A West African Cybercriminal groups have scammed the United States millions of dollars in a COVID-19 business compensation
This was disclosed by the security firm, Agari. The Scattered Canary groups have targeted at least 8 states, filling deceptive claims of 174 unemployment in Washington D.C. Altogether, it sums up to a total of $20, 540 (₦8.32 million) over 26 weeks.
Under the CARES Act, the group was able to acquire 600 in Federal Pmdemic Unemployment Compensation week by using social security numbers and personally identifiable information from identity theft victims. This adds up to a total of $4.9 million (₦1.9 billion) in fraudulent claims for Washington alone.
The other affected states include Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Wyoming, and Hawaii, where they filed two unemployment claims on Hawaii’s Department of Labour and Industrial Relations website.
The Scattered Canary is based in Nigeria and has been operating for over ten years with Agari tracking them for over a year before sharing the information with secret service.
Agari’s CMO (Chief Marketing Officer) and Chief Identity Officer Armen Najarian in a press statement said, “We’ve observed that this is by far one of the most complex and prolific cybercriminal organizations we have uncovered to date.
“Scattered Canary perpetrates a range of fraudulent schemes, including business email compromise (BEC) scams, unemployment fraud, social security fraud, student aid fraud, and now COVID-19 related fraud.”
“The group uses Green Dot prepaid cards to ‘cash out’ its fraudulent claims. Meanwhile, using Google Dot Accounts, it creates numerous email accounts for each of the targeted websites with all communications going to a single Gmail account. In one case, Agari identified 259 different variations of a single email address used to create accounts on state and federal websites.
“Using a feature within the Google Gmail email system that ignores any period in the address, the criminals could create multiple accounts with the government to exploit it financially,” comments James McQuiggan, security awareness advocate at KnowBe4.
“The criminal groups have discovered a loophole whereby the criminals have crafted a method to steal millions of dollars from the government. The payout system appears automated, as there does not appear to be a balance or check process with the information provided to the state government systems when it comes to the false email addresses.”