Lawmakers combat flood of COVID cyber fraud
Congress has put forward a number of bills designed to address cyber fraud during and after the pandemic.
Nearly 50 million Americans have filed COVID-19-related complaints with the Federal Trade Commission, and the number of daily complaints to the FBI’s Internet Crime Complaint Center has more than tripled over the past four months, according to FBI Deputy Assistant Director Tonya Ugoretz.
Among the explosion of coronavirus-themed scams, cybercriminals are leveraging the pandemic as bait in phishing and extortion schemes, taking particular advantage of the federal government and states’ move to disperse hundreds of billions of dollars in relief funds to individuals and businesses.
Lawmakers have put forward a number of bills designed to address cyber fraud during and after the pandemic:
- The Internet Fraud Prevention Act would require the FBI, Federal Trade Commission and Federal Reserve to study and report on business email compromise. (The FBI already issues public reports on the subject.)
- The COVID-19 Restitution Assistance Fund for Victims of Securities Violation Act would provide individuals up to $50,000 in restitution if they are victims of securities fraud related to the coronavirus.
- The Senior Investor Pandemic Fraud Protection Act would create a new grant program for states to protect senior citizens and other vulnerable adults from COVID-related fraud.
- The S. Secret Service Mission Improvement and Realignment Act would move the U.S. Secret Service -- which investigates financial crimes -- back to the Department of Treasury, to better combat cybercrime and counterfeit currency.
At a June 16 House Financial Services hearing, VMWare Head of Cybersecurity Tom Kellerman urged the Senate to pass existing House legislation that would increase information-sharing efforts between law enforcement, financial institutions and financial regulators.
Kellerman also suggested other legislative proposals, like pushing the Financial Stability Oversight Council to develop a framework for regulating digital currencies, modernizing money laundering and forfeiture regulations to include cryptocurrencies and digital payments and establishing tax credits for fintech companies that dedicate at least 10% of their IT budgets to cybersecurity.
"The cybercrime community has educated themselves as to the interdependencies that exist in the financial sector, and they've begun to commandeer these very interdependencies to manifest criminal conspiracies," Kellerman told the committee.
Kelvin Coleman, Executive Director of the National Cybersecurity Alliance, said that both victims and threat actors are recognizing the value of partnerships. Threat intelligence firms are increasingly finding evidence that ransomware actors and other hacking groups are working together to compromise a broader set of organizations while sharing in the profits. Coleman recommended "game-changing investments" from Congress into cybersecurity awareness and education campaigns to counter those kinds of efforts.
"Bad actors are communicating, bad actors are coordinating, why shouldn't the good guys?" Coleman asked.
This article was first posted to FCW, a sibling site to GCN.