Nigerian cyber criminals target Texas unemployment system

News
By published

Cyber criminals use Gmail feature to register the same email address multiple times

Hacker in a hood on a computer

A Nigerian cyber crime gang has attacked the Texas unemployment system, according to reports.

Evidence shared with reporters at the CBS 11 I-Team based in Dallas/Fort Worth, Texas showed the criminals detailed how to commit unemployment identity fraud through the Texas Workforce Commission website in a 13-page step-by-step tutorial.

RELATED RESOURCE

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

FREE DOWNLOAD

The tutorial, created by the Nigerian cyber crime gang known as Scattered Canary, was discovered in a closed online group chat between members.

An insider helped cyber security company Agari to acquire a copy of the document from a WhatsApp group chat. Former FBI agent Crane Hassold, now director of threat research for Agari, said information flow is important to this type of cyber crime.

"The tutorial shows how to apply for unemployment benefits and even introduces some of the red flags if you enter things a certain way," he said.

Fraud has cost Texas over $893 million in unemployment benefits since the beginning of the COVID-19 pandemic. The Texas Workforce Commission said that it has been the target of cyber scammers worldwide, but IP masking has made it difficult to find the perpetrators' exact location.

Hassold said the Scattered Canary cyber crime gang is abusing a feature in the Gmail system to help them work quicker. Gmail ignores periods in its email addresses, so john.doe@gmail.com, j.ohndoe@gmail.com," and "j.o.h.n.d.o.e@gmail.com" are all, in fact, the same email account. But the state unemployment systems see them as unique emails, allowing fraudsters to make a claim with each variation without suspicion.

"Essentially it allows their communication flow to be much more efficient," said Hassold.

"Instead of having to go to dozens of different email accounts to look at what's going on, it's all coming to one centralized location."

The gang then funnels any money defrauded from Texas into offshore accounts before any claims are flagged. The gang has used Green Dot prepaid cards to receive the payments from their fraudulent claims. These cards will have been registered with the same stolen identity as the unemployment claims to avoid red flags. Before cards can be delivered via mail, the gang goes online to withdraw money from the account.

The Texas Workforce Commission said it has deployed several fraud protections on its systems and prevented over $9 billion in fraudulent identity theft claims.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.

Oracle

UK cloud infrastructure set for boost amid $5 billion Oracle investment
A CGI render of a warning symbol representing malware, sitting on an abstract computer surface. Decorative: the warning sign is glowing red and there is blue and yellow diffused light throughout.

What is an APT and how are they tracked?
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.

Cisco unveils new agentic AI tools to improve customer and employee experience

See more latest
Most Popular
Oracle
UK cloud infrastructure set for boost amid $5 billion Oracle investment
Cisco logo and branding pictured at the Mobile World Congress in Barcelona, 2023.
Cisco unveils new agentic AI tools to improve customer and employee experience
Thomas Kurian, CEO at Google Cloud, sat next to Demis Hassabis, CEO at Google DeepMind, Mark Read, CEO at WPP, and Allison Kirkby, CEO at BT Group, at the Gemini for the United Kingdom live event held at the Google DeepMind HQ in London.
Google Cloud announces UK data residency for agentic AI services
A hand on a keyboard in a dark room
Alleged LockBit developer extradited to the US
Github logo on a laptop computer arranged in the Brooklyn borough of New York, US, on Friday, March 31, 2023
Organizations urged to act fast after GitHub Action supply chain attack
Female job candidate with short hair participating in a video call interview while using AI tools on small tablet device out of view of the recruiter.
‘If you want to look like a flesh-bound chatbot, then by all means use an AI teleprompter’: Amazon banned candidates from using AI tools during interviews – here’s why you should never use them to secure a job
Jeremy Fleming, former head of GCHQ, onstage with Haider Pasha, chief security officer, EMEA & LATAM at Palo Alto Networks at Ignite London 2025.
Businesses must get better at sharing cyber information, urges former GCHQ chief
A Dell Inspiron 14 AI PC pictured inside a Best Buy store on Black Friday in Pinole.
AI PCs are becoming a no-brainer for IT decision makers
Wifi symbol, internet connection, business, global communication, mobile network, 5g, mobile phone
94% of Wi-Fi networks are vulnerable to deauthentication attacks
UK Prime Minister Keir Starmer speaking during a Q&A session after delivering a speech on plans to reform the civil service, during a visit to Reckitt Benckiser Health Care UK.
Starmer bets big on AI to unlock public sector savings