Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Preventing Paycheck Protection Program Loan Scams

Posted on by

The COVID-19 pandemic and subsequent shutdowns have meant perilous times for small businesses across the country, with many shutting down temporarily or even permanently. As part of the U.S. government’s efforts to forestall bankruptcies and layoffs, Congress allocated hundreds of billions of dollars for the Paycheck Protection Program (PPP). Small businesses can apply for loans from the U.S. Small Business Association (SBA), which the SBA will forgive if the receiving business meets certain criteria, like “if all of the company’s employees are kept on the payroll for eight weeks and the money from the loan is used to pay for rent, mortgage interest, utilities or payroll.”

The program has helped many businesses, but also left many stranded and desperate when they could not qualify for the loans. According to the Wall Street Journal, as of this week, the government has disbursed “4.6 million loans worth more than $513 billion.” But some businesses were forced to return the funds when they discovered they could not open soon enough to meet the eight-week deadline, and some did not even bother applying because they did not meet the criteria. The program has also faced criticism for not providing enough funds, and when larger and/or publicly traded companies (like restaurant chain Ruth’s Chris) received loans.

As with many other government programs that award payouts and may have confusing or labyrinthine application and approval processes (such as Social Security payments or tax refunds), scammers have targeted desperate businesses trying to access PPP funds. Online identity verification service Social Catfish recently published guidelines for avoiding PPP-related scams that small businesses are facing, including phishing and robocall scams.

As Risk Management recently reported, phishing scams—in which criminals use fraudulent emails to trick users into clicking malicious links or divulging sensitive personal information—have proliferated since the start of the COVID-19 pandemic, often specifically targeting pandemic-related concerns. According to Social Catfish, online scammers have been using emails posing as the SBA inviting the recipient to apply for a PPP loan, then installing malware or stealing any information provided. With this information, scammers can then pose as a business to apply for loans or steal funds.

Scammers may also try to contact businesses by phone, either in person or by robocall, asking for confidential information or demanding a fee for their PPP application, even promising faster processing after the payment. Similar to the IRS, the SBA does not call PPP applicants for information, and there are no fees associated with PPP applications. Businesses applying for PPP loans may also encounter fake companies claiming that they facilitate applications, which scammers then use to steal the confidential information victims provide.

 To avoid being scammed, Social Catfish recommended that businesses interested in applying for PPP loans do their due diligence by following the steps below:

  • Don’t pay for a PPP Loan application. The SBA doesn’t require payment to fill out and submit a PPP Loan application. If someone is charging you to fill out an application, chances are its a scam.
  • Don’t give your information in response to any suspicious email, text, or phone call. The SBA will not email you out of the blue to fill out a PPP Loan application. If someone is emailing you out of the blue to fill out an application and to give them your information, chances are they are trying to scam you.
  • Verify the lender before applying for the loan. Only lenders approved by the SBA can administer PPP Loans. To find out if the lender you are applying with is approved to distribute PPP Loans, click here.
  • Don’t click on links in emails. The links in the emails are often filled with viruses and malware that will infect your computer and steal your personal information. They also spoof the application so that you’ll have to give out your personal or business’ confidential information.
  • Don’t reply back to any text or email you don’t know. Replying back to them with your personal or company’s confidential information may lead to you getting scammed. The SBA will not email you encouraging you to apply for the loan, you would have to look for the loan yourself.

Black Lives Matter: Taking Action on Diversity and Inclusion

Posted on by

As protesters across the United States call out systemic racism and police violence against Black people, and Pride Month honoring the LGBTQ+ community begins, diversity and inclusion issues are—and should be—drawing headlines and dominating conversations around the world.

RIMS CEO Mary Roth and 2020 President Laura Langone released a statement Friday saying:

“To the Black members of our community, we cannot fully appreciate how pained you must be by not only this most recent act—but by all acts that reflect bigotry and hatred in our nations’ communities. What we can do is accept the responsibility to ensure that RIMS community reflects something different. Let us be clear: RIMS does not tolerate any form of racism or discrimination in our global community. And we will always look for ways to improve.”

The editors of Risk Management and the Risk Management Monitor echo this message and stand with our Black colleagues, RIMS members and the Black community at large.

As we all look to support, advocate, learn and do better, we have compiled a list of resources to help, including industry advocacy groups for Black risk and insurance professionals, as well as resources for strengthening your organization’s policies, procedures and diversity and inclusion programs. You can also review selections from our previous coverage of diversity and inclusion below:

Industry Advocacy Groups and Research

National African American Insurance Association (NAAIA)

International Association of Black Actuaries

REPORT: The Journey of African American Insurance Professionals, from Marsh and NAAIA

For public sector risk professionals:

The Government Alliance on Race and Equity (GARE)

National Forum for Black Public Administrators

From ICMA, the association for professional city and county managers: WEBINAR: Sharpening the Focus on Social Equity to Make Strategic Budget Decisions

ARTICLE: Silence Is Complicity: Can White America Demonstrate that Black Lives Matter?

