Inside Scattered Canary’s Fraudulent Activityīased on our research, we have observed four recent examples of fraudulent activity that can be attributed to Scattered Canary.īetween April 15 and April 29, Scattered Canary filed at least 82 fraudulent claims for CARES Act Economic Impact Payments, which are meant to provide relief to families as a result of the COVID-19 pandemic. Example of Google dot accounts used to file fraudulent unemployment claims.
This removes the need to create and monitor a new email account for every account they create on a website, ultimately making crimes faster and more efficient.Īs a result of our analysis, we have identified 259 different variations of a single email address used by Scattered Canary to create accounts on state and federal websites to carry out these fraudulent activities. By using this tactic, Scattered Canary is able to scale their operations more efficiently by directing all communications to a single Gmail account. Because Google ignores periods when interpreting Gmail addresses, Scattered Canary has been able to create dozens of accounts on state unemployment websites and the IRS website dedicated to processing CARES Act payments for non-tax filers ( ).
To set up their attacks, Scattered Canary uses Gmail “dot accounts” to mass-create accounts on each target website. Scaling Operations with Google Dot Accounts We have also identified the methods Scattered Canary is using to create numerous accounts on government websites and where the stolen funds are directed. In addition to the fraudulent unemployment activity against these states, we have also found evidence that links Scattered Canary to previous attacks targeting CARES Act Economic Impact Payments, which were meant to provide relief caused by the COVID-19 pandemic, as well as new scams targeting Hawaii unemployment benefits. As we detailed last year, Scattered Canary has been involved in a wide variety of fraudulent activity against government services over their 10+ year history, including unemployment fraud, social security fraud, disaster relief fraud, and student aid fraud. Based on information uncovered by the Agari Cyber Intelligence Division, some, if not all, the actors behind these fraudulent schemes are likely part of Scattered Canary, a Nigerian cybercrime group about which we released a detailed report last June. Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment fraud against a number of states, including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming.
0 kommentar(er)
