FinCEN Advisory FIN-2020-A005 Alerts Financial Institutions to Cybercrimes Exploiting COVID-19 Pandemic

A recent FinCEN Advisory (FIN-2020-A005) on cybercrime and cyber-enabled crime exploiting the COVID-19 Pandemic alerts financial institutions to indicators of potential fraudulent schemes, malicious cyber activity and scams, and other suspicious activity.  The Advisory is based on FinCEN’s analysis of COVID-19-related information obtained from Bank Secrecy Act (BSA) data, publicly available media, and law enforcement reports.

The topics covered include: (i) targeting and exploitation of remote platforms and processes due to financial institutions’ reliance on remote systems operations to conduct business; (ii) phishing, malware, and extortion scams targeting individuals with communications appearing to come from reliable sources and relying upon references to COVID-19-related subject matter, such as CARES Act payments; and (iii) business email compromise (BEC) schemes, in which, commonly, companies are induced to redirect payments to new accounts by scammers citing pandemic-related changes in business operations.

The Advisory identifies twenty red flag indicators of fraudulent activity that may appear in electronic communications from cyber criminals or be evident from monitoring network traffic, online transactions, and other online activities.  These red flags should alert financial institutions to the possible presence of potentially illegal activity requiring further investigation and/or the filing of a Suspicious Activity Report (SAR).

When filing a SAR due to suspected COVID-19 pandemic-related cyber activity, financial institutions are advised to include the phrase “COVID19-CYBER FIN-2020-A005” in SAR field 2 (Filing Institution Note to FinCEN) and provide a narrative indicating a connection between the suspicious activity being reported and the activities highlighted in the advisory.