Unemployed Americans aren’t the only ones waiting for the next pandemic relief check. A slew of fraudsters, including an organized Nigerian cybercrime ring, are also looking to get paid.
And they have plenty of tricks to pull it off—like using the names of dead people and personal information collected in previous data breaches to create false beneficiaries to gain access to benefits meant to help workers.
At least 11 states are seeing an increase in fraudulent unemployment insurance activity fueled by the millions of claims coming in each month and additional federal dollars being offered to the unemployed due to the coronavirus pandemic.
Places including Arizona, Colorado, Maryland, New York, Ohio, Texas, and Washington combined are reporting billions of dollars in fraud, according to a Bloomberg Government review of unemployment actions across the nation. States and the U.S. Department of Labor and FBI have issued alerts.
The rise in criminal activity not only leads to less money for the unemployed, but also could increase contribution rates for businesses, lead to a loss of funds for states, and add to the federal deficit, experts say.
“It’s its own cyber pandemic,” said Leslie Corbo, director of cybersecurity programs and associate professor of cybersecurity at Utica College.
“They’re taking advantage of a bad situation right now,” she said of the scammers. “I think it’s going to continue until there’s some kind of controls that are put in place.”
An Enticing Opportunity
The increase in fraud is driven largely by the rush of legitimate claims coming in, and pressure on state governments to get benefits out as soon as possible, Corbo said. Many government controls were relaxed in an effort to get the funds out, she said.
The situation is exacerbated by the availability of personal information on the “dark web” as a result of major security breaches, as well as the push to get government services online, experts said.
The $2.2 trillion federal CARES Act, which provided an additional $600 a week in benefits per person, created an even more enticing opportunity for fraud, said Douglas Holmes, president of UWC – Strategic Services on Unemployment & Workers’ Compensation, a business group.
“They tend to target claims that have multiple weeks to be paid that are high-value claims, so that the return on taking the risk of being caught is greater,” Holmes said. Under the act, individuals as late as May could claim unemployment dating to March.
The federal relief bill also provided aid to independent contractors and gig workers, who traditionally wouldn’t qualify for unemployment benefits under what’s known as the Pandemic Unemployment Assistance, or PUA, program. States have seen massive amounts of fraud related to the program, which largely relies on self-attestation by the independent workers as they file claims.
Colorado last month announced it had stopped $750 million to $1 billion in improper payments—more than three out of four claims made under the PUA program were fraudulent, according to the state’s Department of Labor and Employment.
Nigerians, Dead People, the Dark Web
Typical problems, such as people collecting unemployment while they’re working are still occurring, but there’s been a rise in well-organized attempts at identity theft, the creation of fictitious businesses and account takeovers, both domestic and overseas, said Jon Coss, founder of Pondera Solutions Inc., a firm that searches for fraud, waste, and abuse in health-care and government programs
And then there’s the Nigerian fraud ring known as “Scattered Canary.”
The crime ring—ironically birthed out of high unemployment rates in the African country and focused on romance and real estate scams—has diversified to include fraudulent unemployment filings, said Armen Najarian, chief identity officer for Agari, the Silicon Valley-based cybersecurity company that works with federal law enforcement that first identified the ring.
Hundreds of millions of dollars in unemployment insurance already has been extracted by organized crime rings, including Scattered Canary, from at least 11 states including Washington, California, Massachusetts, and Hawaii, Najarian said.
They run like a business, with several dozen employees testing states for weaknesses in their systems using everything from hacked information to procuring identities from the dark web—where fraudsters, using hidden websites not accessible through conventional browsers, buy personal information such as social security numbers.
The ring often uses Google’s free Gmail service to mass-create accounts on state unemployment websites and the IRS website dedicated to processing CARES Act payments, according to an Agari report. They then direct all communications to one email.
Schemes and ways to defraud the government are seemingly endless and there are even how-tos on how to defraud states, available for sale on the dark web.
The scammers have unemployment funds sent to houses that are for sale where the owners have already moved out, Corbo said. Using personal information from the dark web, they can sit by the mailbox and wait for the money to come in.
