The delay in fraud disasters

Welcome to RDC Insider Insights. This monthly series covers a multitude of modern-day financial crimes. We’ve analyzed our global datasets to understand how certain types of crimes and risks are changing over time, both globally and in regional splits, to uncover trends and provide insights.

This post highlights the cybercrime trends of 2020 to date, provides an update to our previous post Technology, Cybercrime and Recessions, and discusses how financial institutions should proceed in terms of identifying risk and monitoring fraud.

Anticipate uncertainty

Grid reflects a steady rise in Covid-19- related fraudulent activity since February 2020. This is attributable to both an increase in criminal activity and a rise in the number of associated prosecutions. As the world has adapted to Covid-19, there have been new, hastily built government programs designed to provide financial relief, of which criminals have taken advantage. In the US, for example, individuals and businesses have submitted fraudulent claims for Small Business Association (SBA) PPP loans worth hundreds of millions of dollars. The growth in reports of fraud is also attributable to law courts reopening following lockdown and investigations that had been halted now resuming.

Covid-19 fraud events, by country

chart showing US with highest fraud events since March 2020

Figure 1: Fraud (FRD) risk code events February July 2020

The number of cases of fraud around the world is rising steadily, but the increasing trajectory has not been uniform at national level, due to differing rates and degrees of lockdown over time. The US, where lockdown has been inconsistent across states, has seen greater variation in the rate of fraud, whereas China has only witnessed a rise in reports of fraud in more recent months, post country-wide lockdown.

Hackers may be using a variety of tactics to target people operating in different phases. Financial institutions operating globally should anticipate increasing their capacity to manage compliance in a virtual setting, to account for uncertainty in how each wave of Covid-19 will impact particular territories and industry sectors.

Covid cybercrime threats

Complementing financial stimulus programs are new technological innovations that pave the way for cyberfraud, such as unemployment application web portals . With unemployment on the rise around the world, these are easy avenues to access the private information of large populations. It is not surprising that cybercrime has flourished as much of the world has converted to a virtual reality, and public and private sector entities alike are susceptible to this increasingly common form of fraud. Cybercrime figures for 2020 are trending towards 1.5 times higher than those for 2019 and are expected to grow as more criminals are convicted.

Countries racing to be the first to market with a Covid-19 vaccine are learning that the virus is not their only threat. Worldwide pressures have encouraged cybercriminals to commit espionage with the intention of stealing intellectual property related to the development and testing of Covid-19 vaccines. Adverse Media reports that a cyber espionage group from Russia has targeted various organizations involved in vaccine development in Canada, the US and the UK. Due to lockdowns and the shift to working from home, spies are using spam emails and other cyber scams to target research facilities, universities and government bodies alike.

Espionage groups have also sent out spear phishing emails to find routes into business networks. Entire industries are targeted, including those particularly susceptible to shipping disruptions, such as manufacturing, finance, transportation, pharmaceutical and cosmetic companies.

Social media: a vehicle for cybercrime

Grid reports show that technology platforms such as social media afford cybercriminals a space to host a scheme intertwined with mobile payments. While the use of these platforms alone is not enough to generate a high risk, financial institutions may want to consider adapting their compliance program to include potential predicate crimes in the screening process at this time, depending on their individual risk tolerance.

Figure 2. Cybercrime across social media platforms January-July 2020

In the months since the start of the pandemic, Facebook, Instagram and GoFundMe social media platforms have had higher instances of misinformation or scam campaigns, which can deploy malware if activated. Online fraud schemes have also included malicious tweets and romance scams.

Fraudulent vendors use social media or other web platforms specifically to target organizations and retailers concerned with social distancing. These are likely to be re-opening post lockdown and may be looking for personal protective equipment or other related goods. Companies in essential industries or jurisdictions with lax business restrictions should be vigilant of such fraud schemes, especially when being solicited online.

Organizations looking to boost their corporate social responsibility (CSR) reputation through charitable giving should beware hackers targeting them to capitalize on the health crisis or other social controversies, such as the worldwide anti-racist movement. Covid-19 is no exception in a long history of natural disasters, including Hurricane Katrina or the devastating earthquake in Haiti, that have given rise to humanitarian aid efforts that can become a vehicle for criminal activity – be it infiltrating individuals’ personal data or a government’s financial system. Enhanced due diligence is vital to avoid altruistic intentions being re-directed for illicit purposes.

Know your country: Covid-19 cybercrimes globally

Covid-19 cybercrime is not going unnoticed. International regulatory bodies are quickly adapting to this shifting landscape and providing resources and recommendations for state security measures. Nevertheless, national legal frameworks to combat cybercrime should not be treated equally. While countries like Nigeria and Australia are noted for having strong laws that prevent unauthorized use and access to digital tech and information, some cybercrime regulations are less well targeted, such as those in the Philippines, Thailand, and more recently in Kenya, Niger and Bangladesh – the top country for Covid-19 cybercrimes.

Figure 3. Countries associated with cybercrime events during the COVID-19 lockdowns, which generally correspond to the presence of local cybercrime regulations within each of these jurisdictions.

Differences in legal frameworks surrounding cybercrime pose issues of cross-border enforcement and allow cybercriminals to circumvent travel restrictions. Areas with minimal regulation against cybercrime may be intended to protect state-sponsored activity. Such instances raise questions about international unity and call for institutions in the financial sector worldwide to collaborate in connecting the dots against cybercrime. It is up to each organization to determine which regulations carry the most weight and would have the most impact on their operational footprint, in what areas they have the most market share or where they see the greatest potential growth.

Monitoring: the ripple effect

Today, less than a year since the onset of the pandemic, most Covid-19-related potential cyber criminals have only been arrested or charged; fewer than 5% of suspects have been convicted . As we have learned from previous disasters, the prosecution of fraudsters can continue for years following a catastrophe, with Hurricane Katrina cyberfraud convictions continuing until 2009, four years after the hurricane. Companies should start to monitor risk entities now to identify predicate crimes attached to larger fraud schemes. They should also consider scrutinizing such activities for a one-to-three-year span, post-recession.

Unfortunately, natural and disasters caused by man will continue to occur and become ever less predictable. As an organization, it is important to be mindful of the subsequent risks, cybercrime and otherwise. Capitalizing on AI and Machine Learning technologies will allow teams to accelerate data analysis, decision making and performance monitoring of their AML/KYC program both during and after critical risk periods. As with past disasters, rebuilding a city, state or country is an ongoing process, during which time the fraud may continue too.