HomeCyberBustScattered Canary: How A Nigerian Fraud Ring Hijacked Washington Unemployment System

Scattered Canary: How A Nigerian Fraud Ring Hijacked Washington Unemployment System

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

Here, we will show how a Nigerian Fraud ring hijacked the Washington unemployment system in one of the most significant business email compromise (BEC) scams.

It is no longer news that Washington and about six other US states have been victims of fraud attacks by the Scattered Canary. According to an ongoing investigation from the Federal Department of Justice, hundreds of millions of dollars were siphoned from the endless unemployment benefits pay-out due to the economic and financial effects caused by the coronavirus pandemic.

In what appears to be the biggest COVID-19 unemployment fraud to have ever come out of Africa, the world was woken to the scattering report from multiple sources involving millions of dollars fraudulently stolen by hackers.

A West African-based cybercrime group allegedly spearheaded these named the “Scattered Canary,” as revealed by Agari, a security research firm. The group used stolen identities from a previous consumer data breach.

Seattle Times and other local media outlets reported the COVID-19 unemployment fraud. However, Agari’s Cyber Intelligence Division (ACID) has been trailing and investigating the cybercriminal group of hackers involved and has managed to penetrate the group’s activities.

When the news broke out about Washington State losing millions of dollars to cyber-criminals, the security research firm intensified its investigation to expose the criminal masterminds behind the group.

Scattered Canary And The 35 Cybercriminals

business email compromise nigerian fraud ring

This West African-based cybercrime group did not start big, but it was founded in 2008, so they’ve had enough time to hit big while being un-identified until now. From a “one-man gang” known as Alpha, whose operation was centered on Craigslist, eBay, check, and romance scams, to a full-blown cartel of criminals strengthened by 35 members engaged in various kinds of frauds running concurrently.

Before now, Alpha, who had a mentor called Omega (under whose nose he sharpened his nefarious activities), carried out profitable scams by exchanging about 1,950 emails. Reportedly, he made up to $23,500 monthly.

Presently, the “Scattered Canary” group has evolved into sensitive data phishing, romance scams, tax fraud, employment scams, social security fraud, W-2 scams, credit card fraud, fake job listing, payroll diversion, business email compromise (BEC) amongst others as outlined by ACID.

According to ACID, “one common fallacy is that crime rings run within set steeps; believing that cybercrime groups only run business email compromise (BEC) scams and concentrate only on such is a misconception. They are like entrepreneurs in any industry; cybercriminal gangs operate to achieve growth by designing and evaluating extensible business models through various sets of revenue streams.”

The security research firm continued, “During the research into Scattered Canary, records of how the main cybercrime leaders encountered situations where opportunities for diversification came calling saw them delve into them like genuine entrepreneurs.”

Read Also: 1,000 Chinese Nationals Suspected In Massive Online Scam

Based on their agile working methods, they expanded by recruiting more “skilled” cybercriminals through material and financial enticement by displaying their wealth on social media and other possible platforms.

With trust, a biased approach to candidate selection can be achieved, and many relationships were built while still in the tertiary institutions within West Africa where talent is effortlessly noticed, and recruitment is easily done.” The research firm alluded.

Scattered Canary’s Operations

covid-19 washington unemployment fraud

Since 2008, when the group became active, they have been linked to several significant attacks:

  • Covid-19 Unemployment Benefit scams (2019-2020)

This, without argument, overshadows their previous engagements, not because it is the most recent and currently trending, but because it is the biggest so far and happened due to the ongoing coronavirus pandemic.

According to the Seattle Times, the group filed about 174 unemployment and insurance claims using stolen identities in Washington alone, which are estimated to be worth about $1,339 a week per claim. Experts estimate that about 1 out of 4 claims are said to be from cyber criminals, of whom Scattered Canary remains a top suspect.

