Department of Justice Prioritizes Cases Involving Exploitation of COVID-19 Pandemic
The spread of the COVID-19 pandemic has brought with it a striking upswing in cybercrimes, frauds, and scams of all kinds attempting to take advantage of the situation. In response, the United States Attorney General, William Barr, issued a memorandum on March 16, 2020 to all United States Attorneys, to address the flood of these scams. Specifically, federal prosecutors have been directed to prioritize prosecution of crimes that attempt to take advantage of the COVID-19 pandemic. This Alert discusses the government’s approach to enforcement and the potential implications.
Responding to Attempts to Capitalize on the Pandemic
The COVID-19 outbreak has meant a whirlwind of information, adaptation, and fear for many. Recognizing this, unscrupulous individuals and/or organizations have leveraged these changing times and general public anxiety to their advantage by launching various scams meant to make money or bypass cyber security protections. The scams include:
- Impersonating health organizations like the Centers for Disease Control (CDC) or World Health Organization (WHO) in email phishing campaigns designed to entice targets to click on links or open attachments that can result in all manner of cyber harms, ranging from ranswomare infections to the compromise of sensitive information and the directions for fraudulent transfers of funds (a more detailed description of cyber and privacy threats is here;
- Selling fake tests and/or cures for the coronavirus in exchange for money and financial information;
- Soliciting financial contributions for fake charities and/or research organizations;
- Promoting fear by spreading misinformation; and
- Sowing distrust in messaging from government and/or healthcare officials.
Attorney General Barr made it clear in his March 16 memorandum that any nefarious attempts to exploit the COVID-19 outbreak will not be tolerated. He stated that every U.S. Attorney’s Office is “directed to prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.” Barr encouraged the U.S. Attorney’s Offices to consult the DOJ’s Consumer Protection Branch, Fraud Section and Antitrust Criminal Program leaders and to “work closely with state and local authorities to both ensure that we hear about misconduct as quickly as possible and that all appropriate enforcement tools are available to punish it.”
Implications in Light of the Attorney General’s Directive
In accordance with Attorney General Barr’s instructions, the government will be especially focused on monitoring for suspicious behavior and detecting bad actors as they relate to the COVID-19 outbreak. Likewise, businesses should do their part by being diligent in ensuring that their compliance teams are effectively monitoring for suspicious activity. Additionally, it is essential that reports of potential bad conduct be communicated to the appropriate government agency in a timely manner. This allows the government to identify and investigate the wrongdoers as quickly as possible to prevent further bad acts.
The government’s crackdown on COVID-19-related crimes now could lead to additional scrutiny of businesses in the future, as the government may consider undertaking investigations into potentially deficient compliance programs, cybersecurity policies, and other fraud prevention measures. Thus, it is crucial for companies to assess potential weaknesses now and take the following steps to mitigate possible issues in the future:
- Conduct cybersecurity awareness training to enable employees to quickly identify suspicious websites and e-mails, and report any nefarious activity as mandated by your company’s policies and procedures;
- Review configuration and logging of remote access solutions such as VPNs and webmail to enable detection of anomalous activity and unauthorized users; and
- Ensure multi-factor authentication is implemented for all users of remote access solutions and high-value internal assets.
- We’ve provided additional details on cybersecurity and privacy risks and mitigation measures here;
- Review policies to ensure comprehensive compliance with applicable statutes and regulations;
- Test monitoring capabilities necessary to detect suspicious activity; and
- Clarify duties of team members for responding to suspicious activity, including reporting to the appropriate authorities and government agency(ies).
Saul Ewing Arnstein & Lehr’s lawyers are available to assist with any questions you may have regarding issues raised in this Alert. For further information, please contact the authors of this Alert, the Saul Ewing Arnstein & Lehr lawyer with whom you usually work, or any of the leaders of the Firm’s Cybersecurity and Privacy and/or White Collar and Government Litigation Practice. Additionally, Saul Ewing Arnstein & Lehr’s multi-disciplinary COVID-19 Task Force Resource Page includes some important considerations for organizations.