Submit applications for FEMA disaster assistance under three identities.Apply for unemployment benefits under nine identities in a large US state.Submit 11 fraudulent Social Security benefit applications.Submit 12 change of address requests with the US Postal Service.File 13 fraudulent tax returns with an online tax filing service.Register for 14 trial accounts with a commercial sales leads service to collect targeting data for BEC attacks.Submit 48 credit card applications at four US-based financial institutions, resulting in the approval of at least $65,000 in fraudulent credit.Since early 2018, this group has used this fairly simple tactic to facilitate the following fraudulent activities:
Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.
(Note: I own none of those addresses, if they are actually valid.) The account maps to the exact same address as and so on. In Gmail addresses, the dots don’t matter. Using Gmail 'Dot Addresses' to Commit Fraud
