FinCEN Alerts Financial Institutions to Red Flags of Pandemic-Related Cybercrime

FinCEN alerted financial institutions to indicators of COVID-19-related cybercrime. The alert concerns (i) the exploitation of remote platforms, particularly against financial and healthcare systems, (ii) phishing, malware and extortion schemes, and (iii) business email compromise fraud.

In its advisory, FinCEN noted 20 distinct red flags, including:

Targeting and Exploitation of Remote Platforms and Processes. Fraudulent account manipulation may be identifiable through (i) the misspelling of names, (ii) photo identity documentation that is either blurry or does not match other images of the customer, (iii) customer logins from a single IP address across apparently unrelated accounts, and (iv) customer logins within a pattern of high network traffic with decreased login success and higher password reset rates.

Business Email Compromise Schemes. Emails, purportedly from a customer, that contain urgent transaction instructions may indicate fraud attempts if they (i) include different language, timing, and amounts in comparison to prior transaction instructions, (ii) direct payment to a different account, or (iii) change payment methods from checks to ACH transfers.

FinCEN also emphasized the importance of filing suspicious activity reports ("SARs"), and provided SAR filing instructions to improve the ability of FinCEN and law enforcement to "pull actionable SARs and information from the FinCEN Query system" for COVID-19-related cases.