Red Flags for COVID-19 Related Fraud – What You Need to Know

Terri Luttrell, CAMS-Audit
September 18, 2020
Read Time: min

As the COVID-19 pandemic continues to wreak havoc around the globe, related fraud continues to escalate at a staggering rate. Bad actors are poised and ready to use disasters, such as a pandemic, to steal money and/or personal information.  Fraudsters strive to be one step ahead of detection and are eager to take advantage of the new vulnerabilities facing people already filled with anxiety and fear.  

FinCEN advisories warn against COVID-19-related scams.

The coronavirus pandemic has created many vulnerable targets, including the elderly and unemployed. In answer to these growing concerns, the Financial Crimes Enforcement Network (FinCEN) recently issued three COVID-19 related advisories that call upon financial institutions to remain alert to COVID-19-related fraud by understanding the current scams and red flag indicators that may indicate this illicit activity.  The advisories were issued May 18, July 7, and July 30, 2020, showing the fluidity of the scams in this unprecedented time.

The latest advisories concerning COVID-19 related fraud highlight the increase that government agencies are seeing in fraud typologies.  Similar tactics as previously, but with greater volume and targeting COVID-19 related themes.  An enhanced fraud risk assessment may be warranted to understand the true risk to your financial institution and your customers.  Once you know more about your detection capabilities and any potential gaps, you can develop risk-focused procedures around this heightened illicit activity.  Fraud often can lead to hard dollar losses, and suspicious activity monitoring may need to be enhanced if your risk assessment indicates.  

The list of red flags in these advisories can be overwhelming due to the sheer volume of typologies that are addressed.  However, they should be thoroughly understood to detect COVID-19 related fraud. The increase is reported fraud is alarming and financial institutions should be prepared to take a proactive approach to protecting their customers and reporting COVID-19 related fraud.

An analysis of each of the combined advisory red flags will assist an institution in building a solid framework around COVID-19 related fraud detection. By grouping the red flags into fewer typologies, procedures can be written around the red flags for detecting each pandemic related fraud trend:

Imposter scams are increasing due to the pandemic.

Imposter Scams involve criminals acting as government officials, non-profit groups, universities, or charities and offering fraudulent or non-delivery of products or services to defraud victims by solicitation of payments, donations, or personal information. Fraudulent cures, tests, vaccines, and services have all been reported in addition to price gouging and hoarding of medical-related items, such as face masks and hand sanitizer.  Many of the noted red flag indicators center around customer due diligence processes such as review of business documentation, website review, negative news searches, and high-risk jurisdiction activity. If any of the following red flags are detected, further due diligence should be conducted to determine if fraudulent activity is occurring.

Red flags include:

  • Medical supply related transactions through a personal account
  • Merchant requires pre-paid cards, virtual currency, or other hard to trace mean of payment
  • High chargeback and/or return volume in the customer’s account
  • Newly opened account received a large wire transaction that was not disclosed at account onboarding
  • New accounts opened after January 2020 for the purpose of selling medical supplies or highly sought-after goods (toilet paper, masks, disinfectant, etc.)
  • Customer begins to use an established account differently after January 2020 without an explainable purpose
  • Customer’s account is receiving or sending electronic fund transfers (EFT) to/from a new business with no known physical or internet presence
  • Customer’s account is used for COVID-19 related goods with a company that is not a medical supply distributor
  • Customer makes unusually large deposits that are inconsistent with the customer’s profile or account history
  • Communication from a person, either by phone, email, text, or social media, claiming to represent a government agency and asking for personal information, particularly regarding a “stimulus check” or “stimulus payment”
  • Receipt of a check or prepaid debit card from the U.S. Treasury less than the amount expected, with instructions to contact the fraudulent agency to receive the full benefit
  • Phishing communications instructing readers to open links or files to provide personal information
  • Email addresses related to COVID-19 that contain misspellings or use the domain name of “.com” or “.biz” for an alleged government agency
  • Specific email subject lines that have been identified as phishing campaigns, such as:
    • 2020 Coronavirus Updates
    • Coronavirus Updates
    • 2019-nCOV: New confirmed cases in your City
    • 2019-nCov: Coronavirus outbreak in your city (Emergency)
  • Solicitations in person, by email or social media seeking donations on behalf of a reputable charity but, is fraudulent
  • A charitable organization soliciting donations that does not have an in-depth history or cannot be verified

Money mule schemes involve recruiting others to launder illicit funds.

