Fear, Uncertainty & Doubt

In 2020 everything changed because of the COVID-19 Pandemic. What initially seemed to be happening to other people elsewhere, impacted globally and severely in the UK - with the UK government imposing an unprecedented lockdown on the public to prevent the NHS being overwhelmed. There was no pretence that the economy would not adversely suffer or a definitive duration for the lockdown. The words ‘uncharted territory’ and ‘unprecedented’ became universal across government and business.

Various actions were taken to support individuals and businesses. Whether we believe they were unnecessary, welcome, or not enough they meant that huge sums of taxpayers’ money are being paid out through loans, grants, and furlough or to underwrite borrowing via the British Business Bank. Whilst lockdown initially made life difficult for criminals, the climate of fear, financial uncertainty, urgency, and despair that was widespread throughout the UK’s population eventually played into the hands of fraudsters and cyber criminals.

Government’s rush to get money to people who needed it meant that many counter-fraud measures, and levels of due diligence, were understandably relaxed. This may have been a good thing as a temporary measure to ease the pain people were experiencing in the economy, but it has undoubtedly enabled more crime to take place. Now that we are emerging from this initial period, we need to take back control with some robust analysis and action and reflect on how those with criminal intent have exploited the situation.

As an expert in fraud and cybercrime, Peter Taylor has over 20 years’ experience working both within the UK Police Force and independently as a private investigator. In this article, he shares some insight into his recent research amongst criminal groups he has access to from his research and connections.

What About Fraud?

We in the counter-fraud community predicted the key areas to alert government, business, and individuals about. These included fraudulent applications for the Bounce Back Loan Scheme (BBLS), COVID Business Interruption Loans (CBILS), Local Authority Grants, Furlough payments (while staff kept on working). We also correctly warned of increased Phishing activity to capitalise on people working remotely to compromise their devices and steal data. Additionally, with financial uncertainty and people in the general population becoming more financially vulnerable or desperate there was also the concern that people of good character would be much more willing to become involved in fraud - or at least ask less questions when asked to take payments into their bank accounts.

Sadly, all of these have come to fruition. To understand this, a better an understanding of the criminal mind would seem to be of some use. To do this, we need to actually go behind ‘enemy lines’ so to speak and see what’s happening - and what is the perspective from the fraudster/cybercrime community. As a specialist in threats from fraud and organised cybercrime, I have investigated fraud within COVID-19 related areas, initially by looking at what was happening in countries in the vanguard of the pandemic, such as Italy, to understand what had happened there from a financial crime perspective. To understand this, a better an understanding of the criminal mind would seem to be of some use.

Organised Crime Steps In

Accounts from Italy began to emerge back in March 2020 of crime gangs approaching businesses that were struggling because of COVID-19 and making them an offer to buy their business. When a price was agreed the criminals were then able to use an established business to launder money and exploit it as a conduit to process receipts form other criminal activities. We have seen similar activities like this in the UK where not only are ‘acquired’ businesses used to launder money, but are also being encouraged by criminal elements to apply for fraudulent grants, BBLS, CBILS, etc. To qualify for the COVID-19 loans/grants businesses in the UK must have been established before 1st March 2020. We now see Limited Companies with little or no trading history being advertised for sale on sites like eBay for thousands of pounds. The adverts often feature the date the company was registered (with dates like 2018 being favoured). In amongst the advertisements are the ominous words ‘never applied for a BBLS’. Whilst the seller may not be committing any fraud directly, these companies have become very attractive to the fraudsters.

While writing this blog, I spoke with a UK Police contact who informed me that they are aware of this issue, and one of the checks they now run is whether a company has a new Director, appointed within the last few months, and particularly where that person is making all the applications for COVID related loans etc. The true impact of BBLS/CBILS fraud will not be seen until the end of 2021 (or even later) when the loans become due, and payments are needed. I think it’s safe to say that we can certainly expect to see a wave of defaults, businesses that have closed, and directors that can no longer be found.

The Money Grab

Unsurprisingly, the UK and USA cyber criminals are all describing government COVID-19 loans/grants as ‘free money’ - and planning to get their hands on as much of it as possible. Not only are these organisations attempting to put in falsified applications for this support, but also target those businesses who haven’t claimed grants and loans, and then claiming fraudulently on their behalf. They are also ramping up their use of false identities to make unemployment claims. In fact, the USA Secret Service has recently alerted us about organised scams claiming millions in unemployment benefits across various States - and even named a specific cybercrime gang, called Scattered Canary, as being one known such ’gang’ behind it.

My sources also inform me that these gangs are currently making so much money that they don’t currently have sufficient infrastructure to launder or ‘cash out’ their gains. There is therefore hope yet that some of these losses can be recuperated by law enforcement before it’s too late. I know from my own previous research that ‘cashing out’ is one of the biggest obstacles that gangs face when they have generated illegal income. So recently acquired ‘legitimate’ businesses and intricate use of various forms of cryptocurrencies are all areas being considered by these types of organisations as a route to transfer their gains and get them into the legitimate financial world. With remote working having become the norm.

‘Business Email Compromise’ has also reportedly grown considerably. There has been a blaze of media coverage that COVID-19 headlines are being used in scam emails to target victims to open emails and download malware or provide information. Finding victims for this type of scam is a numbers game with high volumes of emails being sent out. When researching the issue with my contacts, I was told that rather than it being new players getting into this market, existing groups have revisited this ‘business channel’ because by using COVID within the emails or texts they are now getting four times as many people responding.

Identity Fraud

Finally, when it comes to identity fraud, many fraudsters have been aware of various tech companies developing solutions to address ID fraud and have been busy pre-preparing and using synthetic identities for use in fraud over the past 3 years. However, because of opportunities with grants, loans, and unemployment benefit many have kept to using genuine identities over the last few months - and amended information attached to that identity to meet eligibility criteria. Failing that, just the ability to apply pressure to vulnerable people during a crisis (whether they be in struggling businesses or just vulnerable circumstances) is providing lots of opportunity for them during this health emergency. My view, however, is that as the COVID-specific fraud opportunities subside, rather than sit back and enjoy their spoils, these criminals will seek to maintain their level of activity and these pre-prepared synthetic identities will be a vital part of that - as they seek to circumvent the various tech solutions being considered to address identity fraud.

As a final comment, I asked Brett Johnson, how he would describe COVID-19’s impact on fraud. He said ‘Usually, you have desperate criminals trying to steal good people’s money. Now the good people are desperate too, so they are easier to exploit and harder to spot.

Peter Taylor ACFS – The Fraud Guy