COVID-Related Scams - Top 5 Trends Identified by Compliance Experts
Updated: Sep 29, 2020
From April to September 2020 we asked 14 experts in the field of compliance about their view on trends in AML and financial crime. And now is time to recap and learn more from the responses and observations from our guests.
Do you remember January 2020? The year has just started. If you are working in compliance, you were most likely going often to the office, scheduling meetings in conference rooms, having lunch with colleagues, visiting conferences and networking events. But suddenly everything changed.
Now, your office is in your house or flat. You are not meeting with more than certain number of people in the same room. Videoconferencing exploded. You don’t go out without a masks and your pocket hand sanitizer. COVID-19 pandemic brought so many changes to our everyday life. The "new normal" is defined by lockdowns, social distancing, and protective equipment. And this did not affect only you or me, or people in one town, one country. People all around the world had to change their typical lifestyle. In the aftermath homes became offices, many lost their jobs, businesses bankrupted or work with heavy restrictions.
You know who else had to quickly adapt – fraudsters. Jennifer Ford-Smith in episode 1 describes them as entrepreneurs with different motivation. They are seeking to exploit for their profit vulnerabilities and fears. Dr. Ian Messenger in episode 7 mentioned that we will see new scams but also “see those old, tried and tested 419, the advanced fee fraud scams are continuing to occur but with COVID narrative”. So let’s recap the 5 exposed areas which may lead to increase fraud scams and cybercrime.
1. Medical supplies, personal protective equipment
COVID-19 created a worldwide demand for medical supplies and protective equipment. And this is an area of vulnerability for governments and other institutions responsible for the supply.
Stephen Scott gave great advice for compliance professionals in episode 8 – we need to learn more in terms personal protective equipment (PPE), safety, sanitizers, goods and services associated with that. Because he says bad guys would take advantage of people's fears and will run frauds related to buying and selling goods, providing services. This closely links with some of the fraudulent activities mentioned by the FATF. One of them is related to counterfeiting, including of essential goods (such as medical supplies and medicines), and offering illegal goods and “miracle” cures.
Additionally, the increased number of public money moving around for COVID relief and bailouts for businesses would also lead to increased number of fraud.
In June 2020 estimates of US officials suggest that COVID-related fraud could result in $30 billion stolen by criminals[1].
Corrupt governments are also increasing the risk of misappropriation of the large sums intended to support the people and small business in times of crisis.
2. Romance scams
In Episode 1 Jennifer Ford-Smith described another very important vulnerability – the lack of social interactions during the lockdown period. When isolated and alone, people may become much easier victims of fraudulent emails asking for support in this tough and unprecedented times. Additionally, social distancing measures can increase the number of romance scams. Some of the red flags in romance scams were presented by Beata Wisnicka in Episode 12. Examples include: using fake, stock images, jumping quickly into proposing marriage, requesting funds and putting ultimatums, poor grammar or many mistakes in the messages.
3. Phishing
The phishing attacks these days are incredibly sophisticated, mimicking close to perfection a legitimate email, and even at the domain level. The thing is, it gives the good guys an opportunity to evolve and develop better anti-fraud, and cyber security, email filtering technologies – this is what Tim Lloyd shared with Compliance Time in Episode 9.
He said that globally, there will be a shift of focus on more cyber-enabled or cyber-originated types of frauds and scams. In July 2020 FinCEN also publishes Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic in which they alert financial institutions to stay vigilant and it outlines some of the vulnerabilities.
As mentioned in the beginning, suddenly in 2020 our homes became offices. This enabled criminals to exploit financial institutions’ remote systems and customer-facing processes. The new cyber-enabled attacks will aim to gain access to legitimate accounts of the banks. Two of the ways illicit actors do that according to FinCEN are: digital manipulation of documentation and leveraging compromised credential against accounts. Another popular scheme, according to FinCEN, is Business email compromise which targets municipalities and the healthcare/medical equipment supply chain. Criminal attempts are aiming to redirect the fund flow to a new account. Additionally, FBI and Europol note that “criminals insert themselves into communications by impersonating a critical player in a business relationship or transaction, typically posing as providers of healthcare supplies, to intercept or fraudulently induce a payment for critically needed supplies”[2].
Further, criminals are now increasingly using phishing which narrative references COVID-19 terminology. Examples of such references include the Coronavirus Aid, Relief, and Economic Security (CARES) Act. Also, criminal messages include advertising of new ways to make money through virtual currencies, or request financial support for a community to fight the pandemic. One of the cases from the summer of 2020 was the Twitter hack in which 130 accounts were taken over by hackers.
4. Synthetic identity fraud
Episode 9 also mentions synthetic identity fraud as a method for money laundering and potentially being used for misappropriation of public funds and related schemes. Tim Lloyd told that synthetic identities are being created leading to account holders which may not even be a real person. But this person or entity has the ability of creating and opening accounts with falsified, fictitious, aged credentials.
Investopedia defines this scheme as follows: “Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity. The real information used in this fraud is usually stolen. This information is used to open fraudulent accounts and make fraudulent purchases”[3].
Source: Mitigating Synthetic Identity Fraud in the U.S. Payment System, p. 3
Note that the Federal Reserve published in July 2020 “Payment Frauds Insights” which goal is to raise awareness on synthetic identity fraud and encourage financial industry to act against it. It is said that the synthetic identity fraud is “the fastest-growing type of financial crime”. Analysis by Auriemma Group suggests that this type of fraud costs US lenders $6 billion and 20% of the credit losses in 2016.
5. Investment and fundraising scams
People lost their jobs and stability, businesses deemed non-essential remained shut down for months. In search of security and profits, even more people can now be subject to investment scams.
Both, FinCEN and FATF mention charity and fundraising investment frauds. In these scams actors falsely claim that your contribution will provide financial support or medical treatment to people in need, but actually the money instead get stolen. In this article you can find more tips on how to make your donation count.
This is the summary of Compliance Time podcast on predictions mentioned by our amazing guests. Have you already seen some of these scams? Let us know what you think.
Listen to the episodes on your favorite podcast platform, or on our website www.cmpltime.com/podcast
[1] https://thehill.com/policy/cybersecurity/501936-senior-official-estimates-30-billion-in-stimulus-funds-will-be-stolen [2] More can be also seen in FinCEN’s Advisory on Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019 (COVID-19) here: https://www.fincen.gov/sites/default/files/advisory/2020-07-07/Advisory_%20Imposter_and_Money_Mule_COVID_19_508_FINAL.pdf [3] https://www.investopedia.com/terms/s/synthetic-identity-theft.asp#:~:text=Synthetic%20identity%20theft%20is%20a,accounts%20and%20make%20fraudulent%20purchases.
Resources list:
https://www.bbc.com/news/technology-53445090
https://www.consumer.ftc.gov/blog/2020/05/make-your-coronavirus-donations-count
https://www.fatf-gafi.org/media/fatf/documents/COVID-19-AML-CFT.pdf
https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-payments-fraud-white-paper-july-2020.pdf