Scattered Canary
A group of business email compromise (BEC) Nigerian scammers has been targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act.
The threat actor, which researchers call Scattered Canary, used the IRS and state unemployment websites to file hundreds of fraudulent claims on behalf of U.S. citizens, and receive benefit payments.
Exploiting Gmail feature
Scattered Canary used social security numbers and personally identifiable information from identity theft victims to create fake accounts on websites for processing CARES Act payments.
By taking advantage of a feature in Gmail, they were able to use for the fraudulent claims variations of the same email address. Replies to any of those addresses would be delivered to a single Gmail account, though.
This works because Google does not read the dots in usernames and treats addresses that are visually different as belonging to the same user. Using Google’s example, sending messages to the addresses below will reach the same account:
- john.smith@gmail.com
- jo.hn.sm.ith@gmail.com
- j.o.h.n.s.m.i.t.h@gmail.com
The Agari Cyber Intelligence Division (ACID), a company that offers protection against advanced email attacks, identified 259 different variations of a single address that was used by Scattered Canary for this large-scale fraudulent activity.
Source : BEC Scammers target unemployment and CARES Act claims
VPN : un outil indispensable pour protéger vos données Le VPN, ou « Virtual Private…
Cybersécurité et PME : les risques à ne pas sous-estimer On pense souvent que seules…
Comment reconnaître une attaque de phishing et s’en protéger Le phishing ou « hameçonnage »…
Qu’est-ce que la cybersécurité ? Définition, enjeux et bonnes pratiques en 2025 La cybersécurité est…
Cybersécurité : les établissements de santé renforcent leur défense grâce aux exercices de crise Face…
L'IA : opportunité ou menace ? Les DSI de la finance s'interrogent Alors que l'intelligence…
This website uses cookies.