IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nigerian cyber criminals target Texas unemployment system

Cyber criminals use Gmail feature to register the same email address multiple times

Hacker in a hood on a computer

A Nigerian cyber crime gang has attacked the Texas unemployment system, according to reports.

Evidence shared with reporters at the CBS 11 I-Team based in Dallas/Fort Worth, Texas showed the criminals detailed how to commit unemployment identity fraud through the Texas Workforce Commission website in a 13-page step-by-step tutorial.

Related Resource

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

Security awareness training strategies for account takeover protection - whitepaper from MimecastFree download

The tutorial, created by the Nigerian cyber crime gang known as Scattered Canary, was discovered in a closed online group chat between members.

An insider helped cyber security company Agari to acquire a copy of the document from a WhatsApp group chat. Former FBI agent Crane Hassold, now director of threat research for Agari, said information flow is important to this type of cyber crime.

"The tutorial shows how to apply for unemployment benefits and even introduces some of the red flags if you enter things a certain way," he said.

Fraud has cost Texas over $893 million in unemployment benefits since the beginning of the COVID-19 pandemic. The Texas Workforce Commission said that it has been the target of cyber scammers worldwide, but IP masking has made it difficult to find the perpetrators' exact location.

Hassold said the Scattered Canary cyber crime gang is abusing a feature in the Gmail system to help them work quicker. Gmail ignores periods in its email addresses, so john.doe@gmail.com, j.ohndoe@gmail.com," and "j.o.h.n.d.o.e@gmail.com" are all, in fact, the same email account. But the state unemployment systems see them as unique emails, allowing fraudsters to make a claim with each variation without suspicion.

"Essentially it allows their communication flow to be much more efficient," said Hassold.

"Instead of having to go to dozens of different email accounts to look at what's going on, it's all coming to one centralized location."

The gang then funnels any money defrauded from Texas into offshore accounts before any claims are flagged. The gang has used Green Dot prepaid cards to receive the payments from their fraudulent claims. These cards will have been registered with the same stolen identity as the unemployment claims to avoid red flags. Before cards can be delivered via mail, the gang goes online to withdraw money from the account.

The Texas Workforce Commission said it has deployed several fraud protections on its systems and prevented over $9 billion in fraudulent identity theft claims.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022