A recent Secret Service memo circulated to field offices highlights a new scam taking advantage of the pandemic in which massive unemployment claims are potentially costing states hundreds of millions of dollars.
According to Krebs on Security, a Nigerian crime ring is successfully submitting false unemployment insurance claims, collecting the money and laundering the proceeds through a large network of recruited individuals. Payments are directed to accounts that have no connection with the person placing the claim. The moment claim payments hit the account, a transaction is made to push the money to another account via a variety of methods including Person-to-Person (P2P) payments, cash withdrawals, or purchases of gift cards.
The Secret Service says there are literally hundreds of “mules” involved – individuals who willingly or unwittingly participate in the laundering of the claim monies.
The PII is the key to this fraud; without it, the scammers don’t have enough information to properly submit a claim. This scam demonstrates the importance of protecting your network environment from cyberattacks intent on stealing data. A single breach of employee or customer data can have a ripple effect when the data is misused to commit fraud in scams like this unemployment scam, as well as fake income tax return scams, opening of credit cards, etc.