The U.S. Treasury Department is warning financial firms to be on the lookout for frauds and cyber attacks related to covid vaccines, and asking for some tweaks to what firms include in Suspicious Activity Reports that you might file in connection with vaccine scams.
FinCEN, the enforcement wing of the Treasury Department, published the guidance on Dec. 28. The notice warns that regulators have already seen schemes such as people selling counterfeit versions of vaccines to unwitting victims online, or diverting legitimate vaccines from their proper destinations — and then selling those legit vaccines on the black market to persons eager to be vaccinated ahead of approved distribution plans.
The FinCEN notice also warned about ransomware attacks against hospitals, research facilities, and other firms involved in vaccine distribution, plus all the other covid-related scams and frauds we’ve seen all year long. That also includes phishing scams that fraudsters might send out impersonating your emails, where the material makes some covid- or vaccine-related claim so the victims will share their personal data.
The notice includes lots of links to prior warnings about covid-related crime, if you’re interested:
- Advisory on Medical Scams Related to the Coronavirus Disease 2019 (FinCEN)
- Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (FinCEN)
- Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (FinCEN)
- Federal Agencies Warn of Emerging Fraud Schemes Related to COVID-19 Vaccines (FBI)
- COVID-19 Vaccines are in the Pipeline. Scammers Won’t be Far Behind (FTC)
Food for thought if you’re planning to revisit your cybersecurity or fraud risk assessments in early 2021 — which might be a wise idea, since the arrival of covid vaccines is a significant new attack vector for fraudsters; and covid fraud risks have already been rising briskly all pandemic long.
Vaccine Fraud and SAR Reports
When financial firms do encounter covid-related fraud, FinCEN also wants you to include a few extra details in your Suspicious Activity Reports (SARs). Specifically:
- Include the reference “FIN-2020-NTC4” in SAR field 2 and in the narrative portion of the SAR, to note that the suspicious activity is connected to the covid issues raised in this latest FinCEN bulletin.
- Select SAR field 34(z) (Fraud – other) as the associated suspicious activity type, to indicate that the suspicious activity being reported is connected to Covid-19. Also include the type of fraud or name of the scam or product (“vaccine ransomware,” for example) in SAR field 34(z).
- And provide all the usual particulars in the narrative portion of the SAR: how the scammers contacted the victim, how the victim tried to provide payment to the scammers, identifying data such as phone numbers or IP addresses, and so forth.
If you’re not sure exactly what your compliance obligations are under the Bank Secrecy Act, FinCEN also published a short reminder earlier this year — with a subtle but clear message that, yes really, regulators will be looking to investigate and prosecute instances of covid fraud.
So compliance teams should do their part with reminders to employees of what covid fraud might look like, and the importance of bringing those suspicions to your attention. You might also want to update and refine any surveillance or monitoring systems you use to include more covid-related keywords.
The Justice Department and Securities and Exchange Commission have both already brought charges against firms and individuals related to covid fraud. That trend is only going to increase in 2021 as vaccinations become more available and the Biden Administration arrives.