Unemployment Fraud

Unemployment Fraud

For about a year now, the pandemic of Covid-19 has been raging. A huge amount of confusion has come with the pandemic. Many of us wonder when we’re going to be able to return to everyday life, when we’re going to be able to see friends and family, and when we’re going to be able to restart the ordinary things we used to take for granted.

Perhaps no group has endured more confusion than those due to the pandemic and the subsequent lockdowns, transport bans, and closures that have come with it have lost their livelihood. These persons have, sadly, to make ends meet, had to resort to state government unemployment benefits. Fraudsters have looked at the new pandemic as an excuse to commit unemployment fraud on a large scale, as though this was not destructive and alarming enough.

How widespread is the issue? COVID-19 associated unemployment fraud damages totaled $36 billion in 2020, according to a December 31, 2020 USA Today report. Put another way, since the onset of the pandemic, unemployment fraud has been rampant, with nearly every US state affected.

So, what is unemployment theft exactly? The variant seen during the COVID-19 pandemic, although there are various forms, includes filing false unemployment reports. Fraudsters use the following tactics at a high stage to do so:

  • Purchase stolen identities from the underworld from dark websites
  • Fill out claims for unemployment using the data
  • A drop account earns unemployment insurance

Could one wonder how fraudsters would take these measures on a scale so easily? The solution lies in the ideal storm of situations that makes things simpler.

Unemployment fraud “stands out from others because it requires attackers to have a legitimate social security number, according to an F5 Labs blog post from May 22, 2020.” Unfortunately, for assailants, that is not a concern. Virtually every American social security number was hacked by major data breaches in 2015, 2017, and 2019 at healthcare providers, credit bureaus, credit card firms, and supermarkets (among others). In other words, on the underground, there are a multitude of stolen identities available, and it is very easy to buy them.

They ought to fill out a false unemployment report after the fraudster has gained one or more stolen identities. Luckily for the fraudsters, free guides are available for anything from $5-$100 to assist with this. Additionally, as they file a false charge, fraudsters appear to be able to get away with using virtually any physical address. For example, CBS Los Angeles discovered that there were hundreds or even thousands of false unemployment reports with these properties as the physical address on file for uninhabited mansions that were for sale.

Connect to the equation that states are exhausted and under-resourced to cope with the rise in unemployment reports, never mind identifying anomalies that may suggest manipulation, and we see that COVID-19 has created a unique incentive for fraud in unemployment. Many states do not have in place regulations that can deter bribery, have little to no potential to detect fraud, and are under extreme pressure to pay first and raise questions later.

Although the situation sounds grim, there are easy measures to identify and avoid unemployment theft that can be taken by governments. State departments will significantly minimise the amount of unemployment fraud that exists under their auspices by introducing controls to deter fraud and implementing fraud detection capability. A positive start for states is the introduction of processes and protocols that control the eligibility process for unemployment compensation. Combining this with fraud identification and prevention technologies and surveillance for the misuse of unemployment insurance empowers state governments to battle unemployment fraud head-on, minimise losses and save money for taxpayers.

In order to track and deter unemployment fraud, what are certain anomalous activities that state governments should check for? Although there are many, a few significant ones are here:

  • Many unemployment requests from the same computer and/or email addresses
  • Suspicious trends of consumer activity while communicating with the web, such as:

– Copy and paste the PIII

– Filing paperwork for unemployment very easily

– Easily exploring the web and exhibiting a high degree of site familiarity

– Constantly invoking another window

– Attempting to avoid detection (e.g., connecting from a VPN or the cloud)

– Submission of several requests without subsequent login

– Consistently completing the same type from the same computer

  • Suspicious environmental markers, such as filing for unemployment insurance from a device outside the U.S. in California
  • Multiple benefits for unemployment going to the same drop account
  • Many unemployment claimants with the same postal address
  • Suspicious combinations arising from the relation of the dots between the points above and others

Rampant unemployment theft is just about the last thing during this pandemic that we want to deal with. The fraudsters, sadly, have not given us any discretion in the matter. The good news is that to tackle this challenge head-on, there are clear steps that state governments should take.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.