African Fraud Gang Files for Millions in #COVID19 Payments

A notorious West African BEC gang may have made millions defrauding the US government out of COVID-19 business compensation payments, according to Agari.

The security company said it had been tracking the Scattered Canary group for over a year and has now briefed the Secret Service of its findings.

The group — which has been involved in BEC, social security fraud and student aid fraud schemes in the past — has targeted at least eight states so far: Hawaii, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming.

In Washington state, it has filed at least 174 fraudulent claims for unemployment benefit since April 29. Agari calculated that these claims were eligible to receive up to $790 a week for a total of $20,540 over a maximum of 26 weeks. Plus, the CARES Act includes $600 in Federal Pandemic Unemployment Compensation each week up to July 31.

This amounts to a potential windfall for the cybercrime gang of $4.9 million in this one state alone, assuming all claims are approved.

Between April 15 and April 29, Scattered Canary filed at least 82 fraudulent claims for CARES Act Economic Impact Payments, 30 of which were accepted by the IRS, explained Agari founder Patrick Peterson.

The scammers are using a tactic first revealed by Agari last year to scale their operations. Namely, they take advantage of a little-known feature in Gmail which means that a single user controls all “dotted versions” of their email address.

Thus, they can register multiple addresses for separate claims payments which are effectively the same address with dots in different places. They will then all redirect to a single inbox.

“As a result of our analysis, we have identified 259 different variations of a single email address used by Scattered Canary to create accounts on state and federal websites to carry out these fraudulent activities,” explained Peterson.

The group is also taking advantage of Green Dot prepaid cards to cash out its fraudulently obtained government payments. These cards are able to receive direct payments and government benefits up to four days before they’re due to be officially paid, meaning they have obvious benefits for fraudsters.

“It shouldn’t be a surprise that scammers are trying to get a piece of the billions of dollars that has flooded the system to try and provide relief to millions of people who have been impacted by the pandemic,” concluded Peterson.

“Based on what we’ve seen from Scattered Canary’s 10-year history of scamming, they will continue to expand their portfolio of cybercrime to try and find new ways to con individuals, businesses, and governments out of as much money as they can.”

What’s Hot on Infosecurity Magazine?