HomeCyberBustScattered Canary: How A Nigerian Fraud Ring Hijacked Washington Unemployment System

Scattered Canary: How A Nigerian Fraud Ring Hijacked Washington Unemployment System

If you purchase via links on our reader-supported site, we may receive affiliate commissions.

Here, we will show you how a Nigerian Fraud ring hijacked Washington unemployment system in one of the biggest business email compromise (BEC) scams.

It is no longer news that Washington and about 6 other US states have been victims of fraud attacks by the Scattered Canary. Hundreds of millions of dollars were siphoned from the ongoing unemployment benefits pay-out as a result of the economic and financial effect caused by the coronavirus pandemic according to an ongoing investigation from the Federal Department of Justice.

In what appears to be the biggest COVID-19 unemployment fraud to have ever come out of Africa, the world was woken to the scattering report from multiple sources involving millions of dollars fraudulently stolen by hackers. These were allegedly spearheaded by a west African based cybercrime group named the “Scattered Canary” as revealed by Agari, a security research firm. The group used stolen identities from a previous consumer data breach.

The COVID-19 unemployment fraud was reported by Seattletimes and other local media outlets. But, Agari’s Cyber Intelligence Division (ACID) has been trailing and investigating the cybercriminal group of hackers involved and has managed to penetrate the activities of the group.

When the news broke out about Washington State losing millions of dollars to cyber-criminals, the security research firm intensified their investigation on the group to expose the criminal masterminds behind the group.

Scattered Canary And The 35 Cybercriminals

business email compromise nigerian fraud ring

This West African based cybercrime group did not start big, but it was founded in 2008 so they’ve had enough time to hit big while being un-identified until now. From a “one-man gang” known as Alpha whose operation was centered on Craigslist, eBay, check, and romance scams to a full-blown cartel of criminals strengthened by 35 members who engaged in various kinds of frauds running concurrently and.

Before now, Alpha who had a mentor called Omega (under whose nose he sharpened his nefarious activities) carried out multiple scams that have been profitable by exchanging about 1,950 emails. Reportedly, he made up to $23,500 monthly.

Presently, the “Scattered Canary” group has evolved into sensitive data phishing, romance scams, tax fraud, employment scams, social security fraud, W-2 scams, credit card fraud, fake job listing, payroll diversion, business email compromise (BEC) amongst others as outlined by ACID.

According to ACID, “one common fallacy is that crime rings run within set steeps; believing that cybercrime groups only run business email compromise (BEC) scams and concentrate only on such is a misconception. They are like entrepreneurs in any industry, cybercriminal gangs operate to achieve growth by designing and evaluating extensible business models through various set of revenue streams.”

The security research firm continued by stating that “During the research into Scattered Canary, records of how the main cybercrime leaders encountered situations where opportunities for diversification came calling saw them delve into them like genuine entrepreneurs.”

Read Also: 1,000 Chinese Nationals Suspected In Massive Online Scam

Based on their agile working methods, they expanded by recruiting more “skilled” cybercriminals through material and financial enticement by displaying their wealth on social media and other possible platforms. “With trust, a biased approach to candidate selection can be achieved, and many relationships were built while still in the tertiary institutions within West Africa where talent is effortlessly noticed, and recruitment easily done.” The research firm alluded.

Scattered Canary’s Operations

covid-19 washington unemployment fraud

Since 2008 that the group became active, they have been linked to several major attacks like:

  • Covid-19 Unemployment Benefit scams (2019-2020)

This without argument overshadows their previous engagements, not because it is the most recent and currently trending, but because it is the biggest so far and happened due to the ongoing coronavirus pandemic.

According to Seattle Times, about 174 unemployment and insurance claims were filed by the group using stolen identities in the state of Washington alone estimated to be worth about $1,339 a week per claim. Experts estimate that about 1 out of 4 claims are said to be from cybercriminals in which Scattered Canary remains a top suspect.

Most of their proceeds end up in Asia, Nigeria and other parts of West Africa after getting converted to Green dot prepaid cards and cryptocurrencies among other means.

  • Targeting of top CEOs (2018)

It was reported in 2018 that a group called London blues (suspected to be in collaboration with Scattered Canary) attacked top business executives and chief financial officers around the world through business email compromise (BEC) requesting huge sums of money to be paid to an external account while posing as insiders in these companies.

An estimation of $12 million was lost by Businesses around the world between 2013 and 2018 according to the FBI. Even though the scam looks common, about 50,000 top CEOs were targeted by the group.

Active Toolkits Used By Scattered Canary

scattered canary group tools

Members of the Scattered Canary group deploy various tools to help them WORK faster and easier. This includes phishing message templates and multiple VPNs to mask their location as they exchange scam emails with their victims.

VOIP phone numbers were also gotten from online service providers like Hushed, Google Voice, and TextMe while operating from Nigeria or any part of West Africa. ACID investigation revealed that the group used the same call-back number for previous cyber-attacks carried out, which made it easy for the research firm to dig deep into their activities.

The cybercriminal gang also uses a variety of model text documents called “formats” which sped up their phishing process. ACID revealed that “the group gathered their potential victim’s leads by signing up with Lead411 lead generation service and using 7-day trial accounts totaling twenty times within 3 years.” “We could identify a format containing 26 different message templates that could be used to target corporations in various BEC scams, including W-2 fraud, and direct depositACID concluded.

Scattered Canary And The Present Reality

scattered canary hushpuppi
Hushpuppi Wealth Display – one of the Scattered Canary Syndicate

ACID was able to relay all evidence and reports gathered from their investigation with the FBI and Interpol. This aided the security agencies in the recent raid that led to the arrest of some of Scattered Canary gang members like Woodberry (Mr. Woodbery) and Hushpuppi (Raymond Igbalodeyl) in Dubai with their properties allegedly seized.

Back in Nigeria, their arrest trended on popular social media sites like Instagram, Facebook, and Twitter. The duo is known to display their luxurious lifestyles, with the “in your face” show of expensive cars, houses, clothes, and even drinks on these platforms. Many Nigerians including KCee, an influential Nigerian musician have oftentimes questioned their sources of wealth to afford such a lifestyle.

With this new development, it appears that more of the cybercriminal gangs will certainly end up in the net of the law enforcement agencies.


Delete Me
iolo system mechanic

Subscribe to SecureBlitz Newsletter

* indicates required
Gina Lynch
Gina Lynch
Gina Lynch is a VPN expert and online privacy advocate who stands for the right to online freedom. She is highly knowledgeable in the field of cybersecurity, with years of experience in researching and writing about the topic. Gina is a strong advocate of digital privacy and strives to educate the public on the importance of keeping their data secure and private. She has become a trusted expert in the field and continues to share her knowledge and advice to help others protect their online identities.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.