FinCEN Issues Advisory on Cybercrime and Cyber-Enabled Crime Exploiting COVID-19

05 August 2020 Coronavirus Resource Center:Back to Business Blog
Authors: Lewis Zirogiannis Pamela L. Johnston Lisa M. Noller David W. Simon Christopher Swift

On July 30, 2020, the Financial Crimes Enforcement Network (FinCEN) issued an advisory alerting financial institutions to potential indicators of cybercrime and cyber-enabled crime observed during the COVID-19 pandemic. The advisory – based on FinCEN’s analysis of Bank Secrecy Act (BSA) data, open source reporting, and law enforcement reports – describes COVID-19-related malicious cyber activity and scams, red flag indicators, and directions for reporting suspicious activity. The purpose of the advisory is to help financial institutions and their customers protect legitimate relief efforts for the COVID-19 pandemic against cyber criminals and malicious state actors.

What Does This Mean for Me?

With the increase in fraudulent schemes and cybercrime related to the COVID-19 pandemic, this is a good time to evaluate your AML/BSA and fraud-related compliance programs – including internal due diligence processes, training materials, and reporting procedures – to verify that your program is up to date and takes into account the risks and red flags identified in the advisory. Government agencies repeatedly have warned since March that now is not the time to throttle back on compliance and, when it comes to proprietary data, all companies should tailor their compliance efforts and resources to implement or upgrade proactive protection measures.

Risks and Red Flags

FinCEN’s advisory identifies the primary means by which cybercriminals and malicious state actors are exploiting the current COVID-19 pandemic. These include:

  • Exploitation of remote applications: schemes targeting vulnerabilities in remote applications and virtual environments to steal sensitive information and disrupt business operations. These risks include digitally manipulating identity documentation in order to undermine online verification processes and leveraging compromised login credentials across numerous customer accounts.


  • Malware phishing schemes and extortion: schemes targeting health care and pharmaceutical providers with offers related to COVID-19 information and supplies. The scams appear to originate from legitimate sources and seek to collect personal and financial data, and to potentially infect target devices by convincing the target to download malicious programs including ransomware in an effort to extort the target to gain access to its own systems.


  • Business email compromise (BEC) fraud schemes: schemes targeting municipalities and the health care industry supply chain that involve cyber criminals convincing companies to redirect payments to new accounts, claiming account modifications are due to pandemic-related changes to business operations.

The advisory lists 20 red flag indicators across these three risk areas and instructs financial institutions to consider these red flags in addition to the context and factual circumstances of a specific transaction, prior to determining whether a transaction is suspicious or indicative of a potential fraudulent-related COVID-19 transaction. These factors include a customer’s historical financial activity, whether the transaction is in line with prevailing business practice, and whether a customer exhibits multiple red flag indicators. The advisory covers a wide range of red flag indicators, including, but not limited to, name changes between government-issued identification and customer account opening information, issues with images on government-issued identification, customer login irregularities, and changes to known customer email addresses. A full list of red flag indicators, per risk area, is included in the FinCen advisory.

Suspicious Activity Reporting

Lastly, the advisory provides information on how to properly file a Suspicious Activity Report (SAR) identifying potential cybercrime and cyber-enabled crime related to the COVID-19 pandemic. The advisory instructs the following:

  • Include the key term “COVID19-CYBER FIN-20-A005” on the SAR form, field 2, to indicate a connection between the suspicious activity and the activities set forth above;


  • Mark all appropriate check boxes on the SAR form to indicate a connection between COVID-19 and the suspicious activity being reported;


  • Include any relevant technical cyber indicators related to cyber events in a SAR within the available structured cyber event fields; and


  • For cyber-enable crime involving COVID-19 related fraud, select SAR field 34z (Fraud – other) as the suspicious activity type and include the type of scheme as a keyword (i.e., COVID-19 BEC Fraud).
This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.