Fraud ring uses stolen data to scam unemployment insurance programs
It underscores weaknesses in online security.
Fraudsters are taking advantage of both data breaches and weaknesses in government online systems to commit scams on a large scale. KrebsOnSecurity has obtained a Secret Service memo revealing that a sophisticated Nigerian crime ring has been using a “substantial” database of stolen identity data to file bogus unemployment claims during the COVID-19 pandemic. According to a federal investigator talking to KOS, the perpetrators were effectively taking advantage of poor security measures in numerous states, such as their inability to detect multiple applications from the same internet address.
The ring also relies heavily on “mules” to launder the money. In the past, many of these conduits were previously the victims of internet romance scams.
The campaign comes at a particularly bad time when the pandemic has forced a record number of people out of work. These scams force governments to look into scams right at a moment when many legitimate claimants — in at least one case, officials have needed to halt payments after discovering phony claims.
It’s not clear what action (if any) American authorities can take to stop the fraud. However, the scams underscore the importance of protecting against identity theft, both for individuals and companies. They also make clear that governments need to tighten online security for unemployment and other systems that require sensitive info — strict safeguards for data don’t matter if there aren’t enough checks to make sure it’s being used properly.
