear legitimate. A few favorable Google search results, maybe even a light social media presence to round things out. Seems good, right?
But here’s what we often overlook: in an age where information is easy to manipulate or fabricate, these very artifacts of legitimacy can be weaponized. I call it the “illusion of transparency” - it looks like someone is visible and verifiable, but it’s a curated, hollow version of the truth.
For instance, I once had a client call about a new deal that “felt off.” Everything checked out on paper. The CEO had a LinkedIn profile with over 500 connections, a website with active blog posts, and a corporate filing that was a year old. But an OSINT (Open-Source Intelligence) review told a different story. That same CEO had previously operated under two other names, connected through a reused headshot, a digital fingerprint, and had been associated with a business that dissolved after a string of unpaid vendors. None of this came up in traditional checks. It came from tracing patterns, recognizing tells, and knowing where and how to look beyond the surface.
That’s the difference between data and intelligence.
The Limitations of Traditional Due Diligence
Let’s be clear: I’m not here to vilify compliance departments. Most of them are doing what they’re required to do: credit checks, identity verification, and UCC filings. These are foundational steps. But fraud rarely announces itself with a felony record or a skipped tax return. The more sophisticated players know how to game those systems. They’re not trying to hide. They’re trying to be just visible enough to pass your process.
This is especially true in factoring, where the speed of execution can override the depth of evaluation. You don’t always have 30 days to fully vet a business partner. That’s why relying solely on checklists and public filings is a vulnerability. They show you the "what" but not the "who", and certainly not the "why."
And fraud today? It’s agile. It learns. The bad actors watch your process and build their story to match it. They spoof phone numbers. They create websites with just enough content to pass a glance. They generate synthetic identities using AI. And they build "borrowed legitimacy" by listing known companies as prior clients, even if they never did business with them.
If you’ve ever had a gut feeling something was off, but couldn’t quite put your finger on it, that’s your cue. You’re not being paranoid. You’re just at the edge of what conventional due diligence can offer.
How OSINT Fills the Gaps
Here’s where we shift from defense to strategy.
Open-Source Intelligence, OSINT, isn’t about Googling harder. It’s the art and science of collecting, analyzing, and validating information from publicly available sources to assess risk, detect deception, and uncover patterns.
Think of it like this: if traditional due diligence is scanning the room, OSINT is opening the drawers.
Let’s go back to that too-clean CEO. OSINT flagged inconsistencies between corporate domain registration and public-facing contact info. A deeper scrape of archived web content showed the site had been copied, nearly verbatim, from a defunct business in another state. Reverse image searches traced the headshot to multiple identities used over the past 15 years. Connections on social media? Mostly bots and paid followers. None of this was illegal, but it was all extremely telling.
This isn’t magic. It’s a method. And it’s accessible if you know how to work with it.
OSINT works because it gives you context, not just content. It tells you the story behind the story, like when a "family-run business" is actually part of a fraud network operating out of multiple states under shell companies. Or when a client’s customer, who’s being factored, isn’t a real business at all, just a well-designed site and a ghost warehouse.
My team and I are often called in when something has already gone sideways. But more often, we’re being brought in earlier, because clients realize that risk isn’t always about what someone did in the past. It’s about what they’re setting up now.
Red Flags Only OSINT Will Catch
Here are a few common tells we see that OSINT helps bring to light:
· Discrepancies in timelines: LinkedIn shows one employment history, but archived versions of websites suggest otherwise.
· Digital cloning: Websites or bios lifted from legitimate sources, with only names and images swapped.
· Network overlap: Multiple “independent” businesses all sharing a backend developer, virtual address, or registrar.
· Inconsistent branding: Social media bios that don’t align with stated services or that recycle content from unrelated industries.
· Ghost activity: A business with no digital footprint, or one that appeared suddenly in the last 90 days with a flurry of templated content.
These aren’t just interesting anomalies, they are smoke before the fire. And in a business where you’re fronting money based on reputation and receivables, you deserve better than hindsight.
Building a Smarter Risk Strategy
This isn’t about fear. It’s about being smarter in how we verify trust. Due diligence today can’t be a static process. It needs to evolve alongside the tactics of fraud.
You don’t need to become an intelligence analyst overnight. But you do need to know when to call for backup. If something doesn’t make sense, or it looks too good, or it just feels wrong, ask for a deeper review. Not because you're accusing someone, but because you're protecting your business.
Curiosity is underrated. So is pattern recognition. And when paired with the right tools and methodology, they can save you not only from financial loss but reputational damage and litigation.
Bridging the Intelligence Gap
We don’t need to replace traditional due diligence; we need to strengthen it. Factoring professionals already know how to read contracts, assess risk, and negotiate terms. What OSINT does is give those instincts teeth. It offers the kind of clarity that lets you act decisively, not just defensively. It’s a discipline rooted in observation, validation, and curiosity, a perfect complement to the transactional realities of factoring. Whether you’re underwriting a new client or reassessing a long-time partner, layering in intelligence means fewer surprises and more control.
Final Thoughts
Factoring is built on trust and speed, two things that don’t always play well together. But with the right intelligence, you can move fast and smart. Fraud isn’t going away, but it can be outmaneuvered.
If I leave you with one thing, let it be this: Today’s fraud doesn’t hide, it performs. It builds a set, casts characters, and plays the part. Traditional due diligence watches the show. OSINT pulls back the curtain.
We’ve spent our careers doing exactly that.
About the Author
Cynthia Hetherington, OSC, CFE, CII, is the founder and president of Hetherington Group, a leading firm specializing in investigative due diligence, corporate intelligence, and cyber investigations. With over 25 years of experience in tracking fraud, uncovering hidden assets, and navigating the digital underworld, Cynthia is a recognized authority in Open-Source Intelligence (OSINT). She is also the founder of the OSMOSIS Institute and author of OSINT: The Authoritative Guide to Due Diligence. Her work supports financial institutions, Fortune 500s, and government agencies in mitigating risk and staying ahead of emerging threats.
The views expressed in the Commercial Factor website are those of the authors and do not necessarily represent the views of, and should not be attributed to, the International Factoring Association.