On July 30, 2020, FinCEN released its third in a series of advisories related to the COVID-19 pandemic on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic (Advisory). As provided in our Collection of FinCEN Guidance in Response to the COVID-19 Pandemic (Collection), FinCEN expects to release multiple advisories highlighting common typologies used in fraud, theft, and money laundering activities related to the pandemic. A summary of the Advisory is provided below and will be added to the Collection for ease of reference. Please contact the authors with any questions you might have.
July 30, 2020 – Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic
The Advisory highlights the ways in which FinCEN is seeing the COVID-19 pandemic being exploited in cyber-related crime through the targeting and exploitation of remote platforms and processes, phishing, malware, and extortion and business email compromise (BEC) schemes, particularly against financial and healthcare systems. The Advisory warns financial institutions to be alert to suspicious activity involving their customers because scammers are directly targeting customers. The Advisory also provides SAR filing instructions related to the reporting of COVID-19-related cyber and cyber-enabled crime.
Targeting and Exploiting Remote Platforms and Processes:
- Alerts that this has increased with the increase in remote access as criminals exploit vulnerabilities to steal sensitive information, compromise financial activity, and disrupt business operations.
- Warns that remote identity processes, including customer onboarding and identity verification and authentication of existing customers for account access purposes, is also at risk through digital manipulation of identity documentation and the leveraging of compromised credentials across accounts.
- Lists nine "red flag" indicators that may suggest an imposter scam is taking place.
Phishing, Malware and Extortion:
- Advises that there has been a significant increase in phishing scams, particularly targeting healthcare and pharmaceutical providers, offering COVID-19 information and supplies. While these mostly come by email, phone calls and texts are also being used.
- Warns the schemes often reference COVID-19 themes or advertise ways to make money, such as investments in convertible virtual currencies (CVCs) or via domain names that mimic legitimate organizations, including those that provide or enable teleworking capabilities.
- Further warns that malware, including ransomware, is being distributed through phishing emails, malicious websites and downloads, domain name system hijacking or spoofing attacks, and fraudulent mobile apps.
- Advises that financial institutions dealing in CVCs should be particularly alert to the potential use of their institution to launder cybercrime proceeds and to take steps to mitigate those risks consistent with Bank Secrecy Act obligations.
- Provides that, in most cases, criminals are requiring ransomware-related extortion payments to be in CVC.
- Lists seven "red flag" indicators that could suggest phishing, malware, or extortion schemes.
Business Email Compromise Schemes:
- Advises cybercriminals are increasingly using BEC schemes to exploit the pandemic.
- Warns that through spoofed or compromised email accounts, criminals are convincing companies to redirect payments to new accounts, claiming changes are necessitated by pandemic-related changes to business operations. Criminals do this by impersonating a critical player in a business relationship or transaction, such as a healthcare supply provider, to intercept or fraudulently induce payment for critically needed supplies.
- Lists four "red flag" indicators that could indicate a BEC scheme.