Cybercriminals are eager to take advantage of desperate consumers to pay rent, mortgages or auto loans and are looking for various loans and other methods of quickly accessing cash.

The number of Americans applying for unemployment benefits increases weekly as small and medium-sized businesses face a sharp economic slowdown as blockages continue across the country in an attempt to reduce the coronavirus infection rate.

More than 26 million Americans have already sought unemployment funds and more people are expected to seek help as companies continue to fire and lay off employees.

Hackers have been on the hunt for unsuspecting victims who are facing loss of income and their savings are decreasing rapidly.

Criminals have already begun to disguise themselves as government and banking officials while others pretend to work for auto loans and auto lenders, leveraging consumers eager for financial assistance.

The Federal Trade Commission has received reports of fraudulent calls, messages, and emails from people who pretended to be from the Social Security Administration, IRS, census, US Citizenship and Immigration Services (USCIS) and Federal Deposit Insurance Corporation (FDIC) .

These fake government messages often tell consumers that they have been approved for cash, that they can receive quick relief payments or get cash grants because of the coronavirus, FTC said. These scammers also promise loans to small US businesses or send a phishing notice that a check can be withdrawn.

Here are the 10 most common scams and how consumers and small business owners can avoid them. Scammers are looking for your hard-earned money and your personal and financial information and will use phishing techniques to install malware or request ransomware. One of the biggest red flags is that a scammer will ask you to send cash, pay by purchasing a gift card, bank transfer or pay by cryptocurrency.

10 unemployment scams

1. Pretending to be a government employee

People should be aware that state government websites could also be compromised by various state-sponsored or criminal groups during this time, said Karim Hijazi, CEO of Prevailion, a cyber intelligence company based in Columbia, Maryland. . State governments generally lack optimal cyber security and regularly fall victim to numerous attacks.

“In our monitoring of computer information, we have seen a variety of malware spreading from many state government networks, which means that the networks themselves are compromised and to some extent under the control of criminal hackers,” he said.

The haste to file unemployment online is leading cybercriminals to infect these government websites with Magecart or other similar malware that could be used to acquire the data entered in these online forms, Hijazi said.

Consumers should only file an unemployment claim on your state’s official government web portal, which is usually the state’s workforce agency. Verify that the page you are on is actually the state government agency website by checking the full URL, which usually ends in “.gov”. Some signs that a website is fake include spelled URLs, URLs with numbers that replace certain letters, misspellings in the URL, the use of foreign top-level domains (example: .ru) or other risky top-level domains such as .work and .click, no HTTPS addresses, spelling and grammatical errors on the website itself, low resolution logos and images that appear to be copied and popup windows.

2. Pre-recorded calls

Amid a global pandemic and a potential global economic depression, criminals are trying to profit from the plague, said Rui Lopes, director of technical and engineering support for Panda Security, a Boston-based provider of IT security solutions. . Unemployment scams are on the rise through social engineering, robocalls or email phishing.

“False claims are circulating about how to receive cash and other compensation,” he said. “Don’t be fooled, never answer pre-recorded phone calls and carefully check the email addresses and content of the emails that promise something.”

Be wary of anyone who claims to be from the Social Security Administration, unemployment offices or even a bank.

Just because the caller ID says “IRS” or government agency doesn’t mean it’s real, said Chris Hadnagy, CEO of Social-Engineer, an IT security company based in Orlando, Florida that specializes in social engineering attacks. like phishing. Criminals can do something called “spoofing” that makes numbers appear as if they came from places where they are not. If you get a call like this, simply go to the Internet and look for the correct number and call it to verify.

“Sophisticated criminal groups also use well-trained telephone operators to handle these calls,” he said. These people know how to speak and how to act to look real professionals. They can also play background sounds to mimic a busy office or call center environment. “

More and more criminals also use previously stolen personal information, which they purchased from previous data dumps to look even more convincing on the phone.

“After all, if the person calling you from a phone number from the counterfeit state workforce commission knows your full name, home address, email, or the last four of your social security number, it is more likely that you believe it’s the real thing, “said Hadnagy.

