An overview of regulatory advice regarding Coronavirus Scams and cybercrime
With millions of confirmed cases of Coronavirus and casualties in the hundreds of thousands, the pandemic is the biggest challenge for the world since World War Two. These were the words by the UN Secretary General António Guterres and the World Bank has warned that “Significant economic pain seems unavoidable in all countries”, which many already feel.
It is a crisis of epic proportions with an uncertain duration and unfortunately perceived as an opportunity by many criminals. Only recently, we told you about several Coronavirus scams that have popped up as a result of the current Covid-19 pandemic and gave give you an overview of some of the schemes so you can protect yourself and your business.
Don’t fall for these Coronavirus Scams!https://t.co/G5DUrquelh #coronavirus #Fraud #coronavirusscams #CoronavirusFrauds #cybercrime pic.twitter.com/0pWO2QqxRG
— PlanetCompliance (@PlanetComplianc) April 16, 2020
We have received a lot of positive feedback and notifications about similar scams in different forms on Twitter and LinkedIn. One comment that particular stuck was that since the publication of the article regulators and government agencies around the world had published so many alerts that it was hard not to lose the thread and what to look out for. He continued by asking if there wasn’t an overview and to be honest, we haven’t seen one yet and it is indeed difficult to cover everything. Also, there is probably little value in tracking all notifications and it makes more sense to focus on those that refer to specific threats, which in itself is already challenging enough. The chair of the Financial Stability Board the other day stated that “since mid-March, FSB members have reported an unprecedented number of about 850 discrete actions to address the financial and economic fallout related to COVID-19“. Just to give you an idea.
Still, we thought we give it a try and produce more examples of publications from regulators that you might find interesting and helpful to protect yourself from cybercrime and Coronavirus scams.
FSB: 850 measures and counting
Since we already mentioned the FSB, only yesterday, it produced a report on international cooperation to address the financial stability implications of COVID-19. The document highlights that global financial system faces the dual challenge to sustain the flow of credit amidst declining growth and manage heightened risks, but sees the global financial system as more resilient and better placed to sustain financing to the real economy as a result of the G20 regulatory reforms in the aftermath of the 2008 global financial crisis. At the core of the report are the five principles that underpin the official community’s rapid and coordinated response to support the real economy, maintain financial stability and minimise the risk of market fragmentation.
WHO: Protect ourself against hackers and cyber scammers
The World Health Organization really deserves a break: while fighting the pandemic on one end, it needs to worry about its actual funding. Still, it was among the first to warn against cybercrime in relation to the COVID-19 crisis.
In a communication, the WHO stressed that it will:
– Never ask for your username or password to access safety information
– Never email attachments you didn’t ask for
– Never ask you to visit a link outside of www.who.int
– Never charge money to apply for a job, register for a conference, or reserve a hotel
– Never conduct lotteries or offer prizes, grants, certificates or funding through email.
It’s particular tricky since the WHO has called for donations to its COVID-19 Solidarity Response Fund (you can find the link in the communication and on the WHO website), which makes it any target for fraudsters who put up similar appeals that look like they are from the WHO but in reality are a scam.
European Commission: Fighting Misinformation
The European Commission’s focus is firmly on the fight of misinformation and disinformation, which according to the organisation’s website is thriving in particular in the health space. Thus, the advice is to rely only on authoritative sources to get updated information on the COVID-19 outbreak. In respect of fraudulent behaviour, the Commission together with national consumer authorities is on high alert and call on platforms to stop scams and unfair practices, for example, by writing to a number of platforms, social media, search engines and market places to require their cooperation in taking down scams from their platforms, following the common position endorsed by the CPC network. It has also produced advice to consumers and traders and put additional resources together on scams related to COVID-19.
FTC: The growing list
Back over to the other side of the pond and if you were wondering what, for example, the US FTC is doing, well, it monitors suspicious activities and, for instance, together with the FDA has issued warning letters to seven sellers of unapproved and misbranded products, claiming they can treat or prevent the Coronavirus. But it’s more the ever growing list of scams, enforcement actions and blog posts that is useful if you look for ways to protect yourself and your organisation. Remote learning, messages about flattening the curve, quarantine guidance or robocalls – there seem to be no limits to the imagination and willingness of criminals to exploit this crisis.
SEC: Quick reference
The U.S. Secruties and Exechange Commission has put together a quick reference guide to actions taken by the SEC for various market participants.
In the SEC’s Response to Coronavirus (COVID-19) it provides an ever more detailed summary of the agency’s efforts that focuses on:
– maintaining the continuity of Commission operations;
– monitoring market functions and system risks;
– providing prompt, targeted regulatory relief and guidance to issuers, investment advisers and other registrants impacted by COVID-19 to facilitate continuing operations, including in connection with the execution of their business continuity plans (BCPs); and
– maintaining our enforcement and investor protection efforts, particularly with regard to the protection of our critical market systems and our most vulnerable investors.
