In March 2021, The FBI released their annual IC3 2020 Internet Crime Report, including the emergence of COVID-19 scam statistics.

The following are real claims presented by the FBI involving financial institutions and their customers being targeted by scammers under the guise of the Paycheck Protection Program and swindled through Advance Fees and Business Email Compromise (BEC) schemes:

• A financial institution received an email, allegedly from the CEO of a company, who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address, with only one letter altered.
• In another instance, a fraudster spoofed the email address of a CEO who had been approved for a PPP loan, contacted the financial institution facilitating the loan and requested that the PPP funds be transferred to a new account at a different institution.
• Multiple incidents have been reported in which state government agencies, attempting to procure ventilators or PPE, wire transferred funds to fraudulent brokers and sellers in advance of receiving the items. The brokers and sellers included both domestic and foreign entities. In one case, an individual claimed to represent an entity with which the purchasing agency had an existing business relationship. By the time the purchasing agencies became suspicious of the transactions, much of the funds had been transferred outside the reach of U.S. law enforcement and were unrecoverable.

Please share the following BEC protection tips from the FBI with your employees and your customers, and remind them to remain ever attentive and diligent in protecting their valuable assets:

• Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
• Don’t click on anything in an unsolicited email or text message asking you to update or verify account information.
• Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
• Be especially wary if the requestor is pressing you to act quickly.

To read or download the latest IC3 report, visit https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics

For more on Business Email Compromise scams, visit https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise.