Companies and individuals are entering new territory, trying to mange their lives and businesses while practising social distancing and living a ‘remote’ existence. But while the majority are pulling together to battle the spread of the virus, for a small minority of ruthless criminals, pandemic is a perfect opportunity for profit.
Fraudsters love a crisis
For some, anything that causes some particular effects is opportunity to spread disinformation and to steal data, identity and ultimately money. Those effects are:
- disruption to those who aim to protect the public
- anxiety and confusion in victims
- changes to processes and procedures
Coronavirus COVID-19 is causing all three.
We are already seeing fraudsters exploiting the crisis for their own means. For the most part, their techniques are not new, but simply a re-hash of the existing ‘account take over fraud’ using phishing or smishing with a Coronavirus twist, or social engineering tactics, using World Health Organisation (WHO), UK National Health Service (NHS), US Centre for Disease Control (CDC) or other official Government communications as the vehicles to bypass suspicion. We are seeing fake vaccines, fake Coronavirus testing kits and other products linked to the crisis being sold on websites and online market places.
Coupled with the fact that banks are having to adapt fast to alternative ways of working and law enforcement resources are being deployed to support the sick and the vulnerable makes pandemic potentially a perfect storm for the criminals.
What should we watch for?
As experts in financial crime, compliance, cyber-security and fraud, these are our top six alerts:
- Phishing and Smishing
Fraudsters are using the Coronavirus COVID-19 outbreak as a reason to send fake e-mails and text messages, asking people to click on links to capture your details.
- Some claim to be from official government agencies such as health services.
- Others purport to be from banks and other businesses, with links asking you to log into your account.
- Some of these messages are copies of genuine communication, but with additional sections added.
As a technique this is not new. But while we are all trained to be suspicious of messages from banks, and taught not to click on links or enter our credentials on request, current levels of anxiety, coupled with a flood of genuine communications dispatched at this time, mean that more mal-intended messages are getting through successfully.
2. Vishing & DoorToDoor
Fraudsters are also cold calling people at home, with similar messages asking customers to reveal information or transfer funds. In some cases, this has led to door to door contact as fraudsters call on the elderly, often pretending to be concerned citizens, charities or someone official ‘here to help’, while actually distracting and stealing.
3. Social engineering
Fraudsters are using this crisis as a means of establishing communication channels with victims in order to convince them to move their money.
This is particularly successful when targeting investment funds: when stock markets fall, an opportunity opens for criminals to target investors and persuade them to withdraw their money and ‘save’ it with the fraudster instead.
4. Fake goods
There has been a rise in fake goods being sold online and on marketplace, in particular fake vaccines, and testing kits but also regular goods in short supply due to a combination of panic buying and supply chain disruption, from baby formula, diapers, and medicines to respirators and masks – and even toilet paper. While the FBI have already closed some sites selling fake vaccines but in an online world, more simply surface to replace them.
5. Fake charities
Authorities worldwide have also been busy trying to identify and close a number of fake crowd funding, donation collection and charities exploiting people for profit.
6. ‘From the CEO’ fraud
Criminals are exploiting the disruption to standard operating protocols to target businesses with their CEO fraud. Often using COVID19 or URGENT in the message header employees who are usually sceptical of phishing e-mails are duped into opening the messages and often engage with a fraudster they think is their CEO.
The combination of increased anxiety around jobs, companies’ capacity to cope in the current crisis and cash flow emergency measures, lack of face to face communication and the added natural barrier of remote working means we are seeing an increase in success rate of CEO fraud.
Who’s at risk?
Although official figures have not yet been released, there has been a steep rise in reported fraud among banks. And it is also likely that, while we know the fraud is happening, continuing disruption to communication channels and victims’ levels of distraction as they cope with the crisis itself, mean that the true extent is not yet known.
Will it get better soon?
Probably not. In fact, it may get worse first. As things settle into more of a routine and lock-down continues, it’s likely fraudsters will become bolder.
What are the key challenges?
The key challenge in any crisis is balancing the need to communicate legitimately with maintaining best practice discipline.
- Banks are having to adapt to front line staff working from home or splitting their resources so that 50% of their agents are in one week and the other 50% the next week . This challenge will be exacerbated as we move from prevention to managing more sickness and active cases.
- Getting the fraud vigilance message out there is more challenging when everyone is, rightly, more focused on the health and well-being of themselves and their family.
- Meanwhile law enforcement agencies are rightly prioritising helping the sick and vulnerable, as well as supporting front line staff rather than chasing fraudsters and cyber criminals.
- While remote working is a new concept to many (and certainly this scale of remote working is unprecedented globally), it is ‘business as usual’ for fraudsters and cyber criminals who typically work remotely, communicating digitally as a network of human botnets within a criminal hierarchy.
The other challenge is a reversal of fortunes.
Over recent years, we have seen a move from individual, opportunistic criminals to serious and organised crime gangs dominating the fraud landscape. This crisis could reverse that trend.
- Serious and organised criminals will continue to exist – and in fact we are seeing increased collaboration between some of the main gangs.
- In addition, desperate individuals who have lost their jobs and who are financially impacted by the crisis could be tempted to try their hand at ‘easy money’.
- Job losses could also potentially provide a new pool of recruits willing to act as mules or worker-bots for organised gangs.
What can be done?
A great deal. We are advising our clients that all financial firms should look at the following measures:
- increasing their reliance on automation and self service fraud checks;
- increasing their transaction monitoring thresholds to stop more fraud and accept a decline in customer service;
- providing online training for all employees to better understand the risks of remote working and crisis management, to ensure all employees are alert to unusual requests in order to limit CEO fraud;
- ensuring all remote working employees are properly up to date with vpn, anti virus and other network and cyber protections that are intrinsic to office working but maybe less stringently adhered to at home;
- communication campaigns, to help customers identify unusual requests and check their bank accounts regularly for suspicious transactions; and
- warning people of fake websites and goods sold online, as well as an increasing their focus on merchant counter fraud processes and payment service providers.
Even beyond these measures, all businesses should review their current business processes and cyber and fraud countermeasures against the backdrop of the new world, where new ways of working, new business tools, workforce changes may mean there is eventually a return to a very different new normal. For example,
- If you are a business who typically manages risk through call backs, Is that still a reasonable position if you are operating at a 50% capacity?
- If your cyber defences are tailored to office working, is that still valid in a remote working environment where you have no control over you employee’s internet connection?
What does the future hold?
It is likely that the Coronavirus COVID-19 crisis will run for some time, changing many aspects of the way we all live and work.
As experts in fraud prevention, financial crime and compliance, we believe:
- Many of the tools and techniques we are now using through necessity will endure for the long term, be perfected and become our new normal way of working.
- Many of the techniques fraudsters use now and invent during this crisis will also be perfected and will similarly endure long term.
- And there will be a major push towards artificial intelligence and machine learning, robotics and automation – and less reliance on people.