“Bad actors” haven’t sheltered in place, it seems.
So found the U.S. House of Representatives Committee on Financial Services, which met with experts this week to hear testimony on fraudulent acts, particularly in cybersecurity and financial schemes. The COVID-19 pandemic apparently has brought even more schemes to light, especially as people have moved online to do business, the committee found.
In fact, according the Federal Bureau of Investigation, the number of cybersecurity complaints has spiked to 4,000 a day from 1,000 complaints a day four months ago. And those four months’ worth of complaints are almost more than reported for all of 2019.
In addition, a May 2020 survey of financial institutions found 80% reported a 238% increase in cyberattacks compared to last year.
“The volume of attacks, as reported by many of the largest [financial institutions], moved across the globe towards the U.S. in line with the movement of the virus and continued to ebb and flow with the undulations of the COVID-19 news cycle,” according to the committee’s majority staff report.
Bad actors are taking advantage of the unusually large numbers of employees working remotely and “lax telework security practices,” the staff report found, which include weak passwords on home computers, poorly secured home Wi-Fi routers and family linking internet-connected devices. Malware, ransomware, man-in-the-middle attacks (cyber eavesdropping), phishing, business email compromise and cyber-supported fraud schemes continue to be ways these bad actors are attacking both home and business networks.
The committee also found that during the pandemic, cybercriminals have “modified” traditional scams to cash in on COVID-19 fears.
These scams are more likely to target senior citizens, lower-income communities and those who have been laid off or furloughed, the report found.
Especially relevant for advisors, a North American Securities Administrators Association task force was formed in April to help protect investors by “proactively disrupting, discouraging and deterring fraudulent or illegal activities of those seeking to exploit the coronavirus pandemic,” Christopher W. Gerold, NASAA president and chief of the New Jersey Bureau of Securities, stated Tuesday.
The association has opened 91 investment-related matters and have 54 active and open investigations, and are working to “preemptively” identify schemes using online investigative techniques to identify fraudulent websites or social media posts.
During testimony to the committee, Amanda Senn, Alabama Securities Commission chief deputy director and NASAA cybersecurity committee chair, said, “The pandemic coupled with dramatic volatility in the markets has brought loneliness due to social isolation and concerns for financial security. This is likely the reason that [we've] seen a significant uptick in the number of financial exploitation cases over the past two months.”
Many of the schemes revolve around cryptocurrencies or promote private offerings outside the stock market, as well as pitches that include the usual suspects: investment opportunities in oil and gas ventures, real estate, penny stocks, precious metals and foreign exchange markets.
Senn noted that state-registered investment advisors were “low-hanging fruit” for cybercriminals as about 75% of those are 1-2 person shops. This is especially worrisome as last year between January and June, state examiners found deficiencies relating to cybersecurity in 26% of examinations.
“These findings have spurred NASAA members to continue to focus on the importance of enhanced cybersecurity resources for state-registered advisors,” she said.
— Related on ThinkAdvisor: