COVID-19 puts scams on the rise at financial institutions
It’s no secret that fraudsters use weakness and vulnerability to their greatest advantage, and they move fast.
From the earliest days of the coronavirus outbreak, scam artists have worked to leverage the societal disruption – quarantines, service limitations, changing work situations – to steal money and information from banks and their customers. While the fraud scenarios are borrowed from the headlines, the tricks are tried and true: phishing, vishing, smishing, fake web sites, bogus wire transfer requests and more.
The most common scams related to COVID-19 prey on fears related to the quarantines or the lack of a cure or vaccine, according to Becki LaPorte, compliance director for the regulatory compliance group at Computer Services Inc., a Paducah, Ky.-based bank processor and software provider.
With the coronavirus putting travel in a negative light, fraudsters have put a fresh spin on the old “grandparent scam” – LaPorte says they call or email a target claiming a relative or friend is stuck in a foreign country and can only get home if they immediately wire funds to a random bank account. She says other COVID-19-related financial cons include sending fake bank alerts telling customers that their account is being suspended due to outbreak-related shutdowns or service changes. The alerts include a web address set up by the thieves where the concerned customer can enter their legitimate bank credentials.
Suresh Ramamurthi, chairman and chief technology officer for CBW Bank, says he is seeing fraudsters work the pandemic angle into calls or emails to customers “claiming that your iCloud account is hacked and asking users to go to a website, which downloads malware to a machine.”
Normal rules are no longer reliable
Pandemic-related financial scams may have a better chance of hitting their mark because of the extraordinary governmental response to try to control the spread of the virus – both banks and their customers are in a place where the “normal” rules are no longer reliable.
“While the pandemic created by the novel COVID-19 develops and sends Americans down an unprecedented path, fraudsters are jumping at the chance to capitalize on that uncertainty,” Joe Rowe, director of investigations and recovery for BBVA USA, wrote in a recent blog post.
Business closures and service delays have had a powerful ripple effect on financial behavior. As of early this month, well before states started issuing “stay at home” orders, three out of 10 U.S. consumers were already reporting going into physical stores less, and 19 percent reported shopping far more online and via mobile devices due to coronavirus concerns, according to a survey by PYMNTS.com.
“Bankers are still adjusting to the new norm and paying very close attention to what’s happening among conventional fraud types [such as] card fraud, check fraud and payment fraud,” says Trace Fooshee, senior analyst for fraud and authentication at Aite Group. Fooshee expects banks and their customers will have a higher risk of fraud aimed at exploiting corporate and consumer modes of operating.
Even before the novel coronavirus, wire transfer fraud was already a large and growing problem. Now, with a large segment of the workforce suddenly working from home, Fooshee believes the ensuing “disruptions in how companies process payment requests [will result in] scams like business email compromise, vendor email compromise and payroll fraud schemes intensifying.”
Playing on people’s sympathies, fraudsters are also using this pandemic as the basis to solicit donations for fake COVID-19 charities. They not only collect money outright, but also may gather checking account, payment card and other sensitive financial information for misuse later on, says Jonathan Deveaux, head of enterprise data protection at comforte AG, a German company with U.S. headquarters in Denver.
Rather than being just a temporary blip on the radar screen of security, industry experts warn that financial institutions and their customers should strap in for a new normal brought about by this pandemic and ensuing change.
“We’re entering a prolonged period of heightened vulnerability to fraud and other financial crime due to criminal activity exploiting COVID-19 fears and the strain on bank workforces,” says Neil Katkov, head of risk and compliance at researcher Celent LLC. “So, it’s a good time for banks to review their anti-fraud and cybersecurity infrastructure, technology and processes.”
Preparing for a post-pandemic world
Just as the 9/11 attacks immutably changed security, financial industry experts believe that the effects of COVID-19 will ripple through financial fraud long after quarantines are lifted and vaccines are administered. Hence, banks will need to consider how to not only prepare their employees and customers to deal with the onslaught of scams that will emerge in the coming weeks, but those that will likely emerge when another crisis arises.
Banks should hone their fraud systems to better pinpoint and capture COVID-19-related fraud, which will disproportionately target segments such as the elderly, who are more in danger with COVID-19 and therefore at heightened risk for account takeover or disrupted banking routines, Katkov says. In addition, he adds that banks should “calibrate cybersecurity analytics and response playbooks accordingly.”
Since banks are hard-pressed to keep up with financial fraud schemes, especially those that play to current or high-profile issues, Fooshee underscores the importance of educating the customer and even “deputizing” them to be part of threat mitigation.
“It’s more important than ever to reach out to customers and employees alike, to warn them of these threats and to equip them with the security practices they need to defend themselves,” Fooshee adds. Also critical is building out the security team’s ability to hunt down and disrupt so-called “mules,” whom fraudsters use to move and launder their financial gains.
“Many larger banks have formal mule-hunting programs and some have invested in consortium-based information sharing initiatives,” Fooshee says. “If there is not already an effort afoot to interdict mule activity by way of link analysis or behavioral analysis, then now would be a good time to stand such an initiative up.”
Register for BAI Deep Dive: Fraud Prevention & Cybersecurity, and get a week’s worth of content on this topic.
Karen Epper Hoffman has been writing about the financial industry for nearly three decades. Her work has appeared in a variety of mainstream business and trade publications in the United States and Europe. She resides in Olympia, Washington.