At a glance.
- Unemployment relief fraud.
- Espionage is the apparent motive in the easyJet hack.
- Compromising privacy when rating beer.
Unemployment relief program fraud.
Unemployment relief assistance designed to compensate workers who've lost their jobs during the economic stress of the pandemic are being targeted by scammers. Agari reports that much of the criminal fraud against such relief programs observed in the US states of Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming are the work of the Scattered Canary gang, a criminal group based in Nigeria.
The researchers outlined a few of the approaches. They found that eighty-two fraudulent claims for CARES Act Economic Impact Payments were filed between April 15th and 29th. Since April 29th at least one-hundred-forty-seven fraudulent unemployment claims were filed in the state of Washington. Between May 15th and 16th, seventeen fraudulent unemployment claims were filed in Massachusetts. And most recently Agari has observed signs that the criminals are turning their attentions toward Hawaii, where on the evening of May 17th two claims were registered with the state's Department of Labor and Industrial Relations.
The techniques Scattered Canary is using are the grubby, low-tech stuff of petty cyber crime. BleepingComputer says that the gang is using social security numbers and other personal data stolen from identity theft victims to create bogus accounts on assistance sites. As the Washington Post points out, state relief agencies are under the gun to provide assistance to people who need it in a hurry, and haste is usually accompanied by a certain relaxation of vigilance.
An apparent motive in the easyJet hack.
Sources tell Reuters that Chinese intelligence services were responsible for the easyJet hack that affected some nine-million passengers. The anonymous sources say that the same threat group had tracked travelers before, and was interested in their movements, not in financial gain from credit card theft.
A beer-rating app could reveal more than your assessment of how hoppy that IPA was.
Bellingcat has some security advice for military and intelligence professionals: treat beer as a commodity and be content. If you use the Untappd app to rate beer, you can in principle be tracked. Untappd engages in what Bellingcat calls “meticulous” location tracking, showing the locations where the users consumed the beer they were rating. It’s not so much that Untappd is irresponsible--in fact Bellingcat describes the app’s privacy settings as being pretty decent--it’s just that it’s possible to correlate locations and movements with other social media, and, as is almost always the case, people want to upload pictures of the places where they’re enjoying themselves.