This is a fantastic article on the new realities of cybersecurity and makes a strong case for corporate cyber-response readiness.
What it was like inside Microsoft during the worst cyberattack in history
Microsoft president Brad Smith describes the chaos inside the tech giant during the SolarWinds hack.
My takeaways from this great article are:
It is estimated that this past year more than $200 billion in federal assistance for unemployed Americans has ended up in the pockets of cybercriminals through rampant, widescale fraud of our nation’s unemployment systems. Texas is unfortunately no exception. Check out the fraud details below and how you can help crack down on these criminals taking advantage of an already difficult situation.
What You Need to Know
There are two main methods used by cybercriminals to facilitate unemployment insurance fraud:
1) Critical Information Accessed Phishing
This method is similar to traditional phishing, where cybercriminals send forged emails with the goal of recipients clicking a link and ultimately giving up personal information or credentials through a phony website. When phishing specifically for unemployment benefits, the goal is to obtain the target’s personal information and use it to file a fraudulent unemployment benefits claim.
The phishing email may be anything that prompts action: a Facebook suspicious login activity alert, your bank informing you that your accounts have been frozen, or even posing as the Texas Workforce Commission themselves requesting information!
2) Compromised PII Used to Submit For Unemployment Benefits
Cybercriminals also regularly use Personally Identifiable Information (PII) that has previously been compromised, leaked, or sold on the Dark Web to file fraudulent unemployment benefit claims. There are thousands of organizations whose customers’ sensitive information has been illegally obtained and is now readily available for criminals to purchase on the Dark Web. Myspace, LinkedIn, Target, Home Depot, Equifax, and Yahoo are a few notable breaches in recent years that compromised the information of millions of Americans.
Common Fraud Indicators
Now that you know how cybercriminals operate, here are red flags to look out for:
How To Prepare
The best course of action is to educate your staff of the risks, the common fraud indicators mentioned above, and how to respond should to the situation arise. It is also wise to train HR personnel to report suspected fraud to the Texas Workforce Commission (TWC) promptly.
Reporting Suspected Fraud
The Texas Workforce Commission has a wealth of resources regarding reporting and specific examples of reportable violations. You can also contact TWC directly via email at TWC.fraud@TWC.state.tx.us or phone via their 24/7 Program Abuse and Fraud Hotline at (800) 252-3642.
A Shared Responsibility
Ultimately, the responsibility for identifying and reporting fraud rests with each of us. The Texas Workforce Commission does actively investigate fraud, but remember unemployment benefits payments are funded through taxpayer dollars and so are the already limited resources for TWC’s investigations. US Medical IT remains dedicated to doing everything in our power to stop cybercriminals from profiting at the expense of others and we are always here to help should something of concern arise within your organization.
A Business Email Compromise, also called BEC for short, has been dubbed by experts as one of the largest growing schemes in cybercrime due to its high success rates, ease of implantation, and massive payouts for the criminals.
In a BEC attack, cybercriminals obtain access to your REAL email account by malicious means or even purchasing reused credentials of yours from leaks on the Dark Web. Once they are into your account, they lay dormant and often undetected for weeks or even months. During this time, they are collecting valuable information about your company, your employees, your operation’s intricacies, and normal finance/payment procedures.
They watch your everyday communications with your team, waiting for the perfect opportunity to arise. Then, they interject themselves in a legitimate conversation regarding payment of an invoice and state (from your actual email account) that funds need to be sent to a “new” bank account. And just like that, tens of thousands of dollars are gone without a trace.
Unfortunately, there is little to no recourse for getting your hard-earned stolen funds back. The FDIC and your bank do NOT cover this type of fraud. Cyber insurance may, however the vast majority of businesses we have worked with did not carry this type of coverage prior to consulting with us. The best cure is always prevention – in this case preventing these criminals from getting into your email in the first place and having all staff trained on what red flags to be watching out for.
Are you worried and ready to protect your business from this growing threat?