Cyber-criminal Gang Targets Texas Unemployment System

A gang of Nigerian cyber-criminals has shared a step-by-step guide detailing how to commit unemployment identity fraud in the Lone Star State, according to CBS News

Organized cybercrime group Scattered Canary is already suspected of making millions defrauding the states of Hawaii, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington and Wyoming.

Now the gang has allegedly circulated a 13-page tutorial explaining how to successfully defraud the Texas Workforce Commission website. 

Evidence shared with the news channel's CBS 11 I-Team appears to show this highly detailed guide being shared online in a closed group chat that took place between multiple gang members.

With the help of an insider, private cybersecurity firm Agari managed to obtain a copy of the document from a WhatsApp group chat. 

Former FBI agent Crane Hassold, who is now employed as Agari's director of threat research, said: “For these cyber-criminals it’s all about information flow.” 

“The tutorial shows how to apply for unemployment benefits and even introduces some of the red flags if you enter things a certain way.”

Texas has lost more than $893m to fraudulent unemployment benefits since the start of the global COVID-19 pandemic. The Texas Workforce Commission said it has been targeted by scammers from all over the world.

Hassold said Scattered Canary are exploiting a feature in Gmail to speed up their fraudulent activity.

Because Google ignores periods in Gmail addresses, slight variations of a single email address can be used to file multiple fraudulent claims without raising the suspicion of state unemployment systems. 

For example, three claims filed using the addresses john.doe@gmail.com, j.ohndoe@gmail.com,” and “j.o.h.n.d.o.e@gmail.com” appear to belong to three separate individuals but are all attached to the same email account.

“Essentially it allows their communication flow to be much more efficient,” said Hassold.

“Instead of having to go to dozens of different email accounts to look at what’s going on, it’s all coming to one centralized location.”

Scattered Canary is suspected of funneling the money it nets through fraudulent claims offshore by using it to purchase prepaid Green Dot cards. The cards are registered using the same identities stolen when committing the unemployment fraud.

Before the cards are delivered via the mail, the gang goes online and drains the money from the account.

What’s Hot on Infosecurity Magazine?