CLA | Unemployment Aid Fraud Skyrocketed in 2020 … Is it Time to Review Your Cyber Risks?

Key insights

• During the pandemic, there’s been an uptick in fraudulent unemployment claims.
• The CARES Act introduced changes to unemployment benefits to help those in need during the pandemic, and some criminals have found ways to capitalize on the situation.
• Consider steps you can take to help protect your organization and your personal identification information.

Nationwide, state unemployment agencies have been inundated with fraudulent benefit claims during the pandemic. The CARES Act increased the unemployment benefit amount and expanded opportunities for people to qualify. Changes under the CARES Act also allowed for claims to be paid retroactively for months prior to filing the claim.

With the increased unemployment claim value, heightened pressure to process claims quickly, and varying documentation requirements among individual states, identity theft criminals found additional opportunities to file fraudulent claims. Take a quick look at recent newspaper articles and Department of Justice press releases and you’ll find plenty of real-world examples.

Let’s review what these fraud incidents might look like and steps you can take to help protect yourself.

State and federal law enforcement agencies ramped up investigations and indictments, but the magnitude of the problem still varies among the states. California was a state with a significant amount of fraudulent claims, with losses predicted to be in the billions of dollars. Even less populated states like Colorado had fraudulent attempted unemployment claims estimated to be at least $750 million and estimated payouts in the millions of dollars.

There are many reasons fraud impacts states differently, including differing requirements for proof of claim documentation and a state’s willingness to implement fraud checks. Implementing such checks can delay the payment of lawful benefit claims, but proper screening can also help prevent fraudulent claims.

A quick overview of identity theft crime

How does this type of fraud happen? Simply, a criminal obtains enough of a victim’s personal identification information (PII) to submit false paperwork to gain a financial benefit. And the types of fraud have varied over the years.

• In 2016, popular identification theft schemes, including credit card fraud, resulted in estimated losses in the billions.
• A few years later, criminals obtained illicit proceeds through income tax refund fraud against the IRS, again with estimated yearly attempted amounts in the billions.
• During the pandemic, the FBI estimated that cybercrime increased by 400%. Identity fraud and other issues have led to a nationwide estimated $36 billion in improper payment from claims relating to unemployment aid.

To commit fraud, criminals obtain stolen PII, often by successfully hacking corporate computer systems. Organizations that have been hacked include major computer companies, retailers, professional firms, and government agencies.

Old-school theft of paper documents is still common, too. Documents can be taken by compromised employees. Often, no matter the source, the stolen identification information is sold illegally on the dark web or used by the thief themself.

Two categories of criminals: rookies and professionals

Fraud can be committed by professional criminal groups and rookies. When rookies are involved, they typically facilitate most aspects of the fraud. They either buy or steal the victim’s identification information. Then they complete the paperwork, submit it to state unemployment agency, receive the funds, and spend them.

On the other hand, the professionals often segregate the duties into groups that focus on only one step of the fraud. Here’s an example of what that might look like:

1. Group one steals the information. These people could be professional computer hackers, individuals connecting into unprotected business
   Wi-Fi networks, or those who bribe employees to obtain the information.
2. A second group files and submits the applications to the state unemployment agency. They tend to know the requirements and submit complete applications that look legitimate and quickly get approved.
3. Then group three obtains the funds. This may be in the form of a prepaid bank card, which can be mailed to the victim’s address and stolen out of the mailbox at night. The prepaid bank card can also be diverted to a commercial receiving mail facility if the unemployment application lists the wrong address.
4. Group four then money launders the proceeds, converting the funds to cash or cleaning it in other sophisticated ways. For example, a runner might conduct late night cash withdrawals from numerous ATMs or take a paper benefits check to a check cashing establishment, transferring the funds to nominee business accounts or buying products to be resold on e-tailer websites.

These four fraud groups may work independently of each another. They may also be located in different states or even outside the United States. In many cases, organized criminal groups targeted new programs created under the CARES Act that were designed to benefit self-employed individuals or gig workers.

What to do if you’re the victim of identity theft

Unfortunately, there is no silver bullet to resolve identify theft. The payoff for the criminals is too great, so they keep trying. The result is frustrated victims, some of whom received state documentation to report the benefits on their income tax returns or demands to repay the funds.

The good news is there are steps you can take to help protect yourself:

• Annually review credit reports (generally free)
• Keep computer software up to date
• Be reluctant to give out personal information over the telephone
• If you become a victim, review your states unemployment office website for guidance, as many have reporting procedures
• Report the identity theft to the Federal Trade Commission

Employers should:

• Train employees to avoid email phishing schemes
• Keep computer software up to date
• Implement security on all Wi-Fi networks
• Allow access to PII on a need-to-know basis only
• Institute a reporting line for employees to inform the employer about potential criminal conduct by peers without the fear of retaliation

If you happen to fall victim to identity theft, file a police report or counter report. Keep all documents in one place relating to the fraud.

How we can help

Cyber threats are not going away, and understanding risks and trends in cybersecurity and fraud is important. CLA’s cybersecurity professionals can help you assess the security of your systems, root out vulnerabilities and security weaknesses, and come alongside you to design an in-depth strategy to address current and emerging threats.

CLA’s forensic team can also help. The team includes certified fraud examiners, lawyers, and former federal investigators experienced in conducting sensitive employee interviews, assessing internal controls, reviewing corporate policies, and completing other investigative steps. Our forensic professionals also share guidance on actions management can take to aid in preventing and detecting fraud.

Author:

• Chris Flacker, Director, CLA

Compliments of CliftonLarsonAllen – a member of the EACCNy.