Fraudsters are taking advantage of the pandemic and increasing the threat landscape for governments and enterprises around the world in a wide-reaching fashion.

ncognet0 / E+ via Getty Images

February 10, 2021

Maggie Shein

COVID-19-related scams are running rampant. There are reports of a rise in charity fraud, fake job claims, fake COVID-19 tests on the black market, supply chain fraud, price gouging, cyber scams and more. In late 2020, two Texas men were charged with trying to sell $317 million in fake N95 face masks to a foreign government. The government made a payment to the men but the payment was intercepted before it went through, according to prosecutors.

In 2019, the U.S. Small Business Administration (SBA) in charge of the Paycheck Protection Program (PPP) loans, received under 800 calls on its fraud hotline. Through August of 2020, the fraud hotline had more than 42,000 calls. Though we have yet to know the real extent of fraud among government coronavirus relief packages such as PPP and Economic Injury Disaster Loans (EIDL), experts estimate it’s at least in the tens of millions. Multiple people have already been charged with PPP-related fraud claims.

A wave of attempted fraud is also hitting state unemployment benefits programs after states have struggled to process record-high claims. In October 2020, the Arizona Department of Economic Security said that it had prevented 43,000 people from receiving unemployment benefits in order to investigate potential fraud. According to the Wall Street Journal, officials believe U.S. state losses tied to unemployment insurance fraud will be in the billions of dollars.

There’s also the increased risk of insider threats for enterprises and government agencies, says Scot Walker, managing director with Mantle Advisors global investigations and intelligence firm, San Jose, Calif. As people are furloughed or their partner loses his or her job, people can become desperate. “There is, of course, the insider risk. If I give a loan to my buddy, he helps me out and gives me 25% as a thank you because my wife is out of work. In challenging times, it’s not only criminal organizations that are threatening; people have to put food on the table,” he says.

In December 2020, a former employee of the Massachusetts Department of Labor was arrested and accused of misusing her position to submit fraudulent Pandemic Unemployment Assistant (PUA) claims for herself and her husband.

A former contract employee with California’s Employment Development Department, which administers the state’s unemployment insurance program, was charged in federal court with fraud and identity theft in connection with a scheme to steal hundreds of thousands of dollars in pandemic unemployment aid. According to the complaint, the woman conspired with her boyfriend, a prisoner at California State Prison, to submit fraudulent pandemic unemployment insurance claims for California state prisoners and out-of-state residents whose identifying information was stolen.

Indeed, with more than $300 billion given out to more than five million businesses through the PPP and a second relief package approved in the U.S. at the time of publication, a significant portion of funds is thought to be going to fraudsters, says Jon Goldberg, senior vice president and deputy director of financial intelligence at a large financial firm. “It’s a guesstimate and no one will really know the extent of it for another two years most likely, but we’ve heard that 40% of SBA-controlled PPP loans were either fraudulent or had misrepresentation or falsified information on the application,” he says.

And yet, fraud schemes within government programs are just the tip of the iceberg when it comes to fraud schemes that have spawned or increased due to the COVID-19 pandemic. “We are seeing CARES Act benefits fraud, SBA PPP and EIDL fraud, unemployment fraud, illegitimate products, supply chain fraud, and enhanced cyber threats and work-from-home vulnerabilities,” says Karl Perman, president and co-founder of risk consultancy CIP CORE, and a member of Security’s Editorial Advisory Board. “The scope and magnitude of fraud related to COVID-19 is huge.”

Much of the fraud happening related to COVID-19 right now can be broken into first-party fraud that entails a person or group applying for fake loans or lying on an application to receive bigger payouts, etc., and third-party fraud which includes stolen identities to apply for loans or benefit financially, account takeovers, synthetic ID fraud, phishing schemes, ransomware and more.

Recently, the U.S. Attorney’s Office in Baltimore reported authorities had seized two domain names posing as biotechnology companies developing COVID-19 treatments. An investigation began by Homeland Security Investigations after corporate security for Moderna Inc. located one of the fake websites and contacted authorities, according to the indictment. The site showed the name and trademarked logos for the biotechnology company and redirected visitors on the Contact Us page to a form requesting name, company/institution, title, phone, e-mail, and comments/questions. It’s unclear if any identifying information was gained or used by the threat actors before the sites were taken down by authorities.

On the enterprise side, many organizations have seen an increase in fraud related to job scams. High-profile companies have had fraudsters impersonate them in fake interview calls or emails, asking for private information to conduct background checks or to pay upfront for technology costs with reimbursement down the line — potentially damaging the company’s reputation and defrauding innocent people of money or their identities.

In addition to reports of impersonation such as the above, another risk seeing a surge is synthetic ID fraud, where a fraudster combines real biographic information with fake information to create a synthetic or fake person. An example of synthetic ID fraud, would be a bad actor using a child’s social security number along with a fake name and address to create a banking account or apply for a credit card. This type of fraud is the fastest growing type of financial crime in the U.S. right now, according to McKinsey.

Financial institutions and eCommerce merchants are also experiencing an increase in account takeovers (ATOs). ATOs — where a legitimate loan was requested or account created but a fraudster gains access to the account and removes funds — have grown by 378% since the start of COVID-19, according to Sift, a payment fraud solutions company’s Q3 2020 Digital Trust and Safety Index report.

Maggie Shein is Editor-in-Chief at Security magazine. She has been writing, editing and creating content for the security industry since 2004. She has an experienced background in publishing, communications, content creation and management. Within her role at Security, Shein handles the overall direction of the brand, organizes and executes the annual conference, facilitates Solutions by Sector webinars, researches and writes exclusive cover stories, manages social media, and authors the monthly Security Talk column.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Fraud schemes amid COVID-19

Fraudsters are taking advantage of the pandemic and increasing the threat landscape for governments and enterprises around the world in a wide-reaching fashion.

Recent Articles by Maggie Shein

Pinpointing emergency communications

The who, what, why and how of the Baker Hughes GITSOC

Organizations must prepare for these 2021 security risks now, or may fail to make it in a post-COVID world

Creating a diverse and inclusive workplace within security

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

Fraud schemes amid COVID-19

Fraudsters are taking advantage of the pandemic and increasing the threat landscape for governments and enterprises around the world in a wide-reaching fashion.

Recent Articles by Maggie Shein

Related Articles

The latest news and information

Content written for business-minded executives who manage enterprise risk and security