As many across the US wait for their relief check or unemployment, cyber criminals are trying to intervene. This act is on the hopes of stopping citizens from receiving the money they need and depend on.


Another Day, Another COVID-19 Related Security Issue

Are you one of the millions of Americans to receive a CARES Act relief check? I’m sure that it is quite possible. But, did you know that criminals on the web could be targeting your relief money or unemployment application? CPG is here to dig into the story and break the information down.



To begin, The Coronavirus Aid, Relief, and Economic Security Act (CARES) is a monetary relief effort that President Trump signed into law to help Americans during COVID-19. 


Via the US Department of Treasury, this agency states,

 “This over $2 trillion economic relief package delivers on the Trump Administration’s commitment to protecting the American people from the public health and economic impacts of COVID-19.”


In other words, the goal of this money is to help those out of work or those working reduced hours. 

Also, the rate of unemployment appears to rise during this outbreak, due to many businesses struggling to get by and even closing permanently. The point is, Americans are financially vulnerable right now. Bad news for us, good news for cyber criminals. 


The Attack on the CARES Act

Now, you may be wondering what could cyber criminals possibly do with the CARES Act? Well, let’s take a look. 

States all of the US are receiving many unemployment applications, both legitimate and fraudulent. During this chaotic time, scammers are able to submit their many unemployment applications, in hopes to receive that money plus the stimulus check. 

To explain, it is evident to the criminals that the states dishing out the unemployment money are severely lacking in the security department. These cyber gangs are able to recognize the fact that the state systems for unemployment are unable to detect fraudulent applications.

Continuing, this could be due to a number of reasons. A few examples include being understaffed, not properly securing the systems to protect agonist fraud, or just not equipping the programs with the capabilities to detect patterns of fraudulent applications. 

The majority of the issue comes down to the infrastructure of the system put in place to vet the applications coming in. 


How will this end?

Currently, claims are circulating that cyber security and forensic teams are able to identify the fraudulent applications. Some say that now that they are aware of the situation, efforts will be put forth to track down and end the groups who are committing fraud. 

All in all, this type of citation may be a bigger job to do than many perceive. What needs to happen is tracking IP addresses on the email accounts for submission of the applications. I’m sure that a plethora of evidence will come to light once those areas receive proper review. 


By Taylor Ritchey