The COVID-19 pandemic is affecting most aspects of our society and daily lives, as well as the U.S. economy and markets. Events with such profound impact routinely create opportunities for financial fraud. FINRA has released a new Notice to broker-dealers advising firms and their associated persons to be aware of and take appropriate measures to address the increased risks and challenges presented during the COVID-19 pandemic. In addition to new scams focusing on COVID-19, previous scams may also find new life as fraudsters adapt to and exploit recent events and related vulnerabilities, especially those related to the remote working environment.
Many coronavirus-related investment account scams involve third-party fraudsters leveraging — in a bad way — firms' relationships and communications with investors. By staying vigilant, you can play an important role in keeping your assets and personal information safe. This article highlights four common scams to look out for: (1) fraudulent account openings and money transfers; (2) firm imposter scams; (3) IT Help Desk scams; and (4) business email compromise schemes — and how you can take action to mitigate related risks.
1. Fraudulent Account Openings and Money Transfers
Some brokerage firms have reported an increase in newly opened fraudulent accounts, which may otherwise be hard to identify as a result of overall increases in new account openings. Fraudsters may be targeting firms offering online account opening and, perhaps especially, firms that recently started offering such services. In addition, scammers may use stolen or synthetic identities (meaning the use of legitimate Social Security numbers with false names, addresses and dates of birth) to establish accounts to divert congressional stimulus funds, unemployment payments or other payments, or to engage in automated clearing house (ACH) fraud. The specific tactics fraudsters use may vary, but they typically involve some combination of the following steps:
- Establishing the Account: Using stolen or synthetic customer identity information to open a new brokerage account, at either the customer's existing brokerage firm or a different firm.
- Funding the Account: Moving money into a newly established brokerage account by:
- using stolen bank account information (routing and account numbers) to transfer money from the customer's bank account to the newly established brokerage account;
- effecting smaller dollar transfers via ACH or other online payment methods from the customer's bank account; or
- diverting other customer funds directly to the fraudster's account (eg., diverting unemployment benefits).
- Exfiltrating Funds: Rapidly moving deposited funds out of the brokerage account by, for example:
- making ATM withdrawals or purchases on debit cards for the brokerage account; or
- linking the brokerage account to a third-party bank account or an account at another financial institution that provides pre-paid debit card products and services and then transferring funds to that account.
FINRA has observed that, in some cases, fraudsters emailed firms a falsified voided check to verify the new bank account information. The falsified check included the real customer's home address and looked like a legitimate check for the customer's bank account.
Investor Tips: Behind the scenes, brokerage firms use a number of tools to monitor and take action against these types of activities, but there are also things you can do. One way is to consistently review your investment and bank accounts for activity (including movements of small amounts of money into or out of brokerage or bank accounts) and any account change notifications you receive from your firm. If you notice something that doesn't look right, independently verify the contact information for your firm and let them know about the issue. Do the same if a firm reaches out to you about a newly linked bank account or a new account being opened with your personal financial information or Social Security number (at your financial firms or at other financial institutions you do not recognize). Make sure you are dealing with a legitimate firm and investment professional by using FINRA's BrokerCheck—and be sure to alert the firm to any unauthorized activity you spot.
Another way to your monitor your financial accounts is to review credit reports for any suspicious or unauthorized activity. Starting in 2020, everyone in the U.S. can get six free credit reports per year through 2026 by visiting the Equifax website or by calling 1-866-349-5191. That's in addition to the one free Equifax report (plus your Experian and TransUnion reports) you can get at AnnualCreditReport.com. You also have the option of placing a freeze on your credit or setting up a fraud alert.
2. Firm Imposter Scams
The increased use of remote offices and telework arrangements may increase opportunities for fraudsters to impersonate brokerage firms and investment professionals in communicating with customers or creating a fake online presence or websites. As part of this scam, fraudsters may seek to obtain — via a phone call, website, email, text or other communications — customers' personal information, including account information and account credentials like usernames and passwords, or trick them into making investments or transferring funds by claiming to be a firm employee. In some cases, fraudsters may seek to reduce the likelihood that customers will realize they have been the target of a fraud by directing them not to contact the firm by phone due to long wait times.
Investor Tips: Firm imposter scams are nothing new, but the decentralized nature of remote work environments poses new challenges for both firms and investors. The best way to keep your information safe and avoid firm imposter scams is to verify who is contacting you and do not give account credentials or permission to allow anyone to gain remote access into your computer or device. If you are being contacted from email addresses, phone numbers or receiving texts from numbers that do match the information on your account statements or in your contacts, don't provide the information being requested until you can confirm it is actually your investment firm or a legitimate investment professional. Independently check through the firm's official channels and by using FINRA's BrokerCheck.
3. IT Help Desk Scams
Remote work arrangements also may increase the opportunity for social engineering attacks involving financial firms' IT Help Desks. Among the many variants on this type of fraud, a fraudster might pretend to be calling from the firm's customer Help Desk about a technical issue with the firm's platform or online systems, or with issues about a customer's account, to attempt to steal personal confidential information or account information, or pressure the investor to transfer funds to an outside account. These scams are similar to a common "virus protection" scam that emerged over the past few years and used the names of well-known technology companies and platforms to mislead consumers.
Investor Tips: Do not provide information in response to an email, text or phone call until you verify the identity and purpose of the caller by contacting the firm through independent channels, using contact information from your account statements. Also, never click on an attachment or link, provide your online password, or download software, to your computer unless you have confirmed the sender or caller and reason for such request. Investors should report any suspicious activity to their investment firms so they can take action to alert other staff and customers that they may be targeted.
4. Business Email Compromise Schemes
Business email compromise schemes typically involve those who have the ability to perform legitimate funds transfers. Fraudsters may take advantage of remote working environments to pose, via email or text message, as firm leadership to request illegitimate fund transfers. According to the FBI, in a typical business email compromise scheme, the victim receives an email they believe is from a company they normally conduct business with, but this specific email requests funds be sent to a new account or otherwise alters the standard payment practices.
Investor Tips: Be on the lookout for emails or text messages that purport to come from your investment firm that include potential red flags, such as requests arriving at an unusual time of day, using atypical language or greetings, requesting a transfer to a new account, requiring privacy or secrecy for the transactions or displaying unusual urgency; and confirm the request via telephone prior to acting on any requests, especially those sent via email channels. And remember that business email compromise schemes are but one version of a wide range of imposter scams. Scammers also hijack personal email addresses, social media handles and cell phone numbers to pretend to pose as friends or family who need money in a pinch.
Investors can do their part by immediately reporting scams and any other potential fraud to:
- FINRA‘s Regulatory Tip Form;
- U.S. Securities and Exchange Commission's tips, complaints and referral system (TCRs) or by phone at (202) 551-4790;
- The Federal Bureau of Investigation's (FBI) tip line at 800-CALLFBI (225-5324), online at www.ic3.gov, or a local FBI office;
- For cybercrimes, the Internet Crime Compliant Center (IC3);
- Local state securities regulators; and
- For Identity Theft: Federal Trade Commission and Credit Bureaus.
FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments relating to COVID-19, which can be found on FINRA's COVID-19/Coronavirus Topic Page.