FBI: Fraudsters Targeting Medical Equipment PurchasersScammers Try to Capitalize on COVID-19 Pandemic to Steal Money
Fraudsters waging business email compromise schemes are attempting to steal money from state agencies and healthcare providers that are buying medical equipment and supplies to combat the COVID-19 pandemic, the FBI warns.
Shortages of personal protective gear, such as masks and gloves; medical equipment, such as ventilators; and other critical supplies are a growing problem as healthcare providers treat those with the COVID-19 virus.
Since the start of the COVID-19 pandemic earlier this year, the FBI and other law enforcement agencies have warned of an increase in phishing and malware attacks attempting to take advantage of the crisis. And over the last month, BEC schemes have begun targeting organizations as well, the bureau says (see: FBI: COVID-19-Themed Business Email Compromise Scams Surge)
In the alert issued Monday, the FBI says agents have received an increasing number of reports about state agencies and healthcare providers ordering life-saving equipment, such as ventilators and personal protective gear, only to have fraudsters attempt to change invoices and transfer money to other bank accounts. The fraudsters seem to be operating in the U.S. and other nations, according to the alert.
The Latest Scams
In many BEC scams, fraudsters spoof the emails of executives within an organization to trick lower-level employees into making changes to invoices and other documents, typically changing bank account or invoice numbers in order to transfer funds to accounts that the scammers control.
While the FBI did not provide specifics as part of its latest alert, the agency notes that several of the scams targeting medical equipment purchases contain the hallmarks of BEC fraud. The FBI also warned of schemes where fraudsters, posing as legitimate sellers, ask for an up-front fee for the procurement of equipment.
"By the time the purchasing agencies became suspicious of the transactions, much of the funds had been transferred outside the reach of U.S. law enforcement and were unrecoverable," according to the FBI's alert concerning BEC scams.
To avoid some of the pitfalls of BEC schemes, the FBI advises that state agencies and healthcare providers need to verify claims made in emails that appear to be from equipment sellers. The FBI also recommends that buyers route payments through a domestic escrow account to be released to the seller when the product is delivered.
BEC scams, which are also called CFO fraud or account takeover fraud, have increased over the last two years as the fraudsters have gotten better at spoofing emails and taking advantage of current events to conceal their activities.
In its latest Internet Crime Report released in February, the FBI notes that it received nearly 24,000 complaints about BEC scams in 2019, with a total loss of $1.7 billion (see: FBI: BEC Losses Totaled $1.7 Billion in 2019).
Law enforcement and cybersecurity agencies in the U.S. and U.K. recently noted they’ve seen an increase use of COVID-19 themes in phishing emails and efforts to distribute malware (see: UK and US Security Agencies Sound COVID-19 Threat Alert)
Security researchers have warned that fraudsters have become adept at spoofing emails that appear to originate with agencies such as the World Health Organization and the U.S. Centers for Disease Control and Prevention and offer messages and updates about COVID-19. These phishing emails contain malicious links or attachments (see: COVID-19 Phishing Schemes Escalate; FBI Issues Warning).
In a report posted Monday, the U.S. Federal Trade Commission says that that between Jan. 1 and April 12, the commission received more than 16,700 complaints of fraud related to COVID-19 with losses totaling nearly $13 million.