As a result, the scammers can file dozens of individual submissions under as many people's names, using their specific personal information, while managing it all from one centralized email account. Most web platforms will interpret all of these as different email accounts, while Gmail doesn't recognize periods as changing its own addresses. The scammers will set up one generic-looking Gmail address and then make accounts to submit fraudulent claims adding periods into different parts of the address. In Scattered Canary's recent rash of unemployment and Cares payment fraud, the researchers say that the group is using a technique it has leaned on in the past to keep track of all its fraudulent unemployment submissions. "Many West African scam groups have also been heavily involved in other incidents, like W-2 BEC attacks, where they can harvest a significant amount of personal information, so it's not surprising they have the information needed to carry out these attacks on unemployment services." "Scattered Canary has committed unemployment fraud along with a number of other government services-focused frauds like disaster relief fraud, Social Security fraud, and student aid fraud," Agari's Hassold says. BEC fraudsters participate in a wide variety of hustles-from Craigslist rental scams to payroll data theft and snagging people's tax refunds-to make money and build out a sort of scam toolkit. Then Scattered Canary uses a network of money mules within the US and around the world to route the money. Scattered Canary is a full-service " business email compromise" operation that uses scams like email impersonation and phishing to manipulate businesses into paying out phony contracts and other fake invoices. The Secret Service’s primary investigative priorities are to mitigate any attempts by criminals that target citizens for identity theft and cyber-enabled crimes as it relates to Covid-19."
"Criminals will use stolen personally identifiable information to file fraudulent state unemployment claims. "The United States Secret Service Global Investigative Operations Center along with our Electronic Crimes Task Force partners have identified criminal actors targeting state unemployment insurance program funds," a Secret Service spokesperson said in a statement.
The Secret Service warns that hundreds of millions of dollars could be lost to such scams just as states are running out of money to fund unemployment on their own. In the midst of a pandemic and critical economic downturn, though, the theft of those benefits could have particularly dire consequences.
CANARY MAIL SEND TO GOOGLE GROUPS PLUS
Regular unemployment, the extra $600 per week that out-of-work Americans can claim during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the Cares Act are all vulnerable targets for cybercriminals. So far this has netted hundreds of thousands of dollars in scam payments. The email security firm Agari today will release findings that an actor within the Nigerian cybercriminal group Scattered Canary is filing fraudulent unemployment claims and receiving benefits from multiple states, while also receiving Cares payouts from the Internal Revenue Service. New research is now shedding light on one of the actors tied to the scams-and the other pandemic hustles they have going. Officials attributed the activity to Nigerian scammers and said millions of dollars had already been stolen. On Thursday, the Secret Service issued an alert about a massive operation to file fraudulent unemployment claims in states around the country, like Washington and Massachusetts. As millions of people around the United States scrambled in recent weeks to collect unemployment benefits and disbursements through the federal Cares Act, officials warned about the looming threat of Covid-19-related scams online.