How Cyber Adversaries Exploit Employee Systems For Their Benefit

HMRC SMS attack

• The scam, disguised as a tax refund benefit, redirects users to a bogus website leading to a fake HMRC site.
• They are shown a form requesting their email address, postcode, and HMRC log-in details before letting them calculate the eligible refund amount.
• The catch is on the next step where users need to enter their payment card information, name on card, account number, security code, and expiry date.
• Around 100 self-employed workers have been targeted in this attack so far.

SFERS attack

• The source of the leak was one of its vendors, 10up Inc, wherein a third-party accessed a test data server containing members’ information.
• The breached data included names, home addresses, dates of birth, designated beneficiary information, and importantly SFERS website credentials.
• Approximately 74,000 members suffered due to the breach.

Florida unemployment system attack

• The residents had made claims under unemployment benefits from the Florida Department of Economic Opportunity (DEO).
• The attack, which affected close to 100 people, was identified by the security experts within an hour.

Washington State’s unemployment insurance programs attack

• The group called “Scattered Canary” pilfered hundreds of millions of dollars from Washington state's unemployment system using fraudulent claims.
• The group also attempted similar fraud scams in Florida, Wyoming, Rhode Island, North Carolina, Massachusetts, and Oklahoma, among others.
• The Seattle Times also broke the news for halting unemployment payments after finding $1.6 million in fraudulent claims.

Closing lines