According to CBS News, a gang of Nigerian cyber hackers known as Scattered Canary has provided step-by-step instructions on how to commit unemployment fraud in the state of Texas.
Scattered Canary cybercrime gang organization has already made millions from defrauding Hawaii, Florida, Massachusetts, North Carolina, Oklahoma, Rhodi Island, Washington, and Wyoming.
Now, a 13-page tutorial is being published about how the Texas Workforce Commission can be effectively defrauded.
Evidence seen by the CBS 11 I-Team proves that the detailed guide is shared online by hackers.
A copy of the document from a WhatsApp discussion group was obtained by an insider’s personal cybersecurity business Agari.
Crane Hassold, former FBI agent and now Director of Threat Research at Agari, has stated:
“For these cyber-criminals it’s all about information flow. The tutorial shows how to apply for unemployment benefits and even introduces some of the red flags if you enter things a certain way.”
Since the beginning of the global COVID-19 pandemic, Texas has lost almost $893 million to bogus unemployment claims. Scammers from all around the world targeted the Texas Workforce Commission.
Scattered Canary Hassold said Scattered Canary hackers use Gmail to speed up their attack. Since Gmail ignores periods in addresses, small email address variances may be exploited to file several false claims without raising suspicion of state unemployment systems.
For example, if attackers file three claims with the John.firstname.lastname@example.org address, the email@example.com address, and the j.o.h.n.d.O.firstname.lastname@example.org address, the system will not suspect all three are linked to one email account and owned by one person.
It allows for a much more efficient flow of communication:
“Instead of having to go to dozens of different email accounts to look at what’s going on, it’s all coming to one centralized location.”
Scattered Canary is suspected to purchase prepaid Green Dot cards as a way to funnel its false claims money offshore. These cards are purchased using identities that have been used during the fraud. The gang then goes online and drains the money from the account before the cards are delivered to them by mail.