U.S. unemployment controls have the latest target for cyber thieves who have gone from one scam to another as the world fights the coronavirus pandemic. Unemployment benefits have 3 points that make it a honey canister for thieves: the amount of cash available, the abundance of eligible beneficiaries, and confusion around application and verification processes, both among beneficiaries and among those who manage plans.

In an equally disheartening and unsurprising report, risk intelligence firm IntSights defined practical guides now on Russia’s dark internet forums, detailed explanations of identity theft, state-by-state benefit regulation, and physically collecting money. Russian underground forums, however, say there are also Nigerian, European and US networks in operation.

“The procedure is quite undeniable for an attacker, Etay Maor,” the intSight CSO told me. “Put a claim with a genuine user or an artificial identification (combining genuine and false data): the user doesn’t even want to be eligible, noted the CEOs of giant organizations that used to file a claim. Then attach the benefits to a prepaid debit card. “

Maor explained that a mix of patients and former employers who don’t know emails, as well as crowded benefits centers, gives attacks a smart chance that a percentage of their claims will succeed: it’s a set of numbers. Russian networks even rent male and female staff to scam phone call centers through those forums. “Then, as soon as the cash is transferred to a debit card, they convert it to bitcoin or transfer it to an offshore account.”

Russian forums reviewed through IntSights shared tips on how to buy identities and then fill knowledge gaps (required for applications) with false knowledge or open source information. The forums were even used to recruit local mules to assist in the process. This blend of genuine and fake knowledge, known as artificial identity fraud, is at the center of the scam: enough genuine knowledge to tick the right boxes. The technique is not new, as it already accounts for millions of dollars of annual fraud.

As IntSights explains, “The attacker will need to gather knowledge about the target, but what knowledge does the attacker need? Needs must be taken online. Everything must be taken online. IntSights refers to this clandestine market as Fraud as a Service “Russian forums are so vital in cybercrime transactions that a potential fraudster can buy anything there,” Maor warned.

According to Maor, these attacks are now common. “I have noticed that cybercriminals talk about almost every single state; what I don’t think we realize is how relatively undeniable this kind of attack is. On the one hand, it has an overloaded system, flooded with complaints, that is looking to help citizens at a very complicated time. On the other hand, an attacker who does not want a complicated malware, ransomware or hacking computer to run the entire attack lifecycle.”

This set of numbers obviously offers. “If you present in a state that will give you, say $ 700,” maor explains, “present 1,000 programs of which only 10% will be paintings, you earn $70,000. And the numbers are very conservative. He’s not wrong. Washington State is alleged to have been the victim of a $576 million fraud, while the Colorado formula is now awash with fraudulent claims it is a national problem.

Obviously, the ones who suffer the most here are the states that pay, not the other people who pretend to be them. That said, no one needs your identity being stolen and used in a crime.

With regard to the recommendation for anyone who needs to ensure that their identity has been compromised, Maor states: “They receive an email asking them to validate a claim; some states have added more authentication measures, as well as notifications when you sign in to their portals. —Indicates that a claim is being processed.”

Meanwhile, the same old recommendation on the protection of your identity remains the same. Do not respond to unforeseen emails and do not click on any links unless you are sure of the source. Keep an eye out for your bank statements to detect suspicious, even small, transactions. Do not reuse passwords. And if you apply for benefits, be sure to perceive the procedure in your capacity to recognize what is real.

I am the founder/CEO of Digital Barriers, which develops complex surveillance responses for defense, national security and combating terrorism. I write about the intersection

I am the founder/CEO of Digital Barriers, which develops complex surveillance responses for defense, national security and combating terrorism. I write about the intersection of geopolitics and cybersecurity, and analyze security and surveillance stories. Contact me at [email protected].