COVID-19: How to prevent the global pandemic from becoming a fraud pandemic

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.
  • Fraud is often at its most virulent during downturns and crises — both of which we’re experiencing with the COVID-19 pandemic.
  • Prepare for various fraud scenarios in different industries.
  • From protection to detection: Learn the five key steps every organization must take.

Issues arising from COVID-19

The COVID-19 pandemic has already impacted virtually every segment of business and personal life across the globe, on a trajectory that’s still running an unpredictable course. And the effects of the outbreak aren’t going away soon. In a PwC survey of CFOs released on April 13, 2020, only six in 10 said they expected their business would be back to normal within three months if COVID-19 were to end immediately — down from nine in 10 only four weeks prior. 

As leaders focus on stabilizing their businesses, they should consider how fraud’s tentacles might penetrate their ecosystem, and strategize how to prepare for the disruption it brings — so they might emerge stronger on the other side.

Fraud is often at its most virulent during downturns and crises, when pressures on people, companies and the economy are greatest — pressures that motivate fraudsters to act. Disturbances in normal business processes, controls and working conditions give malicious actors opportunities to commit fraud, while the chaos and uncertainty of the crisis enable many to rationalize bad behavior that might otherwise have been checked by ethical codes. 

There are specific steps that company leaders can take to anticipate and reduce fraud right now. It starts with understanding the key fraud scenarios that are threatening different areas of your organization. 

Today’s fraud scenarios

Staying a step ahead of fraudsters can help you minimize the potential damage. We know that fraudsters as a rule seek to take advantage of disruption, vulnerability and uncertainty — including the large-scale migration to working from home and the massive shift in consumer spending to digital channels. Bad actors can attack any layer of an organization, exploiting structural disjunctions through cyber attacks, or leveraging human confusion and anxiety through business email compromise (BEC) and phishing attacks.

Here are some of the fraud scenarios we are seeing right now, which are likely to flourish over the coming months — and possibly well beyond the pandemic:

1. Fraud risks your customers may experience

  • Emails containing hidden malware or links to phishing sites disguised as COVID-related information or government communications regarding the CARES Act and/or the Economic Impact Payment. These are then used to harvest credentials, personal information and other sensitive data — leading to new account fraud, account takeover and credit card fraud.

  • Fake charitable solicitations using fabricated situations to generate revenue, often on crowdfunding platforms 

  • Rise in employment scams leading to increased identity theft-related fraud and “mule account” activity

  • Specific to the commercial banking industry, intensified payment fraud due to an increase in targeted scams toward finance and treasury departments (e.g., business and vendor email compromise) related to COVID-19 testing kits, medical supplies, vaccines and cures 

  • Securities “pump and dump” schemes (where fraudsters buy microcap stocks, spread positive misinformation about the company to pump up the stock price, then unload their purchase) occurring in customer trading accounts

  • Government relief payments (through the CARES Act), creating opportunities for check, ACH and card disbursement fraud

2. Fraud risks your organization may experience

  • Increase in phishing and BEC disguised as government announcements, including links to items of interest, such as “updated cases of the coronavirus near you.” While the landing pages for these links may look legitimate, the sites are often malicious and may be designed to steal email credentials.

  • Vendor account takeover fraud, whereby fraudsters update vendor payment details through payment portals to divert outgoing payments intended for vendors 

  • Increased fraud perpetrated by vendors, such as quality-related fraud, whereby vendors provide substandard materials that are not as originally described

  • Vendors fraudulently invoking a force majeure clause to get out of a contract

  • Internal fraud, including asset misappropriation through creation of fictitious vendor accounts, and/or theft of sensitive customer information, rationalized by hard times or retaliation against the organization

3. Operational risks your organization may experience

  • Fraud teams operating below capacity due to absenteeism, leading to backlogs of unattended alerts that can result in fraud losses and/or regulatory compliance risk 

  • Shifting customer behaviors changing the “baseline” for what’s normal, leading to misaligned fraud detection models and increased false positives and false negatives

  • Upsurge in customer service claims and card payment chargebacks due to the economic environment, further increasing pressure on stretched fraud operations teams

4. Financial reporting fraud risk

  • Financial fraud, a “big bath” technique used by listed companies to overestimate the impact of the virus in order to show an artificially positive impact on future profits 

  • Changes to procedures and controls create windows of opportunity, while layoffs and financial pressures increase the ability to rationalize bad conduct. These conditions may lead to an increase in asset misappropriation, earnings management, collusion or other improper conduct.

