WASHINGTON–In the wake of numerous natural disasters around the country, ranging from hurricanes to wildfires, the Financial Crimes Enforcement Network (FinCEN) has issued an advisory warning financial institutions about the potential for fraudulent transactions in the wake of disasters.
The warning is the result of work done by the U.S. Department of Justice’s National Center for Disaster Fraud (NCDF), which involves more than 30 federal, state, and local agencies and acts as a centralized clearinghouse of information related to disaster relief fraud of all types.
FinCEN is urging banks and credit unions to pay particular attention to benefits fraud, charities fraud, and cyber-related fraud:
“Benefits fraud typically occurs when individuals apply for emergency assistance benefits to which they are not entitled,” FinCEN said. “Financial institutions are at risk when fraudsters seek to deposit or obtain cash derived from the emergency assistance payments. FinCEN has noted an increase in the use of wire transfers to perpetrate these frauds. In those situations, requests for withdrawals are made and funds are wired to bank accounts, where the fraudster immediately withdraws the funds.”
Among the red flags of Benefits Fraud:
- Deposits of multiple FEMA, Red Cross, or other emergency assistance checks or electronic funds transfers into the same bank account, particularly when the amounts of the checks are the same or approximately the same (e.g., $2,000 or $2,358).
- Cashing of multiple emergency assistance checks by the same individual.
- Deposits of one or more emergency assistance checks, when the accountholder is a retail business and the payee/endorser is an individual other than the accountholder.
- Opening of a new account with an emergency assistance check, where the name of the potential accountholder is different from that of the depositor of the check.
“Charities provide a vehicle for donations to assist hurricane victims. However, during times of disaster, criminals seek to exploit these vehicles for their own gain,” FinCEN said. “Both legitimate and fraudulent contribution solicitations and schemes can originate from social media, e-mails, websites, door-to-door collections, flyers, mailings, telephone calls, and other similar methods. In the coming weeks and months, it is likely that millions of aid dollars will flow to areas affected by Hurricanes Harvey, Irma, and Maria.”
Among the red flags for Charities Fraud:
- Financial institutions may be able to identify potential fraudulent transactions where the payee organization’s name is similar to, but not exactly the same as, those of reputable charities.
- The use of money transfer services for charitable collections – generally, legitimate charities do not solicit donations via money transfer services.
“Cyber actors take advantage of public interest during natural disasters in order to conduct financial fraud and disseminate malware. The Center for Internet Security expects this trend to continue as new and recycled scams emerge involving financial fraud and malware related to Hurricanes Harvey, Irma, and Maria,” said FinCEN.
As of September 2017, the Multi-State Information Sharing and Analysis Center (MS-ISAC) reported the registration of more than 743 domain names containing the word “Irma,” and most include a combination of the words “help,” “relief,” “victims,” “recover,” “claims,” or “lawsuits.”
Cyber fraud red flags include:
- Crowdfunding platforms also can be exploited by criminal elements. While many crowdfunding efforts are legitimate and have platforms with the appropriate protections in place, some platforms have limited policies and procedures in place to protect customer funds and identification. In these circumstances, financial institutions should be aware of the risk this can present for potential identity theft vulnerabilities of account holders who are donors. Information security units in financial institutions may have access to information that may help in the detection and reporting of such activity.
- Some illicit crowdfunding sites are set up expressly to defraud donors. Cyber actors often create such sites using web designs or names that are virtually identical to legitimate charities and relief organizations to induce unwitting donors into making donations to criminal enterprises through these fraudulent sites. These fraudulent websites often end with a “.com” or a “.net”, while most legitimate charities’ websites end in “.org.”