As the Novel Coronavirus continues to render Americans jobless, tax authorities in the United State of America said they have unraveled an online scam ring going by the name, “Scattered Canary”.
The US Secret Service has issued an alert about a massive operation to file fraudulent unemployment claims in states around the country, like Washington and Massachusetts. Officials attributed the activity to Nigerian scammers and said millions of dollars had already been stolen.
As a follow-up investigation, research is now shedding light on one of the actors tied to the scams—and the other pandemic hustles they have going.
According to a report by Wired Magazine, Scattered Canary is a full-service “business email compromise” operation that uses scams like email impersonation and phishing to manipulate businesses into paying out phony contracts and other fake invoices. Then Scattered Canary uses a network of money mules within the US and around the world to route the money. BEC fraudsters participate in a wide variety of hustles—from Craigslist rental scams to payroll data theft and snagging people’s tax refunds—to make money and build out a sort of scam toolkit.
“Scattered Canary has committed unemployment fraud along with a number of other government services-focused frauds like disaster relief fraud, Social Security fraud, and student aid fraud,” Agari’s Hassold says. “Many West African scam groups have also been heavily involved in other incidents, like W-2 BEC attacks, where they can harvest a significant amount of personal information, so it’s not surprising they have the information needed to carry out these attacks on unemployment services.”
According to the report, Scattered Canary has committed frauds using loopholes in the US unemployment benefit scheme running into several thousands of dollars. The gang uses several techniques including Business email compromise (BEC). Latching on the loopholes in the Cares Act and unemployment benefits, researchers say that the group is using a technique it has leaned on in the past to keep track of all its fraudulent unemployment submissions. The scammers will set up one generic-looking Gmail address and then make accounts to submit fraudulent claims adding periods into different parts of the address. Most web platforms will interpret all of these as different email accounts, while Gmail doesn’t recognize periods as changing its own addresses.
‘As a result, the scammers can file dozens of individual submissions under as many people’s names, using their specific personal information, while managing it all from one centralized email account. One campaign the Agari researchers analyzed used 259 variations of the same address,’ the report said.
Email security firm Agari, has gone ahead release findings that an actor within the Nigerian cybercriminal group Scattered Canary is filing fraudulent unemployment claims and receiving benefits from multiple states, while also receiving Cares payouts from the Internal Revenue Service. So far this has netted hundreds of thousands of dollars in scam payments. Regular unemployment, the extra $600 per week that out-of-work Americans can claim during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the Cares Act are all vulnerable targets for cybercriminals. In the midst of a pandemic and critical economic downturn, though, the theft of those benefits could have particularly dire consequences. The Secret Service warns that hundreds of millions of dollars could be lost to such scams just as states are running out of money to fund unemployment on their own.
Nigeria’s anti-corruption agency, the Economic and Financial Crimes Commission, EFFC, in recent times clamped down heavily on online scammers popularly called ‘Yahoo boys’. The EFCC has also launched major collaborations with the Federal Bureau of Investigation, FBI. Such efforts has resulted in the arrest of major online scam ring leaders. Last year, Obinwanne Okeke, was arrested in the US, a breakthrough for the FBI, the EFCC announced that it assisted the FBI in the operation.
Subsequent investigations in the US also led to the arrest of over 80 Nigerians in the US for several online scams.