HOT TOPICS FOR 2020
COVID-19
The year 2020 will forever be remembered as the year of the COVID-19 pandemic. The global impact was unlike anything seen in recent history, and the virus permeated all aspects of life. Fraudsters took the opportunity to exploit the pandemic to target both business and individuals. In 2020, the IC3 received over 28,500 complaints related to COVID-19.
Fraudsters targeted the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which included provisions to help small businesses during the pandemic. The IC3 received thousands of complaints reporting emerging financial crime revolving around CARES Act stimulus funds, specifically targeting unemployment insurance, Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans, as well as other COVID-related fraud.
Most of the IC3 complaints related to CARES Act fraud involved grant fraud, loan fraud, and phishing for Personally Identifiable Information (PII). Complaints have been filed from citizens in several states describing fraudulently submitted online unemployment insurance claims using their identities. Many victims of this identity theft scheme did not know they had been targeted until they attempted to file their own legitimate claim for unemployment insurance benefits. At that time, they received a notification from the state unemployment insurance agency, received an IRS Form 1099-G showing the benefits collected from unemployment insurance, or were notified by their employer that a claim had been filed while the victim is still employed.
People are encouraged to protect themselves from scammers by:
- Using extreme caution in online communication. Verify the sender of an email. Criminals will sometimes change just one letter in an email address to make it look like one you know. Also, be very wary of attachments or links. Hover your mouse over a link before clicking to see where it is sending you.
- Questioning anyone offering you something that is “too good to be true” or is a secret investment opportunity or medical advice.
- Relying on trusted sources, like your own doctor, the Center for Disease Control, and your local health department for medical information and agencies like the Federal Trade Commission and Internal Revenue Service for financial and tax information.
“Unfortunately, criminals are very opportunistic. They see a vulnerable population out there that they can prey upon.”, FBI Section Chief Steven Merrill, Financial Crimes Section.
One of the most prevalent schemes seen during the pandemic has been government impersonators. Criminals are reaching out to people through social media, emails, or phone calls pretending to be from the government. The scammers attempt to gather personal information or illicit money through charades or threats.
As the response to COVID-19 turned to vaccinations, scams emerged asking people to pay out of pocket to receive the vaccine, put their names on a vaccine waiting, or obtain early access. Fraudulent advertisements for vaccines popped up on social media platforms, or came via email, telephone calls, online, or from unsolicited/unknown sources.
As we continue to battle COVID-19, protect yourself from fraud and scams. Do not give out your personal information to unknown sources. If you are a victim of an online crime involving COVID-19, report it.
Business Email Compromise (BEC)
In 2020, the IC3 received 19,369 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion. BEC/EAC is a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
As the fraudsters have become more sophisticated, the BEC/EAC scheme has evolved in kind. In 2013, BEC/EAC scams routinely began with the hacking or spoofing of the email accounts of chief executive officers or chief financial officers, and fraudulent emails were sent requesting wire payments be sent to fraudulent locations. Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.
In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency. In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include Extortion, Tech Support, Romance scams, etc., that involved a victim providing a form of ID to a bad actor. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.
IC3 RECOVERY ASSET TEAM
The Internet Crime Complaint Center’s Recovery Asset Team (RAT) was established in February 2018 to streamline communication with financial institutions and assist FBI field offices with the freezing of funds for victims who made transfers to domestic accounts under fraudulent pretenses.
RAT Process 5
*If criteria is met, transaction details are forwarded to the identified point of contact at the recipient bank to notify of fraudulent activity and request freezing of the account. Once response is received from the recipient bank, RAT contacts the appropriate FBI field office(s).
The RAT functions as a liaison between law enforcement and financial institutions supporting statistical and investigative analysis.
Goals of RAT-Financial Institution Partnership
- Assist in the identification of potentially fraudulent accounts across the sector.
- Remain at the forefront of emerging trends among financial fraud schemes.
- Foster a symbiotic relationship in which information is appropriately shared.
Guidance for BEC Victims
- Contact the originating financial institution as soon as fraud is recognized to request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
- File a detailed complaint with www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
- Visit www.ic3.gov for updated PSAs regarding BEC trends as well as other fraud schemes targeting specific populations, like trends targeting real estate, pre-paid cards, and W-2s, for example.
- Never make any payment changes without verifying the change with the intended recipient; Verify email addresses are accurate when checking email on a cell phone or other mobile device.
5 Accessibility description: Image shows the different stages of a complaint in the RAT process.
RAT Successes
The IC3 RAT has proven to be a valuable resource for field offices and victims. The following are three examples of the RAT’s successful contributions to investigative and recovery efforts.
St. Louis In June 2020, the IC3 received a complaint filed by a victim company regarding a wire transfer of $60 million to a fraudulent overseas bank account in Hong Kong. The reported transaction date fell outside of the International Financial Fraud Kill Chain (FFKC) time frame for action; however, The IC3 RAT notified the Legal Attaché of Hong Kong and the St. Louis Field Office of the large dollar loss. Through the collaboration efforts of the IC3 RAT, the Legal Attaché of Hong Kong, and Hong Kong banking and law enforcement partners, the wire was located and immediatelyblocked from entering the beneficiary account in Hong Kong. The St. Louis Field Office quickly contacted the victim of this incident to initiate a recall letter with the originating bank and Hong Kong Police. Through these efforts, the full amount of $60 million was returned to the victim.
