By Brian Monroe
July 30, 2020
The United Kingdom’s top lobbying body for the financial sector revealed today what it considers the top 10 scams attempting to take advantage of the coronavirus pandemic, including impersonating government finance and health agencies, teasing stimulus relief funds and even infiltrating dating apps.
United Kingdom (UK) Finance – the leading industry body for financial services in the UK, representing more than 250 firms providing finance, banking, markets and payments-related services in or from the UK – stated that institutions have noticed a marked uptick in fraud groups attempting to get at customers through emails, texts, phone calls and more.
In many instances, scammers are trying to use the fear and uncertainty around the pandemic as leverage – in some cases offering fake resources or avenues for personal protective equipment, or, for those out of work, access to desperately needed stimulus funds.
“Using the coronavirus pandemic as an opportunity, fraudsters are using sophisticated methods to callously exploit people, with many concerned about their financial situation and the state of the economy,” according to UK Finance.
Some scams manipulate innocent victims, urging people to invest and “take advantage of the financial downturn.”
These criminal groups, cognizant that people are stuck at home, watching Netflix and other streaming apps, are also “impersonating well-known subscription services to get people to part with their cash and personal information.”
Stealing debit and credit card details, and draining a bank account, is only one prong of the larger battle plan. Personal data can in some cases be even more valuable than what is in a person’s bank account.
Why? While you might have $500 in your savings and a credit card with a limit of $10,000 – a nice overall haul for a scammer – they can get a lot more, and do a lot worse, and leave you footing the bill.
With enough information, a fraudster could file for your tax return, change your information with the government and start receiving your pandemic-fattened unemployment check, take out a loan with your credit for $50,000 or $100,000.
Then they disappear and credits come after you.
Criminals are even “posing as representatives from the UK National Health Service NHS Test and Trace service in an effort to trick people into giving away their personal details.
How to spot a pandemic scam: inconsistencies, payment urgency
UK Finance also offered some overarching tips to better spot a Covid-19 scam, including if:
- The website address is inconsistent with that of the legitimate organisation
- The phone call, text or emails asks for financial information such as PIN, passwords
- You receive a call or email out of the blue with an urgent request for your personal or financial information, or to make an immediate payment
- You’re offered a heavily discounted or considerably cheaper product compared to the original price
- There are spelling and grammar mistakes, or inconsistencies in the story you’re given
Moreover, as part of a broader campaign to arm individuals from getting exploited at the outset, the group has condensed several powerful counter-fraud concepts into a simple, approachable and eminently shareable three-word directive: Stop, challenge and protect.
- Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.
- Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
- Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
Are you a financial crime compliance professional? Worried about fraud schemes and scams? ACFCS has you covered:
Special ACFCS Video Financial Crimecast: NICE Actimize’s Stephen Taylor discusses pandemic transaction trends, potential of AI, power of consortium-based analytics
Scammers could be pilfering $26 billion in fraudulent coronavirus pandemic unemployment claims: Labor Department Inspector General
FinCEN highlights key red flags for coronavirus pandemic medical scams, cyber-enabled frauds, including fake tests, phantom deliveries
Pandemic has hampered AML supervision, international investigations, cooperation, could help criminals evade CDD: FATF
ACFCS COVID-19 Pandemic Coverage: As fraud complaints soar, FTC offers tips, new resource in ‘Scam Bingo’ game
The pandemic scammer hit list: You really don’t want to be part of this top 10
The ten scams to be on the lookout for and how to spot them:
Covid-19 financial support scams
- Criminals have sent fake government emails designed to look like they are from government departments offering grants of up to £7,500. The emails contain links which steal personal and financial information from victims.
- Fraudsters have also been sending scam emails which offer access to ‘Covid-19 relief funds’ encouraging victims to fill in a form with their personal information.
- Criminals have been targeting people with official-looking emails offering a ‘council tax reduction’. These emails, which use government branding, contain links which lead to a fake government website which is used to access personal and financial information.
- Fraudsters are also preying on benefit recipients, offering to help apply for Universal Credit, while taking some of the payment as an advance for their “services”.
- One of the most shocking scams that has appeared during the pandemic has involved using the NHS Test and Trace service. Criminals are preying on an anxious public by sending phishing emails and links claiming that the recipient has been in contact with someone diagnosed with Covid-19. These lead to fake websites that are used to steal personal and financial information or infect devices with malware.
- Victims are also being targeted by fake adverts for Covid-related products such as hand sanitizer and face masks which do not exist.
- Criminals are sending fake emails and texts claiming to be from TV Licensing, telling people they are eligible for six months of free TV license because of the coronavirus pandemic. Victims are told there has been a problem with their direct debit and are asked to click on a link that takes them to a fake website used to steal personal and financial information.
- Amid a rise in the use of online TV subscription services during the lockdown, customers have been targeted by criminals sending convincing emails asking them to update their payment details by clicking on a link which is then used to steal credit card information.
- Fraudsters are also exploiting those using online dating websites by creating fake profiles on social media sites used to manipulate victims into handing over their money. Often criminals will use the identities of real people to strike up relationships with their targets.
- Criminals are using social media websites to advertise fake investment opportunities, encouraging victims to “take advantage of the financial downturn”. Bitcoin platforms are using emails and adverts on social media platforms to encourage unsuspecting victims to put money into fake investment companies using fake websites.
During this pandemic “we have seen criminals using sophisticated methods to callously exploit people’s financial concerns, impersonating trusted organizations like the NHS or HMRC, to trick them into giving away their money or information,” said Katy Worobec, Managing Director of Economic Crime at UK Finance.
