Adding COVID-19 exploitation to its nefarious arsenal targeting governments, the Nigerian Scattered Canary criminal gang most recently attempted to exploit the CARES Act on May 17, filing two fraudulent unemployment claims through Hawaii’s Department of Labor and Industrial Relations website.

The bogus claims were part of a larger criminal effort in the past month that has left several hundred fraudulent droppings in at least eight U.S. states, with additional claims expected, according to Agari, which "cataloged the evolution of a Nigerian cybercriminal organization from its emergence as a one-man shop into a powerful business email compromise (BEC) enterprise employing dozens of threat actors," in a whitepaper published today.

"Since its inception, at least 35 different actors have joined Scattered Canary in its fraudulent schemes," the researchers wrote. "The group has turned to a scalable model through which they can run multiple types
of scams at the same time. And with multiple tools designed to help them expand their operations and stay hidden from law enforcement, it is no wonder that they are seeing massive success."

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.