Dan wanted to invest in bitcoin, and he went online to look for ideas. One day, bitcoin ads started showing up on his Instagram account, followed by messages from the poster. “Over a few months, this fellow sends me messages on how well bitcoin is doing in the wake of the pandemic and how it would be a good time to invest,” Dan recalls. He thought, “Why not?” and first paid US$ 200 via Paypal, and then sent an additional US$ 600.
It was the start of a nightmare. When Dan wanted to rake in his apparently profitable investment, he was required to pay $997 in IRS taxes followed by $1,073 in customs fees, all paid through an ATM. Then his “bitcoin broker” asks him to invest an additional USD$ 2,500, but by this time, Dan’s account is dry. In all, Dan threw $3,110 into a black hole, mostly in the form of “taxes” and “fees” – and didn’t get a penny back.
This ongoing investment scam seems well designed for these times. It requires no physical contact, interactions are all virtual, a small initial investment seems profitable, and when the patsy wants to pull in his profits, he gets hit by countless obstacles and fees. And he pays, because like many investors, he can’t cut his losses.
The Tip of the Iceberg
“We had 370 investment scams reported up to June 2020. For the whole of 2019, we had 470 reports,” says Jeff Thomson, senior intelligence analyst at the RCMP. Dollar loss for all types of scams (extortion, phishing, romance, spoofing, etc.) amounted to $95 million by August of this year – it totalled $137 million for the whole of 2019. Those numbers represent only a fraction of what is really going on, as Thomson explains. “Maybe 5% of fraud gets reported, and in important categories, it’s closer to 1%.” A realistic figure in Canada for the whole of 2020 could well go above $3 billion.
“Scams are still your typical emails, phone calls, and now Instagram and Facebook, but the subject has shifted toward the coronavirus,” notes Lawrence Zelvin, head of the BMO Financial Crimes Unit. Investors are offered stock in bogus companies developing a coronavirus cure or drug, or in new crypto-currencies or fake certificates of deposit meant to protect their wealth from a pandemic meltdown. Other scams target the government’s relief programs, towards which “we saw an important shift of activity,” adds Zelvin.
It’s not just individuals, banks have also become a target. The “threat surface” has expanded dramatically with employees now working from countless external points. “All of a sudden, we went from having traders working from a single floor (where we had a lot of monitoring) to having a lot of them working from home,” Zelvin says. That overextended network reaches beyond employees’ home offices to all the overextended networks of countless suppliers and partners the bank does business with. Any breach can potentially threaten the integrity of the whole system, or important parts of it.
Zelvin thinks that fraud – or at least the rate of fraud attempts - has increased 600 times or more. “People are at home and they spend more time online. Now it’s not only criminal groups who are active, but ordinary folks who were seduced to get into this,” he says, adding that tutorials can easily be found online. Much of this illicit activity is conducted via robots that sniff out potential vulnerabilities. “Even with a minimal 1% or 2% success rate, you can make a lot of money, just thanks to volume. Robbing a bank used to be difficult. Today, you can try your hand at it and never leave your mom’s basement,” Zelvin says, adding that in an increasingly digital world, “criminals go where people go.”
Who’s at Risk?
Well, everyone, but investors whose portfolios shrank in market volatility, and individuals who have suffered revenue losses can be particularly vulnerable.
Their eagerness to quickly rebuild their wealth can cause them to fall prey to well designed get-rich-quick traps and fake stock promotions, warns Thomson.
How to Be Safe?
A universal enemy is impatience online, Zelvin points out. “People go too fast and rush through things. You need to pause and take a good look at what you click,” he says.
When faced with a credible email from your bank prompting you to verify illicit activity in your account, you need to ask yourself if a legitimate bank would ask something as important as this in an email. Most importantly, never enter your information, because once you’ve entered your password to check the “illicit activity”, it’s over.
“That single fatal click, is like opening your door in the night to total strangers” who are certainly not well-intentioned, Zelvin says.
What investors should remember is that there is no magic pill to protect yourself. No anti-malware can protect you from impatience and gullibility. “Of course, anti-malware can certainly help, along with an intelligent password management system, and security measures like biometric identification and two-factor authentication are ideal,” Zelvin says.
But the first defense remains a composed mind and a steady hand.