Updated: Mar 23
The coronavirus, also known as COVID-19, has sparked a global health emergency and drastically disrupted business, markets, and the movement of money worldwide. As a result, virtually all industries have faced, and will continue to face, disruption. And, as unfortunately happens in the event of natural disasters and other catastrophic events, fraudsters and criminals are taking advantage and capitalizing on the fear and uncertainty caused by the pandemic. In fact, there is even a name for this type of opportunistic exploitation in the face of sudden calamitous events -"disaster fraud."
Individuals, businesses, and even the government, can be the targets of disaster fraud. Although disaster fraud can come in various forms, it is generally grouped into five broad categories: 1) price gouging, 2) charitable solicitations, 3) contractor and vendor fraud, 4) property insurance fraud, and 5) forgery. Increasingly, fraud schemes are carried out online and cyber-related fraud is flourishing.
As many individuals are now working from home, some for the first time, the risk of cyber-enabled fraud is even further elevated. For instance, people may not be as conscientious about logging into secure networks as they might be otherwise. Additionally, the home environment provides far different distractions than the workplace, not to mention the difficulty of remaining focused on work in general while in the midst of a global pandemic. The novelty of the situation and the increased distraction are among the factors which create further opportunities for cybercriminals.
FinCEN's Guidance on Disaster Fraud & COVID-19 Fraud Schemes
The Financial Crimes Enforcement Network (FinCEN) issued an Advisory to Financial Institutions Regarding Disaster-Related Fraud. Although it is aimed at financial institutions, the guidance can easily be applied to individuals as well as various other businesses. The Advisory discusses Benefits Fraud, Charities Fraud and Cyber-Related Fraud. The Advisory can be accessed here.
Additionally, FinCEN released a more recent notice about potential illicit behavior connected to COVID-19 and related emerging trends. In this announcement, FinCEN specially advises financial institutions (although this guidance can be applied to individuals as well) to remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters. Based on various reports of illicit behavior connected to COVID-19, FinCEN has noted the following emerging trends:
Imposter Scams – Bad actors attempt to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention), international organizations (e.g., World Health Organization (WHO)), or healthcare organizations.
Investment Scams – The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus
Product Scams – The U.S. Federal Trade Commission (FTC) and U.S. Food and Drug Administration (FDA) have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to COVID-19. Additionally, FinCEN has received reports regarding fraudulent marketing of COVID-19-related supplies, such as certain facemasks.
Insider Trading – FinCEN has received reports regarding suspected COVID-19-related insider trading.
The full FinCEN notice can be accessed here.
Below is a compilation of official warnings and notices from various government agencies as well as inter-governmental organizations regarding potential scams related to the COVID-19 pandemic:
The International Criminal Police Organization (INTERPOL) released a statement about financial fraud schemes related to COVID-19 and warning signs that may alert people to potential scams.
The World Health Organization (WHO) issued a warning regarding imposter scams, urging people to be aware of criminals disguising themselves as WHO in order to steal money or sensitive information.
The Securities and Exchange Commission (SEC) published an Investor Alert on coronavirus-related investment scams.
The Federal Drug Administration (FDA) issued an alert concerning product scams to protect consumers from firms selling unapproved products and making false or misleading claims.
The Federal Trade Commission (FTC) and the FDA also issued a joint updated statement concerning product scams and scam coronavirus treatments.
The Department of Justice (DOJ) published a list of scams used to exploit COVID-19 worldwide.
Steps to Mitigate Risk and Protect Yourself and Your Business
Although the coronavirus pandemic presents new fraud-related risks, there are ways for individuals and businesses to protect themselves. Individuals and organizations can take the following steps to mitigate the risk of becoming victims and also exposing their business, to fraud and fraud-related cyber crimes, as well as other scams.
Awareness/Knowledge. The first step to mitigating risk and protecting yourself and your business is gaining awareness and understanding of potential risk(s). This involves becoming educated about fraud and various common schemes. And since fraud methods are constantly evolving, it also includes maintaining current knowledge of the most common scams and trends, as well as being alert and remaining vigilant. Organizations, such as those issuing the above-noted guidance, are great resources which offer reliable and updated information for attaining and maintaining relevant knowledge on emerging trends and potential risks. Additionally, the Centers for Disease Control and Prevention (CDC) maintains a website containing up-to-date information and guidance as well as additional resources on COVID-19. The CDC website can be accessed here.
Due Diligence. The second step involves doing your due diligence. This includes researching and verifying the authenticity of organizations, including businesses and charities, websites, links, and anyone soliciting money. It also involves establishing legitimacy before sending any money, credit card information, or other personally identifiable information (PII), such as social security numbers or bank account details. This additionally entails not sharing news/information from unofficial or unverified sources as well as not clicking on certain links and attachments in unsolicited emails and text messages. The European Union's law enforcement agency, Europol, provides a useful infographic containing cyber-safety tips here.
Reporting. Finally, it's important to report instances of fraud-related activity, regardless of whether the activity was fully carried out or just an attempt. Reporting is important because it helps prevent future fraud and other crimes. Reporting of fraud also provides information that enables future decision-making, such as where best to concentrate law enforcement resources. Internet-based fraud and similar crimes can be reported locally as well as to the FBI’s Internet Crime Complaint Center here. Reports can also be made to the National Center for Disaster Fraud via their hotline at 866-720-5721 or via email at email@example.com. Additional reporting information is available on the DOJ website, accessible here.
Lastly, as is the case with any risk assessment exercise, once the dust has settled, business and compliance leaders should revisit their business continuity/disaster recovery plans and risk mitigation strategies in order to implement lessons learned and be better prepared for the next issue that, inevitably, will arise.