Unsurprisingly, cybercriminals continue to exploit the unprecedented nature of COVID-19. The latest scheme to make headlines? Perpetrated by a well-organized Nigerian crime ring, fraudsters are using stolen Social Security numbers and other personally identifiable information (PII) to file unemployment claims in various states, including Washington, North Carolina, and Rhode Island.
The scammers, according to the U.S. Secret Service, are believed to have access to a substantial PII database. Unfortunately, experts have said that many states do not have a strong enough security posture to detect these sort of fraudulent unemployment applications. This crime ring operates similarly to criminals who file fraudulent income tax refund requests – a perennial problem that costs the U.S. Treasury hundreds of millions of dollars each year.
With the massive and expansive volumes of breached and leaked personally identifiable information released in 2019 alone, we will only see more creative scams executed by criminal rings and groups.
At 4iQ, we have been collecting and curating breaches and leaks from open sources with a widening array of identity attributes. We've seen employment related information, including SSNs, EINs, company, title, salary, start date and even W2 documents and paystubs. We also have seen an increase in healthcare related breaches with sensitive medical information, banking and finance, and critical infrastructure services such as utility, gas, power and telecom. All of this data is being weaponized by criminals with varying levels of sophistication and experience.
By knowing what information criminals have on you, your organization, employees and consumers, you can anticipate and prepare for these scams and mitigate risk. Breached data can empower you to have a more proactive and even offensive approach to fighting cybercrime.
A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”