The Cybersecurity and Infrastructure Security Agency (CISA), the United States’ infrastructure risk advisor, warns individuals to remain vigilant for scams related to COVID-19. Perpetrators commonly use emails with malicious links or attachments, or fraudulent websites to obtain financial and/or personal information by claiming to represent a COVID-19 related charity or causes. CISA’s advice supports the FinCEN advisory:
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on charity scams for more information.
The latest advisories concerning COVID-19-related fraud highlight the increase that government agencies are seeing in fraud typologies. Fraudsters are using similar tactics as previously, but with greater volume and targeting pandemic-related themes. An enhanced fraud risk assessment may be warranted to understand the true risk to your financial institution and your customers. Once you know more about your detection capabilities and any potential gaps, you can develop risk-focused procedures around this heightened illicit activity. Fraud often can lead to hard dollar losses, and suspicious activity monitoring may need to be enhanced if your risk assessment indicates. Many financial institutions are moving to automated fraud solutions to increase detection capabilities with this growing threat. If you are interested in automating your fraud solutions or integrating single- and multi-channel fraud detection into your AML software, we can help.
Financial institutions are in a unique position to educate customers/members and detect fraud before the victim suffers financial loss and embarrassment. If filing a suspicious activity report (SAR) related to these COVID-19 fraud types, FinCEN requests that you include the key term “COVID19-CYBER FIN-2020-A005” in SAR field 2 (Filing Instruction Note to FinCEN) and in the narrative. In addition, be sure to check all relevant activity type boxes and include additional keywords in field 34(z) to describe the type of fraud, such as “COVID 19 BEC Fraud,” “EAC fraud,” or BEC data theft.” Protecting legitimate pandemic relief efforts and prevention of fraud are two important fights we can win during this unprecedented time.