FBI Warns Financial Institutions To Beware of Coronavirus-Related Scams

Business email compromise attacks continue to be effective, tricking victims into transferring funds to fraudulent accounts.

• By Haley Samsel
• Apr 09, 2020

Scammers seeking to profit from confusion and fear surrounding the coronavirus pandemic continue to succeed against financial institutions amidst a chaotic environment, according to a new warning issued by the FBI this week.

A FBI release on Monday, reported by CyberScoop, noted that business email compromise (BEC), or phishing, attacks have specifically targeted municipalities that are already desperately seeking to find supplies, such as masks and cleaning products, for their respective communities.

BEC attacks are already the most profitable of any cybercrime in the U.S., taking $1.7 billion from victims last year, the FBI reported. Warnings from other government agencies and studies by cybersecurity firms in the past few months have noted an uptick in scamming campaigns targeting businesses and local governments.

Read More: Attorney General Directs Department of Justice to Crack Down on Coronavirus Scammers, Cyber Criminals

Two recent attacks included in the Monday FBI warning are representative of coronavirus-themed scam emails sent to banks, businesses and local government agencies.

One scammer pretended to be the CEO of a company actually scheduled to receive $1 million from a financial institution. An email sent to the financial institution asked that the transfer date be moved up due to “the Coronavirus outbreak and quarantine processes and precautions,” according to the FBI.

The other scam cited by the bureau was a bank receiving an invoice from a “customer in China” requesting a redirect of funds to a different bank due to “Corona Virus audits.” Not detecting the scam, the victim bank lost “significant” funds making multiple wire transfers to a new bank before realizing the mistake.

Bank officials in particular should be skeptical of any emails urging rushes on wire transfers, messages outside typical communication methods, requests to change direct deposit information from random employees, and efforts to change wiring instructions right before a transfer. Cybersecurity firm FireEye has also warned consumers and companies to watch out for emails preying on confusion and disinformation on stimulus checks and coronavirus-related relief.