NCUA issues risk alert on COVID-19 related fraud
NCUA issued a risk alert (20-RISK-02) highlighting the risk of fraud associated with the COVID-19 pandemic. Scammers are attempting to take advantage of opportunities made possible through new or expanded large government programs arising from emergency situations, such as the CARES Act.
According to NCUA, the alert is intended to describe increased risks associated with routine operations, outlines red flags associated with common fraud schemes in major CARES Act programs, provides references and avenues to report fraud or misconduct to the most appropriate authorities, and also provides member education resources.
Common fraud schemes include:
- Financial institution fraud, including new account fraud, identity theft, cybersecurity risks, imposter and money mule schemes, and mobile banking application fraud are on the rise because of the predominately virtual environment, and the significant shift towards remote access;
- Small Business Administration loan fraud, related to Paycheck Protection Program (PPP) and Economic Injury Disaster Loans. Common red flags include:
- PPP applications with manipulated or fraudulent supporting documentation or in different names that contain nearly identical application information and supporting documentation, and originate from the same Internet Protocol (IP) address;
- Fake businesses established during the pandemic that do not have an internet presence, and have minor differences between names on the application documents and public business registration documents;
- New accounts created for the sole purpose of applying or receiving SBA funds;
- After loan advances or proceeds are deposited into an account, funds are immediately withdrawn in cash, wired out, transferred to an investment account, used to purchase luxury assets not associated with typical business-related expenses, or used to start an entirely new business.
- Business tax credits fraud, which can include:
- U.S. Treasury check deposits while receiving loan proceeds from SBA programs. Businesses are only allowed to take advantage of the Employee Retention Credit or the PPP program. They may not take advantage of both programs;
- Inflated wages or numbers of employees to increase the amount of tax credits or advances received through a U.S. Treasury check.
- U.S. Treasury check deposits into accounts with no indication of business or payroll activity or used to pay personal expenses.
- Unemployment insurance fraud, which can include:
- An account receiving unemployment insurance benefits from another state without a reasonable explanation, or from multiple other states other than where the individual resides;
- An account receiving unemployment insurance benefits on behalf of multiple individuals;
- New or established accounts are opened, but they lack transactional activity but are then used to collect unemployment insurance benefits;
- Imposter schemes, where a fraudster poses as an official entity to defraud victims;
- Money mules, where an individual knowingly or unknowingly obtains money on behalf of, or at the direction of, someone else to improperly obtain unemployment insurance benefits.
NCUA will continue to issue updated information as it becomes available.
The agency also encourages credit unions to share fraud prevention and financial literacy resources with their members.