nsknox logo
nsknox Blog

Fraud in the Time of Corona

PIC 1800X500 fraudPic2

We’d like to think that in times of crisis society comes together for mutual support, spirited by a sense of solidarity. After all, we are all in it together.

And, when the crisis is a global pandemic that’s taking the lives of thousands around the world, putting millions out of work, and crippling the global economy – you’d think that this would all the more hold true.

Unfortunately, this is not always the case. To the contrary, in some cases, even in a time of crisis, the sense of solidarity does not visit upon everyone. Moreover, the rate of fraudulent activity does not decline, it even rises!

The Fraud Triangle

As a means for mapping the forces at play that drive fraudsters to accelerate activities during times of crisis, we can turn to a framework used in auditing, called – the fraud triangle, which was introduced by sociologist and criminologist Donald Ray Cassey in his Study in the Social Psychology of Embezzlement (1973).

If fraud is the intentional deception executed against individuals or organizations to achieve personal gain at the cost of the individual or organization, then the fraud triangle outlines the three primary forces that motivate this intention.

These forces are:

  • Pressure
  • Opportunity
  • Rationalization

Let’s take a closer look.


What happens in times of crisis, such as an economic downturn or a global pandemic is that financial pressure – as we saw during the financial crisis of 2008 and today during the coronavirus outbreak, is amplified.

No doubt, the pressure is on. Long-term financial commitments such as mortgages, car payments, and college loans beckon. At the same time, salaries are cut, jobs are lost, sales decrease, and markets tumble.

The fact that increased financial pressure leads to increased fraud, is reflected in a 2011 Deloitte & Touch report where it is stated that due to the economic downturn at the time, 63% of the firm’s clients expected an increase in fraud.


During crisis mode, we find that the opportunity for fraudsters to act is also greater. This is due to the increased vulnerabilities that arise as a result of three key phenomenas:

  • The middle management layer that is often responsible for monitoring and preventing fraud is cut in the effort to save labor costs, and “when that layer is removed, you’ve eroded your internal processes which are there to control fraud or misconduct.” (Time)
  • Internal controls are typically compromised since additional duties aimed at handling the various aspects of the crisis dilute stakeholders’ attention, which is required to effectively monitor and prevent potential fraud attempts.
  • Employees working from home tend to be less vigilant to potential attacks and breaches and less adherent to security measures. Moreover, by the very virtue of being physically located away from the office, makes it harder for them to follow procedures.


Rationalization, that is – the justification a fraudster assumes for committing fraud, can come from more than one source during a crisis. If financials stability is undermined, then the individual may feel compelled to compensate so as to ensure a source of ‘income.’

Moreover, in dire need – the rationalization may also be found in self-convincing that one’s needs are greater than those from whom funds are being diverted, or that the chances of getting caught are minimal.

The Fraud Triangle & COVID-19

Unfortunately, we can see that the pressures of the outbreak of the coronavirus is presenting cyberfraudsters with ample opportunity and rationalization – and, COVID-19 themed attacks are plenty to be found.

For example, the Brno University Hospital in the Czech Republic suffered a massive cyberattack that exploited COVID-19-driven vulnerabilities and had to suspend scheduled operations as a result.

“At times of crisis, hackers see opportunity. Unfortunately, with so many hospital staff having to go above and beyond the call of duty in an effort to try and halt the spread of coronavirus, they aren’t thinking about cybersecurity. Hackers know this and will be specifically targeting the healthcare sector.” (Flavius Plesu, founder of human risk intelligence platform OutThink).

Indeed, cybercriminals have found more than one way to exploit the vulnerabilities that have resulted from the new coronavirus-impacted reality. These include:

  • Phishing and social engineering scams: where fraudsters try to tempt victims to access documents, that they claim contain important information regarding the outbreak.
  • Sale of fraudulent goods by creating malicious domains that are used to impersonate legitimate brands offering counterfeit items such as face masks.
  • Spreading misinformation or “infodemic,” defined by the World Health Organization to be the “overabundance of information—some accurate and some not—that makes it hard for people to find trustworthy sources and reliable guidance when they need it.” The objective of these attempts is to create pressure and panic so as to manipulate the public.

If we focus specifically on financial fraud committed against organizations – the stakes and losses are high.

For example, in a report of the National Fraud Intelligence Bureau (NFIB) in the UK, over 21 cases of COVID-19-themed fraud attacks were listed, causing damages estimated at over £800,000 just in the UK.

Preventing fraud in times of crisis

Due to heightened vulnerabilities during times of crisis in general, and in the time of coronavirus specifically, the threat of both internal fraud (tech-driven embezzlement) and external fraud (via cybercriminals) is greater than ever.
To prevent attacks and avoid financial loss, it is critical to take proactive steps, including:

  • Provide employees with the knowledge and skills for recognizing which activities and communications/emails are suspicious and are pointing to a potential fraud attempt.
  • Closely monitor finance-related processes, such as payment transactions, to make sure that relevant data, such as payroll or vendor account information has not been tampered with.
  • Adapt internal monitoring processes to accommodate COVID-19-themed attempts that could be coming in.

Moreover, since the attacks and schemes are technology-driven, and since the weakest links in the security chain are the human element and manual processes, it is crucial to implement digital/technology-driven processes that replace manual processes and avoid the vulnerabilities that are typically associated with them.

In closing, as millions of people around the world are coming to terms with the great challenges being presented by COVID-19, at the very least – we can make sure that we not only keep a safe distance from potential infection, but also from potential fraud.

Related topics

Let’s talk to see if our solution meets your needs

It’s powerful and easy, with no effort from IT and no changes to current processes are required.