FinCEN: Kinds of Scams
The Financial Crimes Enforcement Network of the U.S. Treasury on the other hand has issued only two communications. The first, issued on March 16, simply advised financial institutions to communicate concerns related to the Coronavirus disease and to remain alert to related illicit financial activity, which provided a brief overview of the most notorious trends namely:
1) Imposter Scams – Bad actors attempt to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention), international organizations (e.g., World Health Organization (WHO)[2]), or healthcare organizations.
2) Investment Scams – The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus.
3) Product Scams – The U.S. Federal Trade Commission (FTC) and U.S. Food and Drug Administration (FDA) have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to COVID-19. Additionally, FinCEN has received reports regarding fraudulent marketing of COVID-19-related supplies, such as certain facemasks.
4) Insider Trading – FinCEN has received reports regarding suspected COVID-19-related insider trading.
On April 3, it then provided further guidance for to assist financial institutions in complying with their Bank Secrecy Act (BSA) obligations during the COVID-19 pandemic, and announces a direct contact mechanism for urgent COVID-19-related issues.
We are aware of scammers claiming to be from HMRC offering financial support as a result of #coronavirus
If you receive an email, text or call claiming to be from us that asks you to click on a link or give information such as your name, credit card or bank details, it’s a scam. pic.twitter.com/bV3dBvWIsb
— HM Revenue & Customs (@HMRCgovuk) April 16, 2020
HM Revenue & Customs: Careful about those support messages
Her Majesty’s Revenue & Customs tweeted a warning yesterday that quickly amassed thousands of views about scammers impersonating the UK’s tax authorities offering financial support in response to the Coronavirus pandemic and its consequences. The message warned that if you receive an email, text or call claiming to be from the HRMC that asks you to click on a link or give information such as your name, credit card or bank details, it’s a scam, a typical case of phishing. If you are looking for guidance and communications from the real HMRC in relation to the crisis, you can find them here.
BKA: Coronavirus Card? Watch out!
The German Bundeskriminalamt (BKA – the federal criminal police) has warned against FakeNews and scams in relation to the Coronavirus pandemic and ramped up its Cybercrime resources in response to the emergency. Similar to the HMRC warning, it tweeted that “fake emails, apparently on behalf of health authorities, the WHO and other authorities, institutions and companies,” are being sent with “potentially harmful attachments sent in .docx or .exe formats”. It also updates a list of schemes to defraud people, which contains a warning against the Coronavirus Card. Apparently, it pretends to show live updates of confirmed Coronavirus cases, but once you click on the link it loads malware in the background to read passwords and accesses data on the computer.
Vorsicht vor Phishing-Mails: Kriminelle tarnen sich aktuell als offizielle Stellen und nutzen die #CoronaPandemie, um an sensible Daten zu kommen.
❗️Öffnen Sie keine Dateien, Anhänge oder Links von unbekannten Adressaten❗️https://t.co/tLPmq2DT3s pic.twitter.com/BmPLdnVCWD— Bundeskriminalamt (@bka) March 23, 2020
Central Bank of Nigeria: Fraud hotspot?
Nigeria its firmly among the countries the EU defines as having weak anti-money laundering and terrorist financing regimes and the FATF, too, has had some concerns about it for some time. Nigerian nationals also seem to pop up quite frequently if you look up fraudulent schemes on- and offline. However, the Central Bank of Nigeria was swift to put out a warning against that „cyber-criminals are taking advantage of the current “COVID-19” pandemic to defraud citizens, steal sensitive information, or gain unauthorized access to computers or mobile devices using various techniques.“ The statement also highlighted that this trend is not peculiar to Nigeria as there has been a rise in COVID-19-related cybercriminal activities all over the world and gives examples of phishing attacks and relief packages schemes as well as an example of impersonation to warn the public.
FATF: A call for RegTech adoption
Talking about the Financial Action Task Force (FATF), the president of the money laundering watchdog published a statement on April 1st COVID-19 and measures to combat illicit financing. It warned that “Criminals are taking advantage of the COVID-19 pandemic to carry out financial fraud and exploitation scams, including advertising and trafficking in counterfeit medicines, offering fraudulent investment opportunities, and engaging in phishing schemes that prey on virus-related fears. Malicious or fraudulent cybercrimes, fundraising for fake charities, and various medical scams targeting innocent victims are likely to increase, with criminals attempting to profit from the pandemic by exploiting people in urgent need of care and the goodwill of the general public and spreading misinformation about COVID-19.” The head of the FATF also took advantage of the communication to promote the adoption FinTech solutions in general and RegTech in particular with regard to digital onboarding to mitigate money laundering and terrorist financing risks. Hence, despite all, this crisis could also prove to be an opportunity for RegTech solutions.
The Bottom Line
This is, of course, only a selection of the numerous communications, statements and guidance provided by authorities around the globe. Coronavirus scams and cybercrime does not know borders, just as the pandemic has spread across frontiers. Hopefully, this is of use, but please let us know if you think we should add anything.