How Cyber Adversaries Exploit Employee Systems For Their Benefit

In the light of unforeseen consequences due to the COVID-19 pandemic, many governments have been implementing or restructuring laws and policies related to employee benefit plans to offer some financial relief to those who either lost their job or suffered a business loss. In the meantime, cybercriminals have seen this as an opportunity to cash in. Here’s how they attempted to defraud some organizations recently.

HMRC SMS attack

The litigation firm, Griffin Law, identified a new phishing scam designed to target self-employed workers who applied for the Self-Employment Income Support Scheme (SEISS).
  • The scam, disguised as a tax refund benefit, redirects users to a bogus website leading to a fake HMRC site.
  • They are shown a form requesting their email address, postcode, and HMRC log-in details before letting them calculate the eligible refund amount.
  • The catch is on the next step where users need to enter their payment card information, name on card, account number, security code, and expiry date.
  • Around 100 self-employed workers have been targeted in this attack so far.

SFERS attack

The San Francisco Employees’ Retirement System (SFERS) also disclosed a data breach in the last week.
  • The source of the leak was one of its vendors, 10up Inc, wherein a third-party accessed a test data server containing members’ information.
  • The breached data included names, home addresses, dates of birth, designated beneficiary information, and importantly SFERS website credentials.
  • Approximately 74,000 members suffered due to the breach.

Florida unemployment system attack

Around three weeks ago, a group of hackers siphoned off personal data of Floridians.
  • The residents had made claims under unemployment benefits from the Florida Department of Economic Opportunity (DEO).
  • The attack, which affected close to 100 people, was identified by the security experts within an hour.

Washington State’s unemployment insurance programs attack

Security experts also discovered a massive fraud by a hacker group from Nigeria.
  • The group called “Scattered Canary” pilfered hundreds of millions of dollars from Washington state's unemployment system using fraudulent claims.
  • The group also attempted similar fraud scams in Florida, Wyoming, Rhode Island, North Carolina, Massachusetts, and Oklahoma, among others.
  • The Seattle Times also broke the news for halting unemployment payments after finding $1.6 million in fraudulent claims.

Closing lines

Besides forging user identity, the information gathered by attackers can be used in targeted phishing attacks. In such situations, while users need to be watchful of unusual emails related to transactions, compromised agencies need to fortify cyber defenses to prevent such attacks in the future.