The risk of cyber financial crime in the wake of COVID-19 has significantly increased because the overnight change to businesses operations. In trying to adapt to the new landscape of societal restrictions, businesses are struggling to contain their risk management systems. It is not just businesses that are at risk, unfortunately, but our hospitals and essential healthcare workers are now increasingly exposed. There have been numerous cyber-attacks on institutions that form the frontline in our fight against the pandemic. While law enforcement have ratcheted up their response, it is imperative to know what your options are when things go wrong.
The mask slips
The exploitation of the fear experienced by the masses has led to various scams. These include criminal organisations masquerading as legitimate and reputable websites for the purchase of PPE. Instead, unfortunately, these are fake and a mere front for sophisticated money laundering operations. A recent illustration of this involved an Irish component, where an order for PPE in the value of €15 million was made from a cloned Dutch website by a German company on behalf of the German health authority and €1.5 million was transferred to an Irish bank account. This is now being investigated by international policing bodies.
Phishing – don’t get hooked
Another alarming pattern has emerged in the use of phishing emails, which attempt to persuade people to click on links that download malware or malicious software. More sophisticated schemes have seen the deployment of ransomware onto computers, which is a type of malware where the computer’s files are encrypted and can only be accessed with a decryption key in exchange for a ransom. In the current climate where healthcare providers and medical facilities are under significant pressure, they are more likely to succumb to these demands.
In addition, financial institutions have recorded an increase in credit card kiting. Credit card kiting is a term used for instances in which a cardholder moves funds between various accounts, either in their name or that of another. This gives the effect that borrowings from one lender are used to pay debts owing to another lender, without the cardholder themselves actually contributing towards the payment of any monies due or intending to repay at all.
Recent financial crime mandates
We have extensive experience advising on several of these types of fraud. We recently acted for a charity involving a cyber-attack which caused funds to be fraudulently transferred to Hong Kong. This method of fraud has become more common as email is relied on for communication within organisations because of the lack of the option of face-to-face contact with colleagues. It is imperative that both employees and supervisors be mindful of the risks involved in performing financial transactions. Always call and confirm when the funds are significant. Once the funds exit the jurisdiction, it is an arduous and costly exercise to have them retrieved. Thankfully for our client, we successfully obtained orders in Hong Kong against the recipient bank and the funds are being returned.
While having appropriate and efficient internal procedures to pre-empt and prevent cyber-financial crime is necessary for all organisations, these protocols may not be 100% effective. In this new world of remote working, it is essential to engage with your colleagues when something suspicious arises. We would encourage the following behaviours:
Do not assume that every transactions is legitimate
Apply rigour to all transactions so that all facets are queried and tested appropriately
If unsure, pick up the phone to your colleagues
In our experience, business should immediately involve lawyers where any potential fraud is suspected. We can investigate and work with your auditors and accountants under the legal protection of privilege – ensuring that your business affairs remain confidential.
In circumstances where the perpetrators are successful in their fraud, there are legal avenues available which can be pursued during the COVID-19 pandemic and beyond. Our experience has shown that these mechanisms can provide remedies for businesses without the need for the Irish Courts to be fully operational, and international freezing orders can be obtained urgently.
For more information on how your organisation can prevent susceptibility to cyber financial crime, contact a member of our Investigations & White Collar Crime team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.