Nigerian group named in COVID-19-related unemployment benefits fraud in US
A “well-orchestrated” COVID-19-related fraud targeting multiple American states has been traced back to Nigeria, an internal US Secret Service memo said.
The memo, seen by The Guardian, was reportedly sent to Secret Service’s field offices across the US on Thursday, May 14.
The Secret Service said the fraudsters are exploring the COVID-19 pandemic to commit massive fraud against by targeting unemployment insurance programmes.
“The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs,” the memo said.
A California-based cybersecurity firm Agari said on Tuesday, May 19, that “some if not all” of those who committed the fraud are part of a Nigerian fraud group Scattered Canary.
Although Washington State was the primary target, evidence of the fraud was seen in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida.
To carry out the scam, the perpetrators, posing for instance as the State of Washington Unemployment Benefits Programme, sent individuals residing out-of-state Automated Clearing House (ACH) deposits in different names without connection to the account holders.
The fraudsters then filed for unemployment claims in different states using Social Security Number and other personal identification information (PII) of their victims, which included first responders, government and school employees.
“It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far,” the memo said.
Nigeria’s Economic and Financial Crimes Commission did not immediately respond to questions about the matter.
Washington Feeling the Pinch
Although the memo insisted that it is “extremely likely every state is vulnerable to this scheme,” Washington seemed to be the hardest hit so far.
As the impacts of the coronavirus pandemic bite harder, many American states reduced the weeklong waiting period of paying unemployment claims as more people were forced out of jobs.
An estimated 38.6 million people have been out of work since the coronavirus lockdowns began in the country.
Washington State’s commissioner of the state Employment Security Department Suzi LeVine said the rush to pay the claims as quickly as possible may have left states like Washington vulnerable.
The Seattle Times reported that 410 out of the 2,463-person staff of Western Washington University were targeted.
“There’s a dire need to get money out quickly,” LeVine said. “This makes us an attractive target for fraudsters.”
The extent of the fraud prompted the state to temporarily halt payment of unemployment benefits for two days on May 14, with fraudulent claims between March and April spiking 27-fold to 700. Payments increased from just $40,000 to $1.6 million during the same period.
LeVine said at a press conference on Thursday that the cost of fraudulent claims has risen significantly above the $1.6 million paid out in April. She said the need to subject filed claims to additional scrutiny has caused delays in payments to those who truly needed the money and that officials were working to recover some of the money.
Although LeVine did not say exactly how much has been lost to the suspected criminals, multiple media reports said the state may have been bled “hundreds of millions of dollars”.
Scattered Canary Sings Fraud
A senior director of threat research at Agari, Crane Hassold, said in a 2019 blog post that the company gave the Nigerian fraud group the name Scattered Canary.
The chief executive officer of the cybersecurity firm Patrick Peterson said the group’s recent activities also included attacks on Hawaii unemployment programme and CARES Act Economic Impact Payments programme set up to provide relief because of the coronavirus pandemic.
Peterson said Scattered Canary filed 174 fraudulent claims in the state of Washington State alone since April 29.
Eighty-two fraudulent CARES Act Economic Impact Payments claims were also filed by the group between April 15 and April 29. Thirty of those CARES claims, Peterson said, were accepted by the United States Internal Revenue Service and were presumably paid out.
“These claims were eligible to receive up to $790 a week for a total of $20,540 over a maximum of 26 weeks,” Peterson said. “Additionally, the CARES Act includes $600 in Federal Pandemic Unemployment Compensation each week through July 31. This adds up to a maximum potential loss as a result of these fraudulent claims of $4.7 million.”
17 fraudulent claims were filed in Massachusetts between May 15 and May 16 and two in Hawaii filed on May 17. The Massachusetts claims were accepted Agari said and could potentially cost the state up to $500,000 in 26 weeks.
To defraud the system, the group set up multiple emails on the target websites – such as state unemployment benefits and IRS websites – using Gmail dots account.
Agari said it identified 259 different variations of a single email address used by the group to create accounts on state and federal websites to carry out fraudulent activities.
“It is clear this is not just a Washington state problem,” said a statement from Washington’s Governor Jay Inslee’s office Thursday. “This is a national and international criminal conspiracy. We were among the first states hit by these fraudsters but we will not be the last.”
Hassold said the group grew from just one man “working Craiglist scams” into a business email compromise gang with dozens of members, with each member given specific tasks.
“Since its inception, at least 35 different actors have joined Scattered Canary in its fraudulent schemes,” Hassold said. “The group has turned to a scalable model through which they can run multiple types of scams concurrently. And with multiple tools designed to help them expand their operations and stay hidden from law enforcement, it is no wonder that they are seeing massive success.”