The Federal Trade Commission has warned businesses about a new phishing scheme that targets unemployment benefits. If your business transacts in unemployment benefits, then you should pay attention. The FTC says bad actors are using text messages as a phishing technique to get information about users’ unemployment benefits. This scheme is potentially targeting millions of users.
The phishing texts attempt to trick the target into clicking a link that would “make necessary corrections” to the target’s unemployment benefits or claims. According to the Federal Trade Commission, “the link takes you to a fake state workforce agency website that may look very real. There, you’re asked to input your website credentials and personal information, like your Social Security number.”
Purandar Das, Co-founder and the chief security evangelist from Sotero, an encryption-based security solutions company had this to say about this scheme.
This migration of phishing platforms to mobile phones and text messages is concerning. It is a replay and logical next attack vehicle. What is concerning about this is the potential target audience. As dangerous as phishing emails are, text messages have the potential to be much more so.
The messages can reach a much large audience, especially the vulnerable segments such as the elderly and the younger people. They each have their own weaknesses related to mobile phones. A text message is capable of generating an immediate moment of panic making them provide valuable information. I believe a concerted campaign of education and awareness of critical to getting ahead of this new attack vector..”
Purandar Das, Co-founder, and the chief security evangelist from Sotero
The FTC also had this to say about this unemployment benefits phishing scheme:
Protect yourself and your employees. Let your staff know that state agencies don’t send text messages asking for personal information. If you get an unsolicited text or email that looks like it’s from a state workforce agency, don’t reply or click any link.