Scammers adapt well. The Covid-19 crisis has shown how quickly they are able to invent new scams and re-purpose old ones. Following his keynote speech at RiskConnect last year, we sat down with Steven Baker from the Better Business Bureau to find out about how scammers have profited from the pandemic, successful enforcement actions, and the importance of cooperation and education.
This article will be published in the upcoming RiskConnect 2020 Magazine.
Q: How have scams changed during the Covid-19 pandemic?
C. Steven Baker: The Coronavirus has created some new opportunities for the scammers. They haven’t let up at all. I’ve long said, even before the virus, scams mutate. Scammers adjust. They’re always trying new things, they’re innovative. The Covid-19 pandemic is something for them to take advantage of.
Consumer complaint numbers remain pretty consistent with one exception. In testimony before US Congress at the end of July 2020, the Federal Trade Commission (FTC) confirmed that it had received around 31,500 consumer complaints relating to Covid-19. These included complaints about the government’s economic impact payments, or so-called stimulus checks, and attempts by imposters to scam consumers out of their entitlement.
The US state of Washington has lost hundreds of millions of dollars to unemployment fraud. Through previous hacks, scammers had names and information of people, so they used those to apply for unemployment benefits in someone else’s name and had the money directed to an account which they controlled. I know the same sort of thing has happened in Canada.
I put that in the Baker Fraud Report. When they were developing their programs at US government, some of the US law enforcement saw that and it made them reconsider some of the way they were going to pay out those benefits. That’s why working together is really important on this.
A scammer may put a Covid twist on an existing scam. People are locked in and lonely, so there is more chance for romance fraud. A scammer might use the virus as a reason why they can’t meet in person.
Then there’s business e-mail compromise, where the e-mail looks like it’s coming from the boss, but it’s not coming from the boss’s regular company e-mail. The boss may be working from home and using a personal e-mail address, so it’s not as suspicious.
According to their testimony to Congress, the FTC has been monitoring the market for unsubstantiated health claims, robocalls, privacy and data security concerns, sham charities, online shopping fraud, phishing scams, work at home scams, credit scams, and fake mortgage and student loan relief schemes.
Q: What else has been happening while all eyes have been on Covid-19? Perhaps there have been significant news stories, trends, regulatory developments that have been crowded out of news coverage by Coronavirus, which RiskConnect delegates should be aware of?
C. Steven Baker: In January of this year, the US Department of Justice (DoJ) filed civil actions in two cases regarding robocalls. In a first-of-its-kind enforcement action, the DoJ alleged that five companies and three individuals were responsible for carrying hundreds of millions of fraudulent robocalls to American consumers. The calls, most of which originated in India, led to massive financial losses to elderly and vulnerable victims.
The calls used voice over internet protocol (VoIP) so were delivered via the internet rather than via the public switched telephone network. The DoJ figured that for these calls to get into the US phone system, they needed to transfer through a gateway carrier. These gave them access to the US phone system, but they were also spoofing the caller IDs so that the call looked like it was coming from somewhere else in the US. In addition, they were providing call-back numbers, so when they left voicemail messages, it looked like it was a US domestic call.
As a result of the action, complaints on robocalls have decreased substantially. They haven’t gone completely, but they’re down at least half during this pandemic. This only affects robocalls coming from outside the US. Robocalls coming from inside the US are probably not affected.
Crooks are smart. They will figure out how to adapt to it. If you look at complaints made in Canada, those have not gone down. If anything, those have gone up. It suggests that there is still the same amount of activity by the scammers, but they are having a harder time getting into the US phone system.
The FTC and Federal Communications Commission have been identifying other companies that act as gateway carriers and sending them warning letters against handling this sort of traffic. That’s a message that would be really useful for other countries to consider. This really does seem to be an effective enforcement strategy.
Q: As the world readjusts to living in lockdown, there has been much talk about the ‘new normal’. When it comes to fraud, scams and deceptive marketing practices that you’ve observed while compiling the Baker Fraud Report, to what extent will fraud and scams and efforts to counter them be similar ordifferent to the ‘old normal’?
C. Steven Baker: I think you’re going to have a full continuation of what we’ve seen in the past, with some new scams to be aware of, too. I would never believe how much fraud there is out there if I didn’t do it for a living!
One of the things we clearly all need is international cooperation, because the same frauds operate all over the world, but also education and intelligence.
The government agencies that collect consumers complaints — it’s easy to think of these just as complaints. But a better way is to think of them as intelligence. I like to read World War Two books. If you were an intelligence officer with the military, you gathered all available data on what’s going on. Where were all the units? Where were the enemy’s units? Which ones? And you used that to try and frame a picture of what was going on, who was behind it and how we could counter it. You need some intelligent and educated minds looking at consumer complaints for patterns and using it as intelligence, not just as raw data. You need more analysis of the fraud and more understanding of where it is.
The other group that needs more education is the local police. This is not their area for the most part. If I wander into a local police station and say that I’ve been ripped off in a romance fraud, it could be that they have no idea of what they are dealing with. They could provide more assistance to people or do some enforcement if they understood what they were dealing with.
It’s easy for law enforcement that doesn’t know how to deal with this to say that victims are dumb and it’s their own fault for being ripped off, but it’s not. These are professional criminal organizations. These scams are highly sophisticated and organized. It’s not just a couple of people sitting around a keyboard in a motel. These operations are controlled and coordinated. They have an organization and different people working together to make the frauds complete. I think that if we don’t look at it that way, we’re really missing the boat.