3. False stimulation checks

Many states have warned that there is an increase in unemployment scams along with FTC and Better Business Bureau.

There are many different tricks that criminals will use, for example stating that people have to click on a link to confirm receipt of the government check, forcing consumers to provide more information to be processed or get more money, or requesting the payment of a ‘tax processing, Hadnagy said.

“In some cases, victims may even receive fake checks in the mail,” he said. “According to the FTC, these checks will eventually rebound but while the bank is attempting to process this check, the victim will be contacted by the scammer. The scammer will tell them that they have been paid in excess and must immediately return the excess amount via a wire transfer. separate banking. Those who fall for this scam could be hundreds or thousands of dollars out. “

If you receive a check that you are not sure you need to receive, call the agency to verify that it is real before cashing it out and keep in mind that the agency would not ask you to pay a commission to process such payments, Hadnagy said.

4. Scam websites

Fraudsters take advantage of times of crisis by taking advantage of the “extremely high level of attention on the topic and associated emotions, as well as the increased volume of traffic to certain websites,” said Justin Brecese, director of the Crypsis Group, in McLean, Virginia. accidents, risk management and digital forensics companies.

There are reports of malicious websites that charge commissions that are unnecessary for filing unemployment or that may require the user to upload copies of sensitive documents, including birth certificates or driving licenses, he said. The legitimate storage method will never incur costs or require uploads of sensitive material.

“The best way to avoid such scams is to only trust state government guidance and ensure that online archiving is conducted only through official state government websites,” said Brecese.

As millions of people are filing online for unemployment and many state agencies have had technical errors in good faith in trying to process all of these claims, the ideal environment has been created for scammers, Hijazi.

Numerous state workforce agencies have issued consumer warnings about these scams.

“By impersonating a state-owned workforce agency or a third-party supplier to a state-owned agency, these criminal websites can trick people who are desperate to get their unemployment benefits in the” filing “with them instead of the real agency government, he said. “This will therefore result in a large compromise of personal information and also likely financial fraud since the website will likely require a” processing fee “to pay. Nowadays people can’t afford fraudulent accusations, so these scams are particularly cruel at the moment. “

5. Fake emails or phishing

Internally displaced workers should be looking for unemployment-related emails that appear to be useful, but are actually illegitimate and seek personal information or contain links or attachments. Scam emails, known as phishing, will often try to appear as coming from the government and may contain malicious links to surveys or other online forms that require personal information.

“The scam callers are likely to declare that they are representing or collaborating with the state government and will also attempt to solicit personal information,” said Brecese.

The best course of action is to not respond to suspicious emails.

“When it’s unclear whether an email is legitimate, it’s always safer to go directly to the alleged sender’s website than to click on any link in the email,” he said.

Fraudsters will use various pretexts and may claim that due to the state agency website crash, your information has not been fully processed and that is why you have to resubmit it, Hadnagy said.

“As with telephone fraud operations, they can threaten the recipient of email by claiming that they have to pay taxes or penalties and will not receive their benefits until they are paid,” he said. “It is not unusual for sophisticated criminal groups to use a mixed approach to scams, combining phishing emails or text messages with call centers. This tactic is more complicated for the criminal, but often more convincing for the contacted person.”

6. Pretending to be an SBA worker

The inspector general’s office said that there are several potential fraud schemes related to U.S. economic incentive programs. Small Business Administration (SBA) in response to COVID-19. The Coronavirus Aid, Relief and Economic Security Act (CARES Act), the largest financial assistance bill to date, includes provisions to help small businesses.

Fraudsters started targeting small business owners during these difficult economic times. The OIG reminds entrepreneurs of the following:

SBA does not initiate contacts on loans or grants 7a or Disaster.

If you are contacted by someone who promises to get an SBA loan approval, but requires an upfront payment or offers a high interest bridging loan in the meantime, suspect fraud.

SBA limits the fees that a broker can charge a borrower to 3% for loans of $ 50,000 or less and 2% for loans from $ 50,000 to $ 1,000,000 with an additional 0.25% on amounts greater than $ 1,000. 000. Any attempt to charge more than these fees is inappropriate.

