Cyber-criminals are eager to take advantage of consumers desperate to pay their rent, mortgage or auto loans and are seeking various loans and other methods to access cash quickly.
The number of Americans filing for unemployment relief rises weekly as small and medium-sized businesses face a massive slowdown in the economy as shutdowns continue across the country in an effort to reduce the rate of coronavirus infection.
More than 26 million Americans have already sought unemployment funds and more people are expected to seek relief as businesses will continue to lay off and furlough employees.
Criminals have already begun masquerading as government and bank officials while others pretend to work for mortgage and auto lenders, preying on consumers eager for financial assistance.
The Federal Trade Commission has received reports about fraudulent calls, texts and emails coming from people pretending to be from the Social Security Administration, IRS, Census, U.S. Citizenship and Immigration Services (USCIS) and the Federal Deposit Insurance Corporation (FDIC).
These fake government messages often tell consumers they have been approved for money, can receive fast relief payments, or obtain cash grants due to the coronavirus, the FTC said. These scammers are also promising Americans small business loans or send a phishing alert that a check can be picked up.
Here are the 10 most common scams and how consumers and small business owners can avoid them. Scammers are seeking your hard-earned money and personal and financial information and will use phishing techniques to install malware or ask for ransomware. One of the biggest red flags is that a fraudster will ask you to send cash, pay by purchasing a gift card, wire money or pay with cryptocurrency.
10 Unemployment Scams
1. Pretending to Be a Government Employee
People should be aware that state government websites could also be compromised during this time by various criminal or state-sponsored hacking groups, said Karim Hijazi, CEO of Prevailion, a Columbia, Maryland-based cyber intelligence company. State governments typically do not have optimal cybersecurity in place and they regularly fall victim to a variety of attacks.
“In our own cyber intel monitoring, we have seen a variety of malware that is beaconing out of many state government networks, which means the networks themselves are compromised and to some extent under the control of criminal hackers,” he said.
The rush to file online unemployment filing is leading cybercriminals to infect these government websites with Magecart or other similar malware that could be used to capture data entered into these online forms, Hijazi said.
Consumers should only file an unemployment claim at your state’s official government web portal, which is usually the state workforce agency. Verify the page you are on is actually the state government agency’s website by checking the full URL, which typically ends in “.gov”. Some signs that a website is fake include hyphenated URLs, URLs with numbers replacing certain letters, misspellings in the URL, the use of foreign top-level domains (example: .ru) or other risky top-level domains like .work and .click, no HTTPS address, spelling and grammar mistakes on the website itself, low-resolution logos and images that look copied and popup windows.
2. Pre-Recorded Calls
In the midst of a worldwide pandemic and a potential global economic depression, criminals are seeking to profit from the plague, said Rui Lopes, engineering and technical support director at Panda Security, a Boston-based provider of IT security solutions. Unemployment scams are on the rise through social engineering, robocalls or email phishing.
“There are false claims circulating about how to receive cash benefits and other compensation,” he said. “Don’t be duped, never respond to pre-recorded phone call messages and carefully check the email addresses and content of emails promising anything.”
Be wary of anyone claiming to be from the Social Security Administration, unemployment offices or even a bank.
Just because the caller ID says “IRS” or government agency doesn’t mean it’s real, said Chris Hadnagy, CEO of Social-Engineer, an Orlando, Florida-based cybersecurity company that specializes in social engineering attacks like phishing. Criminals can do something called “spoofing” which makes numbers appear like they are coming from places they are not. If you get a call like this, simply go to the Internet and look up the proper number and call that to verify.
“Sophisticated crime groups also use well-trained telephone operators to handle these calls,” he said. These people know how to talk and how to act in order to sound like real professionals. They may also play background sounds to imitate a busy office or call center environment.”
More and more criminals also use previously stolen personal information, which they purchased from earlier data dumps to sound even more convincing on the phone.
“After all, if the person calling you from a spoofed state workforce commission phone number knows your full name, home address, email or last four of your Social Security Number, you are more likely to believe it’s the real thing,” Hadnagy said.