Diversity and Inclusion Resources

Global Diversity and Inclusion Benchmarks, Standards for Organizations Around the World, from the Centre for Global Inclusion

The Diversity & Inclusion Revolution, Eight Powerful Truths, from Deloitte

Corporate Equality Index, from the Human Rights Campaign

Previous Risk Management Coverage on Bias, Diversity and Inclusion

Beyond Pride: Building Strong Diversity and Inclusion Programs

Pale, Stale & Male: Does Board Diversity Matter?

The Benefits of Diversity & Inclusion Initiatives

Getting Serious About ESG Risks

Why Cultivating and Maintaining a Diverse Workforce Is Important

Activists Against Insurers

Earth Day 2020: What Does Climate Change Mean for Risk Management?

Posted on by

On Earth Day 2020, risk professionals can reflect on ways to protect both the environment and their businesses. Worldwide, climate change poses countless risks, including increasing the frequency and magnitude of natural disasters, reducing access to resources and disrupting supply chains.

To celebrate Earth Day and help risk management professionals address environmental risks and climate change, here is a roundup of some of our coverage from the past year about these critical topics:

From Risk Management Magazine:

Aligning Sustainability and Risk Management: A collaborative approach between sustainability and ERM can best drive real change.

Taking Action on Climate Change: As the potentially devastating impacts of climate change become clear, risk managers must assess the resulting risk exposures and ­opportunities for their companies.

Insurers Divest from Coal Over Climate Risks: Insurers are pulling coverage and investments related to the mining and use of coal.

Will Climate Change Impact Reinsurance Rates?: As natural disaster losses mount, the reinsurance response could spur action on climate change.

Getting Serious About ESG Risks: Investors are increasingly scrutinizing environmental, social and governance activity.

From the Risk Management Monitor blog:

Venice Sees Near-Record Flooding: The city of Venice, Italy, faced the worst flooding of its famous canals since the devastating floods of 1966, suffering major economic impacts.

Catastrophic Floods More Frequent in 2019: Major flooding has become a normal occurrence for many regions of the country, and by all indications, it is becoming worse each year.

Global Heat Waves Signal Climate Risks: The pattern of dangerous heat waves has become a yearly occurrence across the globe. 

Texas Study Shows Business Impact of Major Storms: The large storms hitting the coast of Texas are having serious impacts on industries across the state and country.

Limit Organizational Exposure During the Polar Vortex: Tips for protecting businesses during the frigid weather phenomenon.

Spotting Coronavirus-Related Phishing Emails

Posted on by

Amid widespread public concern and constantly evolving news about the COVID-19 pandemic, cybercriminals are finding new fodder for phishing campaigns. With the eagerness for new information about the coronavirus outbreak, distraction during disruption, and the disorienting shift to remote work for many, employees may be particularly susceptible to falling for these schemes right now.

Some of these phishing emails play off companies having employees work from home to launch credential-stealing attacks. Such phishing campaigns may impersonate IT teams or may direct recipients to fake login pages to access work networks or accounts remotely. See the screenshot at right for an example. Email security firm Mimecast’s Threat Intel team reported seeing over 300 examples of such a campaign using a fake OneDrive login.

“We see that threat actors are keeping up with the daily developments concerning the coronavirus,” said Mimecast’s Threat Intel team. “As the pandemic continues to spread and more and more people are made to work from home, we are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page. Threat actors are actively utilizing this pandemic to attempt to compromise individual’s accounts and organization’s networks. The potential for human error will inevitably increase in the coming weeks and we expect to see more of these phishing attempts in the coming days and weeks.”

Other phishing scams purport to be new updates from government authorities or public health organizations, directing recipients to click malicious links for updates on the spread of the COVID-19 pandemic, new containment measures ordered by governments, or local advisories. Last month, the World Health Organization warned that some criminals were spoofing WHO officials to send fraudulent emails, and Kaspersky Labs reportedly found emails spoofing the CDC asking for Bitcoin donations to help fund a coronavirus vaccine. Some other phishing emails include malicious attachments purporting to be tips for protecting yourself from the coronavirus or maps of the outbreak, for example, but actually contain malware.

“We are living in a heightened time of cyberrisk,” said David Simpson, Virginia Tech professor and former chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau. “Cybercriminals will take advantage of public fear and due diligence health measures to generate coronavirus-themed phishing attacks. We should be aware of unsolicited COVID-19 emails with specious links or attachments.”

To help employees detect these scams, check out the following infographic from Cofense’s Phishing Defense Center for tips on spotting coronavirus-related phishing emails: