Coronavirus scam stealing ‘hundreds of millions’ boosted by old data breaches

- Advertisement -
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

- Advertisement -
- Advertisement -
- Advertisement -

Credit reporting company Equifax had a data breach in which 146.6 million people’s data was exposed. Data breaches like this likely led to “hundreds of millions” in stolen unemployment benefits following coronavirus relief. REUTERS/Tami Chappell

Washington State paid out “hundreds of millions” in bogus unemployment benefits to scammers, according to the state’s Employment Security Department. The scam has likely hit numerous other states including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Wyoming, and most recently, Hawaii.

And according to Agari, the cybersecurity firm that identified the scammer and identified the attack on Hawaii, the scammers used personal information from previous data breaches.

Authorities aren’t sharing many details, but cybersecurity firm Agari says at least one group of Nigerian scammers called Scattered Canary is behind the heist in Washington and seven other states. Agari has been tracking Scattered Canary for a year.

The fraud, which leveraged the quick and needed response to the economic fallout, was an advanced operation that utilized fake W-2 scams to get new information to create false unemployment claims, Agari CEO Patrick Peterson told Yahoo Finance. In W-2 scams, a bad actor pretends to be from an employee’s company and emails the employee asking for personal information to fill out an updated W-2 form, which includes key data like Social Security numbers.

But Peterson told Yahoo Finance that the group utilized previously stolen data from other sources, something that Washington State’s Employment Security Department’s commissioner also said, citing breaches like the 2017 Equifax incident, in which 146.6 million Social Security numbers were breached.

“Our thesis is that the criminals are using data from previous hacks like Equifax, other large-scale hacks,” Peterson told Yahoo Finance.

Peterson was careful to say that they don’t yet have evidence that attributed the scam to one breach in particular, but Agari hopes to have more information on the source of the data the hackers used.

Scammers needed just four fields — Social Security number, name, address, and date of birth — for success, and previous breaches and swaths of data for sale on the dark web aided their operations. In the past few years, there have been many data breaches, compromising tons of consumer data, including LinkedIn in 2016 and Marriott in 2018.

A worker gives instructions to people waiting in cars, Saturday, May 16, 2020, during a walk- and drive-up job hiring fair in Seattle for the Outdoor Research's new line of face masks and other personal protection equipment the outdoor clothing maker has started manufacturing due to the coronavirus pandemic. OR managers were conducting job interviews on the spot and trying to fill about 150 positions related to the company's new line of PPE products. (AP Photo/Ted S. Warren)

View photos

A worker gives instructions to people waiting in cars, Saturday, May 16, 2020, during a walk- and drive-up job hiring fair in Seattle for the Outdoor Research’s new line of face masks and other personal protection equipment the outdoor clothing maker has started manufacturing due to the coronavirus pandemic. (AP Photo/Ted S. Warren)

Agari said that the scammers most likely used data that had already been breached and augmented it by other tactics like W-2 phishing to fill in missing information. And since the states waived verification, many people whose data was used by Scattered Canary were not even laid off.

This heist shows why data breaches are harmful

For the most part, hacks don’t directly affect people’s bank accounts, which is why most have trouble caring too much about the latest data breach. With breach after breach, consumers’ attitudes have dissolved into resignation.

With this heist, there’s a clear example of the damage that breaches can do besides the abstract possibilities of ID theft and credit card fraud. (Many judges in lawsuits against Equifax said consumers didn’t experience damages simply because they might be defrauded in the future). Because of this scam, Washington and other states are out a significant amount of taxpayer money, and more scams like this will likely emerge as the COVID crisis drags on.

Peterson said that it’s sad that we’ve become immune to breaches, and only pay attention if the number was a record — even though Equifax’s loss of info on almost half the country will probably stay a record.

“It feels like our data has been released so many times,” said Peterson. “Should we really care? Well, you can’t change your birthday, or your address unless you’re going to move, and changing your Social Security number is insanely difficult. When that info is out there, criminals really have the keys to the kingdom.”

This article was originally published on finance.yahoo.com/news.

Home of Science
Follow me

- Advertisement -

Discover

Sponsor

Latest

Getting an Online Legal Degree

The legal profession is rapidly becoming a popular place to work and there are now many opportunities for a person to earn an online...

Celebrity to Make You Stand Out

Billie Eilish is an up and coming British actress, her face is no less than a magnet for every man in the UK. The...

HP crushes earnings estimates on work-from-home PC demand — top exec says ‘we are undervalued’

The work-from-home trend and a good bit of cost-cutting continues to be two major tailwinds to computing giant HP (HPQ). Here are the second fiscal...

Printing Business Cards – 3 Steps to Make Your Own

Business cards are the first thing that people see when they walk into your office or home. It is very important to include them...

What is Sabre Corporation?

Have you ever heard of Sabre Corporation? If you haven't, you might be on the internet. Yes, there are sites where you can get...
Home of Science
Follow me