3. Fake Stimulus Checks
Many states have warned there is an increase in unemployment scams along with the FTC and Better Business Bureau.
There are many different tricks criminals will use such as claiming that people need to click on a link to confirm receipt of the government check, requiring consumers to provide more information in order to be processed or to get more money or requiring you to pay a processing fee, said Hadnagy.
“In some cases, victims may even receive fake checks in the mail,” he said. “According to the FTC, these checks will eventually bounce but while the bank is trying to process this check, the victim will be contacted by the scammer. The scammer will tell them they were overpaid and must return the excess amount immediately through a separate wire transfer. Those who fall for this scam could be out hundreds or thousands of dollars.”
If you receive a check you are unsure if you should have received, call the agency to verify it is real before cashing it and keep in mind that the agency would not require you to pay a fee to process payments like that, Hadnagy said.
4. Scam Websites
Scammers take advantage of times of crisis by exploiting the “exceedingly high degree of focus on the topic and its associated emotions, as well as the higher volume of traffic to certain websites” said Justin Brecese, director at the Crypsis Group, a McLean, Virginia-based incident response, risk management and digital forensics firm.
There are reports of malicious websites that charge unnecessary fees for filing unemployment or may require the user to upload copies of sensitive documents, including birth certificates or drivers’ licenses, he said. The legitimate method of filing will never incur a cost or request uploads of sensitive material.
“The best way to avoid such scams is to only trust the state government’s guidance and ensure online filing is only conducted through state government official websites,” Brecese said.
Since millions of people are filing unemployment claims online and many state agencies have had bonafide technical errors trying to process all of these requests, the ideal environment was created for scammers, Hijazi.
Numerous state workforce agencies have issued consumer alerts about these scams.
“By impersonating a state workforce agency or a third-party vendor to a state agency, these criminal websites can trick people who are desperate to get their unemployment benefits into ‘filing’ with them instead of the real government agency, he said. “This will then lead to an extensive personal information compromise and very likely financial fraud too since the website will probably require a ‘processing fee’ to be paid. People can’t afford any fraudulent charges these days, so these scams are especially cruel right now.”
5. Fake Emails or Phishing
Displaced workers should be on the lookout for unemployment-related emails that appear to be helpful, but are in fact illegitimate and seek personal information or contain links or attachments. Scam emails, known as phishing, will often try to appear as though they came from the government and may contain malicious links to surveys or other online forms that request personal information.
“Scam phone callers are likely to state that they are representing or partnering with the state government and will attempt to solicit personal information as well,” Brecese said.
The best course of action is to not reply to any suspicious emails.
“When it is unclear whether an email is legitimate, it is always safest to go directly to the website of the purported sender, rather than clicking on any links within the email,” he said.
The scammers will use various pretexts and may claim that because of the state agency’s website crash, your information was not completely processed and that is why you must resubmit, Hadnagy said.
“As with the phone fraud operations, they may threaten the email recipient by claiming they owe back taxes or penalties and won’t receive their benefits until this is paid off,” he said. “It is not uncommon for sophisticated criminal groups to use a blended approach to scams, combining phishing emails or text messages with call centers. This tactic is more complicated for the criminal, but it is often more convincing to the person contacted.”
6. Pretending to Be a Worker for the SBA
The Office of Inspector General said there are several potential fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration (SBA) in response to COVID-19. The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the largest financial assistance bill to date, includes provisions to help small businesses.
Fraudsters started targeting small business owners during these economically difficult times. The OIG reminds business owners about the following:
- SBA does not initiate contact on either 7a or Disaster loans or grants.
- If you are contacted by someone promising to get approval of an SBA loan, but requires any payment up front or offers a high interest bridge loan in the interim, suspect fraud.
- SBA limits the fees a broker can charge a borrower to 3% for loans $50,000 or less and 2% for loans $50,000 to $1,000,000 with an additional 0.25% on amounts over $1,000,000. Any attempt to charge more than these fees is inappropriate.
