New Report From WMC Global Proves Phishing Kit Research Combats COVID-19 Unemployment Insurance Fraud

Sophisticated threat actors are leveraging phishing kits, back-end source code packages used by scammers to launch phishing attacks, to defraud both citizens and government agencies out of unemployment payments. Exploiting pandemic-related stress and financial concern, remote work, and government “brand” trust, threat actors are preying on the vulnerabilities of millions of Americans to the tune of $87 billion to $400 billion in government losses, roughly half of which have been routed abroad.

Dubbed a “scam pandemic” by the Federal Trade Commission, these unemployment Insurance-related phishing campaigns have targeted people in all 50 states, representing far-reaching data privacy and cybersecurity threat. For instance, the State of Illinois experienced one of the most expansive phishing attacks seen by telco veteran turned cybersecurity expert WMC Global. Despite warnings and messaging from the Illinois Department of Employment Security (IDES), including a press release and subsequent news coverage, threat actors were inundating Illinois residents with SMS phishing campaigns.

Additionally, in Wisconsin and Maryland, the unemployment insurance phishing attacks involved text messages sent to unaware consumers asking them to verify their information to receive benefits at a provided link. The target was then directed to a phishing page impersonating the state benefits service, which required the user to provide personally identifiable information (PII) to receive the supposed benefits.

Threat analysts deal with customer credential phishing as a daily occurrence; however, in the past, they have lacked actionable intelligence solutions that allow for attribution of these attacks. Phishing kits are an untapped resource. Using phishing kits allows threat actors to continually update their approach, refreshing their methodologies to maintain effectiveness, and the hidden code elements and vital clues they contain offer the opportunity to attribute mass campaigns back to the responsible threat actor(s).

WMC Global has identified intra-state patterns of unemployment insurance fraud and is relaying all findings to government agencies.