Leveraging PII from victims in Washington, North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida, scammers from Nigeria are filing fraudulent unemployment claims.
A recent Secret Service memo circulated to field offices highlights a new scam taking advantage of the pandemic in which massive unemployment claims are potentially costing states hundreds of millions of dollars.
According to Krebs on Security , a Nigerian crime ring is successfully submitting false unemployment insurance claims, collecting the money and laundering the proceeds through a large network of recruited individuals. Payments are directed to accounts that have no connection with the person placing the claim. The moment claim payments hit the account, a transaction is made to push the money to another account via a variety of methods including Person-to-Person (P2P) payments, cash withdrawals, or purchases of gift cards.
The Secret Service says there are literally hundreds of “mules” involved – individuals who willingly or unwittingly participate in the laundering of the claim monies.
The PII is the key to this fraud; without it, the scammers don’t have enough information to properly submit a claim. This scam demonstrates the importance of protecting your network environment from cyberattacks intent on stealing data. A single breach of employee or customer data can have a ripple effect when the data is misused to commit fraud in scams like this unemployment scam, as well as fake income tax return scams, opening of credit cards, etc.
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.