- If you have a question about getting a SBA disaster loan, call 800-659-2955 or send an email to email@example.com
- If you are in the process of applying for an SBA loan and receive email correspondence asking for personally identifiable information (PII) ensure that the referenced application number is consistent with the actual application number.
- Look out for phishing attacks/scams utilizing the SBA logo. These may be attempts to obtain your PII or to obtain personal banking access or to install ransomware/malware on your computer.
- Any email communication from SBA will come from accounts ending with sba.gov.
As unemployment rises, employment scams and other opportunistic cons may be used to prey on people who are in dire need of income. Many people post detailed information about their lives publicly to social media including their employment status and hardships and this information can be used to craft convincing campaigns against them, said Jack Mannino, CEO at nVisium, an application security provider in Falls Church, Virginia.
“Most quick-cash schemes are generally too good to be true, which often entice victims by the allure of fast income and a quick fix to their problems,” he said. “Avoid disclosing personal information over the phone or by email to anyone claiming to be from an agency, as you should typically apply for unemployment benefits online. Do not accept checks or goods from any individuals you don’t fully know or trust.”
7. Fraudulent Employment Websites
People looking for new jobs present an excellent target for criminals, said Rick Holland, chief information security officer at Digital Shadows, a San Francisco-based provider of digital risk protection solutions.
“Be on the lookout out for fake emails and fake websites for popular employment websites,” he said. “Also, be on the lookout for fake recruiters offering to help you find a new job.”
8. Fake Recruiters
Attackers can easily pose as recruiters and send messages to unsuspecting victims with malicious links or files veiled as employment documentation, said Hank Schless, senior product marketing manager at Lookout, a provider of mobile phishing solutions in San Francisco.
“Job seekers interact with recruiters they don’t know and share CVs that contain lots of personal information,” he said.
Since all job search platforms have mobile apps, job seekers are using them to apply to new opportunities.
“When a mobile alert comes up, we’re programmed to quickly open it, give the message a quick skim, and open the attached link or document without much thought,” Schless said. “It’s easy to overlook some of the red flags of a malicious phishing link or document in one of these messages. For example, mobile devices shorten the full URL that a link leads to, which can be one of the biggest giveaways for phishing content.”
Instead, job seekers should authenticate recruiters by looking for them on LinkedIn and confirm that they’re legitimate, he said.
9. Smishing Scams
There is a high likelihood we will see text message phishing scams that try to take advantage of the rise in unemployment claims. Smishing is now a common practice among criminals and is more difficult to detect than email phishing. Unlike with email, there is no spam filter to block these messages from reaching your phone, Hijazi said.
“It’s also impossible to tell the true source of a message sent via text, whereas with email you can look up the ‘return-path’ in the email header to find the actual sender of the message you received,” he said. “Texting also allows the hacker to use tiny URLs, which conceal the actual website address and the smaller screen obscures the full website address most of the time.”
People should expect to see mass text messages that offer to help you file your unemployment claim or get your money processed faster. They may also claim there is a problem with your unemployment claim or the issued payment.
“Never, ever respond to a text message solicitation,” Hijazi said. “There is no way for you to verify the authenticity of the person or organization who contacted you, so it’s best to avoid answering these when you receive them.”
10. Fake Resumes
Businesses are also facing a slew of attacks that play off of the same developments and trends and need to be on the lookout for “poisoned” or “weaponized” CVs sent by cybercriminals that impersonate job seekers, Hijazi said.
“Criminals are likely to take advantage of this situation by imitating these job applicants and attaching resume files that conceal malware,” he said. “These weaponized CVs can be used to hack into a company, steal employee passwords and credentials, create a backdoor into the network that other hackers and malware can use, as well as to hijack online financial accounts. My research team recently uncovered a sophisticated weaponized CV campaign by the Russian crime group known as TA505 that has been active since the summer.”
Office 365 files are frequently used as the delivery method for malware, but attackers may also use real or fake Google Drive links to hack into companies. These links can redirect the company employee to a malicious website that will attempt to steal credentials or infect with malware.