Most of their proceeds end up in Asia, Nigeria, and other parts of West Africa after being converted to Green dot prepaid cards and cryptocurrencies,

  • Targeting of top CEOs (2018)

It was reported in 2018 that a group called London Blues (suspected to be in collaboration with Scattered Canary) attacked top business executives and chief financial officers around the world through business email compromise (BEC), requesting vast sums of money to be paid to an external account while posing as insiders in these companies.

Businesses around the world lost an estimated $12 million between 2013 and 2018, according to the FBI. Even though the scam looks common, about 50,000 top CEOs were targeted by the group.

READ ALSO: E-Commerce Fraud: Navigating the Challenges in Online Retail

Active Toolkits Used By Scattered Canary

scattered canary group tools

Members of the Scattered Canary group deploy various tools to help them WORK faster and easier. This includes phishing message templates and multiple VPNs to mask their location as they exchange scam emails with their victims.

VOIP phone numbers were also gotten from online service providers like Hushed, Google Voice, and TextMe while operating from Nigeria or any part of West Africa. ACID investigation revealed that the group used the same call-back number for previous cyberattacks, making it easy for the research firm to dig deep into their activities.

The cybercriminal gang also uses a variety of model text documents called “formats,” which speed up their phishing process. ACID revealed that “the group gathered their potential victim’s leads by signing up with Lead411 lead generation service and using 7-day trial accounts totaling twenty times within three years.” “We could identify a format containing 26 different message templates that could be used to target corporations in various BEC scams, including W-2 fraud and direct deposit”, ACID concluded.

Scattered Canary And The Present Reality: 4 Years After

Scattered Canary And The Present Reality (1)
Hushpuppi Wealth Display – one of the Scattered Canary Syndicate

ACID relayed all evidence and reports gathered from their investigation to the FBI and Interpol. This helped the security agencies in the recent raid that led to the arrest of some of the Scattered Canary gang members like Woodberry (Mr. Woodbery) and Hushpuppi (Raymond Igbalodeyl) in Dubai with their properties allegedly seized.

In Nigeria, their arrest trended on popular social media sites like Instagram, Facebook, and Twitter. The duo is known to display their luxurious lifestyles, with the “in your face” show of expensive cars, houses, clothes, and even drinks on these platforms.

Many Nigerians, including KCee, an influential Nigerian musician, have often questioned their sources of wealth to afford such a lifestyle.

With this new development, it appears that more cybercriminal gangs will undoubtedly end up in the net of law enforcement agencies.

The group’s present reality revolves around sophisticated cybercrime operations. Business Email Compromise (BEC) scams have become their weapon, infiltrating company email systems to divert funds to their accounts.

During the COVID-19 pandemic, Scattered Canary capitalized on vulnerable unemployment systems, stealing millions of dollars in government aid. Their reach extends beyond BEC, encompassing tax return fraud and credit card scams, demonstrating a diverse and adaptable criminal repertoire.

A Persistent Threat

Scattered Canary’s continued success highlights the ever-present threat of cybercrime. Their longevity underscores the need for robust cybersecurity measures at both individual and organizational levels. Businesses must prioritize employee training to identify phishing attempts and secure email systems.

Looking Forward

As technology continues to evolve, so will the tactics of cybercriminals like Scattered Canary. Staying informed about the latest threats, employing online solid security practices, and remaining vigilant are crucial steps toward a safer digital future.

By understanding the present reality of cybercrime groups like Scattered Canary, we can proactively protect ourselves and mitigate their potential impact.


About the Author:

Gina Lynch
Cybersecurity Expert at SecureBlitz

Gina Lynch is a VPN expert and online privacy advocate who stands for the right to online freedom. She is highly knowledgeable in the field of cybersecurity, with years of experience in researching and writing about the topic. Gina is a strong advocate of digital privacy and strives to educate the public on the importance of keeping their data secure and private. She has become a trusted expert in the field and continues to share her knowledge and advice to help others protect their online identities.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad


Please enter your comment!
Please enter your name here