InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Federal and state authorities target income scams
On December 14, the FTC, along with 19 federal, state, and local law enforcement partners, announced “Operation Income Illusion,” which encompasses more than 50 enforcement actions against scams targeting consumers with false promises of income and financial independence. According to an analysis of complaint data by the FTC, consumers have reported that they lost more than $610 million to income scams since 2016—with more than $150 million of losses reported in the first nine months of 2020—which the FTC attributes to the increase in scams related to the Covid-19 pandemic.
The announcement also includes four new enforcement actions and one settlement that are part of Operation Income Illusion, (i) an action and temporary restraining order against a Florida-based operation, which sold expensive memberships to programs by promoting earnings between $500 and $12,500 per sale; (ii) an action against a company with Spanish-language ads targeting Latina consumers with false promises of large profits reselling luxury products; (iii) an action and temporary restraining order against a company marketing investment-related services claiming they would enable consumers to make consistent profits off the market; (iv) an action and temporary restraining order against companies perpetuating a telemarketing scheme claiming false affiliation with Amazon.com to get consumers to purchase business opportunity programs; and (v) settlements (available here and here) with ten defendants involved in a scam targeting older adults while selling various money-making opportunities.
The other agencies reporting actions as part of the sweep include: the SEC, CFTC, the U.S. Attorney’s Office for the Eastern District of Arkansas; and state and county agencies in Arizona, Arkansas, California, Florida, Indiana, Maryland, New Hampshire, Oregon, and Pennsylvania.
FinCEN warns of Covid-19 unemployment insurance fraud
On October 13, the Financial Crimes Enforcement Network (FinCEN) issued an advisory for financial institutions to assist in detecting and preventing Covid-19-related unemployment insurance (UI) fraud. The advisory highlights specific ways illicit actors are exploiting the pandemic to engage in UI fraud, including, among other things, employees receiving UI payments while still being paid reduced, unreported wages from their employer, and the submission of UI claims using stolen or fake identification information. The advisory includes a specific list of red flag indicators for financial institutions to be aware of, such as (i) UI payments from a different state from the one in which the customer resides; (ii) multiple state UI payments within the same disbursement period; (iii) UI payments in a different name from the account holder; (iv) the withdrawal of UI funds in lump sums by cashier’s check or prepaid debit card; (v) multiple accounts receiving UI payments being associated with the same free, web-based email account; and (vi) a newly opened account that starts to receive numerous UI deposits. Financial institutions are encouraged to perform additional inquiries and investigations where appropriate, consistent with a risk-based approach for compliance with the Bank Secrecy Act. Lastly, should financial institutions need to report any UI fraud in a suspicious activity report, FinCEN encourages the institution to reference the advisory.
DOJ official discusses PPP fraud enforcement
On September 10, in remarks at the Paycheck Protection Program (PPP) Criminal Fraud Enforcement Action press conference, Acting Assistant Attorney General Brian Rabbitt provided an overview of recent PPP enforcement actions and noted that “[m]any financial institutions have been strong partners” in assisting the DOJ with “detecting and investigating potentially fraudulent activity in connection with the PPP.” In addition to partnerships with private institutions, Rabbitt emphasized the agency’s data analytics capabilities as a key component in their ability to bring PPP fraud cases quickly—within six months, the DOJ has charged 57 defendants in at least 19 federal judicial districts. Moreover, Rabbitt discussed commonalities among the cases, including the “defendants’ use of their stolen PPP funds for entirely illegitimate purposes” having nothing to do with the intended relief. In total, according to the DOJ, the current charges against the 57 defendants “involve attempts to steal over $175 million from the PPP” and over $70 million in “actual losses to the federal government.”
U.S. issues warning on North Korean hackers targeting banks worldwide
On August 26, a joint alert was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command warning that since February 2020, North Korean hackers have resumed targeting banks worldwide through the use of fraudulent international money transfers and ATM cash-outs. The alert provides an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.” The North Korean hackers, the alert notes, were responsible for stealing $81 million from a Bangladeshi bank in 2016, and have engaged in fraudulent ATM cash-outs affecting upwards of 30 countries in a single incident. According to the alert, the hackers’ “international robbery scheme” poses “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” the alert warns. The hackers “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.”
FTC launches military consumer data tool
On July 13, the FTC released an interactive military dashboard (updated quarterly) that explores data received from active duty servicemembers, veterans, and all military (including military families and reservists) on issues they may experience in the marketplace. Government imposter was the top reported scam type for active duty military personnel, followed by unwanted telemarketing calls, business imposters, online shopping and counterfeit check scams. Other top report categories included identity theft, credit bureaus, third party debt collection, credit cards, mortgage lending, and creditor debt collection. Additionally, reports from the Consumer Sentinel Network showed that from 2015 through the first two quarters of 2020, the median fraud loss for veterans and retirees was $750. The FTC noted that it uses these reports as part of its law enforcement investigations and shares the reports with law enforcement users around the country.