Top potential frauds by industry

Financial Services As more businesses and consumers move toward e-commerce and the economy continues its sharp contraction, expect a spike in first- and third-party new-account fraud, account takeovers, false chargebacks, credit bust-outs, false insurance claims and more. Consumer and commercial account holders will be vulnerable to the increase in scams, including BEC, medical equipment fraud, and “pump and dump.” Elderly customers may be especially vulnerable.
Consumer Markets While brick-and-mortar retail traffic is down, online traffic has surged, and in some cases, grown exponentially — and with it, digital/online/e-commerce fraud. Phishing scams related to COVID-19 increase availability of stolen credentials and sensitive data, increasing new-account fraud, account takeover, gift card and credit card fraud. Buyer-seller marketplaces can expect a flood of counterfeit goods that feed on public panic behavior.
Manufacturing With supply chains, inventories — and livelihoods — under pressure, expect to see an uptick in frauds such as misappropriation (e.g., stolen raw materials), bribery and kickbacks (e.g., convincing suppliers to favor one business over another for in-demand goods), and quality-related frauds (e.g., use of substandard materials). Suppliers may also be subject to financial instability, leading to risk of internal fraud at the supplier that impacts its customers.
Healthcare At the epicenter of the COVID-19 crisis — and coping with a surge of patients and critical shortages of providers, supplies and equipment — the healthcare industry is vulnerable to both revenue leakage and a variety of frauds, including false claims, false services, price gouging, conflicts of interest, supplier fraud related to medical equipment, cyber attacks and misappropriation.
“Upside companies” Some companies are experiencing a counter-boom from today’s economic calamity, including online retailers, tech companies that support virtual/remote operations, logistics providers and delivery providers. For all their sudden success, they may not be well-positioned to detect the increase in fraud exposure and risk they will face.

Five steps to better preparedness in the time of COVID-19

1. Prepare for extended remote working

Most businesses must maintain critical operations despite the challenges of office closures, social distancing and travel restrictions. The answer for many has been to transition very quickly to a remote workforce, using scalable remote access technology. You need to provide your workforce with secure access to critical assets and applications to do their job effectively, while being alert to the additional threats of remote access. Integrate a strong security and privacy foundation so you can focus on maintaining critical business operations without exposing yourself to fraud or compliance issues.

View more

2. Educate your workforce on threats

Your employees are your first line of defense. Times of stress call for reinforcing your code of ethics and rules — and reassuring workers of their value as anti-fraud partners. Double down on educating them about social engineering and email attack techniques. And if they are working remotely, make sure your people know what behavior is expected of them, and what resources are available to support them.

View more

3. Communicate across your entire stakeholder group

Don’t stop with your employees. From your board, shareholders, business partners and regulators to the general public, it is critical to confirm all your relevant stakeholders are kept aware of perceived risks, prevention strategies and contingency plans — as soon and as specifically as possible. When asked in a recent PwC survey to name their area of greatest vulnerability in a serious crisis, nearly one in four US executives (23%) pointed to their communications with external stakeholders, with another one in six (17%) citing communications with internal stakeholders.

View more

4. Keep an eye on your extended business partner network

Vendors, third parties and other business partners can be a stress point for fraud. Can you identify and account for all your key third parties? How well-positioned are they to continue to support your fraud management efforts in a time of crisis? Are they financially strong enough to weather this storm? Can they provide ongoing maintenance and emergency response? And, if they can’t, do you have an alternative provider who can step in?

View more

5. Sharpen your fraud detection

Frauds of a transactional nature — like customer fraud, cyber attacks and misappropriation — can be detected using fraud detection technologies that leverage advanced analytics. Yet, according to our latest fraud survey, only half of US companies are using fraud detection tools. Fewer than four in 10 are using powerful techniques such as AI and machine learning. Those are staggering statistics when you consider the magnitude of fraud threat every organization faces. 

These tools have a clear ROI and offer a relatively cost-effective opportunity to upgrade your defenses when it’s most needed. The changes in transactional patterns we are seeing with COVID-19, such as the shift to e-commerce, also mean that existing fraud detection models will require recalibration to realign with the “new normal.” Recalibration can reduce the amount of false positive fraud alerts and increase the effectiveness of your fraud detection program.

View more

Tackling fraud is a discipline

The key to navigating this crisis is to treat it not as a fraud-risk calamity but as a discipline — in flexibility, preparedness and responsiveness. So, as you monitor the shifting dynamics, behaviors and fraud impact of the COVID-19 pandemic, be prepared to build your capabilities, invest strategically and adjust your response continuously.

The companies that emerge stronger from the challenge can use it as a springboard to better prepare their teams, technologies and plans for the fraud risks of the future — whatever that future may hold.

Contact us

Brian Castelli

Partner, PwC US

Sandra Maria T Parrado

Partner, PwC US

Kristin Rivera

Partner, Global Forensics Leader, Global Crisis Consulting Leader, PwC US

Charles R. Hacker

Partner, PwC US

Sean Joyce

Global and US Cybersecurity, Privacy & Forensics Leader, PwC US

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US