TOPICS

Thursday, August 6, 2020

COVID-19: Imposters and Money Mules

QUESTION

I am an attorney who handles compliance for a small bank here in the southeast. A customer came into our branch and indicated that a person claiming to represent a government agency contacted her by phone, followed up with email, and asked for bank account information to process an Economic Impact Payment.

Customers have told us about unsolicited communications from supposedly trusted sources or government programs related to COVID-19, instructing readers to open embedded links or files or to provide personal or financial information, including account credentials (i.e., usernames and passwords).

We even reported a SAR on a customer who made several atypical transactions involving an overseas account. When we asked about these transactions, the customer indicated they were for a person located overseas who needs financial assistance because of the COVID-19 pandemic.

I wonder if you would provide some possible scams relating to COVID-19. What are some illicit activities and consumer fraud schemes that are associated with COVID-19?

ANSWER

Most people want to obey the law. Unfortunately, there are plenty of bad actors who spend their time cooking up ways to defraud consumers. One set of responsibilities for a bank or nonbank is to detect, prevent, and report consumer fraud and other unlawful activities. COVID-19 has brought out the best and the worst in people, especially the worst of the worst: those who would stalk consumers to connive ways to filch their hard-earned assets amid a pandemic. Let’s face it, some people are just so broken that they don’t care about anyone but themselves. But everyone has a stake in a stable economy.

There has definitely been an increase in consumer fraud relating to COVID-19. I am going to briefly outline two types of fraudulent schemes: imposter scams and money mule schemes. Both of these deceptive tactics are described in your question.

Keep in mind that crooks are very creative. As soon as their scam is exposed, they come up with another way to commit fraud. So, even as I write a response, the bandits are continuing to find new ways to manipulate consumers, doing their illegal most to exploit vulnerabilities caused by the pandemic.

Imposter scams and money mule schemes happen where actors deceive victims by impersonating federal government agencies, international organizations, or charities. FinCEN has identified the financial red flag indicators to alert financial institutions to these frauds and to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with the COVID-19 pandemic. We have broadened our Anti-Money Laundering Program testing, policies, and training to include such red flags.

For AML compliance assistance, contact us HERE.

But no single financial red flag indicator is necessarily indicative of illicit or suspicious activity. Financial institutions should consider additional contextual information and the surrounding facts and circumstances. Such context-related information includes a customer’s historical, financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators. Various criteria should be considered before determining if a transaction is suspicious or otherwise indicative of potentially fraudulent COVID-19-related activities.

In other words, your review should be “risk-based,” ensuring compliance with the Bank Secrecy Act (BSA). Therefore, perform additional inquiries and investigations where appropriate. Unfortunately, some of the financial red flag indicators may apply to multiple COVID-19-related fraudulent activities. Given that many scammers are targeting customers as opposed to financial institutions directly, financial institutions should remain on the alert for potential suspicious activities when interacting with their customers,

Let’s discuss imposter scams first, and then follow with a discussion about money mule schemes. I have given you numerous footnotes to help you to train yourself, train your staff, and inform your customers. I will conclude with some guidance on completing the Suspicious Activity Report. You can always contact me if you want to discuss your compliance needs in detail. Contact me HERE.

Imposter Scams

In imposter scams, criminals impersonate organizations such as government agencies, non-profit groups, universities, or charities to offer fraudulent services or otherwise defraud victims. While imposter scams can take multiple forms, the basic methodology involves an actor who (1) contacts a target under the pretense of representing an official organization, and then (2) coerces or convinces the target to provide funds or valuable information, including engaging in behavior that causes the target’s computer to be infected with malware, or spreading disinformation.[i] In the case of schemes connected to COVID-19, imposters may pose as officials or representatives from the Internal Revenue Service (IRS),[ii] the Centers for Disease Control and Prevention (CDC),[iii] the World Health Organization (WHO), other healthcare or non-profit groups, and academic institutions.[iv]

Imposters defraud and deceive the vulnerable, including the elderly and unemployed, through the solicitation of payments (such as digital payments and virtual currency), donations, or personal information via email, robocalls, text messages,[v] or other communication methods. For instance, an imposter may contact potential victims by phone, email, or text to require that the victim must verify personal information or send payments to scammers in return for COVID-19-related stimulus payments or benefits, including Economic Impact Payments (EIP)[vi] under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.[vii]

We have provided considerable information about EIPs in our free Checklist & Workbook, Business Continuity Plan, COVID-19 Pandemic Response (now on its Update # 7, with Update # 8 to be released soon). Get it HERE.

