March 4, 2021

Volume XI, Number 63


March 03, 2021

Subscribe to Latest Legal News and Analysis

March 02, 2021

Subscribe to Latest Legal News and Analysis

March 01, 2021

Subscribe to Latest Legal News and Analysis

FinCEN Issues Advisory on Cybercrime and Cyber-Enabled Crime Exploiting COVID-19

On July 30, 2020, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of cybercrime and cyber-enabled crime observed during the COVID-19 pandemic.The advisory – based on FinCEN’s analysis of Bank Secrecy Act (BSA) data, open source reporting, and law enforcement reports – describes COVID-19-related malicious cyber activity and scams, red flag indicators, and directions for reporting suspicious activity. The purpose of the advisory is to help financial institutions and their customers protect legitimate relief efforts for the COVID-19 pandemic against cyber criminals and malicious state actors.

What Does This Mean for Me?

With the increase in fraudulent schemes and cybercrime related to the COVID-19 pandemic, this is a good time to evaluate your AML/BSA and fraud-related compliance programs – including internal due diligence processes, training materials, and reporting procedures – to verify that your program is up to date and takes into account the risks and red flags identified in the advisory. Government agencies repeatedly have warned since March that now is not the time to throttle back on compliance and, when it comes to proprietary data, all companies should tailor their compliance efforts and resources to implement or upgrade proactive protection measures.

Risks and Red Flags 

FinCEN’s advisory identifies the primary means by which cybercriminals and malicious state actors are exploiting the current COVID-19 pandemic. These include:

  • Exploitation of remote applications: schemes targeting vulnerabilities in remote applications and virtual environments to steal sensitive information and disrupt business operations. These risks include digitally manipulating identity documentation in order to undermine online verification processes and leveraging compromised login credentials across numerous customer accounts.

  • Malware phishing schemes and extortion: schemes targeting health care and pharmaceutical providers with offers related to COVID-19 information and supplies. The scams appear to originate from legitimate sources and seek to collect personal and financial data, and to potentially infect target devices by convincing the target to download malicious programs including ransomware in an effort to extort the target to gain access to its own systems.

  • Business email compromise (BEC) fraud schemes: schemes targeting municipalities and the health care industry supply chain that involve cyber criminals convincing companies to redirect payments to new accounts, claiming account modifications are due to pandemic-related changes to business operations.

The advisory lists 20 red flag indicators across these three risk areas and instructs financial institutions to consider these red flags in addition to the context and factual circumstances of a specific transaction, prior to determining whether a transaction is suspicious or indicative of a potential fraudulent-related COVID-19 transaction. These factors include a customer’s historical financial activity, whether the transaction is in line with prevailing business practice, and whether a customer exhibits multiple red flag indicators. The advisory covers a wide range of red flag indicators, including, but not limited to, name changes between government-issued identification and customer account opening information, issues with images on government-issued identification, customer login irregularities, and changes to known customer email addresses. A full list of red flag indicators, per risk area, is included in the FinCen advisory.

Suspicious Activity Reporting 

Lastly, the advisory provides information on how to properly file a Suspicious Activity Report (SAR) identifying potential cybercrime and cyber-enabled crime related to the COVID-19 pandemic. The advisory instructs the following:

  • Include the key term “COVID19-CYBER FIN-20-A005” on the SAR form, field 2, to indicate a connection between the suspicious activity and the activities set forth above;

  • Mark all appropriate check boxes on the SAR form to indicate a connection between COVID-19 and the suspicious activity being reported;

  • Include any relevant technical cyber indicators related to cyber events in a SAR within the available structured cyber event fields; and

  • For cyber-enable crime involving COVID-19 related fraud, select SAR field 34z (Fraud – other) as the suspicious activity type and include the type of scheme as a keyword (i.e., COVID-19 BEC Fraud).

© 2020 Foley & Lardner LLPNational Law Review, Volume X, Number 218



About this Author

Lewis Zirogiannis Partner Litigation Attorney Foley & Lardner San Francisco

Lewis Zirogiannis is a partner and litigation lawyer with Foley & Lardner LLP. Lewis is based in the firm’s San Francisco office, and also has offices in New York and Silicon Valley. He is a member of the firm’s Government Enforcement Defense & Investigations and Finance Practices.

Lewis’ practice focuses on complex litigation as well as government and internal investigations and compliance, including information governance, data privacy and security. He is particularly skilled at counseling corporations on litigation and regulatory matters in the areas of anti-corruption,...

Pam Johnston, Trial Attorney, Foley Lardner Law Firm

Pamela L. Johnston is a partner and trial lawyer with Foley & Lardner LLP, where she is chair of the firm’s Government Enforcement, Compliance & White Collar Defense Practice, a member of the Securities Enforcement & Litigation Practice, and a member of the Health Care Industry Team. Ms. Johnston focuses in the areas of white collar criminal defense, False Claims Act and whistleblower actions, securities enforcement and other governmental enforcement actions. She represents companies and individuals in parallel civil and criminal proceedings involving a...

Lisa Noller, Trial Lawyer, Foley Lardner Law Firm

Lisa Noller is a trial lawyer and investigator with Foley & Lardner LLP, where she is chair of the Government Enforcement, Compliance & White Collar Defense Practice. She has spent almost 20 years investigating, litigating and trying complex criminal and civil cases, including responding to government investigations, conducting corporate internal investigations, and persuading the government not to pursue clients. When cases proceed to trial, Ms. Noller also has significant experience successfully trying a wide variety of over 30 civil and criminal matters in...

David Simon, Litigation Attorney, Foley and Lardner Law Firm

David W. Simon is a litigation attorney who devotes much of his practice to helping corporate clients avoid and manage crises that potentially give rise to government enforcement actions. He provides compliance advice, conducts internal investigations, defends companies against enforcement actions, and represents companies in litigation.

The Foreign Corrupt Practices Act is a principal focus of Mr. Simon’s practice. He also has extensive experience representing clients in antitrust matters and in defending False Claims Act investigations and...

Christopher M. Swift, government enforcement litigator, Foley lardner law firm
Senior Counsel

Christopher Swift is a litigator with Foley & Lardner LLP and a member of Foley’s Government Enforcement, Compliance & White Collar Defense Practice. Focused on national security and international affairs, he represents clients in internal investigations and government enforcement actions involving anti-money laundering (AML), arms controls (ITAR), economic sanctions (OFAC), dual-use exports (EAR), and the Foreign Corrupt Practices Act (FCPA). Dr. Swift also counsels clients in proceedings before the Committee on Foreign Investment in the United States (CFIUS)...