The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims.
Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.
“These spoofed websites imitate the appearance of and can be easily mistaken for legitimate websites offering unemployment benefits,” the federal law enforcement agency said in a public service announcement published on Internet Crime Complaint Center’s site.
“The fake websites prompt victims to enter sensitive personal and financial information. Cyber actors use this information to redirect unemployment benefits, harvest user credentials, collect personally identifiable information, and infect victim’s devices with malware.
“In addition to a loss of benefits, victims of this activity can suffer a range of additional consequences, including ransomware infection and identity theft.”
The FBI said it identified 385 domains, with eight of them impersonating government sites linked to official unemployment benefits platforms.
| Domain | Status |
|---|---|
| employ-nv[.]xyz | Active |
| employ-wiscon[.]xyz | Inactive |
| gov2go[.]xyz | Active |
| illiform-gov[.]xyz | Active |
| mary-landgov[.]xyz | Active |
| Marylandgov[.]xyz | Inactive |
| newstate-nm[.]xyz | Active |
| Newstatenm[.]xyz | Inactive |
Identity theft and benefits fraud warnings
There is also a high chance that the information stolen through these spoofed sites could get into the hands of identity thieves, which can exploit in various benefits fraud schemes.
The US Federal Trade Commission (FTC) said in February 2021 that the total number of identity theft reports doubled in 2020 compared to 2019, with a record of 1.4 million reports within one year.
“2020’s biggest surge in identity theft reports to the FTC related to the nationwide dip in employment,” the FTC said. “After the government expanded unemployment benefits to people left jobless by the pandemic, cybercriminals filed unemployment claims using other people’s personal information.”
For example, the FTC received 394,280 reports regarding government benefits fraud attempts last year, most of them related to unemployment benefit identity theft fraud — compared with the 12,900 reports filed in 2019.
In January, The Internal Revenue Service (IRS) also published taxpayer guidance on identifying theft attempts involving unemployment benefits.
“The Internal Revenue Service today urged taxpayers who receive Forms 1099-G for unemployment benefits they did not actually get because of identity theft to contact their appropriate state agency for a corrected form,” the US federal revenue service said.
“Additionally, if taxpayers are concerned that their personal information has been stolen and they want to protect their identity when filing their federal tax return, they can request an Identity Protection Pin (IP PIN) from the IRS.”