Fake Unemployment Benefit Websites Compound Misery

8685179675?profile=RESIZE_400xThe US Department of Justice (DOJ) continues to warn that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data.  In a press release issued 5 March 2021, DOJ reported it had received reports that bad cyber actors are creating fake websites that mimic sites genuinely belonging to SWAs.  "The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data," said DOJ officials.  "That information can then be used by fraudsters to commit identity theft."

Schemes that use links embedded in unsolicited text messages and emails in attempts to obtain personally identifiable information are commonly referred to as phishing schemes.  Phishing messages may look like they come from government agencies, financial intuitions, shipping companies, and social media companies, among many others.  Carefully examine any message purporting to be from a company and do not click on a link in an unsolicited email or text message.  Remember that companies generally do not contact you to ask for your username or password.  When in doubt, contact via telephone the entity purportedly sending you the message, but do not rely on any contact information in the potentially fraudulent message.[1]

To trick victims into accessing these fake websites, the cyber-criminals have been sending spam text messages and emails purporting to be from an SWA.  Contained in the communications is a link to a spoofed SWA website.  "Unless from a known and verified source, consumers should never click on links in text messages or emails claiming to be from an SWA offering the opportunity to apply for unemployment insurance benefits," said the department.  "Instead, anyone needing to apply for unemployment benefits should go to an official SWA website."

As of February 2021, there were 10 million unemployed people in the US.  DOJ US citizens to be vigilant for phishing attacks and to not take the communications they receive at face value.  "Carefully examine any message purporting to be from a company and do not click on a link in an unsolicited email or text message.  Remember that companies generally do not contact you to ask for your username or password," warned DOJ.  "When in doubt, contact the entity purportedly sending you the message, but do not rely on any contact information in the potentially fraudulent message."

If you receive a text message or email claiming to be from an SWA and containing a link or other contact information, please report the communication to the National Center for Disaster Fraud (NCDF) by calling 866-720-5721 or using the NCDF Web Complaint Form found at www.justice.gov/disaster-fraud.

If you believe you may have entered information into a fraudulent website, resources on how to protect your information can be found at www.identitytheft.gov

Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com 

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/3702558539639477516

 

[1] https://www.infosecurity-magazine.com/news/us-warns-of-fake-unemployment/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!