Another instance includes imposters contacting victims and posing as government or health care representatives engaged in COVID-19 contact tracing activities, implying that a victim must share personal or financial information as part of contact tracing efforts.[viii] I could give a host of multiple examples, including phishing schemes, where imposters send communications appearing to come from legitimate sources, to collect victims’ personal and financial data while potentially infecting their devices by convincing the target to download a malicious attachment or click malicious links.[ix]

Scammers may also impersonate legitimate charities or create sham charities, taking advantage of the generosity of the public and embezzling donations intended for COVID-19 response efforts.[x]

As to other communication methods, criminals often use social media accounts, door-to-door collections, flyers, mailings, telephone and robocalls, text messages, websites, and emails mimicking legitimate charities and non-profits to defraud the public. These operations may include words like “relief,” “fund,” “donation,” and “foundation” in their titles to give the illusion that they are a legitimate organization.[xi]

Money Mule Schemes

You may not have heard this term before. It’s a pretty nasty activity. A money mule is “a person who transfers illegally acquired money on behalf of or at the direction of another.”[xii] Money mule schemes, including those associated with the COVID-19 pandemic, span the spectrum of using unwitting, witting, or complicit money mules.[xiii] An unwitting or unknowing money mule is an individual who is “unaware that he or she is part of a larger criminal scheme.”

This crook is motivated by a host of reasons, most of them not worth mentioning.[xiv] A witting money mule is an individual who “chooses to ignore obvious red flags or acts willfully blind to his or her money movement activity.” The individual is motivated by financial gain or an unwillingness to acknowledge his or her role.[xv] A complicit money mule is an individual who is “aware of his or her role as a money mule and is complicit in the larger criminal scheme.” The individual is motivated by financial gain or loyalty to a criminal group.[xvi]

During the COVID-19 pandemic, U.S. authorities have been detecting recruiters using money mule schemes, such as good-Samaritan, romance, and work-from-home schemes.[xvii] In work-from-home schemes, for instance, COVID-19 money mule recruiters, under a false charity or company label, approach targets with a seemingly legitimate offer of employment under the pretense of work-from-home jobs, often through Internet or social media advertisements, emails, or text messages. Once the target accepts the “employment,” he or she receives instructions to move funds through accounts or to set up a new account in the target’s name for the bogus “business.” The target (i.e., the money mule) earns money by taking a percentage of the funds that he or she helps to transfer per the instructions of the bogus “employer.”[xviii]

U.S. authorities also have identified criminals using money mules to exploit unemployment insurance programs during the COVID-19 pandemic.[xix]

Filing the SAR

Finally, a brief note about filing the Suspicious Activity Report (SAR). FinCEN has requested that financial institutions should use the key term “COVID19 MM FIN-2020-A003” in SAR field 2,[xx] which is a reference to indicate a connection between the suspicious activity being reported and the activities highlighted in FinCEN’s advisory concerning COVID-19.[xxi]

In terms of completing the SAR, financial institutions should also select SAR field 34(z) (“Fraud – other”), as the associated suspicious activity type to indicate a connection between the suspicious activity being reported and COVID-19. You should include the type of fraud and/or the name of the scam or product (i.e., “imposter scam” or “money mule scheme”) in SAR field 34(z).

In addition, FinCEN is encouraging financial institutions to report certain types of imposter scams and money mule schemes using fields such as SAR field 34(l) (“Fraud- Mass-marketing”), or SAR field 38(d) (“Other Suspicious Activities-Elder Financial Exploitation”), as appropriate with the circumstances of the suspected activity.[xxii]


Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group



[i] Federal Trade Commission (FTC) Business Blog, “Seven Coronavirus Scams Targeting Your Business,” (March 25, 2020).

[ii] For information on IRS imposter scams in general, see FTC’s “IRS Imposter Scams Infographic,” (January 2020).

[iii] See Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) Public Service Announcement “FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic,” (March 20, 2020)

[iv] The FTC maintains links to resources concerning scams and the current trends it has observed. See FTC’s “Coronavirus Advice for Consumers.”

[v] For information about COVID-19-related imposter scams conducted by text messages and phone calls, see the Federal Communications Commission (FCC), “COVID-19 Consumer Warnings and Safety Tips,” (May 20, 2020). Note: the FTC and the FCC have sent warning letters to multiple Voice over Internet Protocol (VoIP) service providers for allegedly routing illegal pandemic-related scam telemarketing or robocalls. See FTC Press Release, “FTC and FCC Send Joint Letters to Additional VoIP Providers Warning against ‘Routing and Transmitting’ Illegal Coronavirus-related Robocalls,” (May 20, 2020).

[vi] An EIP may take the form of Automated Clearing House (ACH) deposits, U.S. Treasury checks, or prepaid debit cards. See U.S. Department of the Treasury (Treasury) Press Release “Treasury is Delivering Millions of Economic Impact Payments by Prepaid Debit Card,” (May 18, 2020).

