< Back to News

Combating New Opportunities for Corporate Fraud During COVID-19 Outbreak

As the term “social distancing” has burst into our daily vocabulary, we are in a new territory of conducting daily business through remote working situations. While this taught us new lessons in creative adaptation, it has also created fresh opportunities for corporate fraud. Protecting yourself, your company, and your employees from these new fraud threats during the COVID-19 outbreak is essential.

Business Email Compromise Attacks

On March 3, 2020, the FBI issued a Private Industry Notification warning companies that fraudsters were abusing the Microsoft Office 365 and Google G Suite platforms as part of widespread Business Email Compromise (BEC) attacks. The rapid and extensive shift to a remote-based workforce has created a prime opportunity for BEC and other social engineering attacks. In these types of schemes, fraudsters pose as someone from within the victim’s company and request sensitive business or personal information.

For example, a fake HR Director may contact an employee instructing them to forward employee W-2s. While the request may be unusual, today’s circumstances are far from ordinary. It is entirely plausible that your company’s HR Director, who does not have access to information located in your now closed, requests the information directly. Because they hide behind a mask of legitimacy, these fraudulent requests have high rates of success.

To combat BEC and Social Engineering attacks:

  • Be wary of unusual requests and confirm the source of the request through a different media than the request was received. For instance, if the request was received via email, confirm the request through a phone call, SMS, or direct message.
  • Never transfer personal data or sensitive business information to someone you don’t know, even if they appear to be from within your organization.
  • Be sure an appropriate protocol is in place for transferring sensitive information outside your organization, that your employees are aware of the protocol, and that it is consistently followed.

Employee Fraud

Unfortunately, fraud doesn’t exclusively emerge from the outside of an organization. When management and other key departments are busy navigating a pandemic, things like internal controls and anti-fraud efforts often take a back seat. While understandable, these refocused priorities make the organization increasingly vulnerable to attacks from within. When the perception of possible detection decreases within an organization, some employees may be tempted to take advantage when the normal watchdogs are visibly distracted and/or very likely overwhelmed. Remember the fraud triangle: pressure, opportunity and rationalization all tend to increase dramatically in times of uncertainty and unrest.

To combat attacks from within:

  • Be sure your organization’s internal controls, policies and procedures are being followed and even enhanced during times of distress.
  • Elevate potential fraudsters’ perception of possible detection by communicating to everyone within the organization that management is being more vigilant in remote-working situations.

COVID-19 and our efforts to fight infection through remote-working arrangements will be a reality for the foreseeable future. With fraudsters working overtime to develop new ways to take advantage of this crisis, we must remain informed and vigilant in our anti-fraud efforts.

While we may not always control what is happening around us, we can—and in fact we must—manage our reactions to it. As always, the team at GLEASON is here to help you manage the fraud risks that your organization may face today and every day. We will get through this together.

For more information about GLEASON’s forensic accounting and fraud mitigation/detection experience and expertise, please visit read more here.