PREVIEW

  1. Home
  2. COVID-19 Updates
  3. PREVIEW

Watch Out! Scams on the Rise During COVID-19

Posted on: April 15, 2020

Fraudsters are nothing if not clever and opportunistic.  As the country tries to adapt to a remote working environment and companies adjust to a constantly evolving world, criminals are seeking to take advantage of the situation by impersonating people looking to conduct legitimate business deals. While people are working from home and aren’t necessarily able to bounce ideas and workflow off of colleagues as easily, the potential for decreased diligence increases. 

In particular, banks and the FBI are reporting a sharp rise in “phishing” and “man in the middle” scams as the world deals with the COVID-19 crisis.  Phishing scams can take many forms, but typically a perpetrator will contact you via email by pretending to be a real person from a real company and seeking your help to conduct a transaction.  You may speak with this person on the phone and they will be sufficiently fluent in the language of the transaction or the underlying business to be convincing. 

These perpetrators may also appear as clients or insert themselves into transactions by attempting to send malware to a specific party, often by posing as someone you know through the use of email spoofing. Using a spoofed account, they’ll ask you to open an attachment in order to gain credentials or access to a system. The spoofed account might look something like Johm.Smith@google.com, replacing the “n” in “John” with an “m,” a change one would normally never spot in the ordinary course of email communications.

In “man in the middle” scams, a third party inserts himself into the middle of the communications by posing as one of the transaction parties, and attempts to divert one or more payments to a beneficiary bank never identified in prior communications. Once payments are successfully diverted, the same third party empties the account, and disappears. The counterparties are often unaware of the fraud until days, weeks, or even months later, depending on the attack’s sophistication.

In other words, phishing and man-in-the-middle attacks prey on trust and on the shortcuts that the human mind may take on a regular basis. It is a kind of “social engineering” attack: attackers assume that the people engaging in transactions over email trust each other, and that the counterparties won’t check email addresses in the “From” line carefully. That assumption is often correct, especially when a transaction is near completion and the emails are rapidly moving back and forth.

How can you protect yourself against these attacks?

  • Conduct periodic risk assessments of your internal financial controls and use the results of those assessments to identify possible problem areas.  Encourage management to identify those controls that are specifically designed to address the risk of fraud.
  • Scrutinize your company’s bank and credit card accounts on a daily basis.
  • Try to segregate as many accounting and financial functions across multiple people to increase the number of eyes reviewing each transaction.
  • Carefully check the email address of anyone who sends you an email, especially when it contains wire instructions, bank information or other financial information.
  • Check the format of any emails you receive and watch for odd, or out-of-character, grammar.
  • A simple phone call to the person you believe is the sender is oftentimes the easiest way to ward off one of these scams.  As a general rule, you should always confirm wire instructions over the phone.
  • Check your insurance policies to make sure that you have coverage in the event of losses due to these types of crimes.
  • Make sure your entire staff is properly trained to spot these types of scams.  The more people are aware of how these types of scams work, the more likely you will be to thwart them.
  • Ensure that your computer operating systems contain the most up-to-date software that is equipped with the latest anti-phishing filters.
  • Don’t click on links contained within emails, even if it is from someone you know.  Instead, open a new browser and type in the address that you intend to visit.
  • Trust your gut.  If something seems off about the way a person is acting, chances are there is something amiss. 

If you have any questions about possible internet or email-based scams, or any other questions as to how better shield your company from these attacks by implementing stronger internal controls, please feel free to contact me at KLawrence@swc-law.com

Municipal Law and Legislative Practice Litigation and Appeals Labor and Employment Practice Environment, Energy, and Resources Practice Estate, Trusts and Elder Law