Fraudsters have also been known to create a fake businesses, register with a state, steal identities to create employees, and then “hire” them, Pondera’s Coss said. They then lay those employees off and apply for unemployment insurance benefits using the stolen identities.
They often use shared bank accounts for hundreds or thousands of claimants, as well as shared phone numbers and addresses, he said, adding they may also use the names of people who are still working and don’t know their information is being used.
In Ohio there were 1,700 claims seeking cash on behalf of dead people, and three separate email addresses that were attached to 100 claims each for people who didn’t live in the state, according to the state Department of Job and Family Services.
In the States
Arizona reported nearly 2.7 million unemployment claims from the beginning of the pandemic through August, and there are only 3.4 million working Arizonans, with more than 1 million PUA claims flagged as potentially fraudulent.
Colorado, as previously mentioned, reported from from July 18 to Aug. 25, that it had processed 62,498 filings, 48,206 of which were found to be fraudulent.
Maryland in July uncovered a massive criminal enterprise with more than 47,500 fraudulent unemployment claims totaling over $501 million, according to its labor department.
New York has seen $1 billion in fraudulent activity since the start of the health crisis, referring more claims to law enforcement from mid-March to August than it has in the past decade, stopping more than 42,200 fraudulent claims.
Potentially fraudulent PUA claims in Ohio are estimated to cost the government $200 million in payouts each week. In July alone the state placed 270,000 suspicious claims on hold.
Texas locked more than 4,500 potentially fraudulent claims so far this year for a total of $68.2 million—nearly 150% increase over the more than 1,856 in phony claims valued at about $11.5 million identified in 2019. The state has seen 5.3 million claims for $32 billion—several years’ worth of claims in just six months.
Washington state was hit hard by Scattered Canary, according to experts and media reports. From March through July, the state paid out more than $8.8 billion in benefits to almost 1 million people. Nearly 86,500 claims paid, equating to $576 million, were fraudulent, $351 million have since been recovered.
There’s likely to be more fraud discovered in January when tax forms are mailed out, said Terry Savage, a nationally syndicated financial columnist and author who has written on the recent rise in unemployment scams.
Taxpayers may see unemployment funds listed on their tax forms that they may not have requested or received, she said. It will be telling of how many dollars were actually paid out in fraudulent claims, she said. “I think it’s going to be monumental.”
Combating Fraud, Increasing Debt
States are getting better at identifying these threats, Najarian said.
They increasingly are using artificial intelligence and other technology to identify and deny claims before they’re paid out.
They’ve also increased their verification processes, authenticating emails and addresses, and looking at Internet Protocol, known as “IP” addresses to see where the requests are coming from, experts said.
New York has a “rigorous” application and screening process to weed out fraudulent claims, including checks by multiple state agencies, state labor department Commissioner Roberta Reardon said in an emailed statement.
“Unemployment benefits are a lifeline for New Yorkers who lose their jobs, and it is unconscionable that dishonest individuals would steal from them and the system for their own gain,” she said.
Still, states may end up having to borrow money from the federal government or issue bonds to pay for the spike in unemployment claims, UWC’s Holmes said. “Sometimes you can’t catch it before you make the payment, because of the volume or connection.”
The increase in fraud also could be bad for businesses, which have to pay an unemployment contribution, basically a tax to the state, he said. If there are no layoffs, the contribution rates go down, if there are more, the rates go up, he said. And if the federal government also needs to borrow, the federal deficit increases.
“It’s a bad, bad, bad thing,” he said.
The failure of the federal government to come to an agreement on a second relief package, however, decreases the allure for fraudsters.
The U.S. Department of Labor announced it would provide $100 million to states to combat an “unprecedented increase” in unemployment claims and “increased fraudulent activity and identity theft amid new and emerging fraud schemes,” across the nation.
More funding is needed to modernize some of these state systems, Coss said. “It’s critical to the functioning of the economy.”
—With assistance from Alex Ebert, Tiffany Stecker, Tripp Baltz, and Paul Stinson.