Money mule schemes consist of bad actors recruiting individuals to transfer illegally acquired money on behalf of the fraudsters, typically using multiple accounts (i.e. solicitation to work from home for an unrealistic salary). Reg flags for money mule schemes may include financial transactions as well as customer/member interaction:

  • Customer/member account starts to receive transactions out of the norm, including:
    • Overseas transactions
    • Purchase of large sums of virtual currency
    • Sudden increase in account balances
    • Mention COVID-19 or work from home and reason for increased activity
  • Customer opens a new business account with balance transferred out soon after opening
  • Customer opens several accounts at different financial institutions with high-velocity movement of funds
  • Customer receives multiple state unemployment payments
  • Customer receives an unemployment deposit from a different state in which he/she previously worked
  • Customer receives unemployment payments for numerous employees and the “remit to” name does not match
  • Deposited funds quickly wired out to foreign locations with poor anti-money laundering controls
  • Customer makes unusual overseas transactions indicating it is for a person overseas needing financial assistance due to the COVID-19 pandemic
  • Customer has documentation from an employer or recruiter using a free email service rather than a company-specific email
  • Customer has been asked by an employer to deposit funds into their personal account and then transfer funds via wire, ACH, mail, or money services businesses
  • Customer has been asked by an individual for financial assistance to send funds to their personal account. The individual may claim to be one of the following:
    • S. Service member stationed abroad
    • S. citizen working or traveling abroad
    • S. citizen quarantined abroad

If any of these red flags lead to uncertainly of the legitimacy of the activity, it may be COVID-19 related fraud and a suspicious activity report (SAR) may be warranted. When filing a COVID-19 related SAR, FinCEN requests that SAR field 34(z) (Fraud Other) be selected and the key term “COVID19 MM FIN-2020-A003” in SAR field 2 (Filing Instruction Note to FinCEN) and in the narrative.

Tap into technology to help prevent and detect financial crime.
Learn more

Cybercrime has seen a major spike during the pandemic due to more people being online.

Cybercrime, criminal activity by use of computers, has increased significantly during the pandemic.  Reports to FinCEN and the Federal Bureau of Investigation (FBI) show these primary areas of COVID-19 related cyber fraud:

  • Malware: software designed to disrupt, damage, or gain unauthorized access to a computer
  • Phishing schemes: the practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal or financial information
  • Extortion: demanding something, such as money, by force or threats
  • Business email compromise (BEC): a scam that targets those who perform funds transfers. 
  • Exploitation of remote applications: the transition to “work from home” remote access and virtual applications during the pandemic has presented new opportunities for bad actors to target businesses and individuals.

Red Flags for cybercrime include:

  • The spelling of names in account information does not match the government-issued identity documentation.
  • Pictures in identity documentation are fuzzy or blurry.
  • Images of identity documentation have visual irregularities that suggest digital manipulation, particularly in the name, address, and other identifier fields.
  • A customer’s physical description on identity documentation does not match other images of the customer.
  • A customer refuses to provide supplemental identity documentation or delays producing requested documentation.
  • Customer logins occur from a single device or Internet Protocol (IP) address across multiple seemingly unrelated accounts.
  • The IP address associated with logins does not match the stated address in identity documentation.
  • Customer logins occur during high network traffic times to avoid detection.
  • A customer notifies the financial institution to change account communication and authentication methods and then promptly attempts to move funds to an account that had not previously received payments from the customer.

If filing a suspicious activity report (SAR) related to these COVID-19 fraud types, FinCEN requests that you include the key term “COVID19-CYBER FIN-2020-A005” in SAR field 2 (Filing Instruction Note to FinCEN) and in the narrative.  In addition, be sure to check all relevant activity type boxes and include additional keywords in field 34(z) to describe the type of fraud, such as “COVID 19 BEC Fraud,” “EAC fraud,” or BEC data theft”.  Protecting legitimate pandemic relief efforts and prevention of fraud are two important fights we can win during this unprecedented time.

Adjusting your scenario thresholds and being alert of red flags may help you better detect these crime trends.

Remaining aware of COVID-19 related red flags indicators will enhance your transaction monitoring program and assist you in detecting fraud perpetrated upon victims struggling during this difficult time of pandemic.  You may consider lower parameter limits on certain scenarios, such as spikes in deposits, or create monthly ad hoc reports. Adding the advisories and red flags to written fraud monitoring procedures will enhance your program and demonstrate that your financial institution is on top of current trends. Regulators will want to know how you are addressing and mitigating COVID-19 related fraud, so be prepared for that question. 

FinCEN intends to send further advisories concerning COVID-19 related crime based on future data and analysis which will assist in keeping your financial institution up to date. In addition to the current advisories, FinCEN issued a notice reminding financial institutions of their BSA reporting requirements, expecting financial institutions to continue following a risk-based approach and to diligently adhere to their BSA obligations. 

As with many fraud trends, it is important to train front line staff in the red flags of COVID-19 fraud, as they have the most opportunity to interact with customers/members. Casual conversations not only build relationships, they can lead to discovery of a possible scam. Anyone can be a victim of fraud and COVID-19 is creating a greater number of vulnerable targets. Financial institutions are in a unique position to educate customers/members and detect fraud before the victim suffers financial loss and embarrassment.

About the Author

Terri Luttrell, CAMS-Audit

Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. She has successfully worked with institutions in developing BSA/OFAC programs, optimizing various automated solutions, and streamlining processes while ensuring all regulatory requirements are met. As the Compliance and Engagement Director at Abrigo, Terri provides insights that contribute and support long-term banking strategies based on analysis of market and industry trends, competitor developments, and financial and regulatory technology changes. She is an audit-certified anti-money laundering specialist and a board member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Terri earned her bachelor’s degree in business administration, specializing in business and finance, from the University of North Texas.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!