COVID-19 and Privacy, News

Fake Unemployment Claims Spiking With COVID, FBI Says

By Sheryl Nance-Nash

It’s bad enough when you lose your job. Right now, though, chances are your bad luck may not end there.

Complaints of fraudulent unemployment insurance claims are spiking because of COVID-19, according to the FBI, and the claims use stolen personally identifiable information (PII).

In congressional testimony in June, Scott Dahl, a recently retired inspector general at the U.S. Labor Department, said that so far this year the agency was investigating more than 400 cases of unemployment insurance fraud.

Such fake claims could cost the U.S. government as much as $26 billion this year, he testified.

The problem is huge.

During June, the Labor Department’s Office of Inspector General (DOL-OIG) and the Oklahoma Employment Security Commission (OESC) stopped payment on nearly 3,800 fraudulently filed jobless insurance claims — including 1,300 filed from IP addresses in London.

“Where there is crisis, criminals see opportunity.”

Oklahoma U.S. Attorney Trent Shores.

The joint action saved Oklahoma and its taxpayers more than $15.9 million.

“Where there is crisis, criminals see opportunity,” Oklahoma U.S. Attorney Trent Shores said in disclosing the fraud. “Fraudsters won’t hesitate to fill their pockets with money intended for hard-working Oklahomans who have lost their jobs during this health crisis.”

The FBI, in an interview with Digital Privacy News, attributed the rise in fraudulent claims to these factors:

  • The huge number of claims, as more than 45 million Americans are out of work, make it far easier for criminals to slip significant amounts of fraudulent claims into the stream of applications.
  • The $600 weekly benefit checks from Congress under the CARES Act, making jobless insurance more lucrative. Though the benefit ran out July 31, Congress continues to debate other relief efforts. Still, the FBI said the problem will persist because so many people are out of work.
  • The decision by Congress to allow applicants to self-certify that they qualify for unemployment benefits, so states have not been verifying qualifications with employers. The enormous amount of stolen PII through hundreds of data breaches in the last decade has given criminals readily available identity information. 

“This combination of factors resulted in a perfect storm of increased fraud incentives, decreased controls and ready information — which have led to billions of dollars in fraudulent claims,” an FBI official told Digital Privacy News.

‘Multiple States Impacted’

Eva Velasquez, president and CEO of the Identity Theft Resource Center in San Diego (ITRC) said: “Hundreds of millions of dollars have been lost, and multiple states impacted, with Washington being one of the hardest-hit states so far.

“Our contact center has seen a surge in calls due to unemployment-benefits identity theft,” she said.

“Hundreds of millions of dollars have been lost.”

Eva Velasquez, Identity Theft Resource Center.

What makes unemployment insurance fraud so painful is that people already are in dire straits, experts said. Being victimized puts them in further jeopardy, when the money is desperately needed for food and shelter.

“These crimes have a devastating impact on the victim’s financial and emotional well-being,” Velasquez said.

Scammers use stolen identities to submit fraudulent unemployment insurance claims online.

How They Get Data

The FBI said criminals obtain the stolen identity in various ways: purchasing stolen PII online, previous data breaches, computer intrusions, cold calls using impersonation scams, email phishing schemes, physical data theft from individuals or third parties — and from public websites and social-media accounts.

Crooks often use third parties or persuade victims of other scams or frauds to transfer fraudulent funds to accounts controlled by criminals.

“One of the top privacy issues in a case like this is orchestrated phishing attacks,” said Salvatore Stolfo, a Columbia University cybersecurity professor. “It should be a top priority of the Department of Labor to stop the scams.

“Phishing is still the primary means of tricking people to give up their identity information, their PII,” he added. “From there, the sky’s the limit on what a scammer can do.”

47,500 Fake Claims in Maryland

In July, Maryland officials discovered a sophisticated criminal enterprise involving more than 47,500 fraudulent unemployment insurance claims totaling more than $501 million.

The Maryland Department of Labor worked with the DOL-OIG in cracking the ring, which filed fraudulent claims to the state’s Pandemic Unemployment Assistance program using stolen PII.

“We will continue to work … to prevent fraudsters from capitalizing upon the hardships caused by the coronavirus.”

Maryland Labor Secretary Tiffany Robinson.

“Since the beginning of the pandemic, our department has balanced the goal of quickly paying unemployment insurance benefits to eligible claimants with the need to maintain program integrity due to the prevalence of fraudulent activity occurring in other states,” Maryland Labor Secretary Tiffany Robinson, said in announcing the scheme last month.

“With heightened security measures in place, our department quickly detected, reported and blocked this fraudulent claim activity, saving taxpayers hundreds of millions of dollars.

“We will continue to work with our state and federal partners to prevent fraudsters from capitalizing upon the hardships caused by the coronavirus during these already difficult and uncertain times,” Robinson said.

Blame the Victim

Sadly, Stolfo told Digital Privacy News, most authorities keep asking consumers to be “vigilant” against phishing scams.

“This puts too much burden on the user, many of whom are just not sophisticated enough to understand when they are being scammed,” he said. “The fraudsters are just that good.”

When should you suspect something has gone awry?

“If you try to sign up for unemployment benefits and get a response that you have already filed or if you receive some sort of communication about your supposed application for unemployment benefits,” ITRC’s Velasquez told Digital Privacy News.

“The fraudsters are just that good.”

Salvatore Stolfo, Columbia University.

Others are contacted by employers about a supposed application for unemployment benefits.

“Unfortunately, by then,” Velasquez said, “the money is usually paid out to an account the criminals control.”

Sheryl Nance-Nash is a New York writer.

What to Do

If you’re victimized, report the incident to local police, the FBI, a state unemployment insurance administrator — and your employer’s human resources department, if applicable, said Ken Eulo of the Smith & Eulo Law Firm in Orlando, Fla.

Inform the major credit bureaus and freeze your credit, if feasible.

Eva Velasquez of the Identity Theft Resource Center noted: “While it will not have an impact on this crime, it is a good idea from a cyber-hygiene standpoint — especially given the potential access to someone’s PII that the perpetrators have.”

Also, monitor financial accounts for any suspicious activity.

Call the Identity Theft Center (888-400-5530) or have a live chat with an adviser at idtheftcenter.org.

Advisers help victims create action plans.

— Sheryl Nance-Nash

Sources: