Cybercriminals have been capitalizing on virtually every aspect of the coronavirus pandemic and the resulting lockdown. They’ve created malware designed to tap into the medical, financial, social, and even psychological repercussions of the outbreak. To help people and businesses affected financially, the government has been offering loans, stimulus packages, and increased unemployment benefits. And, of course, all of that represents another area to be manipulated by scammers.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
A report published Friday by global threat intelligence firm IntSights describes how cybercriminals have been combining various types of data to create phony IDs to obtain unemployment benefits from the US government.
In a blog post entitled “Pandemic Unemployment Scams Made Easy,” IntSigns notes that the dramatic rise in unemployment numbers has placed major stress on the people and processes managing unemployment benefits, giving scammers a more vulnerable target for exploitation.
Cybercrime forums on the Dark Web have been populated with conversations on unemployment benefits. IntSights researcher Yoav Harpaz Cohen said he found discussions around the benefits themselves, the regulations from each state, and the steps required to claim the benefits, according to the report.
One discussion thread discovered by Cohen centered around the various pandemic unemployment assistance (PUA) benefits offered, detailing the minimum and maximum payouts available from each state and offering links to file a claim. Another thread revealed conversations among people looking to work together to collect the benefits by using different drops or mules. Such mules are recruited to launder the money.
To kick off the process, the criminals use different methods to obtain the data necessary to file a PUA claim. Often, they’ll employ open-source intelligence (OSINT) tools, which can collect and analyze publicly available data from a host of online sources. In other cases, they’ll pay for data being sold on the Dark Web. Typically, the data needed for a PUA claim includes names, addresses, and Social Security numbers.
All of the data obtained is then used to create a new Synthetic ID in a practice known as Synthetic ID Fraud (SIF), IntSights said. With this phony ID, criminals can pull off different types of fraud such as grabbing unemployment benefits from the government.
In some instances, scammers can purchase a FULLZ database on the Dark Web. Offered on English sites as well as underground Russian forums, these databases contain complete packages of all the necessary personal data stolen from individuals. Some Dark Web merchants also sell forged identities, both physical and scanned, according to IntSights.
However they obtain the needed data, scammers have been able to file fraudulent PUA claims using information from real people, including C-level executives who never filed for such claims themselves, IntSights revealed. After filing a claim, the criminal needs to choose a payment method, a process that varies by state.
In California, for example, people can select either an EDD debit card or a direct payment to a bank or other financial establishment. Typically, scammers choose the direct payment option and then set up a phony bank account to collect the money.
Some states do rely on certain anti-fraud methods, such as contacting a past employer. But even these measures are flawed, according to IntSights.
In California, the past employer is supposed to respond with 10 days. But even if they fail to respond, the claim moves forward. Also, states may be challenged to keep up with anti-fraud measures due to the high number of claims being made.
“The COVID-19 pandemic is far from over,” IntSights said in the report. “Threat actors are collecting, buying, and selling data and are educating and collaborating with each other to profit off this worldwide crisis. With current government systems stressed to their limits, this type of fraud is becoming easier and more profitable for cybercriminals.”