Logo for The Security Title Guarantee Corporation of Baltimore

The Financial Crimes Enforcement Network (FinCEN) issued an advisory to alert financial institutions to potential indicators of imposter scams and money mule schemes, which are two forms of consumer fraud observed during the COVID-19 pandemic. The advisory contains descriptions of these scams and schemes, financial red flag indicators for both, and information on reporting suspicious activity.

The advisory stated: “In imposter scams, criminals impersonate organizations such as government agencies, non-profit groups, universities, or charities to offer fraudulent services or otherwise defraud victims. While imposter scams can take multiple forms, the basic methodology involves an actor (1) contacting a target under the false pretense of representing an official organization, and (2) coercing or convincing the target to provide funds or valuable information, engage in behavior that causes the target’s computer to be infected with malware, or spread disinformation. In the case of schemes connected to COVID-19, imposters may pose as officials or representatives from the Internal Revenue Service (IRS), the Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), other healthcare or non-profit groups, and academic institutions.”

It shared the following imposter scam-related red flags that the industry should look out for:

• “A customer indicating that a person claiming to represent a government agency contacted him or her by phone, email, text message, or social media asking for personal or bank account information to verify, process, or expedite EIPs (economic impact payments), unemployment insurance, or other benefits. For more information on EIPs, visit IRS, “Economic Impact Payment Information Center,” (June 30, 2020). In particular, be alert to communications emphasizing “stimulus check” or “stimulus payment” in solicitations to the public, sometimes claiming that the fraudulent entity can expedite the “stimulus check” or other government payment on behalf of the beneficiary for a fee paid by gift card or prepaid card.

• Receipt of a document that appears to be a check or a prepaid debit card from the U.S. Treasury, often in an amount less than the expected EIP, with instructions to contact the fraudulent government agency, via a phone number or online, to verify personal information in order to receive the entire benefit.

• Unsolicited communications from purported trusted sources or government programs related to COVID-19, instructing readers to open embedded links or files or to provide personal or financial information, including account credentials (e.g., usernames and passwords).

• Email addresses in COVID-19 correspondence that do not match the name of the sender, contain misspellings, or do not end in the corresponding domain of the organization from which the message allegedly was sent.
• Email correspondence that contains subject lines that government or industry have identified as being associated with phishing campaigns, or that contains embedded links or webpage addresses for purported COVID-19 resources that have irregular URLs (e.g. slight variations in domain extensions like ‘.com,’ ‘.org.’ and ‘.us’).

• Solicitations where the person, email or social media advertisement seeks donations on behalf of a reputable organization, but is not affiliated with the reputable organization.

• A charitable organization soliciting donations that (1) does not have an in-depth history, financial reports, IRS annual returns, documentation of their tax-exempt status, or (2) cannot be verified by using various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status.”

The advisory is based on FinCEN’s analysis of COVID-19-related information obtained from Bank Secrecy Act data, open source reporting, and law enforcement partners. FinCEN will issue COVID-19-related information to financial institutions to help enhance their efforts to detect, prevent, and report suspected illicit activity on its website at https://www.fincen.gov/coronavirus.

The advisory explained that, “a money mule is ‘a person who transfers illegally acquired money on behalf of or at the direction of another.’ Money mule schemes, including those related to the COVID-19 pandemic, span the spectrum of using unwitting, witting, or complicit money mules. An unwitting or unknowing money mule is an individual who is ‘unaware that he or she is part of a larger criminal scheme.’ The individual is motivated by his/her trust in the actual romance, job position or proposition. A witting money mule is an individual who ‘chooses to ignore obvious red flags or acts willfully blind to his/ her money movement activity.’ The individual is motivated by financial gain or an unwillingness to acknowledge his/her role.

“A complicit money mule is an individual who is ‘aware of his/her role as a money mule and is complicit in the larger criminal scheme.’ The individual is motivated by financial gain or loyalty to a criminal group. During the COVID-19 pandemic, U.S. authorities have detected recruiters using money mule schemes, such as good-Samaritan, romance, and work-from-home schemes. U.S. authorities also have identified criminals using money mules to exploit unemployment insurance programs during the COVID-19 pandemic.”

It outlined the following financial red flag indicators for COVID-19 money mule schemes:

• “The customer’s personal bank account starts to receive transactions that do not fit his or her transactional history profile, including overseas transactions, the purchase of large sums of convertible virtual currency, or transactions in large flat amounts, or the account generally had a low balance until the customer became involved in a money mule scheme.

• The customer opens a new bank account in the name of a business and, shortly thereafter, someone transfers the funds out of the account. The person transferring the funds could be the registered accountholder or someone else, and may keep a portion of the money he or she transferred (per instructions of the scammer). While this activity, in and of itself, may not be suspicious, it may become so if the individual provides unsatisfactory answers to the financial institution’s inquiries, declines to provide essential ‘know your customer’ documents, or mentions COVID-19 relief work, or ‘work from home’ opportunities as the source of the funds.

• The customer opens accounts in his or her name at multiple banks so he or she may receive money from various individuals or businesses, then moves the money to other accounts at the directions of the customer’s purported employer.

• The customer receives multiple state unemployment insurance payments to his or her account, or to multiple accounts held at the same financial institution, within the same disbursement timeframe (e.g., weekly or biweekly payments) issued from one or multiple states.

• The customer’s account(s) receives an unemployment deposit from a different state in which he or she reportedly resides or has previously worked.

• The customer’s account receives unemployment insurance payments for numerous employees or accountholder name and ACH payment ‘remit to’ name do not match.

• Deposited funds are quickly diverted via wire transaction to foreign accounts located within countries known for having poor anti-money laundering controls.

• The customer makes one or more atypical transactions involving an overseas account, especially through unusual payment methods for the customer. When asked about the transaction, the customer indicates it is for a person located overseas who is in need of financial assistance because of the COVID-19 pandemic.
• Documentation from the customer shows that the purported employer or recruiter uses a common web-based, free email service instead of a company-specific email.

• The customer provides information that his or her purported employer asked the customer to receive funds into his or her personal bank account, so that the employer can then process or transfer funds via wire transfer, ACH, mail or money services businesses out of the customer’s personal account.

• The customer states, or information shows, that an individual, whom the customer may not have known previously, requested financial assistance to send/receive funds through the customer’s personal account, including requests by individuals claiming to be a U.S. Service member who is reportedly stationed abroad; a U.S. citizen working or traveling abroad; or U.S. citizen quarantined abroad.”

To read the complete article online, log into your account at thelegaldescription.com.