Chicago In June 2020, the IC3 was notified of two fraudulent wires totaling $977,411 sent by a victim company specializing in hand sanitizer. The money was intended for an investment in ventilators due to the COVID-19 pandemic. Upon receipt of this notification, the RAT initiated the domestic FFKC to request the recipient financial institution freeze the associated account and any remaining funds. Collaboration with the beneficiary bank resulted in the more recent of the two transfers being frozen in full. The older transfer had already been depleted via wire to a cryptocurrency exchange at another financial institution. Collaboration with the bank, which housed the cryptocurrency account, and with the cryptocurrency account holder company resulted in tracing the wallet path of the funds upon being converted into Bitcoin.
Houston In April 2020, the IC3 received a complaint from a health care victim regarding five wire transfers sent totaling more than $2 million. The RAT Team initiated the FFKC and, after collaboration with the financial institution, holds were placed on the funds to allow the victim time for the indemnification process. Later inquiries into the recipient account number by the IC3 RaID Team found additional suspicious activity information from financial databases on the possible money mules involved with the account. This information was then compiled into two targeting packages and forwarded to the Houston Field Office for case enhancement purposes.
Tech Support Fraud
Tech Support Fraud continues to be a growing problem. This scheme involves a criminal claiming to provide customer, security, or technical support or service to defraud unwitting individuals. Criminals may pose as support or service representatives offering to resolve such issues as a compromised email or bank account, a virus on a computer, or a software license renewal. Recent complaints involve criminals posing as customer support for financial institutions, utility companies, or virtual currency exchanges. Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards.
Although pandemic lockdowns caused a brief slowdown to this fraud activity, victims still reported increases in incidences and losses to tech support fraud.
In 2020, the IC3 received 15,421 complaints related to Tech Support Fraud from victims in 60 countries.
The losses amounted to over $146 million, which represents a 171 percent increase in losses from 2019.
The majority of victims, at least 66 percent, report to be over 60 years of age, and experience at least 84 percent of the losses (over $116 million).
Additional information, explanations, and suggestions for protection regarding Tech Support Fraud is available in the most recent Tech Support Fraud PSA on the IC3 website: https://www.ic3.gov/media/2018/180328.aspx.
Investigative efforts have yielded many successes, including the two examples below.
Knoxville In 2016, the IC3 identified a subject receiving and processing payments for a call center conducting tech support fraud out of India. The subject received checks from victims who believed they were paying for legitimate tech support services. The subsequent investigation by the Knoxville Field Office revealed a larger group of U.S.-based subjects working with the call center owner and connected over 15,000 victims with losses of approximately $7 million. In November 2019, five subjects were indicted in U.S. District Court, Eastern District of Tennessee. By early 2020, all subjects were arrested and charged. One subject from India is accused of being the owner/director of the call center in India. Three subjects in Iowa and one subject in Maryland are accused of facilitating payments on behalf of the Indian call center. Trials are pending.
Legat New Delhi In July 2018, the IC3 received a complaint filed by an Indian citizen regarding an illegal call center in Noida, India. IC3 research and analysis identified companies operating on behalf of the call center and over 130 victims who experienced losses of more than $50,000. The IC3 complaints and analysis were provided to FBI Legat New Delhi, who worked with Indian law enforcement who raided the call center in late 2018. In February 2020, confirmation was received from India’s Central Bureau of Investigation that charges were filed in India on four subjects, three of which have been were arrested and incarcerated.
Ransomware
In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. Ransomware is a type of malicious software, or malware, that encrypts data on a computer making it unusable. A malicious cyber criminal holds the data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Cyber criminals may also pressure victims to pay the ransom by threatening to destroy the victim’s data or to release it to the public.
Although cyber criminals use a variety of techniques to infect victims with ransomware, the most common means of infection are:
- Email phishing campaigns: The cyber criminal sends an email containing a malicious file or link which deploys malware when clicked by a recipient. Cyber criminals historically have used generic, broad-based spamming strategies to deploy their malware, through recent ransomware campaigns have been more targeted and sophisticated. Criminals may also compromise a victim’s email account by using precursor malware, which enables the cyber criminal to use a victim’s email account to further spread the infection.
- Remote Desktop Protocol (RDP) vulnerabilities: RDP is a proprietary network protocol that allows individuals to control the resources and data of a computer over the internet. Cyber criminals have used both brute-force methods, a technique using trial-and-error to obtain user credentials, and credentials purchased on dark web marketplaces to gain unauthorized RDP access to victim systems. Once they have RDP access, criminals can deploy a range of malware – including ransomware – to victim systems.
- Software vulnerabilities: Cyber criminals can take advantage of security weaknesses in widely used software programs to gain control of victim systems and deploy ransomware.
The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and /or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to your local field office or the FBI’s Internet Crime Complaint Center (IC3). Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.