The COVID-19 pandemic has led to changes in “normal” consumer behaviour and business operations. Unscrupulous individuals are exploiting consumers’ fears, the uncertainties and misinformation surrounding this pandemic, to scam individuals and businesses alike. It is offering new pathways for fraudsters to access potential victims online. The media is full of stories of scams and as governments offer businesses help to mitigate the economic impacts of lockdowns and social distancing, fraudsters are attempting to pass themselves off as government entities offering loans or financial breaks.
Cyber-fraud like this has increased significantly and new threats are amplified by the massive increase in home-working, particularly for businesses who did not previously offer this flexibility. One of the key attack trajectories is in business email compromise (BEC) – and it’s also a quick way to lose a lot of money.
According to the 2019 Internet Crime Report from the US Federal Bureau of Investigation, the FBI received nearly 24,000 complaints about BEC resulting in more than US$1.7 billion in losses1. In April, the FBI warned it was anticipating a rise in BEC schemes related to the COVID-19 pandemic, citing two separate examples in which fraudsters had said that bank accounts had to be changed due to new coronavirus processes2.
BEC fraud schemes target commercial, government and not-for-profit organizations. Using social engineering or computer inclusion techniques, they come in a number of guises, and their aims are to persuade the receiver to release funds or sensitive data. Among them:
In most cases, these emails request funds. Alternatively, the emails may appear to come from a supplier and ask that future payments be sent to a new bank account – but the details are for the cyber criminals’ account. This is known as payment redirection fraud.
COVID-related phishing scams are also rampant. Cyber-criminals are taking advantage of business concerns in the current economic environment and the widely-publicised government aid packages, to attempt to trick companies into handing over money or data. The Canadian Anti-Fraud Centre released a bulletin in March warning of reported COVID-19 scams such as fraudsters posing as financial firms offering loans, debt consolidation or other assistance, or financial advisors offering aid in the shutdown3.
On an individual level, the thirst for new information is leading people to click on unsafe links in emails and text messages. The emails can appear to be from the government, trusted news sites, power companies or even world bodies, like the World Health Organization. The links download malicious software onto the user’s device and if these devices are being used for work, they can offer a back door onto the business network.
The pandemic has also seen a revival in an older type of phishing, where scammers contact businesses offering to invest. Again, these emails prey on genuine concerns about surviving the economic downturn and hope that these concerns will outweigh due diligence. When it comes time to pay, the fraudsters say that there are wire fees or other payments due to clear the funds, but the funds never come.
Even in the most sophisticated scam, there are red flags to watch for:
To keep your business safe in this rising tide of cyber-crime, adopt stringent policies around payments:
Whatever the scam cyber attackers try, from phishing to financial fraud, they target basic emotions. Today’s difficult circumstances offer a hotbed of fears, from health concerns to financial worries, for fraudsters to attempt to manipulate. The best defence for businesses lies in training and educating staff, so that a culture of vigilance and verification becomes second nature.
For further help, please see the following resources:
Our cybercrime hub - https://www.business.hsbc.ca/en-ca/cybercrime
Our webinar, Responding to COVID-19: Implications on fraud for corporates - https://www.brighttalk.com/webcast/17590/400728
Fraud Awareness for Commercial Targets, Competition Bureau, Government of Canada - https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/02600.html
The Canadian Anti-Fraud Centre - https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm
FBI Internet Crime Complaint Center (IC3) - https://www.ic3.gov/default.aspx
Canadian Bankers Association (CBA) - https://cba.ca/
The Canadian Anti-Fraud Centre (CAFC) - https://www.antifraudcentre-centreantifraude.ca/index-eng.htm
© Copyright HSBC Bank Canada 2020. All rights reserved. No part of this document may be reproduced, stored, distributed or transmitted in any form without the prior written permission of HSBC Bank Canada.
The information presented is not meant to be comprehensive and does not constitute financial, legal, tax or other professional advice. You should not act upon the information contained in this document without first obtaining specific professional advice. While reasonable care has been taken in preparing this document, HSBC does not make any guarantee, representation or warranty (express or implied) as to its accuracy or completeness. The information presented in this document is subject to change without notice.
Certain of the products and services offered by HSBC and its subsidiaries and affiliates are subject to credit adjudication and approval. This document does not constitute an offer to provide the services and products described and the provision of such services and products remains subject to contract.
“HSBC” is a trademark of HSBC Holdings plc and has been licensed for use by HSBC and its affiliates.