If you have questions about how to get an SBA disaster loan, call 800-659-2955 or send an email to disastercustomerservice@sba.gov

If you are applying for an SBA loan and you are receiving an email correspondence requesting personally identifiable information (PII), make sure that the reference application number is consistent with the actual application number.

Watch out for phishing attacks / scams that use the SBA logo. These could be attempts to obtain your PII or to obtain personal bank access or to install ransomware / malware on your computer.

Any email communications from SBA come from accounts that end with sba.gov.

With rising unemployment, employment scams and other opportunistic disadvantages can be used to prey on people who desperately need income. Many people publish detailed information about their lives publicly on social media, including their employment status and difficulties, and this information can be used to create compelling campaigns against them, said Jack Mannino, CEO of nVisium, an application security provider. in Falls Church, Virginia.

“Most of the quick checkout systems are generally too good to be true, which often attracts victims from the appeal of quick entries and a quick fix to their problems,” he said. “Avoid disclosing personal information by phone or email to anyone who claims to be from an agency, as you typically need to apply for unemployment benefits online. Don’t accept checks or goods from people you don’t know or don’t know about you trust completely. “

7. Websites about fraudulent occupation

People looking for new jobs are an excellent target for criminals, said Rick Holland, information security manager of Digital Shadows, a San Francisco-based provider of digital risk protection solutions.

“Being on the lookout for fake emails and fake websites for popular job websites,” he said. “Also, pay attention to the search for fake recruiters who help you find a new job.”

8. Fake recruiters

Attackers can easily take on the role of recruiters and send messages to unsuspecting victims with veiled malicious links or files as employment documentation, said Hank Schless, senior product marketing manager of Lookout, a mobile phishing solutions provider in San Francisco. .

“Job seekers interact with recruiters who don’t know and share CVs that contain a lot of personal information,” he said.

Since all job search platforms have mobile apps, jobseekers are using them to apply for new opportunities.

“When a mobile alert is issued, we are programmed to open it quickly, take a quick look at the message and open the link or attached document without thinking about it too much,” said Schless. “It’s easy to overlook some of the red flags of a malicious link or phishing document in one of these messages. For example, mobile devices shorten the full URL to which a link leads, which may be one of the biggest freebies for content. phishing. “

Instead, jobseekers should authenticate recruiters by looking for them on LinkedIn and confirm that they are legitimate, he said.

9. Smishing scam

There is a high probability that we will see phishing scams via text messages attempting to take advantage of rising unemployment claims. Smishing is now a common practice among criminals and is more difficult to detect than email phishing. Unlike email, there is no spam filter to prevent these messages from reaching your phone, said Hijazi.

“It is also impossible to say the true source of a message sent via SMS, while with the email you can search for the” return path “in the header of the email to find the actual sender of the message you have received,” he said. He said. “Text messaging also allows hackers to use tiny URLs, which hide the actual website address and the smaller screen obscures the full website address most of the time.”

People should expect to see mass text messages that help you apply for unemployment or process your money faster. They can also state that there is a problem with the unemployment claim or the payment issued.

“Never ever answer a text message request,” said Hijazi. “There is no way for you to verify the authenticity of the person or organization who contacted you, so it is best to avoid replying to these when you receive them.”

10. Shoot fakes

Companies are also facing a series of attacks that play with the same developments and trends and must be on the lookout for “poisoned” or “armed” CVs sent by cybercriminals impersonating job seekers, Hijazi said.

“Criminals are likely to take advantage of this by imitating these candidates and attaching resume files that hide malware,” he said. “These armed CVs can be used to hack a company, steal employee passwords and credentials, create a backdoor on the network that other hackers and malware can use, as well as hijack online financial accounts. My research team recently discovered a sophisticated armed CV campaign by the Russian criminal group known as TA505 which has been active since summer. “

Office 365 files are often used as a delivery method for malware, but attackers can also use real or fake Google Drive links to hack companies. These links can redirect the company employee to a malicious website that will attempt to steal credentials or infect with malware.

.