Coronavirus Fraud: A GC's Guide to Potential Schemes
Fear and confusion create a climate ripe for fraud. And global companies with deep pockets are prime targets. Here are some potential schemes in house counsel should prepare for.
February 28, 2020 at 09:43 AM
5 minute read
As COVID-19 has spread beyond China, capturing news headlines and shaking financial markets, companies have put together action plans to address the impact of the epidemic on their business—focusing on areas ranging from supply chain management to employee safety. Recently, the U.S. Center for Disease Control confirmed that, as many companies had forecasted, the virus reached U.S. shores, causing additional business and market disruption (try to find hand sanitizer or a N95 rated mask at the local grocery store).
Companies with effective risk management processes are making preparations to address how the virus will impact their business ecosystem. But corporate leaders aren't the only ones making preparations. Global criminal organizations continually scour the news for potential fraud schemes. Fear and confusion create a climate ripe for fraud. And global companies with deep pockets are prime targets. Here are some potential schemes in house counsel should prepare for.
|Corporate IT Systems/Electronic Intrusion/Compromise
In house lawyers should be on the lookout for communications (e.g., emails or texts) that seek to dupe employees and contain phishing or exploitation content. The communication may say something about COVID-19 and then request employees to take specific actions.
Here are some examples:
- "Your office location is closed, please remote in today (see hyperlink)."
- "Because of COVID-19, payroll is making adjustments and we need to update account information (see hyperlink)."
- "All employees are asked to sign in (see hyperlink) and update their wellness status."
- "Relief donations are being solicited (see hyperlink)."
There are endless variations of this low-tech phishing effort, but the result is the same: leverage news media and employee awareness of the virus and insert the fraud scheme into the company's effort to remediate the impact on the company. The result of this exercise is collecting useful data from the employee that can be used for fraudulent purposes (personal identification information, account details, and other sensitive corporate data).
Sophisticated criminals may use social media platforms such as LinkedIn or Facebook to add social engineering elements to the scheme. They may know who employees are "connected" with and what type of things they post about. Enter a random employee in LinkedIn and the site also pulls up other LinkedIn users commonly viewed by whoever looked at the employee. All of this data maybe useful for fraudsters.
|Counterfeit Products
Fear creates supply shortages. In Houston this week, stores were selling out of water and hand sanitizer. If you want a N95 rated mask, forget it. Criminals will see another opportunity here to step in with counterfeit or defective products. Potential fake products include safety masks, vaccines, safety, prevention and detection products, and cleaning or sanitation products.
This effort can target victims within and outside a company, but company employees should be aware that when there are supply shortages or crises, criminal organizations will try to sell counterfeit items that at best may be ineffective, or at worst, harmful to use.
|Fake Solicitations
Fake charity schemes may come in the form of a phishing scheme or a more sophisticated fake charity operation with efforts targeting employees and soliciting donations for sick employees, family members, or other victims in different countries. Anytime there is a crisis, fraudulent charities immediately spring into action.
|Platform Consumer Fraud Risk
If your business serves as a platform for consumers that maybe victimized by COVID-19-related fraud schemes, the U.S. government scrutinizes companies that have benefitted from fraud schemes—asking about their controls and compliance processes to prevent fraud and mitigate known risks. Any company with consumer risk should have a consumer fraud compliance program to address the risks. COVID-19 will provide a different narrative for criminals to perpetrate fraud across different platforms. Companies with this core risk to their business should assess their existing controls and whether the COVID-19 narrative enhances their risk (and, if so, how they can mitigate this enhanced risk).
The threats to companies posed by criminal organizations has not changed in the past few decades. Criminals have responded to globalization and digitization with different schemes that leverage the tools companies use to operate (e.g., communication platforms, global financial intuitions), but the goal has always been to take as much money from corporate victims as they can. The challenge for good corporate governance and the leadership team is to educate employees on this risk and develop good governance and compliance frameworks to protect the business and its stakeholders.
Ryan McConnell and Matthew Boyden are lawyers at R. McConnell Group, a compliance and investigations/criminal defense boutique law firm in Houston Texas. McConnell and Boyden are also both former federal prosecutors with collective experience that includes thousands of complex white-collar investigations. McConnell is a former assistant U.S. Attorney in Houston who has taught criminal procedure and corporate compliance at the University of Houston Law Center. Boyden spent 20 years as a Postal Inspector before joining the U.S. Attorney's Office and is a recognized international expert in business email compromise and payment diversion techniques. He has significant experience investigating cases involving the "dark web," cryptocurrency, and energy sector matters. Send column ideas to [email protected]. Follow the firm on Twitter at @rmcconnellgroup.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250