Thursday, August 6, 2020

COVID-19: Imposters and Money Mules


I am an attorney who handles compliance for a small bank here in the southeast. A customer came into our branch and indicated that a person claiming to represent a government agency contacted her by phone, followed up with email, and asked for bank account information to process an Economic Impact Payment.

Customers have told us about unsolicited communications from supposedly trusted sources or government programs related to COVID-19, instructing readers to open embedded links or files or to provide personal or financial information, including account credentials (i.e., usernames and passwords).

We even reported a SAR on a customer who made several atypical transactions involving an overseas account. When we asked about these transactions, the customer indicated they were for a person located overseas who needs financial assistance because of the COVID-19 pandemic.

I wonder if you would provide some possible scams relating to COVID-19. What are some illicit activities and consumer fraud schemes that are associated with COVID-19?


Most people want to obey the law. Unfortunately, there are plenty of bad actors who spend their time cooking up ways to defraud consumers. One set of responsibilities for a bank or nonbank is to detect, prevent, and report consumer fraud and other unlawful activities. COVID-19 has brought out the best and the worst in people, especially the worst of the worst: those who would stalk consumers to connive ways to filch their hard-earned assets amid a pandemic. Let’s face it, some people are just so broken that they don’t care about anyone but themselves. But everyone has a stake in a stable economy.

There has definitely been an increase in consumer fraud relating to COVID-19. I am going to briefly outline two types of fraudulent schemes: imposter scams and money mule schemes. Both of these deceptive tactics are described in your question.

Keep in mind that crooks are very creative. As soon as their scam is exposed, they come up with another way to commit fraud. So, even as I write a response, the bandits are continuing to find new ways to manipulate consumers, doing their illegal most to exploit vulnerabilities caused by the pandemic.

Imposter scams and money mule schemes happen where actors deceive victims by impersonating federal government agencies, international organizations, or charities. FinCEN has identified the financial red flag indicators to alert financial institutions to these frauds and to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with the COVID-19 pandemic. We have broadened our Anti-Money Laundering Program testing, policies, and training to include such red flags.

For AML compliance assistance, contact us HERE.

But no single financial red flag indicator is necessarily indicative of illicit or suspicious activity. Financial institutions should consider additional contextual information and the surrounding facts and circumstances. Such context-related information includes a customer’s historical, financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators. Various criteria should be considered before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent COVID-19-related activities.

In other words, your review should be “risk-based,” ensuring compliance with the Bank Secrecy Act (BSA). Therefore, perform additional inquiries and investigations where appropriate. Unfortunately, some of the financial red flag indicators may apply to multiple COVID-19-related fraudulent activities. Given that many scammers are targeting customers as opposed to financial institutions directly, financial institutions should remain on the alert for potential suspicious activities when interacting with their customers,

Let’s discuss imposter scams first, and then follow with a discussion about money mule schemes. I have given you numerous footnotes to help you to train yourself, train your staff, and inform your customers. I will conclude with some guidance on completing the Suspicious Activity Report. You can always contact me if you want to discuss your compliance needs in detail. Contact me HERE.

Imposter Scams

In imposter scams, criminals impersonate organizations such as government agencies, non-profit groups, universities, or charities to offer fraudulent services or otherwise defraud victims. While imposter scams can take multiple forms, the basic methodology involves an actor who (1) contacts a target under the pretense of representing an official organization, and then (2) coerces or convinces the target to provide funds or valuable information, including engaging in behavior that causes the target’s computer to be infected with malware, or spreading disinformation.[i] In the case of schemes connected to COVID-19, imposters may pose as officials or representatives from the Internal Revenue Service (IRS),[ii] the Centers for Disease Control and Prevention (CDC),[iii] the World Health Organization (WHO), other healthcare or non-profit groups, and academic institutions.[iv]

Imposters defraud and deceive the vulnerable, including the elderly and unemployed, through the solicitation of payments (such as digital payments and virtual currency), donations, or personal information via email, robocalls, text messages,[v] or other communication methods. For instance, an imposter may contact potential victims by phone, email, or text to require that the victim must verify personal information or send payments to scammers in return for COVID-19-related stimulus payments or benefits, including Economic Impact Payments (EIP)[vi] under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.[vii]

We have provided considerable information about EIPs in our free Checklist & Workbook, Business Continuity Plan, COVID-19 Pandemic Response (now on its Update # 7, with Update # 8 to be released soon). Get it HERE.

Another instance includes imposters contacting victims and posing as government or health care representatives engaged in COVID-19 contact tracing activities, implying that a victim must share personal or financial information as part of contact tracing efforts.[viii] I could give a host of multiple examples, including phishing schemes, where imposters send communications appearing to come from legitimate sources, to collect victims’ personal and financial data while potentially infecting their devices by convincing the target to download a malicious attachment or click malicious links.[ix]

Scammers may also impersonate legitimate charities or create sham charities, taking advantage of the generosity of the public and embezzling donations intended for COVID-19 response efforts.[x]

As to other communication methods, criminals often use social media accounts, door-to-door collections, flyers, mailings, telephone and robocalls, text messages, websites, and emails mimicking legitimate charities and non-profits to defraud the public. These operations may include words like “relief,” “fund,” “donation,” and “foundation” in their titles to give the illusion that they are a legitimate organization.[xi]

Money Mule Schemes

You may not have heard this term before. It’s a pretty nasty activity. A money mule is “a person who transfers illegally acquired money on behalf of or at the direction of another.”[xii] Money mule schemes, including those associated with the COVID-19 pandemic, span the spectrum of using unwitting, witting, or complicit money mules.[xiii] An unwitting or unknowing money mule is an individual who is “unaware that he or she is part of a larger criminal scheme.”

This crook is motivated by a host of reasons, most of them not worth mentioning.[xiv] A witting money mule is an individual who “chooses to ignore obvious red flags or acts willfully blind to his or her money movement activity.” The individual is motivated by financial gain or an unwillingness to acknowledge his or her role.[xv] A complicit money mule is an individual who is “aware of his or her role as a money mule and is complicit in the larger criminal scheme.” The individual is motivated by financial gain or loyalty to a criminal group.[xvi]

During the COVID-19 pandemic, U.S. authorities have been detecting recruiters using money mule schemes, such as good-Samaritan, romance, and work-from-home schemes.[xvii] In work-from-home schemes, for instance, COVID-19 money mule recruiters, under a false charity or company label, approach targets with a seemingly legitimate offer of employment under the pretense of work-from-home jobs, often through Internet or social media advertisements, emails, or text messages. Once the target accepts the “employment,” he or she receives instructions to move funds through accounts or to set up a new account in the target’s name for the bogus “business.” The target (i.e., the money mule) earns money by taking a percentage of the funds that he or she helps to transfer per the instructions of the bogus “employer.”[xviii]

U.S. authorities also have identified criminals using money mules to exploit unemployment insurance programs during the COVID-19 pandemic.[xix]