[vii] The FTC, the IRS, and the Treasury Inspector General for Tax Administration (TIGTA) each published information about imposter scams, particularly as they relate to EIP. See FTC Blog, “Want to Get Your Coronavirus Relief Check?  Scammers do too,” (April 1, 2020) and “Coronavirus Checks: Flattening the Scam Curve,” (April 8, 2020); IRS News Release, “IRS Issues Warning About Coronavirus-related Scams; Watch Out For Schemes Tied To Economic Impact  Payments,” (April 2, 2020) and the IRS’s Economic Impact Payment Information Center, (April 8, 2020); and TIGTA Press Release, “TIGTA Urges Taxpayers to “Be On High Alert” For Coronavirus Relief Payment Scams,” (April 7, 2020).

[viii] See Department of Justice (DOJ) Press Release “U.S. Attorney Warns Public of COVID-19 Contact Tracing Frauds,” (May 28, 2020).

[ix] See Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s (U.K.) National Cyber Security Centre (NCSC) Alert, “COVID-19 Exploited by Malicious Cyber Actors” (April 8, 2020); and DHS, “Common Scams: Know How to Spot a Fake.” Additionally, see WHO Cybersecurity, “Beware of Criminals Pretending to be WHO,” (April 2020). See also FTC Blog, “COVID-19 Scams Targeting College Students,” (May 27, 2020); and DOJ Press Release, “Federal Law Enforcement Encourages the Public to Remain Vigilant to Covid-19 Scams,” (April 22, 2020).

[x] Multiple U.S. Attorneys’ Offices (USAOs) warn of criminals who may seek to exploit legitimate relief efforts for their own illicit gain by soliciting donations to sham charities or crowdfunding sites. See USAO for the Southern District of Georgia, “U.S. Attorney Warns of Coronavirus Scams Targeting Vulnerable Victims,” (March 25, 2020); USAO for the Eastern District of Oklahoma, “Department of Justice Requests Citizens be Aware of And Report COVID-19 Fraud,” (March 24, 2020); and USAO for the Middle District of Tennessee, “U.S. Attorney and FBI Urge the Public to Report  Suspected Fraud Related to Tornado Destruction and COVID-19,” (March 23, 2020). Additionally, the U.S. Securities and Exchange Commission (SEC) noted the potential for charity investment frauds, where actors falsely claim that investments will provide financial support or medical treatment to people in need, with the money instead stolen. See SEC Investor Alerts and Bulletins, “Frauds Targeting Main Street Investors -- Investor Alert,” (April 10, 2020). See also FTC’s information to avoid charity scams, “Make Your Coronavirus Donations Count,” (May 5, 2020).

[xi] See FTC, “How to Donate Wisely and Avoid Charity Scams.” 

[xii] See FBI, “Money Mule Awareness” (July 2019). For more information on money mules in general, see FinCEN, “Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes,” (July 16, 2019); “FinCEN Analysis: Bank Secrecy Act Reports Filed by Financial Institutions Help Protect Elders from Fraud and Theft  of Their Assets,” (December 4, 2019); and DOJ, “Justice Department Announces Landmark Money Mule Initiative,” (December 4, 2019).

[xiii] For more information about unwitting, witting, and complicit individuals involved in money mule scams, see FBI, “Money Mule Awareness” (July 2019).

[xiv] Idem, page 4, see examples of how an unwitting money mule is recruited and used.

[xv] Idem, page 5, see examples of how a witting money mule is recruited and used.

[xvi] Idem, see examples of how a complicit money mule is recruited and used.

[xvii] The FBI has released information on how criminals are taking advantage of the COVID-19 pandemic to steal money, access personal and financial information, and use individuals as money mules. See FBI Press Release, “FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic,” (April 6, 2020).).

[xviii] For more information on fraudulent job offers, see FTC Blog, “Looking for work after Coronavirus layoffs?” (April 13, 2020.

[xix] See Washington State Employment Security Department, “Statement from Commissioner Suzi LeVine on the rise in unemployment imposter fraud attempts,” (May 14, 2020) and “Update on imposter fraud from Commissioner Suzi LeVine,” (May 18, 2020).

[xx] See “Advisory on Imposter Scams and Money Mule Schemes Related to Coronavirus Disease 2019” (COVID-19) FIN-2020-A003, July 7, 2020.

[xxi] Idem

[xxii] See FinCEN’s “Notice Related to the Coronavirus Disease 2019 (COVID-19),” which contains information regarding reporting COVID-19-related crime, and reminds financial institutions of certain BSA obligations.