Home / Security / Scammers target COVID-19 CARES Act relief scheme – Naked Security

Scammers target COVID-19 CARES Act relief scheme – Naked Security

US states are being flooded by fraudulent unemployment applications in a scam that’s largely orchestrated by a sophisticated Nigerian cybergang and carried out on the ground by money mules, many who’ve previously been involved in romance scams.

Online fraud is, after all, a moveable feast: the crooks pack up shop and move to where the money’s flowing. These days, that means unemployment benefits that have spiked with the pandemic and fattened due to government relief efforts. Beyond regular unemployment payouts, benefits are coming with an extra $600 per week for out-of-work Americans during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the CARES Act.

Unfortunately, the benefit payouts are sitting ducks when it comes to cybercrooks, given that states’ resources to weed out fraud are lacking. States are vulnerable to getting ripped off because they lack the controls necessary to detect patterns, a federal fraud investigator anonymously admitted to infosec journalist Brian Krebs.

Multiple claims for benefits that have the same IP addresses and/or bank accounts? These should be obvious giveaways, but the scammers are getting away with it as a distracted, resource-strapped country reels with coronavirus.

Over the weekend, Krebs reported on an alert recently issued by the US Secret Service that warned about the gang behind the rampant relief-benefit swindling. It’s pulling off large-scale fraud against multiple state unemployment insurance programs, exploiting the COVID-19 pandemic with fraudulent unemployment and CARES Act claims. Total losses could potentially hit hundreds of millions of dollars, the Secret Service said in its alert.

On Tuesday, researchers at Agari Cyber Intelligence Division (ACID) – which creates technology to protect against phishing, business email compromise (BEC) and other email-inflicted scams – said they’ve recognized, and have been tracking, the crooks who are likely responsible.

In fact, ACID said, it looks like some, if not all, of the threat actors behind the scams are likely part of a known, decade-old business email compromise (BEC) cybergang that it calls Scattered Canary.