FinCEN advisory warns of Covid-19 scams and money-mule schemes
On July 7, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of Covid-19 imposter scams and money mule schemes (where actors impersonate federal government agencies, international organizations, and charities). The advisory outlines numerous red flag indicators and examples of these types of schemes in order to assist financial institutions in detecting, preventing, and reporting suspicious transactions. FinCEN emphasizes that “no single financial red flag indicator is necessarily indicative of illicit or suspicious activity,” and encourages financial institutions to consider additional contextual information, such as a customer’s historical financial activity and whether a customer exhibits multiple indicators, before making a determination that a transaction is suspicious or otherwise indicative of a potentially fraudulent Covid-19-related activity. FinCEN further advises financial institutions—in line with their risk-based approach to Bank Secrecy Act compliance—to perform additional inquiries and conduct investigations as necessary.
Fed announces tools to help payments industry classify fraud
On June 18, the Federal Reserve Board (Fed) released a set of tools and materials to provide a consistent way for organizations to classify and better understand fraudulent activity occurring across the payments industry. The FraudClassifier model was developed by the Fraud Definitions Work Group (comprised of Fed and payment industry fraud experts), and will allow organizations to classify fraud independently of payment type, payment channel, or other payment characteristics by presenting a series of questions, beginning with who initiated the payment to differentiate payments initiated by authorized or unauthorized parties. This will “help ensure greater internal consistency in fraud classification across an organization. . .and allow for improved information and fraud tracking.” Each of the classifications is supported by definitions that allow the FraudClassifier model to be consistently applied across the industry.
California DBO takes action against company for PACE fraud
On May 27, the California Department of Business Oversight (CDBO) filed an order to ban an Encino-based company from the Property Assessed Clean Energy (PACE) industry for allegedly engaging in fraudulent behavior. According to the press release, the CDBO received 30 complaints from 2018 to 2019 alleging the company solicited homeowners by advertising a “free government program,” but used the homeowners’ personal financial information to submit contracts to PACE program administrators with forged electronic signatures. Additionally, complaints alleged various other fraudulent and illegal actions including, (i) the creation of false email accounts to have the PACE financing documents routed to the agents instead of the homeowners; and (ii) the impersonation of homeowners’ voices on state law required completion calls. The CDBO also asserts that the company sold products at three to five times the usual industry rate and used “high-pressure” sales tactics directed at the elderly and non-primary English speakers. In addition to the Desist and Refrain Order, which demands the company discontinue illegal practices and stop soliciting PACE contract, the CDBO notes that a similar but separate order will also be filed against the company president, who is a PACE solicitor agent.
FINRA reminds firms to be aware of fraud during Covid-19
On May 5, FINRA issued Regulatory Notice 20-13, reminding firms to be aware of the heightened threat of frauds and scams during the Covid-19 pandemic. The notice sets forth practices that firms may wish to implement to address risks relating to fraudulent account openings and money transfers, including a customer identification program, steps to monitor for fraud during account opening, bank account verification and restrictions on funds transfers, ongoing monitoring of accounts, collaboration with clearing firms, and compliance with Suspicious Activity Report filing requirements. The notice also sets forth methods that firms may employ to address risks relating to firm imposter scams and IT help desk scams.
6th Circuit affirms access-device fraud and identity theft convictions
On April 17, the U.S. Court of Appeals for the Sixth Circuit affirmed a district court’s access-device fraud and aggravated identity theft convictions, finding that there was sufficient evidence to support the court’s factual findings on both charges. According to the opinion, the defendant applied for a debit card for his great-grandfather’s bank account without authorization and used the card to pay for his own expenses. The defendant was also seen multiple times on bank security cameras withdrawing money from an ATM using this card. The district court also heard testimony that the defendant opened accounts and applied for loans under his own name but used his great-grandfather’s social security number. The district convicted the defendant on one count of access-device fraud and two counts of aggravated identity theft. The defendant appealed, arguing that the district court failed to make adequate findings of fact and that the government failed to present sufficient evidence to support the charges for which he was convicted.
On appeal, the 6th Circuit reviewed the factual findings underlying the convictions, and first concluded that, with respect to the count of access-device fraud, the government proved each element: that the defendant (i) knowingly used an access device assigned to another individual; (ii) possessed an intent to defraud; (iii) obtained a thing or things with an aggregate value of $1,000 or more within a year using the access device; and (iv) affected interstate or foreign commerce in using the access device. The appellate court explained that there was ample circumstantial evidence to support lack of authorization from the proper owners of the accounts at issue, and that the card was issued in Kentucky and the bank issuing the card was headquartered in Minnesota. The appellate court next considered whether evidence supported the district court’s finding that the defendant committed aggravated identity theft under the bank-fraud statute by opening a checking account and applying for a loan using his great-grandfather’s social security number. The appellate court held that the defendant’s use of his great-grandfather’s social security number properly supported the district court’s finding that the defendant knowingly used, without lawful authority, another person’s means of identification and that the defendant committed a predicate felony under the bank-fraud statute.