And, as if it wasn’t enough, there is also the menace of fraud.
“When the cat’s away, the mice are at play.” You know the saying, don’t you? But for it to represent more accurately the reality we’re facing in the COVID-19 crisis, a slight modification is needed: “When the cats are busy, very busy… the mice are at play.”
At this point, nothing that we’re stating below is new to you. We have all been hit hard by the Covid-19. Its spread, nippy and silent, forced us to put aside the most unique human characteristic, sociability.
People remain very concerned about their health and what the future—personal and professional—will look like.
Organisations have applied rarely-seen-before measures in an effort to mimic the “business-as-usual” but, let’s face it, it little resembles what is truly “usual”. The SME’s future isn’t quite clear yet, neither when the deconfinement actions that certain governments have already initiated will impact them, and how.
Governments, in turn, are granting access to financial aid in different modalities so that the risk of unemployment is mitigated and the peril of a great economic depression is reduced.
But fraudsters, well, they are playing their own cards, trying to make the most of the stress that COVID-19 is causing. It’s precisely them who take the central stage in this article. Halfway between felon and sinner, and with a fair understanding of human behaviors, fraudsters have been increasingly active lately. We offer an overview of possible scenarios and measures you can apply to prevent their misdeeds.
Read carefully.
To fraudsters, the COVID-19 pandemic is an ally
Home-based work has become the norm for a vast majority of employees whose functions can be performed with computers and portable devices. And most of them rely on the use of virtual private networks (VPN) connections and the “domestic” WiFi . Despite the growing cybersecuritymeasures organisations are deploying, home set-ups are, generally speaking, less secure.
Vulnerability to cyberattacks then, increases, and fraudsters are busy trying to profit from this occasion that none of us have experienced before. That’s why the need to stay informed in the maze of (mostly) negative and (scarcely) positive news, leads us to access websites or click on email links that we would have likely discarded unequivocally under different circumstances.
On top of cyberattacks, the good will of people trying to help others could also be used for opaque intentions. Fraudsters pretending to be legitimate customers could deceive banks in granting them financial aid.
In our latest Global Economic Crime and Fraud survey, 47% of the respondents said they had experienced fraud in the past 24 months. This was the second highest reported level of incidents in the past 20 years. Fraud by customers and cyberattacks were at the top and their number is likely to increase even further in times of COVID-19.
Businesses, level up vigilance! Think twice before deciding measures that could ultimately hurt the people that you are trying to help or protect.
The trickery that fraudsters currently fancy
Following the COVID-19 pandemic, fraudsters have promptly adapted their trickery to the current context. The “fake president”, the “supplier or person in need”, the vile phishing email that makes us click on malicious links, are some examples. Fraudsters are also likely to try to get a piece of the financial aid promised by the Government through false claims on applications.
Several national and international organizations have already warned against these new threats and issued recommendations, e.g. Luxembourg’s CRF, Europol and Interpol.
Let’s revisit the maneuvers that they are using during the COVID-19 pandemic:
The Fake president
This happens when a fraudster contacts an employee, pretending to be the CEO or a senior member of the management board. Citing the urgency of any matter related to the COVID-19 crisis, the fraudster will persuade the employee to make an urgent payment. The need to buy sanitary equipment, to cover the costs of an employee’s medical treatment or to bring back home an employee who is stuck abroad are common stories used to convince the victim to transfer a certain amount of money. Have you got one of these calls or emails lately?
The fake supplier
In this case the fraudster, pretending to be a supplier, contacts an employee to demand an urgent payment for products linked to the COVID-19 crisis. The destination account is, obviously, not connected to any known supplier. The convincing reason revolves around the need to receive the payment as quickly as possible because the “supplier” claims to be going through financial difficulties due to the crisis.
The (infamous) phishing
This takes place when a fraudster sends out emails that seem to be from a legitimate source, for instance the World Health Organisation (WHO), Johns Hopkins University, the police or some volunteering groups. By clicking on a link, a worker’s computer gets infected and the fraudster will be able to collect information, like passwords and banking details.
The false claims
A fraudster will file for immediate financial aid or loans, making fake claims on an existing business, a business that does not exist or one that is not entitled to receive help as it was already in financial trouble before the crisis. When certain individuals have a lawful right to benefit from financial aid, they might try to get the aid several times by filing different applications with varied information. Willing to provide help quickly, banks and state agencies might overlook those inconsistencies to the benefit of the fraudster.
These are only a few examples which fraudsters also use in “normal” times. However, their occurrence has increased under the current circumstances.
Fighting fraudsters with a cold mind and a warm heart
In very simple terms, stay vigilant. We want to reiterate this recommendation. These are times when having a cold mind and a warm heart is a winning combination. Caution is your business’ best companion; rushing into decisions is like playing Russian roulette.
Your business and your employees want to help others, and fraudsters will take advantage of that goodwill to carry out misdeeds. This can have the opposite effect: people who are actually in need may not receive the money or the resources they need.
To make sure that you don’t become a victim of fraud, encourage your team members or your colleagues to:
Apply professional skepticism and question demands that don’t seem to make sense.
Respect set controls and procedures and do not circumvent them because of feeling pressured.
Be aware that fraudsters like to take advantage of goodwill and target people accordingly.
Talk to their team members about risks of fraud, and use guidelines on how to react to urgent or unusual demands.
Keep records of discussions and decisions as much as possible.
Good fraud prevention practices don’t go out of style
The COVID-19 crisis has opened a new chapter in history which is shaping our present and will shape our future in unexpected ways.
Nevertheless, even if unusual times call for unusual action, the good old practices of fraud prevention never go out of style, especially in such a case. We may be stating the obvious but in order to support your employees, you should remind them these Top 10 recommendations:
Respect the rules to check and validate payments, i.e. the separation of tasks between the person registering a payment and the person releasing the payment.
Remember that the checks shall ensure that the money reaches the right person and isn’t taken away by fraudsters.
Perform additional checks in case an existing supplier wants to change its bank details, i.e. ask for a Relevé d’Identité Bancaire (R.I.B), and contact the supplier once again, using the contact information in your system, to confirm the change
Evaluate the legitimacy of new suppliers, for instance, by asking for their business permit or VAT number.
Verify the quantity and quality of deliveries before carrying out payments.
Consult with a manager or coordinator in case a supplier demands transfers to a country which is not its country of residence, or when unusual advances are requested.
Pay special attention to emails from unknown external sources; contact the IT department in case of doubt.
Question demands from individuals asking to speed up a well-established procedure; consult with the team or manager in case it’s needed. In this regard, offer to call back the person. Including a colleague or coordinator when calling back is a smart idea.
Refrain from performing any tasks like changes in the system or payments based solely on a call or email without additional proof.
Check your treasury/financial situation daily in order to identify the disappearance of funds
Reach out to us!
We trust these tips—or nice reminders—will already help you to prevent or to mitigate any kind of fraud. Remember, we are there to listen to you and give you support. In case you have any questions, concerns or suspicions, please feel free to contact us.
What we think
Michael Weis Forensic and Financial Crime Leader at PwC Luxembourg
Our experience shows that fraud is happening more often in times of crisis. Organisations and people are more focused on dealing with the challenges of keeping the business alive and less on controls and rules. In analogy of a Warren Buffet quotation, I would add that it is far more efficient to steal money using paper and emails than using a gun.