“The banking and finance industry is tackling fraud on every front, investing millions in advance technology to protect customers and working closely with the government and law enforcement to stop the criminal gangs responsible and neutralize the threat.”
In U.S., top AML agency also warns of rising fraud, cyberattack risks
More criminals, scammers and fraudsters trying to pilfer anything they can in the real and virtual worlds is not limited to the U.K.
The Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit (FIU) and administrator of anti-money laundering (AML) rules, has stated in multiple warnings in recent months that bank counter-crime teams will be tested anew on all fronts.
The agency also stated that haste and urgency should be paramount for financial institutions related to the coronavirus as fraudsters and cyber hacking groups have increased their attacks against banks, corporates and individuals.
In response, FinCEN has expanded its “Rapid Response” group and is more aggressively reviewing tips, suspicious activity reports (SARs) in its AML database and working more closely with domestic and foreign law enforcement agencies to recover pilfered funds – in one case alone recouping $300 million.
When it comes to various cyber-fueled fusillades, such as business email compromise (BEC) attacks – an attack vector soaring in popularity in recent years and even more potent in the chaos of a global pandemic – FinCEN has successfully assisted in the recovery of approximately $900 million with the assistance of 64 countries.
But to recapture funds stolen from a bank, corporate or person, the bureau has an incredibly short window – something that financial institution fraud, AML and investigations teams must be aware.
While FinCEN does not ensure recovery of BEC stolen funds, FinCEN has “achieved greater success in recovering funds when victims or financial institutions report BEC-unauthorized and fraudulently induced wire transfers to law enforcement within 24 hours.”
In latest advisory on pandemic fraud trends, FinCEN puts senior management, tellers on notice
In a just released advisory, FinCEN is also putting more pressure on the overall fincrime compliance defenses at financial institutions.
The advisory is notable for financial crime compliance teams and beyond as FinCEN stated the red flags should be shared in and outside of AML, to the upper echelons of the chief executive and chief compliance officer, to cyber defenders and even frontline staff, including bank tellers and customer service agents.
This advisory is just the latest in series coming from FinCEN attempting to illumine bank fraud and AML teams, regulators and law enforcement to broader pandemic-themed criminal proclivities.
In a series of missives in recent months, FinCEN has highlighted key trends across banks, AML suspicious activity report (SAR) filings and active law enforcement cases evincing possible COVID-19-related medical scams, including:
- fraudulent cures, tests, vaccines, and services;
- non-delivery scams; and
- price gouging and hoarding of medical-related items, such as face masks and hand sanitizer.
Examples of fraudulent medical services include claims related to “purported vaccines or cures for COVID-19, claims related to products that purportedly disinfect homes or buildings, and the distribution of fraudulent or unauthorized at-home COVID-19 tests.”
Some of these scams may be perpetrated by illicit actors “who recently formed unregistered or unlicensed medical supply companies,” according to FinCEN, a critical clue for AML teams and a quick way to winnow out scammers: see how long the business has been around and scrutinize incorporation documents.
To read FinCEN’s “Advisory on Medical Scams Related to the Coronavirus Disease 2019,” click here.
To read FinCEN’s “Notice Related to the Coronavirus Disease 2019,” click here.
How best to uncover a pandemic-fueled fraudster? History will uncover the mystery
Financial indicators of these scams may include:
- History of fraud: U.S. authorities, such as the Federal Trade Commission (FTC), the Food and Drug Administration (FDA), or the DOJ, have identified the company, merchant, or business owners as selling fraudulent products.
- Web of lies: A web-based search or review of advertisements indicates that a merchant is selling at-home COVID-19 tests, vaccines, treatments, or cures.
- Make it personal: The customer engages in transactions to or through personal accounts related to the sale of medical supplies, which could indicate that the selling merchant is an unregistered or unlicensed business or is conducting fraudulent medical-related transactions.
- What’s in a name: The financial institution’s customer has a website with one or more indicia of suspicion, including a name/web address similar to real and well-known companies, a limited internet presence, a location outside of the United States, and/or the ability to purchase pharmaceuticals without a prescription when one is usually required.
- Image control: The product’s branding images found in an online marketplace appear to be slightly different from the legitimate product’s images, which may indicate a counterfeit product.
- The price is right: The merchant is advertising the sale of highly sought-after goods related to the COVID-19 pandemic and response at either deeply discounted or highly inflated prices.
- Card sharks: The merchant is requesting payments that are unusual for the type of transaction or unusual for the industry’s pattern of behavior. For example, instead of a credit card payment, the merchant requires a pre-paid card, the use of a money services business, convertible virtual currency, or that the buyer send funds via an electronic funds transfer to a high-risk jurisdiction.
- Miscreant merchants: Financial institutions might detect patterns of high chargebacks and return rates in their customer’s accounts. These patterns can be indicative of merchant fraud in general.
FinCEN Director Ken Blanco also noted that it’s not just banks that should be more aggressively watching out for the warnings signs of pandemic fraud, and related flow of illicit finances – but more criminals are choosing to monetize their illicit hauls through virtual currency exchanges.
“FinCEN has observed that cybercriminals predominantly launder their proceeds and purchase the tools to conduct their malicious activities via virtual currency,” he said at a recent industry event.
“Your institutions have the opportunity, and obligation, to help identify these illicit criminal networks in your suspicious activity reporting to FinCEN, so that FinCEN can aggregate and analyze this information to identify red flags, permitting industry to spot risks.”
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.