The number of suspicious unemployment-related emails targeting Americans rose by 50% after the third round of stimulus checks was announced in late February, according to new data from Tessian’s threat intelligence team.
News of the phishing surge comes after the United States Department of Justice warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, “for the purpose of unlawfully capturing consumers’ personal information.”
Threat researchers found that during the week of February 24, when the third stimulus package was announced, the number of suspicious unemployment- and Covid-19-related emails was 50% higher than the previous week.
During this same week, the number of shady unemployment and Covid-19 emails was 40% higher than the weekly average for these types of threats detected since the start of 2021. In particular, the number of unemployment-themed emails alone increased by 16% above the weekly average.
In the week commencing March 8, when Covid-19 stimulus checks started being received, researchers noted that the number of suspicious unemployment- and Covid-related emails was 51% higher than the weekly average.
Tessian CEO Tim Sadler said that cyber-criminals exploit the fact that many people turn to the internet for support and to seek new employment opportunities after losing their job.
“To identify their targets, bad actors will often turn to LinkedIn and social media posts,” said Sadler.
“A recent report from Tessian found that 93% of people share job updates online, and while it’s common for people to let their networks know that they’ve been laid off and are looking for jobs, they are also unknowingly giving cybercriminals the information they need to craft these types of social engineering attacks.”
In March, the unemployment rate in the United States stood at 6%, 2.5 percentage points higher than its pre-pandemic level in February 2020. At 9.7 million, the number of unemployed persons is four million higher than in February 2020.
Unemployment scams are an effective way for cyber-criminals to make money. Bloomberg reported that the US Unemployment System has lost at least $63 billion in improper payments since last year, according to estimates by a watchdog for the US Department of Labor.